From 90227a897be2c3026fecf54bc7a42c3fe3fe3137 Mon Sep 17 00:00:00 2001
From: ahubanov-eth2 <ahubanov@student.ethz.ch>
Date: Thu, 10 Mar 2022 10:05:30 +0100
Subject: [PATCH 01/74] first draft of ast formalization

---
 BoogieLang/Ast.thy | 145 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 145 insertions(+)
 create mode 100644 BoogieLang/Ast.thy

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
new file mode 100644
index 0000000..9150ff3
--- /dev/null
+++ b/BoogieLang/Ast.thy
@@ -0,0 +1,145 @@
+theory Ast
+  imports Main Semantics Lang
+
+begin
+
+type_synonym name = string
+type_synonym label = string
+type_synonym guard = expr
+type_synonym invariant = expr
+
+type_synonym break_flag = bool
+type_synonym 'a ast_state = "break_flag * ('a state)" 
+
+datatype transfer_cmd
+ = Goto label
+
+datatype raw_structured_cmd 
+ = If guard "stmt" "stmt"
+ | While guard "stmt"  
+ | Break "label option"
+
+and stmt 
+ = SimpleCmd cmd
+ | SeqCmds "stmt list"
+ | StructCmd raw_structured_cmd
+ | TransCmd transfer_cmd
+
+datatype parsed_structured_cmd
+ = ParsedIf guard "bigblock list" "bigblock list"
+ | ParsedWhile guard "invariant list" "bigblock list"
+ | ParsedBreak "label option"
+
+and bigblock 
+ = BigBlock "name option" "cmd list" "parsed_structured_cmd option" "transfer_cmd option"
+
+(*
+record ast = 
+  start_of_ast :: "node"
+  trivial_out_edges :: "(node list) list"
+  node_to_bigblock :: "bigblock list"
+*)
+
+type_synonym ast = "bigblock list"
+
+(*
+inductive red_stmt :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> stmt \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool" 
+  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
+and  red_stmt_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> stmt list \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
+  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) {\<rightarrow>}/ _)" [51,0,0,0] 81)
+  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
+  where 
+    RedSimpleCmd: "red_cmd A M \<Lambda> \<Gamma> \<Omega> my_cmd n_s s \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(SimpleCmd my_cmd), n_s\<rangle> \<longrightarrow> s" 
+
+  | RedIfTrue: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool True);  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>then_stmts, Normal n_s\<rangle> {\<rightarrow>} s' \<rbrakk> \<Longrightarrow> 
+                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (If my_guard then_stmts else_stmts), Normal n_s\<rangle> \<longrightarrow> s'"
+
+  | RedIfFalse: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool False);  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>else_stmts,Normal n_s\<rangle> {\<rightarrow>} s' \<rbrakk> \<Longrightarrow> 
+                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (If my_guard then_stmts else_stmts), Normal n_s\<rangle> \<longrightarrow> s'"
+
+  | RedWhileTrue: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool True); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>stmts, Normal n_s\<rangle> {\<rightarrow>} s1; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), s1\<rangle> \<longrightarrow> s2 \<rbrakk> \<Longrightarrow> 
+                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), Normal n_s\<rangle> \<longrightarrow> s2"
+
+  | RedWhileFalse: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool False) \<rbrakk> \<Longrightarrow> 
+                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), Normal n_s\<rangle> \<longrightarrow> Normal n_s"
+*)
+
+(*
+inductive red_stmt :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> stmt \<Rightarrow> 'a ast_state \<Rightarrow> 'a ast_state \<Rightarrow> bool" 
+  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
+and  red_stmt_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> stmt list \<Rightarrow> 'a ast_state \<Rightarrow> 'a ast_state \<Rightarrow> bool"
+  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) {\<rightarrow>}/ _)" [51,0,0,0] 81)
+  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
+  where 
+    RedSimpleCmdExtended: "red_cmd A M \<Lambda> \<Gamma> \<Omega> my_cmd s0 s1 \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(SimpleCmd my_cmd), (False, s0)\<rangle> \<longrightarrow> (False, s1)" 
+
+  | RedSimpleCmdBreak: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>SimpleCmd my_cmd, (True, s0)\<rangle> \<longrightarrow> (True, s0)"
+
+  | RedIfTrueContinue: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool True);  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>then_stmts, (False, (Normal n_s))\<rangle> {\<rightarrow>} (False, s') \<rbrakk> \<Longrightarrow> 
+                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (If my_guard then_stmts else_stmts), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s')"
+
+  | RedIfFalseContinue: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool False);  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>else_stmts, (False, (Normal n_s))\<rangle> {\<rightarrow>} (False, s') \<rbrakk> \<Longrightarrow> 
+                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (If my_guard then_stmts else_stmts), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s')"
+
+  | RedIfBreak: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (If my_guard then_stmts else_stmts), (True, s0)\<rangle> \<longrightarrow> (True, s0)"
+
+  | RedWhileTrueExtended: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool True); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>stmts, (False, Normal n_s)\<rangle> {\<rightarrow>} (False, s1); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), (False, s1)\<rangle> \<longrightarrow> (False, s2) \<rbrakk> \<Longrightarrow> 
+                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s2)"
+
+  | RedWhileTrueBreak: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool True); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>stmts, (False, Normal n_s)\<rangle> {\<rightarrow>} (True, s1) \<rbrakk> \<Longrightarrow> 
+                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s1)"
+
+  | RedWhileFalseExtended: "\<lbrakk> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool False)) \<or> (break_flag = True) \<rbrakk> \<Longrightarrow> 
+                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), (break_flag,  Normal n_s)\<rangle> \<longrightarrow> (break_flag, (Normal n_s))"
+
+  | RedUnlabeledBreak: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (Break None), (break_flag, s)\<rangle> \<longrightarrow> (True, s)"
+*)
+
+(* arrow symbols clash if the exact same syntax is used as in red_cmd and red_cmd_list *)
+inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> bigblock \<Rightarrow> 'a ast_state \<Rightarrow> 'a ast_state \<Rightarrow> bool" 
+  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
+and  red_bigblock_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> bigblock list \<Rightarrow> 'a ast_state \<Rightarrow> 'a ast_state \<Rightarrow> bool"
+  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) {\<rightarrow>}/ _)" [51,0,0,0] 81)
+  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
+  where 
+    RedSimpleBigBlockExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds None None), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s1)"
+
+  (* combine all three skip rules *)
+  | RedSimpleBigBlockBreak: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds None None), (True, s1)\<rangle> \<longrightarrow> (True, s1)"
+
+  | RedParsedIfTrueExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True);  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>then_bigblocks, (False, Normal n_s1)\<rangle> {\<rightarrow>} (False, s2) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedIf my_guard thenbigblocks elsebigblocks)) None), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s2)"
+
+  | RedParsedIfFalseExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool False); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>else_bigblocks, (False, Normal n_s1)\<rangle> {\<rightarrow>} (False, s2) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedIf my_guard thenbigblocks elsebigblocks)) None), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s2)"
+
+  | RedParsedIfBreak: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedIf my_guard thenbigblocks elsebigblocks)) None), (True, s1)\<rangle> \<longrightarrow> (True, s1)"
+
+  (* invariants not considered here *)
+  | RedParsedWhileTrueExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblocks, (False, Normal n_s1)\<rangle> {\<rightarrow>} (False, s2); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>BigBlock some_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None, (False, s2)\<rangle> \<longrightarrow> (False, s3)  \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s3)"
+
+  | RedParsedWhileTrueBreak: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblocks, (False, Normal n_s1)\<rangle> {\<rightarrow>} (True, s2) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s2)"
+  
+  | RedParsedWhileFalseExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), (False, Normal n_s)\<rangle> \<longrightarrow> (False, Normal n_s1)"
+
+  | RedParsedWhileBreak: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), (True, s1)\<rangle> \<longrightarrow> (True, s1)"
+
+  | RedUnlabeledBreak: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedBreak None)) None), (False, Normal n_s)\<rangle> \<longrightarrow> (True, Normal n_s1)"
+
+
+(* I don't know if we need to reduce the ast the same way we reduce the cfg but I put it here anyway  *)
+
+type_synonym 'a ast_config = "bigblock list \<times> ('a ast_state)"
+
+inductive red_ast :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool"
+  ("_,_,_,_,_ \<turnstile> (_ -b\<rightarrow>/ _)" [51,0,0,0] 81)
+  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
+  where
+    RedNormalSucc: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblock0, (break_flag_begin, Normal ns)\<rangle> \<longrightarrow> (break_flag_after, Normal ns') \<rbrakk> \<Longrightarrow> 
+              A,M,\<Lambda>,\<Gamma>,\<Omega>  \<turnstile> ((bigblock0 # bigblocks),break_flag_begin, Normal ns) -b\<rightarrow> (bigblocks, (break_flag_after, Normal ns'))"
+  | RedNormalReturn: "\<lbrakk>node_to_bigblock(G)! n = bigblock0; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblock0, (break_flag_begin, Normal ns)\<rangle> \<longrightarrow> (break_flag_after, Normal ns'); (trivial_out_edges(G) ! n) = [] \<rbrakk> \<Longrightarrow> 
+               A,M,\<Lambda>,\<Gamma>,\<Omega>,G  \<turnstile> (Inl n, (break_flag_begin, Normal ns)) -b\<rightarrow> (Inr (), (break_flag_after, Normal ns'))"
+  | RedFailure: "\<lbrakk>node_to_bigblock(G) ! n = bigblock0; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblock0, (break_flag_begin, Normal ns)\<rangle> \<longrightarrow> (break_flag_after, Failure) \<rbrakk> \<Longrightarrow>
+              A,M,\<Lambda>,\<Gamma>,\<Omega>,G  \<turnstile> (Inl n, (break_flag_begin, Normal ns)) -b\<rightarrow> (Inr (), (break_flag_after, Failure))"
+  | RedMagic: "\<lbrakk>node_to_bigblock(G) ! n = bigblock0; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblock0, (break_flag_begin, Normal ns)\<rangle> \<longrightarrow> (break_flag_after, Magic) \<rbrakk> \<Longrightarrow>
+              A,M,\<Lambda>,\<Gamma>,\<Omega>,G  \<turnstile> (Inl n, (break_flag_begin, Normal ns)) -b\<rightarrow> (Inr (), (break_flag_after, Magic))"
+
+end

From 2d547dce62db876514ac503b5ca713818702cfe8 Mon Sep 17 00:00:00 2001
From: ahubanov-eth2 <ahubanov@student.ethz.ch>
Date: Sun, 13 Mar 2022 21:13:30 +0100
Subject: [PATCH 02/74] changed to small-step semantics, added a find_label
 function and added goto reduction (which needs to be checked again)

---
 BoogieLang/Ast.thy       | 138 +++++++++++++--------------------------
 BoogieLang/Lang.thy      |   3 +-
 BoogieLang/Semantics.thy |   4 +-
 3 files changed, 51 insertions(+), 94 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 9150ff3..8455a09 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -8,127 +8,80 @@ type_synonym label = string
 type_synonym guard = expr
 type_synonym invariant = expr
 
-type_synonym break_flag = bool
-type_synonym 'a ast_state = "break_flag * ('a state)" 
-
 datatype transfer_cmd
  = Goto label
 
-datatype raw_structured_cmd 
- = If guard "stmt" "stmt"
- | While guard "stmt"  
- | Break "label option"
-
-and stmt 
- = SimpleCmd cmd
- | SeqCmds "stmt list"
- | StructCmd raw_structured_cmd
- | TransCmd transfer_cmd
-
 datatype parsed_structured_cmd
  = ParsedIf guard "bigblock list" "bigblock list"
  | ParsedWhile guard "invariant list" "bigblock list"
  | ParsedBreak "label option"
 
 and bigblock 
- = BigBlock "name option" "cmd list" "parsed_structured_cmd option" "transfer_cmd option"
-
-(*
-record ast = 
-  start_of_ast :: "node"
-  trivial_out_edges :: "(node list) list"
-  node_to_bigblock :: "bigblock list"
-*)
+ = Leave (* a special block that's only used internally; used for reducing a while loop *)
+ | BigBlock "name option" "cmd list" "parsed_structured_cmd option" "transfer_cmd option"
 
 type_synonym ast = "bigblock list"
 
-(*
-inductive red_stmt :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> stmt \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool" 
-  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
-and  red_stmt_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> stmt list \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
-  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) {\<rightarrow>}/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
-  where 
-    RedSimpleCmd: "red_cmd A M \<Lambda> \<Gamma> \<Omega> my_cmd n_s s \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(SimpleCmd my_cmd), n_s\<rangle> \<longrightarrow> s" 
-
-  | RedIfTrue: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool True);  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>then_stmts, Normal n_s\<rangle> {\<rightarrow>} s' \<rbrakk> \<Longrightarrow> 
-                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (If my_guard then_stmts else_stmts), Normal n_s\<rangle> \<longrightarrow> s'"
-
-  | RedIfFalse: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool False);  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>else_stmts,Normal n_s\<rangle> {\<rightarrow>} s' \<rbrakk> \<Longrightarrow> 
-                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (If my_guard then_stmts else_stmts), Normal n_s\<rangle> \<longrightarrow> s'"
+(* continuations; used for formalizing Gotos and labeled Breaks *)
+datatype cont 
+ = KStop 
+ | KSeq "bigblock list" cont
+ | KEndBlock cont cont
 
-  | RedWhileTrue: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool True); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>stmts, Normal n_s\<rangle> {\<rightarrow>} s1; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), s1\<rangle> \<longrightarrow> s2 \<rbrakk> \<Longrightarrow> 
-                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), Normal n_s\<rangle> \<longrightarrow> s2"
-
-  | RedWhileFalse: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool False) \<rbrakk> \<Longrightarrow> 
-                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), Normal n_s\<rangle> \<longrightarrow> Normal n_s"
-*)
-
-(*
-inductive red_stmt :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> stmt \<Rightarrow> 'a ast_state \<Rightarrow> 'a ast_state \<Rightarrow> bool" 
-  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
-and  red_stmt_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> stmt list \<Rightarrow> 'a ast_state \<Rightarrow> 'a ast_state \<Rightarrow> bool"
-  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) {\<rightarrow>}/ _)" [51,0,0,0] 81)
+type_synonym break_flag = bool
+type_synonym 'a ast_state = "break_flag * ast  * bigblock  * cont * ('a state)"
+
+(* auxillary function to find the label a goto statement is referring to *)
+fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Rightarrow> ((bigblock * cont) option)" where
+  (* this first case should be impossible because we can't have a structured cmd and a transfer cmd at the same time *)
+  "find_label lbl ((BigBlock bb_name cmds (Some s) (Some t)) # bs) cont = None" |
+  (* TODO: figure out examples of when this case could be entered *)
+  "find_label lbl [] cont = None" |
+  "find_label lbl (Leave # bs) cont = find_label lbl bs cont" |
+  "find_label lbl ((BigBlock bb_name cmds None None) # []) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds None None), cont)) else (None))" |
+  "find_label lbl ((BigBlock bb_name cmds None None) # bs) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds None None), (KSeq bs cont))) else (find_label lbl bs cont))" |
+  "find_label lbl ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (KSeq bs cont))) else (if (find_label lbl then_bbs cont \<noteq> None) then (find_label lbl then_bbs (KSeq bs cont)) else (find_label lbl else_bbs (KSeq bs cont))))" |
+  (* TODO: the continuation here may not be correct, think about it *)
+  "find_label lbl ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (KSeq bs cont))) else (find_label lbl body_bbs (KSeq bs cont)))" |
+  (* TODO: combine the two cases below with the 4th case as they all do the same. How? *)
+  "find_label lbl ((BigBlock bb_name cmds (Some break_stmt) None) # bs) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds (Some break_stmt) None), (KSeq bs cont))) else (find_label lbl bs cont))" |
+  "find_label lbl ((BigBlock bb_name cmds None (Some transfer_stmt)) # bs) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (KSeq bs cont))) else (find_label lbl bs cont))"
+
+(* function defining the semantics of bigblocks; small-step semantics *)
+(* arrow symbols in the 'syntactic sugar' clash if the exact same syntax is used as in red_cmd *)
+inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> 'a ast_state \<Rightarrow> 'a ast_state \<Rightarrow> bool" 
+  ("_,_,_,_,_ \<turnstile> ((\<langle>_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where 
-    RedSimpleCmdExtended: "red_cmd A M \<Lambda> \<Gamma> \<Omega> my_cmd s0 s1 \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(SimpleCmd my_cmd), (False, s0)\<rangle> \<longrightarrow> (False, s1)" 
-
-  | RedSimpleCmdBreak: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>SimpleCmd my_cmd, (True, s0)\<rangle> \<longrightarrow> (True, s0)"
-
-  | RedIfTrueContinue: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool True);  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>then_stmts, (False, (Normal n_s))\<rangle> {\<rightarrow>} (False, s') \<rbrakk> \<Longrightarrow> 
-                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (If my_guard then_stmts else_stmts), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s')"
-
-  | RedIfFalseContinue: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool False);  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>else_stmts, (False, (Normal n_s))\<rangle> {\<rightarrow>} (False, s') \<rbrakk> \<Longrightarrow> 
-                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (If my_guard then_stmts else_stmts), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s')"
-
-  | RedIfBreak: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (If my_guard then_stmts else_stmts), (True, s0)\<rangle> \<longrightarrow> (True, s0)"
-
-  | RedWhileTrueExtended: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool True); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>stmts, (False, Normal n_s)\<rangle> {\<rightarrow>} (False, s1); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), (False, s1)\<rangle> \<longrightarrow> (False, s2) \<rbrakk> \<Longrightarrow> 
-                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s2)"
-
-  | RedWhileTrueBreak: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool True); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>stmts, (False, Normal n_s)\<rangle> {\<rightarrow>} (True, s1) \<rbrakk> \<Longrightarrow> 
-                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s1)"
-
-  | RedWhileFalseExtended: "\<lbrakk> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s\<rangle> \<Down> LitV (LBool False)) \<or> (break_flag = True) \<rbrakk> \<Longrightarrow> 
-                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (While my_guard stmts), (break_flag,  Normal n_s)\<rangle> \<longrightarrow> (break_flag, (Normal n_s))"
+    (* this first rule exists only because I don't know how to reduce a while_false block or a simple block without a skip command *)
+    RedSkipBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock None [Skip] None None),  (KSeq (b # bs) cont0),  Normal n_s)\<rangle> \<longrightarrow> (False, ast, b, (KSeq bs cont0), Normal n_s)"
 
-  | RedUnlabeledBreak: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>StructCmd (Break None), (break_flag, s)\<rangle> \<longrightarrow> (True, s)"
-*)
-
-(* arrow symbols clash if the exact same syntax is used as in red_cmd and red_cmd_list *)
-inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> bigblock \<Rightarrow> 'a ast_state \<Rightarrow> 'a ast_state \<Rightarrow> bool" 
-  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
-and  red_bigblock_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> bigblock list \<Rightarrow> 'a ast_state \<Rightarrow> 'a ast_state \<Rightarrow> bool"
-  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) {\<rightarrow>}/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
-  where 
-    RedSimpleBigBlockExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds None None), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s1)"
+  | RedLeaveTrue: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(True, ast, Leave, cont0,  Normal n_s)\<rangle> \<longrightarrow> (False, ast, (BigBlock None [Skip] None None), cont0, Normal n_s)"
 
-  (* combine all three skip rules *)
-  | RedSimpleBigBlockBreak: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds None None), (True, s1)\<rangle> \<longrightarrow> (True, s1)"
+  | RedLeaveFalse: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, Leave, cont0,  Normal n_s)\<rangle> \<longrightarrow> (False, ast, (BigBlock None [Skip] None None), cont0, Normal n_s)"  
 
-  | RedParsedIfTrueExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True);  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>then_bigblocks, (False, Normal n_s1)\<rangle> {\<rightarrow>} (False, s2) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedIf my_guard thenbigblocks elsebigblocks)) None), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s2)"
+  | RedSimpleBigBlockExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds None None),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (False, ast, (BigBlock None [Skip] None None), cont0, s1)"
 
-  | RedParsedIfFalseExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool False); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>else_bigblocks, (False, Normal n_s1)\<rangle> {\<rightarrow>} (False, s2) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedIf my_guard thenbigblocks elsebigblocks)) None), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s2)"
+  | RedBreakFlagSet: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(True, ast, (BigBlock my_name simple_cmds any_str any_tr), cont0, s1)\<rangle> \<longrightarrow> (True, ast, (BigBlock None [Skip] None None), cont0,  s1)"
 
-  | RedParsedIfBreak: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedIf my_guard thenbigblocks elsebigblocks)) None), (True, s1)\<rangle> \<longrightarrow> (True, s1)"
+  | RedParsedIfTrueExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds (Some (ParsedIf my_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (False, ast, then_hd, (KSeq then_bbs cont0), Normal n_s1)"
 
+  | RedParsedIfFalseExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds (Some (ParsedIf my_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (False, ast, else_hd, (KSeq else_bbs cont0), Normal n_s1)"
+ 
   (* invariants not considered here *)
-  | RedParsedWhileTrueExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblocks, (False, Normal n_s1)\<rangle> {\<rightarrow>} (False, s2); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>BigBlock some_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None, (False, s2)\<rangle> \<longrightarrow> (False, s3)  \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s3)"
-
-  | RedParsedWhileTrueBreak: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True); A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblocks, (False, Normal n_s1)\<rangle> {\<rightarrow>} (True, s2) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), (False, Normal n_s)\<rangle> \<longrightarrow> (False, s2)"
+  | RedParsedWhileTrueExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (False, ast, bb_hd, (KSeq (body_bbs @ (Leave # [(BigBlock my_name [] (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None)])) cont0), Normal n_s1)"
   
-  | RedParsedWhileFalseExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), (False, Normal n_s)\<rangle> \<longrightarrow> (False, Normal n_s1)"
-
-  | RedParsedWhileBreak: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), (True, s1)\<rangle> \<longrightarrow> (True, s1)"
+  | RedParsedWhileFalseExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (False, ast, (BigBlock None [Skip] None None), cont0, Normal n_s1)"
 
-  | RedUnlabeledBreak: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BigBlock my_name simple_cmds (Some (ParsedBreak None)) None), (False, Normal n_s)\<rangle> \<longrightarrow> (True, Normal n_s1)"
+  | RedUnlabeledBreak: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds (Some (ParsedBreak None)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (True, ast, (BigBlock None [Skip] None None), cont0, Normal n_s1)"
 
+  | RedGoto: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); (find_label label ast cont0) = Some (found_bigblock, found_cont) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (False, ast, found_bigblock, found_cont, (Normal n_s1))"
 
-(* I don't know if we need to reduce the ast the same way we reduce the cfg but I put it here anyway  *)
 
+(* TODO: rework or remove the function below *)
 type_synonym 'a ast_config = "bigblock list \<times> ('a ast_state)"
 
+(*
 inductive red_ast :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool"
   ("_,_,_,_,_ \<turnstile> (_ -b\<rightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
@@ -141,5 +94,6 @@ inductive red_ast :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow>
               A,M,\<Lambda>,\<Gamma>,\<Omega>,G  \<turnstile> (Inl n, (break_flag_begin, Normal ns)) -b\<rightarrow> (Inr (), (break_flag_after, Failure))"
   | RedMagic: "\<lbrakk>node_to_bigblock(G) ! n = bigblock0; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblock0, (break_flag_begin, Normal ns)\<rangle> \<longrightarrow> (break_flag_after, Magic) \<rbrakk> \<Longrightarrow>
               A,M,\<Lambda>,\<Gamma>,\<Omega>,G  \<turnstile> (Inl n, (break_flag_begin, Normal ns)) -b\<rightarrow> (Inr (), (break_flag_after, Magic))"
+*)
 
 end
diff --git a/BoogieLang/Lang.thy b/BoogieLang/Lang.thy
index 11eb461..1075911 100644
--- a/BoogieLang/Lang.thy
+++ b/BoogieLang/Lang.thy
@@ -50,7 +50,8 @@ nameless encoding, this is not the case (see Semantics.thy for more details).\<c
 
 (* multi-assign and multi-havoc not supported for now *)
 datatype cmd
- = Assert expr
+ = Skip
+ | Assert expr
  | Assume expr
  | Assign vname expr
  | Havoc vname
diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index 4c16e7c..ddc2608 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -477,7 +477,9 @@ inductive red_cmd :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow>
   ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<rightarrow>/ _)" [51,51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and  \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where
-    RedAssertOk: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<rangle> \<Down> LitV (LBool True) \<rbrakk> \<Longrightarrow> 
+    RedSkip: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Skip, Normal n_s\<rangle> \<rightarrow> Normal n_s"
+
+  | RedAssertOk: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<rangle> \<Down> LitV (LBool True) \<rbrakk> \<Longrightarrow> 
                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Assert e, Normal n_s\<rangle> \<rightarrow> Normal n_s"
   | RedAssertFail: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<rangle> \<Down> LitV (LBool False) \<rbrakk> \<Longrightarrow> 
                   A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Assert e, Normal n_s\<rangle> \<rightarrow> Failure"

From e6a27542105058d6a3bd4f2f3dc123315a6c649d Mon Sep 17 00:00:00 2001
From: ahubanov-eth2 <ahubanov@student.ethz.ch>
Date: Mon, 14 Mar 2022 13:26:00 +0100
Subject: [PATCH 03/74] added an ast reduction

---
 BoogieLang/Ast.thy | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 8455a09..4246053 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -77,23 +77,13 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
 
   | RedGoto: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); (find_label label ast cont0) = Some (found_bigblock, found_cont) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (False, ast, found_bigblock, found_cont, (Normal n_s1))"
 
-
-(* TODO: rework or remove the function below *)
-type_synonym 'a ast_config = "bigblock list \<times> ('a ast_state)"
-
-(*
-inductive red_ast :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool"
-  ("_,_,_,_,_ \<turnstile> (_ -b\<rightarrow>/ _)" [51,0,0,0] 81)
+(* function defining how to reduce an ast *)
+inductive red_bigblock_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> bigblock list  \<Rightarrow> cont \<Rightarrow> 'a ast_state \<Rightarrow> bool" 
+  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
-  where
-    RedNormalSucc: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblock0, (break_flag_begin, Normal ns)\<rangle> \<longrightarrow> (break_flag_after, Normal ns') \<rbrakk> \<Longrightarrow> 
-              A,M,\<Lambda>,\<Gamma>,\<Omega>  \<turnstile> ((bigblock0 # bigblocks),break_flag_begin, Normal ns) -b\<rightarrow> (bigblocks, (break_flag_after, Normal ns'))"
-  | RedNormalReturn: "\<lbrakk>node_to_bigblock(G)! n = bigblock0; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblock0, (break_flag_begin, Normal ns)\<rangle> \<longrightarrow> (break_flag_after, Normal ns'); (trivial_out_edges(G) ! n) = [] \<rbrakk> \<Longrightarrow> 
-               A,M,\<Lambda>,\<Gamma>,\<Omega>,G  \<turnstile> (Inl n, (break_flag_begin, Normal ns)) -b\<rightarrow> (Inr (), (break_flag_after, Normal ns'))"
-  | RedFailure: "\<lbrakk>node_to_bigblock(G) ! n = bigblock0; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblock0, (break_flag_begin, Normal ns)\<rangle> \<longrightarrow> (break_flag_after, Failure) \<rbrakk> \<Longrightarrow>
-              A,M,\<Lambda>,\<Gamma>,\<Omega>,G  \<turnstile> (Inl n, (break_flag_begin, Normal ns)) -b\<rightarrow> (Inr (), (break_flag_after, Failure))"
-  | RedMagic: "\<lbrakk>node_to_bigblock(G) ! n = bigblock0; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>bigblock0, (break_flag_begin, Normal ns)\<rangle> \<longrightarrow> (break_flag_after, Magic) \<rbrakk> \<Longrightarrow>
-              A,M,\<Lambda>,\<Gamma>,\<Omega>,G  \<turnstile> (Inl n, (break_flag_begin, Normal ns)) -b\<rightarrow> (Inr (), (break_flag_after, Magic))"
-*)
+  where 
+    RedEmpty:  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[], cont\<rangle> \<longrightarrow> (False, [], (BigBlock None [Skip] None None), cont, Normal n_s)"
+
+  | RedAst: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(b # bs), cont\<rangle> \<longrightarrow> (False, (b # bs), b, (KSeq bs cont), Normal n_s)"
 
 end

From 857bf6e2b6ade9631f8a3b9de70e20fe129e6352 Mon Sep 17 00:00:00 2001
From: ahubanov-eth2 <ahubanov@student.ethz.ch>
Date: Mon, 14 Mar 2022 22:45:54 +0100
Subject: [PATCH 04/74] added numbered breaks

---
 BoogieLang/Ast.thy | 69 +++++++++++++++++++++-------------------------
 1 file changed, 32 insertions(+), 37 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 4246053..0dcc292 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -10,80 +10,75 @@ type_synonym invariant = expr
 
 datatype transfer_cmd
  = Goto label
+ | Return "expr option"
 
 datatype parsed_structured_cmd
  = ParsedIf guard "bigblock list" "bigblock list"
  | ParsedWhile guard "invariant list" "bigblock list"
- | ParsedBreak "label option"
+ | ParsedBreak nat
 
 and bigblock 
- = Leave (* a special block that's only used internally; used for reducing a while loop *)
- | BigBlock "name option" "cmd list" "parsed_structured_cmd option" "transfer_cmd option"
+ = BigBlock "name option" "cmd list" "parsed_structured_cmd option" "transfer_cmd option"
 
 type_synonym ast = "bigblock list"
 
-(* continuations; used for formalizing Gotos and labeled Breaks *)
+(* continuations; used for formalizing Gotos and numbered Breaks *)
 datatype cont 
  = KStop 
  | KSeq "bigblock list" cont
- | KEndBlock cont cont
+ | KEndBlock cont 
 
-type_synonym break_flag = bool
-type_synonym 'a ast_state = "break_flag * ast  * bigblock  * cont * ('a state)"
+type_synonym 'a ast_state = "ast  * bigblock  * cont * ('a state)"
 
 (* auxillary function to find the label a goto statement is referring to *)
 fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Rightarrow> ((bigblock * cont) option)" where
-  (* this first case should be impossible because we can't have a structured cmd and a transfer cmd at the same time *)
-  "find_label lbl ((BigBlock bb_name cmds (Some s) (Some t)) # bs) cont = None" |
-  (* TODO: figure out examples of when this case could be entered *)
-  "find_label lbl [] cont = None" |
-  "find_label lbl (Leave # bs) cont = find_label lbl bs cont" |
-  "find_label lbl ((BigBlock bb_name cmds None None) # []) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds None None), cont)) else (None))" |
-  "find_label lbl ((BigBlock bb_name cmds None None) # bs) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds None None), (KSeq bs cont))) else (find_label lbl bs cont))" |
-  "find_label lbl ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (KSeq bs cont))) else (if (find_label lbl then_bbs cont \<noteq> None) then (find_label lbl then_bbs (KSeq bs cont)) else (find_label lbl else_bbs (KSeq bs cont))))" |
-  (* TODO: the continuation here may not be correct, think about it *)
-  "find_label lbl ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (KSeq bs cont))) else (find_label lbl body_bbs (KSeq bs cont)))" |
-  (* TODO: combine the two cases below with the 4th case as they all do the same. How? *)
-  "find_label lbl ((BigBlock bb_name cmds (Some break_stmt) None) # bs) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds (Some break_stmt) None), (KSeq bs cont))) else (find_label lbl bs cont))" |
-  "find_label lbl ((BigBlock bb_name cmds None (Some transfer_stmt)) # bs) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (KSeq bs cont))) else (find_label lbl bs cont))"
+    (* TODO: figure out examples of when this case could be entered *)
+    "find_label lbl [] cont = None" 
+  | "find_label lbl ((BigBlock bb_name cmds None None) # []) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds None None), cont)) else (None))" 
+  | "find_label lbl ((BigBlock bb_name cmds None None) # bs) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds None None), (KSeq bs cont))) else (find_label lbl bs cont))" 
+  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (KSeq bs cont))) else (if (find_label lbl then_bbs cont \<noteq> None) then (find_label lbl then_bbs (KSeq bs cont)) else (find_label lbl else_bbs (KSeq bs cont))))" 
+    (* TODO: the continuation here may not be correct, think about it *)
+  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (KSeq bs cont))) else (find_label lbl body_bbs (KSeq bs cont)))" 
+    (* TODO: combine the two cases below with the 4th case as they all do the same. How? *)
+  | "find_label lbl ((BigBlock bb_name cmds (Some break_stmt) None) # bs) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds (Some break_stmt) None), (KSeq bs cont))) else (find_label lbl bs cont))" 
+  | "find_label lbl ((BigBlock bb_name cmds None (Some transfer_stmt)) # bs) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (KSeq bs cont))) else (find_label lbl bs cont))" 
+  | "find_label lbl ((BigBlock bb_name cmds (Some s) (Some t)) # bs) cont = None" 
 
 (* function defining the semantics of bigblocks; small-step semantics *)
-(* arrow symbols in the 'syntactic sugar' clash if the exact same syntax is used as in red_cmd *)
+(* Note: arrow symbols in the 'syntactic sugar' clash if the exact same syntax is used as in red_cmd *)
 inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> 'a ast_state \<Rightarrow> 'a ast_state \<Rightarrow> bool" 
   ("_,_,_,_,_ \<turnstile> ((\<langle>_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where 
     (* this first rule exists only because I don't know how to reduce a while_false block or a simple block without a skip command *)
-    RedSkipBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock None [Skip] None None),  (KSeq (b # bs) cont0),  Normal n_s)\<rangle> \<longrightarrow> (False, ast, b, (KSeq bs cont0), Normal n_s)"
+    RedSkipBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [Skip] None None),  (KSeq (b # bs) cont0),  Normal n_s)\<rangle> \<longrightarrow> (ast, b, (KSeq bs cont0), Normal n_s)" 
 
-  | RedLeaveTrue: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(True, ast, Leave, cont0,  Normal n_s)\<rangle> \<longrightarrow> (False, ast, (BigBlock None [Skip] None None), cont0, Normal n_s)"
+  | RedSimpleBigBlockExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds None None),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [Skip] None None), cont0, s1)"
 
-  | RedLeaveFalse: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, Leave, cont0,  Normal n_s)\<rangle> \<longrightarrow> (False, ast, (BigBlock None [Skip] None None), cont0, Normal n_s)"  
+  | RedParsedIfTrueExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedIf my_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, then_hd, (KSeq then_bbs cont0), Normal n_s1)"
 
-  | RedSimpleBigBlockExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds None None),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (False, ast, (BigBlock None [Skip] None None), cont0, s1)"
-
-  | RedBreakFlagSet: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(True, ast, (BigBlock my_name simple_cmds any_str any_tr), cont0, s1)\<rangle> \<longrightarrow> (True, ast, (BigBlock None [Skip] None None), cont0,  s1)"
-
-  | RedParsedIfTrueExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds (Some (ParsedIf my_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (False, ast, then_hd, (KSeq then_bbs cont0), Normal n_s1)"
-
-  | RedParsedIfFalseExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds (Some (ParsedIf my_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (False, ast, else_hd, (KSeq else_bbs cont0), Normal n_s1)"
+  | RedParsedIfFalseExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedIf my_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, else_hd, (KSeq else_bbs cont0), Normal n_s1)"
  
   (* invariants not considered here *)
-  | RedParsedWhileTrueExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (False, ast, bb_hd, (KSeq (body_bbs @ (Leave # [(BigBlock my_name [] (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None)])) cont0), Normal n_s1)"
+  | RedParsedWhileTrueExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, bb_hd, (KSeq (body_bbs @ (Leave # [(BigBlock my_name [] (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None)])) (KEndBlock cont0)), Normal n_s1)"
   
-  | RedParsedWhileFalseExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (False, ast, (BigBlock None [Skip] None None), cont0, Normal n_s1)"
+  | RedParsedWhileFalseExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [Skip] None None), cont0, Normal n_s1)"
+
+  | RedBreak0: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedBreak 0)) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [Skip] None None), cont0, Normal n_s1)"
+
+  | RedBreakN: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedBreak n)) None), (KSeq (b # bbs) cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [Skip] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
 
-  | RedUnlabeledBreak: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds (Some (ParsedBreak None)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (True, ast, (BigBlock None [Skip] None None), cont0, Normal n_s1)"
+  | RedBreakNPlus1: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedBreak (n + 1))) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [Skip] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
 
-  | RedGoto: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); (find_label label ast cont0) = Some (found_bigblock, found_cont) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(False, ast, (BigBlock my_name simple_cmds None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (False, ast, found_bigblock, found_cont, (Normal n_s1))"
+  | RedGoto: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); (find_label label ast cont0) = Some (found_bigblock, found_cont) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, found_bigblock, found_cont, (Normal n_s1))"
 
 (* function defining how to reduce an ast *)
 inductive red_bigblock_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> bigblock list  \<Rightarrow> cont \<Rightarrow> 'a ast_state \<Rightarrow> bool" 
   ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where 
-    RedEmpty:  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[], cont\<rangle> \<longrightarrow> (False, [], (BigBlock None [Skip] None None), cont, Normal n_s)"
+    RedEmpty:  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[], cont\<rangle> \<longrightarrow> ([], (BigBlock None [Skip] None None), cont, Normal n_s)"
 
-  | RedAst: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(b # bs), cont\<rangle> \<longrightarrow> (False, (b # bs), b, (KSeq bs cont), Normal n_s)"
+  | RedAst: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(b # bs), cont\<rangle> \<longrightarrow> ((b # bs), b, (KSeq bs cont), Normal n_s)"
 
 end

From 897bf05269d11081d98f2b0777ac2fd4ce6d02a3 Mon Sep 17 00:00:00 2001
From: ahubanov-eth2 <ahubanov@student.ethz.ch>
Date: Thu, 17 Mar 2022 19:50:44 +0100
Subject: [PATCH 05/74] added invariants, fixed while_loop rule

---
 BoogieLang/Ast.thy       | 67 ++++++++++++++++++++++++----------------
 BoogieLang/Lang.thy      |  3 +-
 BoogieLang/Semantics.thy |  4 +--
 3 files changed, 42 insertions(+), 32 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 0dcc292..71faa64 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -13,9 +13,10 @@ datatype transfer_cmd
  | Return "expr option"
 
 datatype parsed_structured_cmd
- = ParsedIf guard "bigblock list" "bigblock list"
- | ParsedWhile guard "invariant list" "bigblock list"
+ = ParsedIf "guard option" "bigblock list" "bigblock list"
+ | ParsedWhile "guard option" "invariant list" "bigblock list"
  | ParsedBreak nat
+ | WhileWrapper parsed_structured_cmd
 
 and bigblock 
  = BigBlock "name option" "cmd list" "parsed_structured_cmd option" "transfer_cmd option"
@@ -30,19 +31,24 @@ datatype cont
 
 type_synonym 'a ast_state = "ast  * bigblock  * cont * ('a state)"
 
-(* auxillary function to find the label a goto statement is referring to *)
+(* auxillary function to check if the invariants of a loop hold true *)
+fun red_invariants :: "'a absval_ty_fun \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> 'a nstate \<Rightarrow> invariant list \<Rightarrow> bool" where
+    "red_invariants A \<Lambda> \<Gamma> \<Omega> n_s [] = True"
+  | "red_invariants A \<Lambda> \<Gamma> \<Omega> n_s (i # invs) = (if (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>i, n_s\<rangle> \<Down> LitV (LBool True)) then (red_invariants A \<Lambda> \<Gamma> \<Omega> n_s invs) else False)"
+    
+
+(* auxillary function to find the label a Goto statement is referring to *)
 fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Rightarrow> ((bigblock * cont) option)" where
-    (* TODO: figure out examples of when this case could be entered *)
     "find_label lbl [] cont = None" 
-  | "find_label lbl ((BigBlock bb_name cmds None None) # []) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds None None), cont)) else (None))" 
-  | "find_label lbl ((BigBlock bb_name cmds None None) # bs) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds None None), (KSeq bs cont))) else (find_label lbl bs cont))" 
-  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (KSeq bs cont))) else (if (find_label lbl then_bbs cont \<noteq> None) then (find_label lbl then_bbs (KSeq bs cont)) else (find_label lbl else_bbs (KSeq bs cont))))" 
-    (* TODO: the continuation here may not be correct, think about it *)
-  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (KSeq bs cont))) else (find_label lbl body_bbs (KSeq bs cont)))" 
-    (* TODO: combine the two cases below with the 4th case as they all do the same. How? *)
-  | "find_label lbl ((BigBlock bb_name cmds (Some break_stmt) None) # bs) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds (Some break_stmt) None), (KSeq bs cont))) else (find_label lbl bs cont))" 
-  | "find_label lbl ((BigBlock bb_name cmds None (Some transfer_stmt)) # bs) cont = (if (Some lbl = bb_name) then ( Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (KSeq bs cont))) else (find_label lbl bs cont))" 
-  | "find_label lbl ((BigBlock bb_name cmds (Some s) (Some t)) # bs) cont = None" 
+  | "find_label lbl ((BigBlock bb_name cmds None None) # []) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None None), cont)) else (None))" 
+  | "find_label lbl ((BigBlock bb_name cmds None None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None None), (KSeq bs cont))) else (find_label lbl bs cont))" 
+  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (KSeq bs cont))) else (if (find_label lbl then_bbs cont \<noteq> None) then (find_label lbl (then_bbs @ bs) cont) else (find_label lbl (else_bbs @ bs) cont)))" 
+  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (KSeq bs cont))) else (if (find_label lbl body_bbs cont \<noteq> None) then (find_label lbl body_bbs (KSeq ((BigBlock None [] (Some (ParsedWhile guard invariants body_bbs)) None) # bs) cont)) else (find_label lbl bs cont)))"  
+  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedBreak n)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedBreak n)) None), (KSeq bs cont))) else (find_label lbl bs cont))" 
+  | "find_label lbl ((BigBlock bb_name cmds (Some (WhileWrapper while_loop)) None) # bs) cont = find_label lbl ((BigBlock bb_name cmds (Some while_loop) None) # bs) cont"
+  | "find_label lbl ((BigBlock bb_name cmds None (Some transfer_stmt)) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (KSeq bs cont))) else (find_label lbl bs cont))"
+  | "find_label lbl ((BigBlock bb_name cmds (Some s) (Some t)) # bs) cont = None"
+
 
 (* function defining the semantics of bigblocks; small-step semantics *)
 (* Note: arrow symbols in the 'syntactic sugar' clash if the exact same syntax is used as in red_cmd *)
@@ -50,34 +56,41 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
   ("_,_,_,_,_ \<turnstile> ((\<langle>_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where 
-    (* this first rule exists only because I don't know how to reduce a while_false block or a simple block without a skip command *)
-    RedSkipBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [Skip] None None),  (KSeq (b # bs) cont0),  Normal n_s)\<rangle> \<longrightarrow> (ast, b, (KSeq bs cont0), Normal n_s)" 
+    RedSkipBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KSeq (b # bs) cont0),  Normal n_s)\<rangle> \<longrightarrow> (ast, b, (KSeq bs cont0), Normal n_s)"
+
+  | RedSkipEndBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KEndBlock cont0),  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s)"
+
+  | RedReturn: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds None (Some (Return val))),  cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), KStop, s1)"
 
-  | RedSimpleBigBlockExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds None None),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [Skip] None None), cont0, s1)"
+  | RedSimpleBigBlock: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds None None),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, s1)"
 
-  | RedParsedIfTrueExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedIf my_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, then_hd, (KSeq then_bbs cont0), Normal n_s1)"
+  | RedParsedIfTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); my_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedIf my_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, then_hd, (KSeq then_bbs cont0), Normal n_s1)"
 
-  | RedParsedIfFalseExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedIf my_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, else_hd, (KSeq else_bbs cont0), Normal n_s1)"
+  | RedParsedIfFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1);my_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedIf my_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, else_hd, (KSeq else_bbs cont0), Normal n_s1)"
  
-  (* invariants not considered here *)
-  | RedParsedWhileTrueExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, bb_hd, (KSeq (body_bbs @ (Leave # [(BigBlock my_name [] (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None)])) (KEndBlock cont0)), Normal n_s1)"
-  
-  | RedParsedWhileFalseExt: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>my_guard, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [Skip] None None), cont0, Normal n_s1)"
+  (* invariants processed in a strange way *)
+  | RedParsedWhileTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); my_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (red_invariants A \<Lambda> \<Gamma> \<Omega> n_s1 my_invariants) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, bb_hd, (KSeq body_bbs (KSeq [(BigBlock my_name [] (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None)] cont0)), Normal n_s1)"
+
+  | RedParsedWhileWrapperTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); my_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (red_invariants A \<Lambda> \<Gamma> \<Omega> n_s1 my_invariants) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (WhileWrapper (ParsedWhile my_guard my_invariants (bb_hd # body_bbs)))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None), (KEndBlock cont0),  Normal n_s1)"
+
+  | RedParsedWhileFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); my_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
+
+  | RedParsedWhileWrapperFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); my_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (WhileWrapper (ParsedWhile my_guard my_invariants bigblocks))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
 
-  | RedBreak0: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedBreak 0)) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [Skip] None None), cont0, Normal n_s1)"
+  | RedBreak0: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedBreak 0)) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
 
-  | RedBreakN: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedBreak n)) None), (KSeq (b # bbs) cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [Skip] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
+  | RedBreakN: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedBreak n)) None), (KSeq (b # bbs) cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
 
-  | RedBreakNPlus1: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedBreak (n + 1))) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [Skip] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
+  | RedBreakNPlus1: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedBreak (n + 1))) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
 
-  | RedGoto: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); (find_label label ast cont0) = Some (found_bigblock, found_cont) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, found_bigblock, found_cont, (Normal n_s1))"
+  | RedGoto: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); (find_label label ast KStop) = Some (found_bigblock, found_cont) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, found_bigblock, found_cont, (Normal n_s1))"
 
 (* function defining how to reduce an ast *)
 inductive red_bigblock_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> bigblock list  \<Rightarrow> cont \<Rightarrow> 'a ast_state \<Rightarrow> bool" 
   ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where 
-    RedEmpty:  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[], cont\<rangle> \<longrightarrow> ([], (BigBlock None [Skip] None None), cont, Normal n_s)"
+    RedEmpty:  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[], cont\<rangle> \<longrightarrow> ([], (BigBlock None [] None None), cont, Normal n_s)"
 
   | RedAst: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(b # bs), cont\<rangle> \<longrightarrow> ((b # bs), b, (KSeq bs cont), Normal n_s)"
 
diff --git a/BoogieLang/Lang.thy b/BoogieLang/Lang.thy
index 1075911..11eb461 100644
--- a/BoogieLang/Lang.thy
+++ b/BoogieLang/Lang.thy
@@ -50,8 +50,7 @@ nameless encoding, this is not the case (see Semantics.thy for more details).\<c
 
 (* multi-assign and multi-havoc not supported for now *)
 datatype cmd
- = Skip
- | Assert expr
+ = Assert expr
  | Assume expr
  | Assign vname expr
  | Havoc vname
diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index ddc2608..4c16e7c 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -477,9 +477,7 @@ inductive red_cmd :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow>
   ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<rightarrow>/ _)" [51,51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and  \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where
-    RedSkip: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Skip, Normal n_s\<rangle> \<rightarrow> Normal n_s"
-
-  | RedAssertOk: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<rangle> \<Down> LitV (LBool True) \<rbrakk> \<Longrightarrow> 
+    RedAssertOk: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<rangle> \<Down> LitV (LBool True) \<rbrakk> \<Longrightarrow> 
                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Assert e, Normal n_s\<rangle> \<rightarrow> Normal n_s"
   | RedAssertFail: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<rangle> \<Down> LitV (LBool False) \<rbrakk> \<Longrightarrow> 
                   A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Assert e, Normal n_s\<rangle> \<rightarrow> Failure"

From e97e73a2c07ca1c9bbf958bd76cb81a3422776b0 Mon Sep 17 00:00:00 2001
From: ahubanov-eth2 <ahubanov@student.ethz.ch>
Date: Wed, 23 Mar 2022 11:19:18 +0100
Subject: [PATCH 06/74] minor syntactic tweaks + comments

---
 BoogieLang/Ast.thy | 46 ++++++++++++++++++++++++----------------------
 1 file changed, 24 insertions(+), 22 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 71faa64..96a31a8 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -41,13 +41,13 @@ fun red_invariants :: "'a absval_ty_fun \<Rightarrow> var_context \<Rightarrow>
 fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Rightarrow> ((bigblock * cont) option)" where
     "find_label lbl [] cont = None" 
   | "find_label lbl ((BigBlock bb_name cmds None None) # []) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None None), cont)) else (None))" 
-  | "find_label lbl ((BigBlock bb_name cmds None None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None None), (KSeq bs cont))) else (find_label lbl bs cont))" 
-  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (KSeq bs cont))) else (if (find_label lbl then_bbs cont \<noteq> None) then (find_label lbl (then_bbs @ bs) cont) else (find_label lbl (else_bbs @ bs) cont)))" 
-  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (KSeq bs cont))) else (if (find_label lbl body_bbs cont \<noteq> None) then (find_label lbl body_bbs (KSeq ((BigBlock None [] (Some (ParsedWhile guard invariants body_bbs)) None) # bs) cont)) else (find_label lbl bs cont)))"  
-  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedBreak n)) None) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedBreak n)) None), (KSeq bs cont))) else (find_label lbl bs cont))" 
-  | "find_label lbl ((BigBlock bb_name cmds (Some (WhileWrapper while_loop)) None) # bs) cont = find_label lbl ((BigBlock bb_name cmds (Some while_loop) None) # bs) cont"
-  | "find_label lbl ((BigBlock bb_name cmds None (Some transfer_stmt)) # bs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (KSeq bs cont))) else (find_label lbl bs cont))"
-  | "find_label lbl ((BigBlock bb_name cmds (Some s) (Some t)) # bs) cont = None"
+  | "find_label lbl ((BigBlock bb_name cmds None None) # bbs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None None), (KSeq bbs cont))) else (find_label lbl bbs cont))" 
+  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None) # bbs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (KSeq bbs cont))) else (if (find_label lbl then_bbs cont \<noteq> None) then (find_label lbl (then_bbs @ bbs) cont) else (find_label lbl (else_bbs @ bbs) cont)))" 
+  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None) # bbs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (KSeq bbs cont))) else (if (find_label lbl body_bbs cont \<noteq> None) then (find_label lbl body_bbs (KSeq ((BigBlock None [] (Some (ParsedWhile guard invariants body_bbs)) None) # bbs) cont)) else (find_label lbl bbs cont)))"  
+  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedBreak n)) None) # bbs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedBreak n)) None), (KSeq bbs cont))) else (find_label lbl bbs cont))" 
+  | "find_label lbl ((BigBlock bb_name cmds (Some (WhileWrapper while_loop)) None) # bbs) cont = find_label lbl ((BigBlock bb_name cmds (Some while_loop) None) # bbs) cont"
+  | "find_label lbl ((BigBlock bb_name cmds None (Some transfer_stmt)) # bbs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (KSeq bbs cont))) else (find_label lbl bbs cont))"
+  | "find_label lbl ((BigBlock bb_name cmds (Some s) (Some t)) # bbs) cont = None"
 
 
 (* function defining the semantics of bigblocks; small-step semantics *)
@@ -56,34 +56,36 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
   ("_,_,_,_,_ \<turnstile> ((\<langle>_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where 
-    RedSkipBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KSeq (b # bs) cont0),  Normal n_s)\<rangle> \<longrightarrow> (ast, b, (KSeq bs cont0), Normal n_s)"
+    RedSkipBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KSeq (b # bbs) cont0),  Normal n_s)\<rangle> \<longrightarrow> (ast, b, (KSeq bbs cont0), Normal n_s)"
 
   | RedSkipEndBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KEndBlock cont0),  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s)"
 
-  | RedReturn: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds None (Some (Return val))),  cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), KStop, s1)"
+  | RedReturn: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None (Some (Return val))),  cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), KStop, s1)"
 
-  | RedSimpleBigBlock: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds None None),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, s1)"
+  | RedSimpleBigBlock: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None None),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, s1)"
 
-  | RedParsedIfTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); my_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedIf my_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, then_hd, (KSeq then_bbs cont0), Normal n_s1)"
+  | RedParsedIfTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedIf bb_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, then_hd, (KSeq then_bbs cont0), Normal n_s1)"
 
-  | RedParsedIfFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1);my_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedIf my_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, else_hd, (KSeq else_bbs cont0), Normal n_s1)"
+  | RedParsedIfFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedIf bb_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, else_hd, (KSeq else_bbs cont0), Normal n_s1)"
  
-  (* invariants processed in a strange way *)
-  | RedParsedWhileTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); my_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (red_invariants A \<Lambda> \<Gamma> \<Omega> n_s1 my_invariants) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, bb_hd, (KSeq body_bbs (KSeq [(BigBlock my_name [] (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None)] cont0)), Normal n_s1)"
+  (* invariants processed using auxillary function *)
+  | RedParsedWhileTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (red_invariants A \<Lambda> \<Gamma> \<Omega> n_s1 bb_invariants) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, bb_hd, (KSeq (body_bbs @ [(BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)]) cont0), Normal n_s1)"
 
-  | RedParsedWhileWrapperTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); my_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (red_invariants A \<Lambda> \<Gamma> \<Omega> n_s1 my_invariants) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (WhileWrapper (ParsedWhile my_guard my_invariants (bb_hd # body_bbs)))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants (bb_hd # body_bbs))) None), (KEndBlock cont0),  Normal n_s1)"
+  | RedParsedWhileWrapperTrue: "\<lbrakk> bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (red_invariants A \<Lambda> \<Gamma> \<Omega> n_s1 bb_invariants) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (WhileWrapper (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs)))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), (KEndBlock cont0),  Normal n_s)"
 
-  | RedParsedWhileFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); my_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedWhile my_guard my_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
+  | RedParsedWhileFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
 
-  | RedParsedWhileWrapperFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); my_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (WhileWrapper (ParsedWhile my_guard my_invariants bigblocks))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
+  (* This rule could probably be subsumed into other rules but is necessary if all while loops will be surrounded by a wrapper *)
+  | RedParsedWhileWrapperFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (WhileWrapper (ParsedWhile bb_guard bb_invariants bigblocks))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
 
-  | RedBreak0: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedBreak 0)) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
+  (* Block ending with unlabeled break: Process the simple cmds, then skip everything after the break stmt and go straight to the continuation. *)
+  | RedBreak0: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak 0)) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
 
-  | RedBreakN: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedBreak n)) None), (KSeq (b # bbs) cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
+  | RedBreakN: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak n)) None), (KSeq (b # bbs) cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
 
-  | RedBreakNPlus1: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds (Some (ParsedBreak (n + 1))) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
+  | RedBreakNPlus1: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak (n + 1))) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
 
-  | RedGoto: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); (find_label label ast KStop) = Some (found_bigblock, found_cont) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock my_name simple_cmds None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, found_bigblock, found_cont, (Normal n_s1))"
+  | RedGoto: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); (find_label label ast KStop) = Some (found_bigblock, found_cont) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, found_bigblock, found_cont, (Normal n_s1))"
 
 (* function defining how to reduce an ast *)
 inductive red_bigblock_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> bigblock list  \<Rightarrow> cont \<Rightarrow> 'a ast_state \<Rightarrow> bool" 
@@ -92,6 +94,6 @@ inductive red_bigblock_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Ri
   where 
     RedEmpty:  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[], cont\<rangle> \<longrightarrow> ([], (BigBlock None [] None None), cont, Normal n_s)"
 
-  | RedAst: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(b # bs), cont\<rangle> \<longrightarrow> ((b # bs), b, (KSeq bs cont), Normal n_s)"
+  | RedAst: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(b # bbs), cont\<rangle> \<longrightarrow> ((b # bbs), b, (KSeq bbs cont), Normal n_s)"
 
 end

From 4b686519fd10799f3d89d49fa68d03a754d40203 Mon Sep 17 00:00:00 2001
From: ahubanov-eth2 <ahubanov@student.ethz.ch>
Date: Thu, 24 Mar 2022 16:33:16 +0100
Subject: [PATCH 07/74] added Failure and Magic rule + invariants

---
 BoogieLang/Ast.thy | 24 +++++++++---------------
 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 96a31a8..25af85a 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -31,12 +31,6 @@ datatype cont
 
 type_synonym 'a ast_state = "ast  * bigblock  * cont * ('a state)"
 
-(* auxillary function to check if the invariants of a loop hold true *)
-fun red_invariants :: "'a absval_ty_fun \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> 'a nstate \<Rightarrow> invariant list \<Rightarrow> bool" where
-    "red_invariants A \<Lambda> \<Gamma> \<Omega> n_s [] = True"
-  | "red_invariants A \<Lambda> \<Gamma> \<Omega> n_s (i # invs) = (if (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>i, n_s\<rangle> \<Down> LitV (LBool True)) then (red_invariants A \<Lambda> \<Gamma> \<Omega> n_s invs) else False)"
-    
-
 (* auxillary function to find the label a Goto statement is referring to *)
 fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Rightarrow> ((bigblock * cont) option)" where
     "find_label lbl [] cont = None" 
@@ -56,29 +50,29 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
   ("_,_,_,_,_ \<turnstile> ((\<langle>_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where 
-    RedSkipBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KSeq (b # bbs) cont0),  Normal n_s)\<rangle> \<longrightarrow> (ast, b, (KSeq bbs cont0), Normal n_s)"
+    RedFailure_or_Magic: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1; (s1 = Magic) \<or> (s1 = Failure) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds str_cmd tr_cmd),  cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), KStop, s1)"
+  
+  | RedSkip: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KSeq (b # bbs) cont0),  Normal n_s)\<rangle> \<longrightarrow> (ast, b, (KSeq bbs cont0), Normal n_s)"
 
   | RedSkipEndBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KEndBlock cont0),  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s)"
 
-  | RedReturn: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None (Some (Return val))),  cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), KStop, s1)"
+  | RedReturn: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None (Some (Return val))),  cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), KStop, Normal n_s1)"
 
-  | RedSimpleBigBlock: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None None),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, s1)"
+  | RedSimpleBigBlock: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None None),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
 
   | RedParsedIfTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedIf bb_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, then_hd, (KSeq then_bbs cont0), Normal n_s1)"
 
   | RedParsedIfFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedIf bb_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, else_hd, (KSeq else_bbs cont0), Normal n_s1)"
+
+  | RedParsedWhileWrapper: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (WhileWrapper (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs)))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), (KEndBlock cont0),  Normal n_s)"
  
   (* invariants processed using auxillary function *)
-  | RedParsedWhileTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (red_invariants A \<Lambda> \<Gamma> \<Omega> n_s1 bb_invariants) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, bb_hd, (KSeq (body_bbs @ [(BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)]) cont0), Normal n_s1)"
+  | RedParsedWhile_InvFail: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s  bb_invariants) = False \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), KStop, Failure)"
 
-  | RedParsedWhileWrapperTrue: "\<lbrakk> bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (red_invariants A \<Lambda> \<Gamma> \<Omega> n_s1 bb_invariants) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (WhileWrapper (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs)))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), (KEndBlock cont0),  Normal n_s)"
+  | RedParsedWhileTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s  bb_invariants) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, bb_hd, (KSeq (body_bbs @ [(BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)]) cont0), Normal n_s1)"
 
   | RedParsedWhileFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
 
-  (* This rule could probably be subsumed into other rules but is necessary if all while loops will be surrounded by a wrapper *)
-  | RedParsedWhileWrapperFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (WhileWrapper (ParsedWhile bb_guard bb_invariants bigblocks))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
-
-  (* Block ending with unlabeled break: Process the simple cmds, then skip everything after the break stmt and go straight to the continuation. *)
   | RedBreak0: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak 0)) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
 
   | RedBreakN: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak n)) None), (KSeq (b # bbs) cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"

From f99dfcaa1f1f856d8a6cae3bb3a28a254e5725c9 Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Wed, 30 Mar 2022 05:55:09 +0200
Subject: [PATCH 08/74] added definitions for correctness of AST

---
 BoogieLang/Ast.thy | 70 ++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 61 insertions(+), 9 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 25af85a..c35e40c 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -67,9 +67,9 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
   | RedParsedWhileWrapper: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (WhileWrapper (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs)))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), (KEndBlock cont0),  Normal n_s)"
  
   (* invariants processed using auxillary function *)
-  | RedParsedWhile_InvFail: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s  bb_invariants) = False \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), KStop, Failure)"
+  | RedParsedWhile_InvFail: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s1  bb_invariants) = False \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), KStop, Failure)"
 
-  | RedParsedWhileTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s  bb_invariants) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, bb_hd, (KSeq (body_bbs @ [(BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)]) cont0), Normal n_s1)"
+  | RedParsedWhileTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s1  bb_invariants) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, bb_hd, (KSeq (body_bbs @ [(BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)]) cont0), Normal n_s1)"
 
   | RedParsedWhileFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
 
@@ -81,13 +81,65 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
 
   | RedGoto: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); (find_label label ast KStop) = Some (found_bigblock, found_cont) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, found_bigblock, found_cont, (Normal n_s1))"
 
-(* function defining how to reduce an ast *)
-inductive red_bigblock_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> bigblock list  \<Rightarrow> cont \<Rightarrow> 'a ast_state \<Rightarrow> bool" 
-  ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
+(* defining correctness of the AST *)
+fun get_state :: "'a ast_state \<Rightarrow> 'a state"
+  where
+    "get_state (ast, bb, cont, s1) = s1"
+
+fun is_final :: "'a ast_state \<Rightarrow> bool" 
+  where
+    "is_final (ast, (BigBlock None [] None None), KStop, s1) = True"
+  | "is_final other = False"
+
+fun init_ast :: "ast \<Rightarrow> 'a nstate \<Rightarrow> 'a ast_state"
+  where
+    "init_ast [] ns1 = ([], (BigBlock None [] None None), KStop, Normal ns1)"
+  | "init_ast (b#bbs) ns1 = ((b#bbs), b, KStop, Normal ns1)"
+
+definition valid_configuration 
+  where "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts ast_state \<equiv> 
+         (get_state ast_state) \<noteq> Failure \<and> 
+         (is_final ast_state \<longrightarrow> (\<forall>ns'. (get_state ast_state) = Normal ns' \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns' posts))"
+
+definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool"
+  where "proc_body_satisfies_spec A M \<Lambda> \<Gamma> \<Omega> pres posts (ast) ns \<equiv>
+         expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns pres \<longrightarrow> 
+          (\<forall> ast_reached. (rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega>) (init_ast ast ns) ast_reached) \<longrightarrow> 
+                    valid_configuration A \<Lambda> \<Gamma> \<Omega> posts ast_reached)"
+
+record ast_procedure =
+  proc_ty_args :: nat
+  proc_args :: vdecls
+  proc_rets :: vdecls
+  proc_modifs :: "vname list"
+  proc_pres :: "(expr \<times> bool) list" 
+  proc_posts :: "(expr \<times> bool) list"
+  proc_body :: "(vdecls \<times> ast) option"
+
+fun proc_all_pres :: "ast_procedure \<Rightarrow> expr list"
+  where "proc_all_pres p = map fst (proc_pres p)"
+
+fun proc_checked_posts :: "ast_procedure \<Rightarrow> expr list"
+  where "proc_checked_posts p = map fst (filter (\<lambda>x. \<not> snd(x)) (proc_posts p))"
+
+fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdecls \<Rightarrow> vdecls \<Rightarrow> axiom list \<Rightarrow> ast_procedure \<Rightarrow> bool"
   where 
-    RedEmpty:  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[], cont\<rangle> \<longrightarrow> ([], (BigBlock None [] None None), cont, Normal n_s)"
-
-  | RedAst: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(b # bbs), cont\<rangle> \<longrightarrow> ((b # bbs), b, (KSeq bbs cont), Normal n_s)"
+    "proc_is_correct A fun_decls constants global_vars axioms proc =
+      (case proc_body(proc) of
+        Some (locals, ast) \<Rightarrow>
+          ( ( (\<forall>t. closed t \<longrightarrow> (\<exists>v. type_of_val A (v :: 'a val) = t)) \<and> (\<forall>v. closed ((type_of_val A) v)) ) \<longrightarrow>
+          (\<forall> \<Gamma>. fun_interp_wf A fun_decls \<Gamma> \<longrightarrow>
+          (
+             (\<forall>\<Omega> gs ls. (list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc) \<longrightarrow>        
+             (state_typ_wf A \<Omega> gs (constants @ global_vars) \<longrightarrow>
+              state_typ_wf A \<Omega> ls ((proc_args proc)@ (locals @ proc_rets proc)) \<longrightarrow>
+              (axioms_sat A (constants, []) \<Gamma> (global_to_nstate (state_restriction gs constants)) axioms) \<longrightarrow>            
+              proc_body_satisfies_spec A [] (constants@global_vars, (proc_args proc)@(locals@(proc_rets proc))) \<Gamma> \<Omega> 
+                                       (proc_all_pres proc) (proc_checked_posts proc) ast 
+                                       \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> )
+            )
+          )))
+      | None \<Rightarrow> True)"
 
 end
+

From cd33348ccdeb5c311a7d17120d4f9e223363ba5e Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Sat, 2 Apr 2022 03:19:36 +0200
Subject: [PATCH 09/74] added an ast-to-cfg relation function (doesn't work for
 breaks and gotos)

---
 BoogieLang/Ast.thy | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index c35e40c..7e929ca 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -141,5 +141,34 @@ fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdec
           )))
       | None \<Rightarrow> True)"
 
+
+inductive ast_cfg_rel_block_list :: "mbodyCFG \<Rightarrow> ast \<Rightarrow> bigblock list \<Rightarrow> block \<Rightarrow> block list \<Rightarrow> bool"
+  ("_,_ \<turnstile> (\<langle>_\<rangle> [\<leadsto>]/ _, _)" [51,0,0,0] 81)
+  for G :: "mbodyCFG"
+  where      
+     RelateEmpty: "G, ast \<turnstile> \<langle>[]\<rangle> [\<leadsto>] [], []"
+
+    (* what's the output of out_edges if there are no successors? *)
+    | RelateSimpleBlock: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n'; G, ast \<turnstile> \<langle>b#bbs\<rangle> [\<leadsto>] node_to_block(G) ! n', exit \<rbrakk> \<Longrightarrow>  G, ast \<turnstile> \<langle>(BigBlock _ cmds None None)#(b#bbs)\<rangle> [\<leadsto>] (node_to_block(G) ! n), exit"
+
+    | RelateIfBlockNoGuard: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n1; List.member (out_edges(G) ! n) n2; (node_to_block(G) ! n1) = then_beginning; (node_to_block(G) ! n2) = else_beginning; G, ast \<turnstile> \<langle>then_bbs @ (b#bbs)\<rangle> [\<leadsto>] then_beginning, end_then; G, ast \<turnstile> \<langle>else_bbs @ (b#bbs)\<rangle> [\<leadsto>] else_beginning, end_else \<rbrakk> \<Longrightarrow>  G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedIf None then_bbs else_bbs)) None)#(b#bbs)\<rangle> [\<leadsto>] (node_to_block(G) ! n), (end_then @ end_else)"
+    
+    | RelateIfBlock: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n1; List.member (out_edges(G) ! n) n2; (node_to_block(G) ! n1) = then_beginning; (node_to_block(G) ! n2) = else_beginning; G, ast \<turnstile> \<langle>((BigBlock then_name ((Assume guard)#then_cmds) str tr)#then_bbs) @ (b#bbs)\<rangle> [\<leadsto>] then_beginning, end_then; G, ast \<turnstile> \<langle>((BigBlock else_name ((Assume (Unop Not guard))#else_cmds) str tr)#else_bbs) @ (b#bbs)\<rangle> [\<leadsto>] else_beginning, end_else \<rbrakk> \<Longrightarrow>  G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedIf (Some guard) ((BigBlock then_name then_cmds str tr)#then_bbs) ((BigBlock else_name else_cmds str tr)#else_bbs))) None)#(b#bbs)\<rangle> [\<leadsto>] (node_to_block(G) ! n), (end_then @ end_else)"
+
+    (* how should invariants be accounted for in the while rules? *)
+    | RelateWhileBlockNoGuard: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n1; (node_to_block(G) ! n1) = body_beginning; G, ast \<turnstile> \<langle>body_bbs @ (b#bbs)\<rangle> [\<leadsto>] body_beginning, end \<rbrakk> \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedWhile (Some guard) invs body_bbs)) None)#(b#bbs)\<rangle> [\<leadsto>] (node_to_block(G) ! n), end" 
+
+    | RelateWhileBlock: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n1; (node_to_block(G) ! n1) = body_beginning; G, ast \<turnstile> \<langle>((BigBlock body_name ((Assume guard)#body_cmds) str tr)#body_bbs) @ (b#bbs)\<rangle> [\<leadsto>] body_beginning, end \<rbrakk> \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedWhile (Some guard) invs ((BigBlock body_name body_cmds str tr)#body_bbs))) None)#(b#bbs)\<rangle> [\<leadsto>] (node_to_block(G) ! n), end" 
+
+    (* FIXME: rules for break and goto don't work *)
+
+    (*
+    | RelateBreakBlock: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n' \<rbrakk> \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedBreak num)) None)\<rangle> \<leadsto> (node_to_block(G) ! n), (node_to_block(G) ! n')" 
+    
+    | RelateGotoBlock: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n'; (find_label lbl ast KStop) = Some (found_bb, found_cont); G, ast \<turnstile> \<langle>found_bb\<rangle> \<leadsto> (node_to_block(G) ! n'), exit \<rbrakk> \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds None (Some (Goto lbl)))\<rangle> [\<leadsto>] (node_to_block(G) ! n)#(b#bbs), exit"
+    *)
+
+    | RelateReturnBlock: "\<lbrakk> (node_to_block(G) ! n) = cmds; (out_edges(G) ! n) = [] \<rbrakk> \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds None (Some (Return opt_val)))#anything\<rangle> [\<leadsto>] (node_to_block(G) ! n), []"
+
 end
 

From b383517757dc1e9c18bd2f3ad91ebe4d18cc2b3e Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Tue, 5 Apr 2022 12:23:19 +0200
Subject: [PATCH 10/74] refactored the code

---
 BoogieLang/Ast.thy | 223 ++++++++++++++++++++++++++++++++++++---------
 1 file changed, 179 insertions(+), 44 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 7e929ca..5d7cb72 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -34,13 +34,34 @@ type_synonym 'a ast_state = "ast  * bigblock  * cont * ('a state)"
 (* auxillary function to find the label a Goto statement is referring to *)
 fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Rightarrow> ((bigblock * cont) option)" where
     "find_label lbl [] cont = None" 
-  | "find_label lbl ((BigBlock bb_name cmds None None) # []) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None None), cont)) else (None))" 
-  | "find_label lbl ((BigBlock bb_name cmds None None) # bbs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None None), (KSeq bbs cont))) else (find_label lbl bbs cont))" 
-  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None) # bbs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (KSeq bbs cont))) else (if (find_label lbl then_bbs cont \<noteq> None) then (find_label lbl (then_bbs @ bbs) cont) else (find_label lbl (else_bbs @ bbs) cont)))" 
-  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None) # bbs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (KSeq bbs cont))) else (if (find_label lbl body_bbs cont \<noteq> None) then (find_label lbl body_bbs (KSeq ((BigBlock None [] (Some (ParsedWhile guard invariants body_bbs)) None) # bbs) cont)) else (find_label lbl bbs cont)))"  
-  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedBreak n)) None) # bbs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds (Some (ParsedBreak n)) None), (KSeq bbs cont))) else (find_label lbl bbs cont))" 
-  | "find_label lbl ((BigBlock bb_name cmds (Some (WhileWrapper while_loop)) None) # bbs) cont = find_label lbl ((BigBlock bb_name cmds (Some while_loop) None) # bbs) cont"
-  | "find_label lbl ((BigBlock bb_name cmds None (Some transfer_stmt)) # bbs) cont = (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (KSeq bbs cont))) else (find_label lbl bbs cont))"
+  | "find_label lbl ((BigBlock bb_name cmds None None) # []) cont = 
+      (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None None), cont)) else (None))" 
+  | "find_label lbl ((BigBlock bb_name cmds None None) # bbs) cont = 
+      (if (Some lbl = bb_name) 
+        then (Some ((BigBlock bb_name cmds None None), (KSeq bbs cont))) 
+        else (find_label lbl bbs cont))" 
+  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None) # bbs) cont = 
+      (if (Some lbl = bb_name) 
+        then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (KSeq bbs cont))) 
+        else (if (find_label lbl then_bbs cont \<noteq> None) 
+                then (find_label lbl (then_bbs @ bbs) cont) 
+                else (find_label lbl (else_bbs @ bbs) cont)))" 
+  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None) # bbs) cont = 
+      (if (Some lbl = bb_name) 
+        then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (KSeq bbs cont))) 
+        else (if (find_label lbl body_bbs cont \<noteq> None) 
+                then (find_label lbl body_bbs (KSeq ((BigBlock None [] (Some (ParsedWhile guard invariants body_bbs)) None) # bbs) cont)) 
+                else (find_label lbl bbs cont)))"  
+  | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedBreak n)) None) # bbs) cont = 
+      (if (Some lbl = bb_name) 
+        then (Some ((BigBlock bb_name cmds (Some (ParsedBreak n)) None), (KSeq bbs cont))) 
+        else (find_label lbl bbs cont))" 
+  | "find_label lbl ((BigBlock bb_name cmds (Some (WhileWrapper while_loop)) None) # bbs) cont = 
+      find_label lbl ((BigBlock bb_name cmds (Some while_loop) None) # bbs) cont"
+  | "find_label lbl ((BigBlock bb_name cmds None (Some transfer_stmt)) # bbs) cont = 
+      (if (Some lbl = bb_name) 
+        then (Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (KSeq bbs cont))) 
+        else (find_label lbl bbs cont))"
   | "find_label lbl ((BigBlock bb_name cmds (Some s) (Some t)) # bbs) cont = None"
 
 
@@ -50,36 +71,99 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
   ("_,_,_,_,_ \<turnstile> ((\<langle>_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where 
-    RedFailure_or_Magic: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1; (s1 = Magic) \<or> (s1 = Failure) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds str_cmd tr_cmd),  cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), KStop, s1)"
+    RedFailure_or_Magic: 
+    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1; 
+      (s1 = Magic) \<or> (s1 = Failure) \<rbrakk> 
+      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds str_cmd tr_cmd),  cont0, Normal n_s)\<rangle> \<longrightarrow> 
+                          (ast, (BigBlock None [] None None), KStop, s1)"
   
-  | RedSkip: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KSeq (b # bbs) cont0),  Normal n_s)\<rangle> \<longrightarrow> (ast, b, (KSeq bbs cont0), Normal n_s)"
-
-  | RedSkipEndBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KEndBlock cont0),  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s)"
-
-  | RedReturn: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None (Some (Return val))),  cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), KStop, Normal n_s1)"
-
-  | RedSimpleBigBlock: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None None),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
-
-  | RedParsedIfTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedIf bb_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, then_hd, (KSeq then_bbs cont0), Normal n_s1)"
-
-  | RedParsedIfFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedIf bb_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, else_hd, (KSeq else_bbs cont0), Normal n_s1)"
-
-  | RedParsedWhileWrapper: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (WhileWrapper (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs)))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), (KEndBlock cont0),  Normal n_s)"
+  | RedSkip: 
+    "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KSeq (b # bbs) cont0),  Normal n_s)\<rangle> \<longrightarrow> 
+                    (ast, b, (KSeq bbs cont0), Normal n_s)"
+
+  | RedSkipEndBlock: 
+    "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KEndBlock cont0),  Normal n_s)\<rangle> \<longrightarrow> 
+                    (ast, (BigBlock None [] None None), cont0, Normal n_s)"
+
+  | RedReturn: 
+    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> 
+      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None (Some (Return val))),  cont0, Normal n_s)\<rangle> \<longrightarrow> 
+                          (ast, (BigBlock None [] None None), KStop, Normal n_s1)"
+
+  | RedSimpleBigBlock: 
+    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> 
+      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None None),  cont0,  Normal n_s)\<rangle> \<longrightarrow> 
+                          (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
+
+  | RedParsedIfTrue: 
+    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); 
+       bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  
+      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds 
+                                (Some (ParsedIf bb_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> 
+                          (ast, then_hd, (KSeq then_bbs cont0), Normal n_s1)"
+
+  | RedParsedIfFalse: 
+    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); 
+       bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk> 
+      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds
+                                (Some (ParsedIf bb_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow>
+                          (ast, else_hd, (KSeq else_bbs cont0), Normal n_s1)"
+
+  | RedParsedWhileWrapper: 
+    "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> 
+      \<langle>(ast, (BigBlock bb_name simple_cmds 
+              (Some (WhileWrapper (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs)))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow>
+        (ast, (BigBlock bb_name simple_cmds 
+                (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), (KEndBlock cont0),  Normal n_s)"
  
   (* invariants processed using auxillary function *)
-  | RedParsedWhile_InvFail: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s1  bb_invariants) = False \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), KStop, Failure)"
-
-  | RedParsedWhileTrue: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s1  bb_invariants) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, bb_hd, (KSeq (body_bbs @ [(BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)]) cont0), Normal n_s1)"
-
-  | RedParsedWhileFalse: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedWhile bb_guard bb_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
-
-  | RedBreak0: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak 0)) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
-
-  | RedBreakN: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak n)) None), (KSeq (b # bbs) cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
-
-  | RedBreakNPlus1: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak (n + 1))) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
-
-  | RedGoto: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); (find_label label ast KStop) = Some (found_bigblock, found_cont) \<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> (ast, found_bigblock, found_cont, (Normal n_s1))"
+  | RedParsedWhile_InvFail: 
+    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); 
+       bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); 
+      (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s1  bb_invariants) = False \<rbrakk> 
+      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> 
+           \<langle>(ast, (BigBlock bb_name simple_cmds 
+                    (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> 
+              (ast, (BigBlock None [] None None), KStop, Failure)"
+
+  | RedParsedWhileTrue: 
+    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); 
+       bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); 
+       (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s1  bb_invariants) \<rbrakk> 
+       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> 
+            \<langle>(ast, (BigBlock bb_name simple_cmds 
+                     (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> 
+              (ast, bb_hd, (KSeq (body_bbs @ [(BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)]) cont0), Normal n_s1)"
+
+  | RedParsedWhileFalse: 
+    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); 
+       bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  
+       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds 
+                                (Some (ParsedWhile bb_guard bb_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> 
+                          (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
+
+  | RedBreak0: 
+    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> 
+       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak 0)) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> 
+                          (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
+
+  | RedBreakN: 
+    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> 
+      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> 
+           \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak n)) None), (KSeq (b # bbs) cont0), Normal n_s)\<rangle> \<longrightarrow> 
+            (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
+
+  | RedBreakNPlus1: 
+    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> 
+      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> 
+           \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak (n + 1))) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> 
+            (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
+
+  | RedGoto: 
+    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); 
+      (find_label label ast KStop) = Some (found_bigblock, found_cont) \<rbrakk> 
+      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> 
+      (ast, found_bigblock, found_cont, (Normal n_s1))"
 
 (* defining correctness of the AST *)
 fun get_state :: "'a ast_state \<Rightarrow> 'a state"
@@ -149,26 +233,77 @@ inductive ast_cfg_rel_block_list :: "mbodyCFG \<Rightarrow> ast \<Rightarrow> bi
      RelateEmpty: "G, ast \<turnstile> \<langle>[]\<rangle> [\<leadsto>] [], []"
 
     (* what's the output of out_edges if there are no successors? *)
-    | RelateSimpleBlock: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n'; G, ast \<turnstile> \<langle>b#bbs\<rangle> [\<leadsto>] node_to_block(G) ! n', exit \<rbrakk> \<Longrightarrow>  G, ast \<turnstile> \<langle>(BigBlock _ cmds None None)#(b#bbs)\<rangle> [\<leadsto>] (node_to_block(G) ! n), exit"
-
-    | RelateIfBlockNoGuard: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n1; List.member (out_edges(G) ! n) n2; (node_to_block(G) ! n1) = then_beginning; (node_to_block(G) ! n2) = else_beginning; G, ast \<turnstile> \<langle>then_bbs @ (b#bbs)\<rangle> [\<leadsto>] then_beginning, end_then; G, ast \<turnstile> \<langle>else_bbs @ (b#bbs)\<rangle> [\<leadsto>] else_beginning, end_else \<rbrakk> \<Longrightarrow>  G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedIf None then_bbs else_bbs)) None)#(b#bbs)\<rangle> [\<leadsto>] (node_to_block(G) ! n), (end_then @ end_else)"
+    | RelateSimpleBlock: 
+      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
+       List.member (out_edges(G) ! n) n'; 
+       G, ast \<turnstile> \<langle>b#bbs\<rangle> [\<leadsto>] node_to_block(G) ! n', exit \<rbrakk>
+       \<Longrightarrow>  G, ast \<turnstile> \<langle>(BigBlock _ cmds None None)#(b#bbs)\<rangle> [\<leadsto>] 
+                        (node_to_block(G) ! n), exit"
+
+    | RelateIfBlockNoGuard: 
+      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
+         List.member (out_edges(G) ! n) n1; 
+         List.member (out_edges(G) ! n) n2; 
+         (node_to_block(G) ! n1) = then_beginning; 
+         (node_to_block(G) ! n2) = else_beginning; 
+         G, ast \<turnstile> \<langle>then_bbs @ (b#bbs)\<rangle> [\<leadsto>] then_beginning, end_then; 
+         G, ast \<turnstile> \<langle>else_bbs @ (b#bbs)\<rangle> [\<leadsto>] else_beginning, end_else \<rbrakk> 
+         \<Longrightarrow>  G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedIf None then_bbs else_bbs)) None)#(b#bbs)\<rangle> [\<leadsto>] 
+                          (node_to_block(G) ! n), (end_then @ end_else)"
     
-    | RelateIfBlock: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n1; List.member (out_edges(G) ! n) n2; (node_to_block(G) ! n1) = then_beginning; (node_to_block(G) ! n2) = else_beginning; G, ast \<turnstile> \<langle>((BigBlock then_name ((Assume guard)#then_cmds) str tr)#then_bbs) @ (b#bbs)\<rangle> [\<leadsto>] then_beginning, end_then; G, ast \<turnstile> \<langle>((BigBlock else_name ((Assume (Unop Not guard))#else_cmds) str tr)#else_bbs) @ (b#bbs)\<rangle> [\<leadsto>] else_beginning, end_else \<rbrakk> \<Longrightarrow>  G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedIf (Some guard) ((BigBlock then_name then_cmds str tr)#then_bbs) ((BigBlock else_name else_cmds str tr)#else_bbs))) None)#(b#bbs)\<rangle> [\<leadsto>] (node_to_block(G) ! n), (end_then @ end_else)"
+    | RelateIfBlock: 
+      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
+         List.member (out_edges(G) ! n) n1; 
+         List.member (out_edges(G) ! n) n2; 
+         (node_to_block(G) ! n1) = then_beginning; 
+         (node_to_block(G) ! n2) = else_beginning; 
+         G, ast \<turnstile> \<langle>((BigBlock then_name ((Assume guard)#then_cmds) str tr)#then_bbs) @ (b#bbs)\<rangle> [\<leadsto>] 
+                      then_beginning, end_then; 
+         G, ast \<turnstile> \<langle>((BigBlock else_name ((Assume (Unop Not guard))#else_cmds) str tr)#else_bbs) @ (b#bbs)\<rangle> [\<leadsto>] 
+                      else_beginning, end_else \<rbrakk> 
+         \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedIf (Some guard) ((BigBlock then_name then_cmds str tr)#then_bbs) 
+                         ((BigBlock else_name else_cmds str tr)#else_bbs))) None)#(b#bbs)\<rangle> [\<leadsto>] 
+                           (node_to_block(G) ! n), (end_then @ end_else)"
 
     (* how should invariants be accounted for in the while rules? *)
-    | RelateWhileBlockNoGuard: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n1; (node_to_block(G) ! n1) = body_beginning; G, ast \<turnstile> \<langle>body_bbs @ (b#bbs)\<rangle> [\<leadsto>] body_beginning, end \<rbrakk> \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedWhile (Some guard) invs body_bbs)) None)#(b#bbs)\<rangle> [\<leadsto>] (node_to_block(G) ! n), end" 
-
-    | RelateWhileBlock: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n1; (node_to_block(G) ! n1) = body_beginning; G, ast \<turnstile> \<langle>((BigBlock body_name ((Assume guard)#body_cmds) str tr)#body_bbs) @ (b#bbs)\<rangle> [\<leadsto>] body_beginning, end \<rbrakk> \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedWhile (Some guard) invs ((BigBlock body_name body_cmds str tr)#body_bbs))) None)#(b#bbs)\<rangle> [\<leadsto>] (node_to_block(G) ! n), end" 
+    | RelateWhileBlockNoGuard: 
+      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
+         List.member (out_edges(G) ! n) n1; 
+         (node_to_block(G) ! n1) = body_beginning; 
+         G, ast \<turnstile> \<langle>body_bbs @ (bbs)\<rangle> [\<leadsto>] body_beginning, end \<rbrakk> 
+         \<Longrightarrow> G, ast \<turnstile>  \<langle>(BigBlock _ cmds (Some (ParsedWhile (Some guard) invs body_bbs)) None)#(bbs)\<rangle> [\<leadsto>] 
+                          (node_to_block(G) ! n), end" 
+
+    | RelateWhileBlock: 
+      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
+         List.member (out_edges(G) ! n) n1;
+         (node_to_block(G) ! n1) = body_beginning; 
+         G, ast \<turnstile> \<langle>((BigBlock body_name ((Assume guard)#body_cmds) str tr)#body_bbs) @ (b#bbs)\<rangle> [\<leadsto>] body_beginning, end \<rbrakk> 
+         \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds 
+                        (Some (ParsedWhile (Some guard) invs 
+                          ((BigBlock body_name body_cmds str tr)#body_bbs))) None)#(b#bbs)\<rangle> [\<leadsto>] 
+                            (node_to_block(G) ! n), end" 
 
     (* FIXME: rules for break and goto don't work *)
 
     (*
-    | RelateBreakBlock: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n' \<rbrakk> \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedBreak num)) None)\<rangle> \<leadsto> (node_to_block(G) ! n), (node_to_block(G) ! n')" 
+    | RelateBreakBlock: 
+      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
+         List.member (out_edges(G) ! n) n' \<rbrakk> 
+         \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedBreak num)) None)\<rangle> \<leadsto> 
+         (node_to_block(G) ! n), (node_to_block(G) ! n')" 
     
-    | RelateGotoBlock: "\<lbrakk> (node_to_block(G) ! n) = cmds; List.member (out_edges(G) ! n) n'; (find_label lbl ast KStop) = Some (found_bb, found_cont); G, ast \<turnstile> \<langle>found_bb\<rangle> \<leadsto> (node_to_block(G) ! n'), exit \<rbrakk> \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds None (Some (Goto lbl)))\<rangle> [\<leadsto>] (node_to_block(G) ! n)#(b#bbs), exit"
+    | RelateGotoBlock: 
+      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
+         List.member (out_edges(G) ! n) n'; 
+         (find_label lbl ast KStop) = Some (found_bb, found_cont); 
+         G, ast \<turnstile> \<langle>found_bb\<rangle> \<leadsto> (node_to_block(G) ! n'), exit \<rbrakk> 
+         \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds None (Some (Goto lbl)))\<rangle> [\<leadsto>] (node_to_block(G) ! n)#(b#bbs), exit"
     *)
 
-    | RelateReturnBlock: "\<lbrakk> (node_to_block(G) ! n) = cmds; (out_edges(G) ! n) = [] \<rbrakk> \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds None (Some (Return opt_val)))#anything\<rangle> [\<leadsto>] (node_to_block(G) ! n), []"
+    | RelateReturnBlock: 
+      "\<lbrakk> (node_to_block(G) ! n) = cmds; (out_edges(G) ! n) = [] \<rbrakk> 
+          \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds None (Some (Return opt_val)))#anything\<rangle> [\<leadsto>] (node_to_block(G) ! n), []"
 
 end
 

From c42b77804a47a1451ce77c913494313b89ed2b88 Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Fri, 22 Apr 2022 10:40:02 +0200
Subject: [PATCH 11/74] latest version of ast.thy

---
 BoogieLang/Ast.thy | 289 +++++++++++++++++++++------------------------
 1 file changed, 133 insertions(+), 156 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 5d7cb72..ebcd200 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -1,5 +1,5 @@
 theory Ast
-  imports Main Semantics Lang
+  imports Main Semantics Lang BackedgeElim
 
 begin
 
@@ -29,7 +29,7 @@ datatype cont
  | KSeq "bigblock list" cont
  | KEndBlock cont 
 
-type_synonym 'a ast_state = "ast  * bigblock  * cont * ('a state)"
+type_synonym 'a ast_config = "bigblock * cont * ('a state)"
 
 (* auxillary function to find the label a Goto statement is referring to *)
 fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Rightarrow> ((bigblock * cont) option)" where
@@ -67,128 +67,135 @@ fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Righta
 
 (* function defining the semantics of bigblocks; small-step semantics *)
 (* Note: arrow symbols in the 'syntactic sugar' clash if the exact same syntax is used as in red_cmd *)
-inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> 'a ast_state \<Rightarrow> 'a ast_state \<Rightarrow> bool" 
-  ("_,_,_,_,_ \<turnstile> ((\<langle>_\<rangle>) \<longrightarrow>/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
-  where 
-    RedFailure_or_Magic: 
-    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] s1; 
-      (s1 = Magic) \<or> (s1 = Failure) \<rbrakk> 
-      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds str_cmd tr_cmd),  cont0, Normal n_s)\<rangle> \<longrightarrow> 
-                          (ast, (BigBlock None [] None None), KStop, s1)"
+inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
+  ("_,_,_,_,_,_ \<turnstile> (\<langle>_\<rangle> \<longrightarrow>/ _)" [51,0,0,0] 81)
+  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
+  where
+ (* RedStatic: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>a\<rangle> \<longrightarrow> a" *)
+  
+    RedSimpleCmds: 
+    "\<lbrakk>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> 
+      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name cs str_cmd tr_cmd), cont0, Normal n_s)\<rangle> \<longrightarrow> 
+                              ((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1)"  
+
+  | RedFailure_or_Magic: 
+    "\<lbrakk> (s1 = Magic) \<or> (s1 = Failure) \<rbrakk> 
+      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1)\<rangle> \<longrightarrow> 
+                          ((BigBlock bb_name [] None None), KStop, s1)"
+
+  (* TODO: figure out when this rule would be used *)
+  | RedSkip_emptyCont: 
+    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None None),  (KSeq [] cont0),  Normal n_s)\<rangle> \<longrightarrow> 
+                    ((BigBlock bb_name [] None None), cont0, Normal n_s)"
   
   | RedSkip: 
-    "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KSeq (b # bbs) cont0),  Normal n_s)\<rangle> \<longrightarrow> 
-                    (ast, b, (KSeq bbs cont0), Normal n_s)"
+    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None None),  (KSeq (b # bbs) cont0),  Normal n_s)\<rangle> \<longrightarrow> 
+                    (b, (KSeq bbs cont0), Normal n_s)"
 
   | RedSkipEndBlock: 
-    "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock None [] None None),  (KEndBlock cont0),  Normal n_s)\<rangle> \<longrightarrow> 
-                    (ast, (BigBlock None [] None None), cont0, Normal n_s)"
+    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None None),  (KEndBlock cont0),  Normal n_s)\<rangle> \<longrightarrow> 
+                    ((BigBlock bb_name [] None None), cont0, Normal n_s)"
 
   | RedReturn: 
-    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> 
-      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None (Some (Return val))),  cont0, Normal n_s)\<rangle> \<longrightarrow> 
-                          (ast, (BigBlock None [] None None), KStop, Normal n_s1)"
-
-  | RedSimpleBigBlock: 
-    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> 
-      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None None),  cont0,  Normal n_s)\<rangle> \<longrightarrow> 
-                          (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
+    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock bb_name [] None (Some (Return val)),  cont0, Normal n_s)\<rangle> \<longrightarrow> 
+                          ((BigBlock bb_name [] None None), KStop, Normal n_s)"
 
   | RedParsedIfTrue: 
-    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); 
-       bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  
-      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds 
+    "\<lbrakk> bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  
+        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] 
                                 (Some (ParsedIf bb_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> 
-                          (ast, then_hd, (KSeq then_bbs cont0), Normal n_s1)"
+                            (then_hd, (KSeq then_bbs cont0), Normal n_s)"
 
   | RedParsedIfFalse: 
-    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); 
-       bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk> 
-      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds
+    "\<lbrakk> bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk> 
+        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name []
                                 (Some (ParsedIf bb_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow>
-                          (ast, else_hd, (KSeq else_bbs cont0), Normal n_s1)"
+                            (else_hd, (KSeq else_bbs cont0), Normal n_s)"
 
   | RedParsedWhileWrapper: 
-    "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> 
-      \<langle>(ast, (BigBlock bb_name simple_cmds 
+    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
+      \<langle>((BigBlock bb_name [] 
               (Some (WhileWrapper (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs)))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow>
-        (ast, (BigBlock bb_name simple_cmds 
+        ((BigBlock bb_name [] 
                 (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), (KEndBlock cont0),  Normal n_s)"
  
-  (* invariants processed using auxillary function *)
   | RedParsedWhile_InvFail: 
-    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); 
-       bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); 
-      (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s1  bb_invariants) = False \<rbrakk> 
-      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> 
-           \<langle>(ast, (BigBlock bb_name simple_cmds 
+    "\<lbrakk> bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); 
+       bb_invariants = invs1@[I]@invs2;
+       expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s invs1;
+       A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>I, n_s\<rangle> \<Down> BoolV False \<rbrakk> 
+       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
+           \<langle>((BigBlock bb_name [] 
                     (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> 
-              (ast, (BigBlock None [] None None), KStop, Failure)"
+              ((BigBlock bb_name [] None None), KStop, Failure)"
 
   | RedParsedWhileTrue: 
-    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); 
-       bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); 
-       (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s1  bb_invariants) \<rbrakk> 
-       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> 
-            \<langle>(ast, (BigBlock bb_name simple_cmds 
+    "\<lbrakk>  bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); 
+       (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s1 bb_invariants) \<rbrakk> 
+       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
+            \<langle>((BigBlock bb_name [] 
                      (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> 
-              (ast, bb_hd, (KSeq (body_bbs @ [(BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)]) cont0), Normal n_s1)"
+              (bb_hd, (KSeq (body_bbs @ [(BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)]) cont0), Normal n_s)"
 
   | RedParsedWhileFalse: 
-    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); 
-       bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk>  
-       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds 
+    "\<lbrakk> bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False);
+       (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s1 bb_invariants) \<rbrakk>  
+       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] 
                                 (Some (ParsedWhile bb_guard bb_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> 
-                          (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
+                          ((BigBlock bb_name [] None None), cont0, Normal n_s)"
 
   | RedBreak0: 
-    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> 
-       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak 0)) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> 
-                          (ast, (BigBlock None [] None None), cont0, Normal n_s1)"
+    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] (Some (ParsedBreak 0)) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> 
+                          ((BigBlock bb_name [] None None), cont0, Normal n_s)"
 
   | RedBreakN: 
-    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> 
-      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> 
-           \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak n)) None), (KSeq (b # bbs) cont0), Normal n_s)\<rangle> \<longrightarrow> 
-            (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
+    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
+           \<langle>((BigBlock bb_name [] (Some (ParsedBreak n)) None), (KSeq bbs cont0), Normal n_s)\<rangle> \<longrightarrow> 
+            ((BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s)"
 
   | RedBreakNPlus1: 
-    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1) \<rbrakk> 
-      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> 
-           \<langle>(ast, (BigBlock bb_name simple_cmds (Some (ParsedBreak (n + 1))) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> 
-            (ast, (BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
+    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
+           \<langle>((BigBlock bb_name [] (Some (ParsedBreak (n + 1))) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> 
+            ((BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
 
   | RedGoto: 
-    "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>simple_cmds, (Normal n_s)\<rangle> [\<rightarrow>] (Normal n_s1); 
-      (find_label label ast KStop) = Some (found_bigblock, found_cont) \<rbrakk> 
-      \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(ast, (BigBlock bb_name simple_cmds None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> 
-      (ast, found_bigblock, found_cont, (Normal n_s1))"
+    "\<lbrakk> (find_label label ast KStop) = Some (found_bigblock, found_cont) \<rbrakk> 
+        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> 
+                            (found_bigblock, found_cont, (Normal n_s))"
+
+inductive red_bigblock_trans :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
+  ("_,_,_,_,_,_ \<turnstile> (\<langle>_\<rangle> [\<longrightarrow>]/ _)" [51,0,0,0] 81)
+  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
+  where
+    BBRefl: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>config\<rangle> [\<longrightarrow>] config"
+  | BBTrans: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>start_config\<rangle> \<longrightarrow> inter_config;  A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>inter_config\<rangle> [\<longrightarrow>] end_config\<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>start_config\<rangle> [\<longrightarrow>] end_config"
+
+
 
 (* defining correctness of the AST *)
-fun get_state :: "'a ast_state \<Rightarrow> 'a state"
+fun get_state :: "'a ast_config \<Rightarrow> 'a state"
   where
-    "get_state (ast, bb, cont, s1) = s1"
+    "get_state (bb, cont, s1) = s1"
 
-fun is_final :: "'a ast_state \<Rightarrow> bool" 
+fun is_final :: "'a ast_config \<Rightarrow> bool" 
   where
-    "is_final (ast, (BigBlock None [] None None), KStop, s1) = True"
+    "is_final ((BigBlock bb_name [] None None), KStop, s1) = True"
   | "is_final other = False"
 
-fun init_ast :: "ast \<Rightarrow> 'a nstate \<Rightarrow> 'a ast_state"
+fun init_ast :: "ast \<Rightarrow> 'a nstate \<Rightarrow> 'a ast_config"
   where
-    "init_ast [] ns1 = ([], (BigBlock None [] None None), KStop, Normal ns1)"
-  | "init_ast (b#bbs) ns1 = ((b#bbs), b, KStop, Normal ns1)"
+    "init_ast [] ns1 = ((BigBlock None [] None None), KStop, Normal ns1)"
+  | "init_ast (b#bbs) ns1 = (b, (KSeq bbs KStop), Normal ns1)"
 
 definition valid_configuration 
-  where "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts ast_state \<equiv> 
-         (get_state ast_state) \<noteq> Failure \<and> 
-         (is_final ast_state \<longrightarrow> (\<forall>ns'. (get_state ast_state) = Normal ns' \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns' posts))"
+  where "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts ast_config \<equiv> 
+         (get_state ast_config) \<noteq> Failure \<and> 
+         (is_final ast_config \<longrightarrow> (\<forall>ns'. (get_state ast_config) = Normal ns' \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns' posts))"
 
 definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool"
-  where "proc_body_satisfies_spec A M \<Lambda> \<Gamma> \<Omega> pres posts (ast) ns \<equiv>
+  where "proc_body_satisfies_spec A M \<Lambda> \<Gamma> \<Omega> pres posts ast ns \<equiv>
          expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns pres \<longrightarrow> 
-          (\<forall> ast_reached. (rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega>) (init_ast ast ns) ast_reached) \<longrightarrow> 
+          (\<forall> ast_reached. (rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> ast) (init_ast ast ns) ast_reached) \<longrightarrow> 
                     valid_configuration A \<Lambda> \<Gamma> \<Omega> posts ast_reached)"
 
 record ast_procedure =
@@ -225,85 +232,55 @@ fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdec
           )))
       | None \<Rightarrow> True)"
 
+inductive syntactic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infixl "\<sim>" 40) 
+  where
+    refl [simp]:   "a \<sim> a"
+  | sym:           "a \<sim> b \<Longrightarrow> b \<sim> a"
+  | trans [trans]: "a \<sim> b \<Longrightarrow> b \<sim> c \<Longrightarrow> a \<sim> c"
+  | neg_cong:      "a \<sim> b \<Longrightarrow> UnOp Not a \<sim> UnOp Not b"
+  | conj_cong:     "a1 \<sim> b1 \<Longrightarrow> a2 \<sim> b2 \<Longrightarrow> (a1 \<guillemotleft>And\<guillemotright> a2) \<sim> (b1 \<guillemotleft>And\<guillemotright> b2)"
+  | disj_cong:     "a1 \<sim> b1 \<Longrightarrow> a2 \<sim> b2 \<Longrightarrow> (a1 \<guillemotleft>Or\<guillemotright> a2) \<sim> (b1 \<guillemotleft>Or\<guillemotright> b2)"
+  | conj_commute:  "(a \<guillemotleft>And\<guillemotright> b) \<sim> (b \<guillemotleft>And\<guillemotright> a)"
+  | disj_commute:  "(a \<guillemotleft>Or\<guillemotright> b) \<sim> (b \<guillemotleft>Or\<guillemotright> a)"
+  | conj_assoc:    "(a \<guillemotleft>And\<guillemotright> b) \<guillemotleft>And\<guillemotright> c \<sim> a \<guillemotleft>And\<guillemotright> (b \<guillemotleft>And\<guillemotright> c)"
+  | disj_assoc:    "(a \<guillemotleft>Or\<guillemotright> b) \<guillemotleft>Or\<guillemotright> c \<sim> a \<guillemotleft>Or\<guillemotright> (b \<guillemotleft>Or\<guillemotright> c)"
+  | disj_conj:     "a \<guillemotleft>Or\<guillemotright> (b \<guillemotleft>And\<guillemotright> c) \<sim> (a \<guillemotleft>Or\<guillemotright> b) \<guillemotleft>And\<guillemotright> (a \<guillemotleft>Or\<guillemotright> c)"
+  | conj_disj:     "a \<guillemotleft>And\<guillemotright> (b \<guillemotleft>Or\<guillemotright> c) \<sim> (a \<guillemotleft>And\<guillemotright> b) \<guillemotleft>Or\<guillemotright> (a \<guillemotleft>And\<guillemotright> c)"
+  | de_morgan1:    "UnOp Not (a \<guillemotleft>And\<guillemotright> b) \<sim> (UnOp Not a) \<guillemotleft>Or\<guillemotright> (UnOp Not b)"
+  | de_morgan2:    "UnOp Not (a \<guillemotleft>Or\<guillemotright> b) \<sim> (UnOp Not a) \<guillemotleft>And\<guillemotright> (UnOp Not b)"
+  | neg_neg:       "UnOp Not (UnOp Not a) \<sim> a"
+  | tnd:           "a \<guillemotleft>Or\<guillemotright> (UnOp Not) a \<sim> (Lit (LBool True))"
+  | contr:         "a \<guillemotleft>And\<guillemotright> (UnOp Not) a \<sim> (Lit (LBool False))"
+  | disj_idem:     "a \<guillemotleft>Or\<guillemotright> a \<sim> a"
+  | conj_idem:     "a \<guillemotleft>And\<guillemotright> a \<sim> a"
+  | conj_True:     "a \<guillemotleft>And\<guillemotright> (Lit (LBool True)) \<sim> a"
+  | disj_True:     "a \<guillemotleft>Or\<guillemotright> (Lit (LBool True)) \<sim> (Lit (LBool True))"
+  | neg_lt:        "UnOp Not (a \<guillemotleft>Lt\<guillemotright> b) \<sim> (a \<guillemotleft>Ge\<guillemotright> b)"
+  | neg_gt:        "UnOp Not (a \<guillemotleft>Gt\<guillemotright> b) \<sim> (a \<guillemotleft>Le\<guillemotright> b)"
+  | neg_le:        "UnOp Not (a \<guillemotleft>Le\<guillemotright> b) \<sim> (a \<guillemotleft>Gt\<guillemotright> b)"
+  | neg_ge:        "UnOp Not (a \<guillemotleft>Ge\<guillemotright> b) \<sim> (a \<guillemotleft>Lt\<guillemotright> b)"
+  | neg_eq:        "UnOp Not (a \<guillemotleft>Eq\<guillemotright> b) \<sim> (a \<guillemotleft>Neq\<guillemotright> b)"
+  | neg_neq:       "UnOp Not (a \<guillemotleft>Neq\<guillemotright> b) \<sim> (a \<guillemotleft>Eq\<guillemotright> b)"
+
+(*
+definition semantic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infixl "\<approx>" 40) where
+  "exp1 \<approx> exp2 \<longleftrightarrow> (\<forall> A \<Lambda> \<Gamma> \<Omega> ns val. ((red_expr A \<Lambda> \<Gamma> \<Omega> exp1 ns val) = (red_expr A \<Lambda> \<Gamma> \<Omega> exp2 ns val)))"
+*)
+
+inductive ast_cfg_rel :: "expr option \<Rightarrow> expr list \<Rightarrow> bigblock \<Rightarrow> cmd list \<Rightarrow> bool"
+  where 
+     Rel_Guard_true:
+      "\<lbrakk>ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2\<rbrakk> \<Longrightarrow>
+        ast_cfg_rel (Some if_block_guard) [] (BigBlock name cs1 any_str any_tr) ((Assume if_block_guard) # cs2)"
+   | Rel_Guard_false:
+      "\<lbrakk>ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2; (UnOp Not if_block_guard) \<sim> c \<rbrakk> \<Longrightarrow>
+        ast_cfg_rel (Some if_block_guard) [] (BigBlock name cs1 any_str any_tr) ((Assume c) # cs2)"
+   | Rel_Invs:
+      "\<lbrakk>ast_cfg_rel None invs (BigBlock name cs1 any_str any_tr) cs2\<rbrakk> \<Longrightarrow>
+        ast_cfg_rel None (e_inv # invs) (BigBlock name cs1 any_str any_tr) ((Assert e_inv) # cs2)"
+   | Rel_Main:
+      " ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs1"
 
-inductive ast_cfg_rel_block_list :: "mbodyCFG \<Rightarrow> ast \<Rightarrow> bigblock list \<Rightarrow> block \<Rightarrow> block list \<Rightarrow> bool"
-  ("_,_ \<turnstile> (\<langle>_\<rangle> [\<leadsto>]/ _, _)" [51,0,0,0] 81)
-  for G :: "mbodyCFG"
-  where      
-     RelateEmpty: "G, ast \<turnstile> \<langle>[]\<rangle> [\<leadsto>] [], []"
-
-    (* what's the output of out_edges if there are no successors? *)
-    | RelateSimpleBlock: 
-      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
-       List.member (out_edges(G) ! n) n'; 
-       G, ast \<turnstile> \<langle>b#bbs\<rangle> [\<leadsto>] node_to_block(G) ! n', exit \<rbrakk>
-       \<Longrightarrow>  G, ast \<turnstile> \<langle>(BigBlock _ cmds None None)#(b#bbs)\<rangle> [\<leadsto>] 
-                        (node_to_block(G) ! n), exit"
-
-    | RelateIfBlockNoGuard: 
-      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
-         List.member (out_edges(G) ! n) n1; 
-         List.member (out_edges(G) ! n) n2; 
-         (node_to_block(G) ! n1) = then_beginning; 
-         (node_to_block(G) ! n2) = else_beginning; 
-         G, ast \<turnstile> \<langle>then_bbs @ (b#bbs)\<rangle> [\<leadsto>] then_beginning, end_then; 
-         G, ast \<turnstile> \<langle>else_bbs @ (b#bbs)\<rangle> [\<leadsto>] else_beginning, end_else \<rbrakk> 
-         \<Longrightarrow>  G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedIf None then_bbs else_bbs)) None)#(b#bbs)\<rangle> [\<leadsto>] 
-                          (node_to_block(G) ! n), (end_then @ end_else)"
-    
-    | RelateIfBlock: 
-      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
-         List.member (out_edges(G) ! n) n1; 
-         List.member (out_edges(G) ! n) n2; 
-         (node_to_block(G) ! n1) = then_beginning; 
-         (node_to_block(G) ! n2) = else_beginning; 
-         G, ast \<turnstile> \<langle>((BigBlock then_name ((Assume guard)#then_cmds) str tr)#then_bbs) @ (b#bbs)\<rangle> [\<leadsto>] 
-                      then_beginning, end_then; 
-         G, ast \<turnstile> \<langle>((BigBlock else_name ((Assume (Unop Not guard))#else_cmds) str tr)#else_bbs) @ (b#bbs)\<rangle> [\<leadsto>] 
-                      else_beginning, end_else \<rbrakk> 
-         \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedIf (Some guard) ((BigBlock then_name then_cmds str tr)#then_bbs) 
-                         ((BigBlock else_name else_cmds str tr)#else_bbs))) None)#(b#bbs)\<rangle> [\<leadsto>] 
-                           (node_to_block(G) ! n), (end_then @ end_else)"
-
-    (* how should invariants be accounted for in the while rules? *)
-    | RelateWhileBlockNoGuard: 
-      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
-         List.member (out_edges(G) ! n) n1; 
-         (node_to_block(G) ! n1) = body_beginning; 
-         G, ast \<turnstile> \<langle>body_bbs @ (bbs)\<rangle> [\<leadsto>] body_beginning, end \<rbrakk> 
-         \<Longrightarrow> G, ast \<turnstile>  \<langle>(BigBlock _ cmds (Some (ParsedWhile (Some guard) invs body_bbs)) None)#(bbs)\<rangle> [\<leadsto>] 
-                          (node_to_block(G) ! n), end" 
-
-    | RelateWhileBlock: 
-      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
-         List.member (out_edges(G) ! n) n1;
-         (node_to_block(G) ! n1) = body_beginning; 
-         G, ast \<turnstile> \<langle>((BigBlock body_name ((Assume guard)#body_cmds) str tr)#body_bbs) @ (b#bbs)\<rangle> [\<leadsto>] body_beginning, end \<rbrakk> 
-         \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds 
-                        (Some (ParsedWhile (Some guard) invs 
-                          ((BigBlock body_name body_cmds str tr)#body_bbs))) None)#(b#bbs)\<rangle> [\<leadsto>] 
-                            (node_to_block(G) ! n), end" 
-
-    (* FIXME: rules for break and goto don't work *)
-
-    (*
-    | RelateBreakBlock: 
-      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
-         List.member (out_edges(G) ! n) n' \<rbrakk> 
-         \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds (Some (ParsedBreak num)) None)\<rangle> \<leadsto> 
-         (node_to_block(G) ! n), (node_to_block(G) ! n')" 
-    
-    | RelateGotoBlock: 
-      "\<lbrakk> (node_to_block(G) ! n) = cmds; 
-         List.member (out_edges(G) ! n) n'; 
-         (find_label lbl ast KStop) = Some (found_bb, found_cont); 
-         G, ast \<turnstile> \<langle>found_bb\<rangle> \<leadsto> (node_to_block(G) ! n'), exit \<rbrakk> 
-         \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds None (Some (Goto lbl)))\<rangle> [\<leadsto>] (node_to_block(G) ! n)#(b#bbs), exit"
-    *)
-
-    | RelateReturnBlock: 
-      "\<lbrakk> (node_to_block(G) ! n) = cmds; (out_edges(G) ! n) = [] \<rbrakk> 
-          \<Longrightarrow> G, ast \<turnstile> \<langle>(BigBlock _ cmds None (Some (Return opt_val)))#anything\<rangle> [\<leadsto>] (node_to_block(G) ! n), []"
 
 end
 

From 95f4947a4c086fca175e6472e0a91cfeebf83233 Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Thu, 28 Apr 2022 21:58:32 +0200
Subject: [PATCH 12/74] saving before making some changes

---
 BoogieLang/Ast.thy | 22 ++++++++++++++--------
 BoogieLang/ROOT    |  1 +
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index ebcd200..1cff702 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -31,6 +31,12 @@ datatype cont
 
 type_synonym 'a ast_config = "bigblock * cont * ('a state)"
 
+(*
+fun convert_list_to_cont :: "bigblock list \<Rightarrow> cont \<Rightarrow> cont" where
+    "convert_list_to_cont [] cont0 = cont0"
+  | "convert_list_to_cont (x#xs) cont0 = convert_list_to_cont xs (KSeq x cont0)" 
+*)
+
 (* auxillary function to find the label a Goto statement is referring to *)
 fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Rightarrow> ((bigblock * cont) option)" where
     "find_label lbl [] cont = None" 
@@ -74,16 +80,16 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
  (* RedStatic: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>a\<rangle> \<longrightarrow> a" *)
   
     RedSimpleCmds: 
-    "\<lbrakk>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, (Normal n_s)\<rangle> [\<rightarrow>] s1 \<rbrakk> 
+    "\<lbrakk>(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, (Normal n_s)\<rangle> [\<rightarrow>] s1) \<and> (cs \<noteq> Nil) \<rbrakk> 
       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name cs str_cmd tr_cmd), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                               ((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1)"  
 
+  (* TODO: fix this rule! *)
   | RedFailure_or_Magic: 
-    "\<lbrakk> (s1 = Magic) \<or> (s1 = Failure) \<rbrakk> 
+    "\<lbrakk> (s1 = Magic) \<or> (s1 = Failure); (BigBlock bb_name [] str_cmd tr_cmd) \<noteq> (BigBlock bb_name [] None None) \<rbrakk> 
       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1)\<rangle> \<longrightarrow> 
                           ((BigBlock bb_name [] None None), KStop, s1)"
 
-  (* TODO: figure out when this rule would be used *)
   | RedSkip_emptyCont: 
     "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None None),  (KSeq [] cont0),  Normal n_s)\<rangle> \<longrightarrow> 
                     ((BigBlock bb_name [] None None), cont0, Normal n_s)"
@@ -101,13 +107,13 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
                           ((BigBlock bb_name [] None None), KStop, Normal n_s)"
 
   | RedParsedIfTrue: 
-    "\<lbrakk> bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True) \<rbrakk>  
+    "\<lbrakk>\<And> b. bb_guard = (Some b) \<Longrightarrow>  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool True) \<rbrakk>  
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] 
                                 (Some (ParsedIf bb_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                             (then_hd, (KSeq then_bbs cont0), Normal n_s)"
 
   | RedParsedIfFalse: 
-    "\<lbrakk> bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False) \<rbrakk> 
+    "\<lbrakk>\<And>b. bb_guard = (Some b) \<Longrightarrow>  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool False) \<rbrakk> 
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name []
                                 (Some (ParsedIf bb_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow>
                             (else_hd, (KSeq else_bbs cont0), Normal n_s)"
@@ -235,8 +241,6 @@ fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdec
 inductive syntactic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infixl "\<sim>" 40) 
   where
     refl [simp]:   "a \<sim> a"
-  | sym:           "a \<sim> b \<Longrightarrow> b \<sim> a"
-  | trans [trans]: "a \<sim> b \<Longrightarrow> b \<sim> c \<Longrightarrow> a \<sim> c"
   | neg_cong:      "a \<sim> b \<Longrightarrow> UnOp Not a \<sim> UnOp Not b"
   | conj_cong:     "a1 \<sim> b1 \<Longrightarrow> a2 \<sim> b2 \<Longrightarrow> (a1 \<guillemotleft>And\<guillemotright> a2) \<sim> (b1 \<guillemotleft>And\<guillemotright> b2)"
   | disj_cong:     "a1 \<sim> b1 \<Longrightarrow> a2 \<sim> b2 \<Longrightarrow> (a1 \<guillemotleft>Or\<guillemotright> a2) \<sim> (b1 \<guillemotleft>Or\<guillemotright> b2)"
@@ -256,7 +260,9 @@ inductive syntactic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infix
   | conj_True:     "a \<guillemotleft>And\<guillemotright> (Lit (LBool True)) \<sim> a"
   | disj_True:     "a \<guillemotleft>Or\<guillemotright> (Lit (LBool True)) \<sim> (Lit (LBool True))"
   | neg_lt:        "UnOp Not (a \<guillemotleft>Lt\<guillemotright> b) \<sim> (a \<guillemotleft>Ge\<guillemotright> b)"
-  | neg_gt:        "UnOp Not (a \<guillemotleft>Gt\<guillemotright> b) \<sim> (a \<guillemotleft>Le\<guillemotright> b)"
+  (* TODO: combine whichever rules you can and prove symmetry! *)
+  | neg_gt1:        "UnOp Not (a \<guillemotleft>Gt\<guillemotright> b) \<sim> (a \<guillemotleft>Le\<guillemotright> b)"
+  | neg_gt2:        "UnOp Not (a \<guillemotleft>Gt\<guillemotright> b) \<sim> (b \<guillemotleft>Ge\<guillemotright> a)"
   | neg_le:        "UnOp Not (a \<guillemotleft>Le\<guillemotright> b) \<sim> (a \<guillemotleft>Gt\<guillemotright> b)"
   | neg_ge:        "UnOp Not (a \<guillemotleft>Ge\<guillemotright> b) \<sim> (a \<guillemotleft>Lt\<guillemotright> b)"
   | neg_eq:        "UnOp Not (a \<guillemotleft>Eq\<guillemotright> b) \<sim> (a \<guillemotleft>Neq\<guillemotright> b)"
diff --git a/BoogieLang/ROOT b/BoogieLang/ROOT
index 70209f3..130461f 100644
--- a/BoogieLang/ROOT
+++ b/BoogieLang/ROOT
@@ -16,3 +16,4 @@ session Boogie_Lang = "HOL" +
     PassificationEndToEnd
     PassificationML
     BackedgeElim
+    Ast

From 6a971389d31b7b9d760a5e2f4d5f471033f23d02 Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Sun, 15 May 2022 05:31:54 +0200
Subject: [PATCH 13/74] first draft of lemmas and proofs for the ast_cfg_phase

---
 BoogieLang/Ast.thy                            |  188 ++-
 BoogieLang/Ast_Cfg_Transformation.thy         | 1402 +++++++++++++++++
 .../if_example_proofs/global_data.thy         |   34 +
 .../p_proofs/if_example_ast_cfg_proof.thy     |  295 ++++
 .../p_proofs/if_example_ast_form~             |    4 +
 .../p_proofs/if_example_before_ast_cfg.thy    |   90 ++
 .../p_proofs/p_before_cfg_to_dag_prog.thy     |  125 ++
 .../p_proofs/p_before_passive_prog.thy        |   95 ++
 .../p_proofs/p_cfgtodag_proof.thy             |  292 ++++
 .../p_proofs/p_passification_proof.thy        |  262 +++
 .../p_proofs/p_passive_prog.thy               |  128 ++
 .../p_proofs/p_vcphase_proof.thy              |  241 +++
 .../while_example2_proofs/global_data.thy     |   32 +
 .../p_proofs/p_before_cfg_to_dag_prog.thy     |  155 ++
 .../p_proofs/p_before_passive_prog.thy        |  139 ++
 .../p_proofs/p_cfgtodag_proof.thy             |  534 +++++++
 .../p_proofs/p_passification_proof.thy        |  343 ++++
 .../p_proofs/p_passive_prog.thy               |  199 +++
 .../p_proofs/p_vcphase_proof.thy              |  364 +++++
 .../p_proofs/while_example2_ast_cfg_proof.thy |  535 +++++++
 .../while_example2_before_ast_cfg.thy         |  102 ++
 .../p_proofs/while_example_2_before_ast_cfg~  |    9 +
 22 files changed, 5530 insertions(+), 38 deletions(-)
 create mode 100644 BoogieLang/Ast_Cfg_Transformation.thy
 create mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/global_data.thy
 create mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~
 create mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
 create mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/global_data.thy
 create mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
 create mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 1cff702..dc78de2 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -26,16 +26,15 @@ type_synonym ast = "bigblock list"
 (* continuations; used for formalizing Gotos and numbered Breaks *)
 datatype cont 
  = KStop 
- | KSeq "bigblock list" cont
+ | KSeq "bigblock" cont
  | KEndBlock cont 
 
 type_synonym 'a ast_config = "bigblock * cont * ('a state)"
 
-(*
 fun convert_list_to_cont :: "bigblock list \<Rightarrow> cont \<Rightarrow> cont" where
     "convert_list_to_cont [] cont0 = cont0"
   | "convert_list_to_cont (x#xs) cont0 = convert_list_to_cont xs (KSeq x cont0)" 
-*)
+
 
 (* auxillary function to find the label a Goto statement is referring to *)
 fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Rightarrow> ((bigblock * cont) option)" where
@@ -44,29 +43,29 @@ fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Righta
       (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None None), cont)) else (None))" 
   | "find_label lbl ((BigBlock bb_name cmds None None) # bbs) cont = 
       (if (Some lbl = bb_name) 
-        then (Some ((BigBlock bb_name cmds None None), (KSeq bbs cont))) 
+        then (Some ((BigBlock bb_name cmds None None), (convert_list_to_cont (rev bbs) cont))) 
         else (find_label lbl bbs cont))" 
   | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None) # bbs) cont = 
       (if (Some lbl = bb_name) 
-        then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (KSeq bbs cont))) 
+        then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (convert_list_to_cont (rev bbs) cont))) 
         else (if (find_label lbl then_bbs cont \<noteq> None) 
                 then (find_label lbl (then_bbs @ bbs) cont) 
                 else (find_label lbl (else_bbs @ bbs) cont)))" 
   | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None) # bbs) cont = 
       (if (Some lbl = bb_name) 
-        then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (KSeq bbs cont))) 
+        then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (convert_list_to_cont (rev bbs) cont))) 
         else (if (find_label lbl body_bbs cont \<noteq> None) 
-                then (find_label lbl body_bbs (KSeq ((BigBlock None [] (Some (ParsedWhile guard invariants body_bbs)) None) # bbs) cont)) 
+                then (find_label lbl body_bbs (convert_list_to_cont ((rev bbs) @ [(BigBlock None [] (Some (ParsedWhile guard invariants body_bbs)) None)]) cont)) 
                 else (find_label lbl bbs cont)))"  
   | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedBreak n)) None) # bbs) cont = 
       (if (Some lbl = bb_name) 
-        then (Some ((BigBlock bb_name cmds (Some (ParsedBreak n)) None), (KSeq bbs cont))) 
+        then (Some ((BigBlock bb_name cmds (Some (ParsedBreak n)) None), (convert_list_to_cont (rev bbs) cont))) 
         else (find_label lbl bbs cont))" 
   | "find_label lbl ((BigBlock bb_name cmds (Some (WhileWrapper while_loop)) None) # bbs) cont = 
       find_label lbl ((BigBlock bb_name cmds (Some while_loop) None) # bbs) cont"
   | "find_label lbl ((BigBlock bb_name cmds None (Some transfer_stmt)) # bbs) cont = 
       (if (Some lbl = bb_name) 
-        then (Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (KSeq bbs cont))) 
+        then (Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (convert_list_to_cont (rev bbs) cont))) 
         else (find_label lbl bbs cont))"
   | "find_label lbl ((BigBlock bb_name cmds (Some s) (Some t)) # bbs) cont = None"
 
@@ -86,37 +85,39 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
 
   (* TODO: fix this rule! *)
   | RedFailure_or_Magic: 
-    "\<lbrakk> (s1 = Magic) \<or> (s1 = Failure); (BigBlock bb_name [] str_cmd tr_cmd) \<noteq> (BigBlock bb_name [] None None) \<rbrakk> 
+    "\<lbrakk> (s1 = Magic) \<or> (s1 = Failure) \<rbrakk> 
       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1)\<rangle> \<longrightarrow> 
                           ((BigBlock bb_name [] None None), KStop, s1)"
 
+  (* TODO: fix this rule! *)
+  (*
   | RedSkip_emptyCont: 
     "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None None),  (KSeq [] cont0),  Normal n_s)\<rangle> \<longrightarrow> 
                     ((BigBlock bb_name [] None None), cont0, Normal n_s)"
-  
+  *)
   | RedSkip: 
-    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None None),  (KSeq (b # bbs) cont0),  Normal n_s)\<rangle> \<longrightarrow> 
-                    (b, (KSeq bbs cont0), Normal n_s)"
+    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None None), (KSeq b cont0), Normal n_s)\<rangle> \<longrightarrow> 
+                    (b, cont0, Normal n_s)"
 
   | RedSkipEndBlock: 
     "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None None),  (KEndBlock cont0),  Normal n_s)\<rangle> \<longrightarrow> 
                     ((BigBlock bb_name [] None None), cont0, Normal n_s)"
 
   | RedReturn: 
-    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock bb_name [] None (Some (Return val)),  cont0, Normal n_s)\<rangle> \<longrightarrow> 
+    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock bb_name [] None (Some (Return val)), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                           ((BigBlock bb_name [] None None), KStop, Normal n_s)"
 
   | RedParsedIfTrue: 
     "\<lbrakk>\<And> b. bb_guard = (Some b) \<Longrightarrow>  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool True) \<rbrakk>  
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] 
                                 (Some (ParsedIf bb_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> 
-                            (then_hd, (KSeq then_bbs cont0), Normal n_s)"
+                            (then_hd, (convert_list_to_cont (rev then_bbs) cont0), Normal n_s)"
 
   | RedParsedIfFalse: 
     "\<lbrakk>\<And>b. bb_guard = (Some b) \<Longrightarrow>  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool False) \<rbrakk> 
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name []
                                 (Some (ParsedIf bb_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow>
-                            (else_hd, (KSeq else_bbs cont0), Normal n_s)"
+                            (else_hd, (convert_list_to_cont (rev else_bbs) cont0), Normal n_s)"
 
   | RedParsedWhileWrapper: 
     "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
@@ -126,7 +127,7 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
                 (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), (KEndBlock cont0),  Normal n_s)"
  
   | RedParsedWhile_InvFail: 
-    "\<lbrakk> bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); 
+    "\<lbrakk>\<And> b. bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool True); 
        bb_invariants = invs1@[I]@invs2;
        expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s invs1;
        A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>I, n_s\<rangle> \<Down> BoolV False \<rbrakk> 
@@ -136,16 +137,17 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
               ((BigBlock bb_name [] None None), KStop, Failure)"
 
   | RedParsedWhileTrue: 
-    "\<lbrakk>  bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool True); 
-       (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s1 bb_invariants) \<rbrakk> 
+    "\<lbrakk>\<And> b.  bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool True); 
+       (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s bb_invariants) \<rbrakk> 
        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
             \<langle>((BigBlock bb_name [] 
                      (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> 
-              (bb_hd, (KSeq (body_bbs @ [(BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)]) cont0), Normal n_s)"
+              (bb_hd, convert_list_to_cont (rev ((BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None) # body_bbs)) cont0, Normal n_s)"
+
 
   | RedParsedWhileFalse: 
-    "\<lbrakk> bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s1\<rangle> \<Down> LitV (LBool False);
-       (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s1 bb_invariants) \<rbrakk>  
+    "\<lbrakk>\<And> b. bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool False);
+       (expr_all_sat A \<Lambda> \<Gamma> \<Omega> n_s bb_invariants) \<rbrakk>  
        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] 
                                 (Some (ParsedWhile bb_guard bb_invariants bigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                           ((BigBlock bb_name [] None None), cont0, Normal n_s)"
@@ -156,7 +158,7 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
 
   | RedBreakN: 
     "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
-           \<langle>((BigBlock bb_name [] (Some (ParsedBreak n)) None), (KSeq bbs cont0), Normal n_s)\<rangle> \<longrightarrow> 
+           \<langle>((BigBlock bb_name [] (Some (ParsedBreak n)) None), (KSeq b cont0), Normal n_s)\<rangle> \<longrightarrow> 
             ((BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s)"
 
   | RedBreakNPlus1: 
@@ -166,7 +168,7 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
 
   | RedGoto: 
     "\<lbrakk> (find_label label ast KStop) = Some (found_bigblock, found_cont) \<rbrakk> 
-        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None (Some (Goto label))),  cont0,  Normal n_s)\<rangle> \<longrightarrow> 
+        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None (Some (Goto label))), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                             (found_bigblock, found_cont, (Normal n_s))"
 
 inductive red_bigblock_trans :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
@@ -191,18 +193,18 @@ fun is_final :: "'a ast_config \<Rightarrow> bool"
 fun init_ast :: "ast \<Rightarrow> 'a nstate \<Rightarrow> 'a ast_config"
   where
     "init_ast [] ns1 = ((BigBlock None [] None None), KStop, Normal ns1)"
-  | "init_ast (b#bbs) ns1 = (b, (KSeq bbs KStop), Normal ns1)"
+  | "init_ast (b#bbs) ns1 = (b, convert_list_to_cont (rev bbs) KStop, Normal ns1)"
 
 definition valid_configuration 
-  where "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts ast_config \<equiv> 
-         (get_state ast_config) \<noteq> Failure \<and> 
-         (is_final ast_config \<longrightarrow> (\<forall>ns'. (get_state ast_config) = Normal ns' \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns' posts))"
+  where "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts bb cont state \<equiv> 
+         (get_state (bb, cont, state)) \<noteq> Failure \<and> 
+         (is_final (bb, cont, state) \<longrightarrow> (\<forall>ns'. (get_state (bb, cont, state)) = Normal ns' \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns' posts))"
 
 definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool"
   where "proc_body_satisfies_spec A M \<Lambda> \<Gamma> \<Omega> pres posts ast ns \<equiv>
          expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns pres \<longrightarrow> 
-          (\<forall> ast_reached. (rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> ast) (init_ast ast ns) ast_reached) \<longrightarrow> 
-                    valid_configuration A \<Lambda> \<Gamma> \<Omega> posts ast_reached)"
+          (\<forall> bb cont state. (rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> ast) (init_ast ast ns) (bb, cont, state)) \<longrightarrow> 
+                    valid_configuration A \<Lambda> \<Gamma> \<Omega> posts bb cont state)"
 
 record ast_procedure =
   proc_ty_args :: nat
@@ -265,6 +267,7 @@ inductive syntactic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infix
   | neg_gt2:        "UnOp Not (a \<guillemotleft>Gt\<guillemotright> b) \<sim> (b \<guillemotleft>Ge\<guillemotright> a)"
   | neg_le:        "UnOp Not (a \<guillemotleft>Le\<guillemotright> b) \<sim> (a \<guillemotleft>Gt\<guillemotright> b)"
   | neg_ge:        "UnOp Not (a \<guillemotleft>Ge\<guillemotright> b) \<sim> (a \<guillemotleft>Lt\<guillemotright> b)"
+  | neg_lt2:        "UnOp Not (a \<guillemotleft>Lt\<guillemotright> b) \<sim> (b \<guillemotleft>Le\<guillemotright> a)"
   | neg_eq:        "UnOp Not (a \<guillemotleft>Eq\<guillemotright> b) \<sim> (a \<guillemotleft>Neq\<guillemotright> b)"
   | neg_neq:       "UnOp Not (a \<guillemotleft>Neq\<guillemotright> b) \<sim> (a \<guillemotleft>Eq\<guillemotright> b)"
 
@@ -273,20 +276,129 @@ definition semantic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infix
   "exp1 \<approx> exp2 \<longleftrightarrow> (\<forall> A \<Lambda> \<Gamma> \<Omega> ns val. ((red_expr A \<Lambda> \<Gamma> \<Omega> exp1 ns val) = (red_expr A \<Lambda> \<Gamma> \<Omega> exp2 ns val)))"
 *)
 
-inductive ast_cfg_rel :: "expr option \<Rightarrow> expr list \<Rightarrow> bigblock \<Rightarrow> cmd list \<Rightarrow> bool"
+lemma not_true_equals_false:
+  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV True"
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV False"
+  using assms
+  sorry
+
+lemma not_false_equals_true:
+  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV False"
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV True"
+  using assms
+  sorry
+
+lemma true_equals_not_false:
+  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV True"
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV False"
+  using assms
+  sorry
+
+lemma false_equals_not_true:
+  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV False"
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV True"
+  using assms
+  sorry
+
+lemma equiv_preserves_value:
+  assumes "a \<sim> b"
+  and "red_expr A \<Lambda> \<Gamma> \<Omega> a ns (BoolV boolean)"
+  shows "red_expr A \<Lambda> \<Gamma> \<Omega> b ns (BoolV boolean)"
+  using assms
+  sorry
+
+(* TODO: Can I avoid needing this? *)
+fun inv_into_assertion :: "expr \<Rightarrow> cmd" where
+  "inv_into_assertion e = (Assert e)"
+
+lemma asserts_hold_if_invs_hold: 
+  assumes "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs"
+  and "assertions = map inv_into_assertion invs"
+  shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1"
+  using assms
+proof (induction invs arbitrary: assertions)
+  case Nil
+  then show ?case  by (simp add: RedCmdListNil)
+next
+  case (Cons e_inv invs_tail)
+  from Cons(2) have prem1: "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs_tail" by (simp add: expr_all_sat_def)
+  from Cons(3) have prem2: "List.tl assertions = map inv_into_assertion invs_tail" by simp
+  from prem1 prem2 have end2: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>List.tl assertions,Normal ns1\<rangle> [\<rightarrow>] Normal ns1" using Cons(1) by blast
+
+  from Cons(2) have act1: "expr_sat A \<Lambda> \<Gamma> \<Omega> ns1 e_inv" by (simp add: expr_all_sat_def)
+  from Cons(3) have act2: "List.hd assertions = (Assert e_inv)" by simp
+  from act1 act2 have end1: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>List.hd assertions,Normal ns1\<rangle> \<rightarrow> Normal ns1" by (simp add: expr_sat_def red_cmd.intros(1))
+
+  then show ?case using end1 end2 by (simp add: Cons.prems(2) RedCmdListCons)
+qed
+
+lemma invs_hold_if_asserts_reduce: 
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, s0\<rangle> [\<rightarrow>] s1"
+  and "s0 = Normal ns1"
+  and "s1 \<noteq> Failure"
+  and "assertions = map inv_into_assertion invs"
+  shows "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs"
+  using assms
+proof (induction arbitrary: invs rule: red_cmd_list.induct)
+  case (RedCmdListNil s)
+  hence "invs = []" by simp
+  then show ?case by (simp add: expr_all_sat_def)
+next
+  case (RedCmdListCons c s s'' cs s')  
+  from RedCmdListCons have "cs = map inv_into_assertion (List.tl invs)" using assms by auto
+  from RedCmdListCons have "c = Assert (hd invs)" by auto 
+
+  from RedCmdListCons(1) this \<open>s = Normal ns1\<close> show ?case
+  proof cases
+    case RedAssertOk thus ?thesis 
+      using RedCmdListCons(1) \<open>c = Assert (hd invs)\<close> \<open>s = Normal ns1\<close> \<open>cs = map inv_into_assertion (List.tl invs)\<close> 
+      by (metis RedCmdListCons.IH RedCmdListCons.prems(2)
+          RedCmdListCons.prems(3) cmd.inject(1) expr_all_sat_def expr_sat_def 
+          list.collapse list.discI list.map_disc_iff list_all_simps(1) state.inject)
+  next
+    case RedAssertFail thus ?thesis using failure_stays_cmd_list RedCmdListCons(2) RedCmdListCons(5) by blast
+  qed auto
+qed
+
+lemma one_inv_fails_assertions: 
+  assumes "invs = invs1 @ [I] @ invs2"
+      and "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs1"
+      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>I,ns1\<rangle> \<Down> BoolV False"
+      and "assertions = map inv_into_assertion invs"
+    shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Failure"
+  using assms
+proof -
+  from assms(4) assms(1) obtain assum1 a_fail assum2 where
+    left: "assum1 = map inv_into_assertion invs1" and
+    mid_fail: "a_fail = inv_into_assertion I" and
+    right: "assum2 = map inv_into_assertion invs2" and
+    concat: "assertions = assum1 @ [a_fail] @ assum2"
+    by simp
+  from assms(2) left have left_red: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assum1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1" using asserts_hold_if_invs_hold by simp
+  from mid_fail have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>a_fail, Normal ns1\<rangle> \<rightarrow> Failure" using red_cmd.intros(2) assms(3) by simp
+  from this left_red have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assum1 @ [a_fail] @ assum2, Normal ns1\<rangle> [\<rightarrow>] Failure" using failure_stays_cmd_list 
+    by (simp add: RedCmdListCons failure_red_cmd_list red_cmd_list_append)
+  thus ?thesis using concat by auto
+qed
+
+
+(* TODO: Discuss Rel_Invs case!  *)
+inductive ast_cfg_rel :: "expr option \<Rightarrow> cmd list \<Rightarrow> bigblock \<Rightarrow> cmd list \<Rightarrow> bool"
   where 
      Rel_Guard_true:
       "\<lbrakk>ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2\<rbrakk> \<Longrightarrow>
-        ast_cfg_rel (Some if_block_guard) [] (BigBlock name cs1 any_str any_tr) ((Assume if_block_guard) # cs2)"
+        ast_cfg_rel (Some block_guard) [] (BigBlock name cs1 any_str any_tr) ((Assume block_guard) # cs2)"
    | Rel_Guard_false:
-      "\<lbrakk>ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2; (UnOp Not if_block_guard) \<sim> c \<rbrakk> \<Longrightarrow>
-        ast_cfg_rel (Some if_block_guard) [] (BigBlock name cs1 any_str any_tr) ((Assume c) # cs2)"
+      "\<lbrakk>ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2; (UnOp Not block_guard) \<sim> c \<rbrakk> \<Longrightarrow>
+        ast_cfg_rel (Some block_guard) [] (BigBlock name cs1 any_str any_tr) ((Assume c) # cs2)"
    | Rel_Invs:
-      "\<lbrakk>ast_cfg_rel None invs (BigBlock name cs1 any_str any_tr) cs2\<rbrakk> \<Longrightarrow>
-        ast_cfg_rel None (e_inv # invs) (BigBlock name cs1 any_str any_tr) ((Assert e_inv) # cs2)"
-   | Rel_Main:
-      " ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs1"
+       "ast_cfg_rel None assertions (BigBlock name [] any_str any_tr) assertions"
+   | Rel_Main_test:
+      "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs1"
 
+abbreviation red_bigblock_k_step :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> nat \<Rightarrow> 'a ast_config \<Rightarrow> bool"
+  ("_,_,_,_,_,_ \<turnstile>_ -n\<longrightarrow>^_/ _" [51,0,0,0,0] 81)
+where "red_bigblock_k_step A M \<Lambda> \<Gamma> \<Omega> T c1 n c2 \<equiv> ((red_bigblock A M \<Lambda> \<Gamma> \<Omega> T)^^n) c1 c2"
 
 end
 
diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
new file mode 100644
index 0000000..62b7cb9
--- /dev/null
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -0,0 +1,1402 @@
+theory Ast_Cfg_Transformation 
+   imports Main
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "Boogie_Lang.BackedgeElim"
+begin 
+
+text \<open>The following are various miscellaneous helper lemmas used later in the proofs of the local and global relation lemmas.\<close>
+
+lemmas converse_rtranclp_induct3 =
+  converse_rtranclp_induct [of _ "(ax, ay, az)" "(bx, by, bz)", split_rule, consumes 1, case_names refl step]
+
+lemmas converse_rtranclpE3 = converse_rtranclpE [of _ "(xa,xb,xc)" "(za,zb,zc)", split_rule]
+
+lemma final_is_static: 
+  assumes "is_final ((BigBlock name [] None None), start_cont, start_state)"
+  shows "\<And>A M \<Lambda> \<Gamma> \<Omega> T end_bb end_cont end_state. 
+         (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] None None), start_cont, start_state) (end_bb, end_cont, end_state)) \<Longrightarrow> 
+         ((end_bb, end_cont, end_state) = ((BigBlock name [] None None), start_cont, start_state))" 
+  using assms 
+proof -
+  fix A M \<Lambda> \<Gamma> \<Omega> T end_bb  end_cont end_state
+  have cont_eq: "start_cont = KStop" using assms is_final.elims(1) by blast  
+
+  assume prem1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] None None), start_cont, start_state) (end_bb, end_cont, end_state))"
+  from prem1 show "((end_bb, end_cont, end_state) = ((BigBlock name [] None None), start_cont, start_state))" using cont_eq
+  proof cases 
+    case RedFailure_or_Magic thus ?thesis using cont_eq by blast
+  qed auto
+qed
+
+lemma final_is_static_propagate:
+  assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) start_config  end_config" 
+  and "is_final start_config"
+  and "start_config = ((BigBlock name [] None None), start_cont, start_state)"
+  shows "end_config = ((BigBlock name [] None None), start_cont, start_state)"
+  using assms
+proof (induction rule: rtranclp.induct)
+  case (rtrancl_refl a)
+  then show ?case using assms by simp
+next
+  case (rtrancl_into_rtrancl a b c)
+  then have inter_is_same: "b = (BigBlock name [] None None, start_cont, start_state)" and inter_is_final: "is_final b" by auto
+  have "start_cont = KStop" using rtrancl_into_rtrancl(4) is_final.elims(1) rtrancl_into_rtrancl.prems(2) by blast
+
+  from rtrancl_into_rtrancl(2) show ?case
+    using inter_is_same inter_is_final \<open>start_cont = KStop\<close>
+  proof cases
+    case RedFailure_or_Magic thus ?thesis using inter_is_same inter_is_final \<open>start_cont = KStop\<close> by (auto simp add: RedFailure_or_Magic)
+  qed auto
+qed
+
+
+lemma magic_propagates: 
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont, Magic) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+    shows "reached_state = Magic"
+  using assms
+proof (cases j)
+  case 0 
+  hence "(reached_bb, reached_cont, reached_state) = (bb, cont, Magic)" using assms by fastforce
+  thus ?thesis by simp
+next
+  case (Suc j')
+  from this obtain first_inter where 
+    red1: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(bb, cont, Magic)\<rangle> \<longrightarrow> first_inter" and red_rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> first_inter -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+    by (metis assms relpowp_Suc_E2)
+  hence reached_conj: "((get_state first_inter) = Magic) \<and> ((is_final first_inter) = True)" 
+  proof cases
+    case RedFailure_or_Magic thus ?thesis by simp
+  qed
+  hence magic_reached: "(get_state first_inter) = Magic" by simp
+  have final_config: "is_final first_inter" using reached_conj by simp
+  hence "\<exists> name. first_inter = ((BigBlock name [] None None), KStop, Magic)" using magic_reached
+    by (metis get_state.simps is_final.elims(2))
+  from this obtain name1 where concrete: "first_inter = ((BigBlock name1 [] None None), KStop, Magic)" 
+    by blast 
+
+  from red_rest show ?thesis using final_config magic_reached concrete final_is_static_propagate by (metis prod.inject relpowp_imp_rtranclp)
+qed 
+
+
+lemma strictly_smaller_helper2: "j'' < j' \<Longrightarrow> j = Suc j' \<Longrightarrow> j'' < j"
+  by simp
+
+lemma steps_trans_helper:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+  shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bb0, cont0, Normal ns1'') (reached_bb, reached_cont, reached_state)"
+  using assms
+proof -
+  from assms(1) show ?thesis by (simp add: relpowp_imp_rtranclp)
+qed
+
+lemma endblock_skip:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock None [] None None, KEndBlock (KSeq bb_next cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state) \<or> 
+            (\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont0, Normal ns3) -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc (Suc l2)) )"
+  using assms
+proof (cases l)
+  case 0
+  then show ?thesis by (metis Ast.valid_configuration_def assms get_state.simps is_final.simps(6) relpowp_fun_conv state.simps(3))
+next
+  case 1: (Suc l1)
+  then show ?thesis 
+  proof (cases l1)
+    case 0
+    from 1 assms this have "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, KEndBlock (KSeq bb_next cont0), Normal ns3) (reached_bb, reached_cont, reached_state))"
+      by fastforce
+    then show ?thesis
+    proof cases
+      case RedSkipEndBlock thus ?thesis by (simp add: Ast.valid_configuration_def)
+    qed auto
+  next
+    case 2: (Suc l2)
+    from 2 1 have "l = Suc (Suc l2)" by auto
+    from 2 1 assms obtain inter_bb inter_cont inter_state inter_bb2 inter_cont2 inter_state2 where
+      step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, KEndBlock (KSeq bb_next cont0), Normal ns3) (inter_bb, inter_cont, inter_state))" and 
+      step2: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb, inter_cont, inter_state) (inter_bb2, inter_cont2, inter_state2))" and
+      rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(inter_bb2, inter_cont2, inter_state2) -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)" 
+      by (metis (no_types, opaque_lifting) prod_cases3 relpowp_Suc_D2)
+    from this step1 have "(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq bb_next cont0), Normal ns3)"
+    proof cases
+      case RedSkipEndBlock thus ?thesis 
+        by blast
+    qed auto
+    from step2 this have "(inter_bb2, inter_cont2, inter_state2) = (bb_next, cont0, Normal ns3)" 
+    proof cases 
+      case RedSkip thus ?thesis  using \<open>(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, KSeq bb_next cont0, Normal ns3)\<close> by fastforce
+    qed auto
+    hence "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont0, Normal ns3) -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc (Suc l2))" using rest \<open>l = Suc (Suc l2)\<close> by simp
+    then show ?thesis by blast
+  qed
+qed
+
+lemma endblock_skip_wrapper:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock None [] None None, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state) \<or> 
+         (\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock name [] (Some str) tr), KEndBlock cont0, Normal ns3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc (Suc (Suc l3))) )"
+  using assms
+proof (cases l)
+  case 0
+  then show ?thesis by (metis Ast.valid_configuration_def assms get_state.simps is_final.simps(6) relpowp_fun_conv state.simps(3))
+next
+  case 1: (Suc l1)
+  then show ?thesis 
+    proof (cases l1)
+      case 0
+      from 1 assms this have 
+        "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) (reached_bb, reached_cont, reached_state))"
+        by fastforce
+      then show ?thesis
+      proof cases
+        case RedSkipEndBlock thus ?thesis by (simp add: Ast.valid_configuration_def)
+      qed auto
+    next
+      case 2: (Suc l2)
+      then show ?thesis
+      proof (cases l2)
+        case 0 
+        from 2 1 have "l = Suc (Suc l2)" by auto
+        from 2 1 assms obtain inter_bb inter_cont inter_state  where
+          step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) (inter_bb, inter_cont, inter_state))" and 
+          step2: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb, inter_cont, inter_state) (reached_bb, reached_cont, reached_state))" 
+          using "0" by auto
+        from this step1 have "(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)"
+        proof cases
+          case RedSkipEndBlock thus ?thesis 
+            by blast
+        qed auto
+        from step2 this have "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] (Some (WhileWrapper str)) tr), cont0, Normal ns3)" 
+        proof cases 
+          case RedSkip thus ?thesis  using \<open>(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)\<close> by fastforce
+        qed auto
+        then show ?thesis by (simp add: Ast.valid_configuration_def)
+      next
+        case 3: (Suc l3)
+        from 3 2 1 have "l = Suc (Suc (Suc l3))" by auto
+        from 3 2 1 assms obtain inter_bb inter_cont inter_state inter_bb2 inter_cont2 inter_state2 inter_bb3 inter_cont3 inter_state3 where
+          step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) (inter_bb, inter_cont, inter_state))" and 
+          step2: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb, inter_cont, inter_state) (inter_bb2, inter_cont2, inter_state2))" and 
+          step3: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb2, inter_cont2, inter_state2) (inter_bb3, inter_cont3, inter_state3))" and
+          rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb3, inter_cont3, inter_state3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)" 
+          by (metis (no_types, opaque_lifting) get_state.cases relpowp_Suc_D2)
+  
+        from this step1 have "(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)"
+        proof cases
+          case RedSkipEndBlock thus ?thesis 
+            by blast
+        qed auto
+        from step2 this have "(inter_bb2, inter_cont2, inter_state2) = ((BigBlock name [] (Some (WhileWrapper str)) tr), cont0, Normal ns3)" 
+        proof cases 
+          case RedSkip thus ?thesis  using \<open>(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)\<close> by fastforce
+        qed auto
+        from step3 this have "(inter_bb3, inter_cont3, inter_state3) = ((BigBlock name [] (Some str) tr), KEndBlock cont0, Normal ns3)"
+        proof cases
+          case RedParsedWhileWrapper thus ?thesis using \<open>(inter_bb2, inter_cont2, inter_state2) = (BigBlock name [] (Some (WhileWrapper str)) tr, cont0, Normal ns3)\<close> by fastforce 
+        qed auto
+        hence "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock name [] (Some str) tr), KEndBlock cont0, Normal ns3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc (Suc (Suc l3)))" 
+          using \<open>l = Suc (Suc (Suc l3))\<close> rest by blast
+        thus ?thesis by blast
+    qed
+  qed
+qed
+
+text \<open>Local lemmas: The following are lemmas proving local relations between various kinds of ast-bigblocks and cfg-blocks\<close>
+
+text \<open>Local relation between an ast-bigblock starting with a non-empty set of simple commands and a cfg-block containing the same simple commands\<close>
+lemma block_local_rel_generic:
+  assumes block_rel: "ast_cfg_rel guard invs (BigBlock name cs1 any_str any_tr) cs2"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "guard = None"
+  and "invs = []"
+  and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+  using assms
+proof (induction arbitrary: ns1)
+  case (Rel_Main_test name cs1 any_str any_tr)
+  thus ?case
+  proof (cases cs1)
+    case Nil
+    then show ?thesis using Rel_Main_test(2) by simp
+  next
+    case (Cons a list)
+    then have "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name (a#list) any_str any_tr), cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+      using Rel_Main_test(5) by simp
+    then have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(a#list), Normal ns1\<rangle> [\<rightarrow>] reached_state" using Rel_Main_test(5) 
+    proof cases
+      case RedSimpleCmds thus ?thesis by (simp add: RedSimpleCmds)
+    qed
+    then have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs1, Normal ns1\<rangle> [\<rightarrow>] reached_state" using Cons by simp
+    
+    then show ?thesis using Rel_Main_test(6) by auto
+  qed 
+qed auto
+
+text \<open>Local relation between (an ast-bigblock starting with a non-empty set of simple commands 
+               and (is the first ast-bigblock in the then-branch of an if-statement or is the first ast-bigblock in the body of a while-loop)) 
+       and a cfg-block containing the same simple commands\<close>
+lemma block_local_rel_guard_true:
+  assumes block_rel: "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "c = Assume block_guard"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>block_guard, ns1\<rangle> \<Down> LitV (LBool True)"
+  and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(c#cs2), Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+  using assms 
+proof cases
+  case Rel_Main_test
+  have Red_impl_extended: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+    using trace_is_possible \<open>c = Assume block_guard\<close> Red_impl RedAssumeOk RedCmdListCons by blast
+  hence snd_step_to_end: "reached_state \<noteq> Failure  \<and> (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+    using Red_bb_to assms(2-3) block_local_rel_generic block_rel 
+    by blast 
+  have push_one_cmd: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, Normal ns1\<rangle> \<rightarrow> Normal ns1" 
+    using \<open>c = Assume block_guard\<close> trace_is_possible 
+    by (simp only: RedAssumeOk)
+  then show ?thesis using snd_step_to_end  by (simp add: RedCmdListCons)
+qed auto
+
+text \<open>Local relation between (an ast-bigblock starting with a non-empty set of simple commands 
+               and (is the first ast-bigblock in the else-branch of an if-statement or is the first ast-bigblock after a while-loop)) 
+       and a cfg-block containing the same simple commands\<close>
+lemma block_local_rel_guard_false:
+  assumes block_rel: "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "(UnOp Not block_guard) \<sim> b "
+  and "c = Assume b"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(UnOp Not block_guard), ns1\<rangle> \<Down> LitV (LBool True)"
+  and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(c#cs2), Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+  using assms 
+proof cases
+  case Rel_Main_test
+  have Red_impl_extended: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+    using trace_is_possible \<open>c = Assume b\<close> \<open>(UnOp Not block_guard) \<sim> b\<close> equiv_preserves_value  Red_impl RedAssumeOk RedCmdListCons by metis
+  hence snd_step_to_end: "reached_state \<noteq> Failure  \<and> (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+    using Red_bb_to assms(2-3) block_local_rel_generic block_rel 
+    by blast 
+  have equiv: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, ns1\<rangle> \<Down> BoolV True" 
+    using trace_is_possible equiv_preserves_value \<open>(UnOp Not block_guard) \<sim> b\<close>
+    by metis
+  hence push_one_cmd: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, Normal ns1\<rangle> \<rightarrow> Normal ns1" 
+    using \<open>c = Assume b\<close> trace_is_possible equiv_preserves_value
+    by (auto simp add: RedAssumeOk)
+  then show ?thesis using snd_step_to_end  by (simp add: RedCmdListCons)
+qed auto
+
+text \<open>Local relation between a loop-only(no simple commands) ast-bigblock and a corresponding cfg-block containing assertions of the loop invariants\<close>
+lemma block_local_rel_loop_head:
+  assumes block_rel: "ast_cfg_rel None assert_invs (BigBlock name [] (Some (ParsedWhile loop_guard invs (bb0#body_bbs))) any_tr) assertions"
+  and "assert_invs = map inv_into_assertion invs"
+  and Red_bb: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] (Some (ParsedWhile loop_guard invs (bb0#body_bbs))) any_tr), cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+  using assms
+proof cases
+  case Rel_Invs
+  hence "assertions = map inv_into_assertion invs" using assms(2) by simp
+  from Red_bb show ?thesis
+  proof cases
+    case RedParsedWhileTrue thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold)
+  next
+    case RedParsedWhileFalse thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold)
+  next
+    case RedParsedWhile_InvFail thus ?thesis using Red_impl \<open>assertions = map inv_into_assertion invs\<close> one_inv_fails_assertions by blast
+  qed auto
+next
+  case Rel_Main_test
+  hence "assertions = map inv_into_assertion invs" using assms(2) by simp
+  from Red_bb show ?thesis
+  proof cases
+    case RedParsedWhileTrue thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold)
+  next
+    case RedParsedWhileFalse thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold)
+  next
+    case RedParsedWhile_InvFail thus ?thesis using Red_impl \<open>assertions = map inv_into_assertion invs\<close> one_inv_fails_assertions by blast
+  qed auto
+qed
+
+text \<open>Global lemmas: The following are lemmas proving global relations between various kinds of ast-bigblocks and cfg-blocks\<close>
+
+text \<open>'ending', 'ending2' and 'correctness_propagates_through_assumption' are helper lemmas 
+       used to complete the proofs of the global lemmas for ast-bigblocks, which are heads of loops. 
+       'ending2' and 'correctness_propagates_through_assumption' are used in the case where 
+       we're proving a global lemma for the head of a loop that is followed by another loop (not nested).\<close>
+lemma ending:
+  assumes "j = Suc j'" 
+      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock None [] None None, KEndBlock (KSeq bigblock_next KStop), Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+      and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
+      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False" 
+      and "\<And> j''. 
+            j' = Suc (Suc j'') \<Longrightarrow>
+            A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, KStop, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
+           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+           (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not guard,ns1''\<rangle> \<Down> BoolV True) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+    shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state"
+proof -
+  from assms(2) have disj_a:
+    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state) \<or> 
+       (\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, KStop, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc l2)) )" 
+    by (simp add: endblock_skip)
+  thus ?thesis
+  proof cases
+    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" thus ?thesis by simp
+  next 
+    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state))"
+    hence "(\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, KStop, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc l2)) )" 
+      using disj_a by blast
+    thus ?thesis
+    proof -
+      obtain l2_conc where conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, KStop, Normal ns1'') -n\<longrightarrow>^l2_conc (reached_bb, reached_cont, reached_state))" and 
+                           succ_rel: "(j' = Suc (Suc l2_conc))"
+        using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, KStop, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j' = Suc (Suc l2)\<close> by blast
+      show ?thesis
+        apply (rule assms(5))
+           apply (rule succ_rel)
+          apply (rule conc_trace)
+         apply (rule assms(3))
+         apply (simp)
+        using assms(4) false_equals_not_true 
+        by blast
+    qed
+  qed
+qed
+
+lemma correctness_propagates_through_assumption:
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
+      and "node_to_block G ! n0 = [Assume c]"
+      and "UnOp Not guard \<sim> c"
+      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV False"
+      and "List.member (out_edges G ! n0) n1"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> s \<noteq> Failure"
+proof -
+  fix m1 s1
+  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, ns1\<rangle> \<Down> BoolV True" using assms(3-4) equiv_preserves_value false_equals_not_true by blast
+  then have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume c], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk RedCmdListCons RedCmdListNil)
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> s1 \<noteq> Failure" 
+  proof -
+    assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
+    thus "s1 \<noteq> Failure" using a1 assms(1-2) assms(5) dag_verifies_propagate by blast 
+  qed
+qed
+
+lemma ending2:
+  assumes "j = Suc j'"
+      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock None [] None None,
+                      KEndBlock (KSeq (BigBlock None [] (Some (WhileWrapper (ParsedWhile next_guard next_invs (next_body_bb#body_bbs)))) None) cont1),
+                      Normal ns1'') -n\<longrightarrow>^j'
+           (reached_bb, reached_cont, reached_state)"
+      and corr: "\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
+      and guard_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1''\<rangle> \<Down> BoolV False" 
+      and "node_to_block G ! n = [Assume c]" 
+      and "(UnOp Not guard) \<sim> c"
+      and "List.member (out_edges(G) ! n) n1"
+      and "\<And> j'''.
+          j' = Suc (Suc (Suc j''')) \<Longrightarrow>
+          node_to_block G ! n = [Assume c] \<Longrightarrow>
+          (UnOp Not guard) \<sim> c \<Longrightarrow>
+          List.member (out_edges(G) ! n) n1 \<Longrightarrow>
+          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') -n\<longrightarrow>^j''' 
+              (reached_bb, reached_cont, reached_state) \<Longrightarrow>
+          (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow> 
+          (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms
+proof -
+  from assms(2) have disj_a:
+    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state) \<or> 
+       (\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
+              -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc (Suc l3))) )"
+    by (simp add: endblock_skip_wrapper)
+  thus ?thesis
+  proof cases
+    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" thus ?thesis by simp
+  next 
+    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state))"
+    hence skipped_endblock: 
+                  "(\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
+                   -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc (Suc l3))) )" 
+      using disj_a by blast
+    thus ?thesis
+    proof -
+      obtain l3_conc where 
+           conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
+                        -n\<longrightarrow>^l3_conc (reached_bb, reached_cont, reached_state))" and 
+           succ_rel: "(j' = Suc (Suc (Suc l3_conc))) " 
+        using skipped_endblock by blast
+      show ?thesis
+        apply (rule assms(8))
+             apply (rule succ_rel)
+            apply (simp add: assms)
+           apply (rule assms(6))
+          apply (rule assms(7))
+         apply (rule conc_trace)
+        apply (rule correctness_propagates_through_assumption)
+             apply (rule corr)
+            apply (rule assms(5))
+           apply (rule assms(6))
+          apply (rule guard_false)
+         apply (rule assms(7))
+        apply simp
+        done
+    qed
+  qed
+qed
+
+text \<open>Global lemma for an ast-bigblock with a non-empty set of simple commands which concludes the program and is immediately after a loop.\<close>
+lemma generic_ending_block_after_loop_global_rel:
+  assumes syn_rel: "ast_cfg_rel None [] (BigBlock name cs1 None any_tr) cs2"
+  and "(any_tr = None) \<or> (any_tr = (Some (Return val1)))"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "node_to_block G ! n = (c#cs2)" 
+  and "c = Assume b"
+  and "(UnOp Not guard) \<sim> b"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not guard, ns1\<rangle> \<Down> BoolV True"
+  and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cs1 None any_tr), KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  using assms
+proof (cases j)
+  case 0
+  from this j_step_ast_trace have "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
+  then show ?thesis by (simp add: valid_configuration_def expr_all_sat_def)
+next
+  case (Suc j')
+  from this j_step_ast_trace obtain inter_bb inter_cont inter_state where
+    step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+    rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+    by (metis prod_cases3 relpowp_Suc_D2) 
+  then show ?thesis 
+  proof (cases any_tr)
+    case None
+    from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, KStop, inter_state)"
+    proof cases
+      case RedSimpleCmds thus ?thesis using None by (auto simp add: RedSimpleCmds)
+    qed auto
+
+    have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+      using dag_verifies_propagate_2  assms(5) cfg_is_correct by blast 
+
+    from step have "inter_state \<noteq> Failure"
+    proof cases
+      case RedSimpleCmds thus ?thesis using Red_impl trace_is_possible
+        by (metis assms(4) assms(7) assms(6) block_local_rel_guard_false step syn_rel)
+    qed auto
+
+    hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" 
+      unfolding valid_configuration_def expr_all_sat_def
+      using concrete_inter get_state.simps is_final.simps by simp
+
+    have "is_final (inter_bb, inter_cont, inter_state)" using concrete_inter by simp 
+    then show ?thesis by (metis Pair_inject concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest valid_inter)
+  next
+    case (Some transfer)
+    then show ?thesis
+    proof (cases transfer)
+      case (Goto x1)
+      then show ?thesis using Some assms(2) by blast
+    next
+      case (Return ret)
+      from step this Some have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None (Some (Return ret)), KStop, inter_state)"
+      proof cases
+        case RedSimpleCmds thus ?thesis using Return Some by blast
+      qed (auto simp add: assms(3))
+  
+      have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+        using dag_verifies_propagate_2  assms(5) cfg_is_correct by blast 
+  
+      from step have "inter_state \<noteq> Failure"
+      proof cases
+        case RedSimpleCmds thus ?thesis using Red_impl trace_is_possible
+          by (metis assms(4) assms(7) assms(6) block_local_rel_guard_false step syn_rel)
+      qed auto
+      then show ?thesis 
+      proof (cases inter_state)
+        case (Normal x1)
+        then show ?thesis
+        proof (cases j')
+          case 0
+          then show ?thesis using concrete_inter by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps is_final.simps(4) relpowp_0_E rest)
+        next
+          case (Suc j'')
+          from this rest obtain inter_bb2 inter_cont2 inter_state2 where
+            snd_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(inter_bb, inter_cont, inter_state)\<rangle> \<longrightarrow> (inter_bb2, inter_cont2, inter_state2)" and
+            snd_rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb2, inter_cont2, inter_state2) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
+            by (metis get_state.cases relpowp_Suc_E2)
+          then have inter2_conc: "(inter_bb2, inter_cont2, inter_state2) = ((BigBlock name [] None None), KStop, inter_state)" 
+            using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal
+          proof cases
+            case RedReturn thus ?thesis using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal by blast
+          qed auto
+          hence "is_final (inter_bb2, inter_cont2, inter_state2)" by simp
+          then show ?thesis
+            by (metis Ast.valid_configuration_def inter2_conc \<open>inter_state \<noteq> Failure\<close> expr_all_sat_def final_is_static_propagate get_state.simps list.pred_inject(1) rtranclp_power snd_rest)
+        qed
+      next
+        case Failure
+        then show ?thesis using \<open>inter_state \<noteq> Failure\<close> by simp
+      next
+        case Magic
+        then show ?thesis by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps magic_propagates rest state.simps(5))
+      qed
+    qed
+  qed
+qed
+
+
+text \<open>Global lemma for an ast-bigblock with a non-empty set of simple commands which concludes the program.\<close>
+lemma generic_ending_block_global_rel:
+  assumes syn_rel: "ast_cfg_rel None [] (BigBlock name cs1 None any_tr) cs2"
+  and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cs1 None any_tr), KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "(any_tr = None) \<or> (any_tr = (Some (Return val1)))"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "node_to_block G ! n = cs2"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
+shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms
+proof (cases j)
+  case 0
+  from this j_step_ast_trace have "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
+  then show ?thesis by (simp add: valid_configuration_def expr_all_sat_def)
+next
+  case (Suc j')
+  from this j_step_ast_trace obtain inter_bb inter_cont inter_state where
+    step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+    rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+    by (metis prod_cases3 relpowp_Suc_D2) 
+  then show ?thesis 
+  proof (cases any_tr)
+    case None
+    from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, KStop, inter_state)"
+    proof cases
+      case RedSimpleCmds thus ?thesis using None by (auto simp add: RedSimpleCmds)
+    qed auto
+
+    have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+      using assms(6) cfg_is_correct dag_verifies_propagate_2 by blast
+
+    from step have "inter_state \<noteq> Failure"
+    proof cases
+      case RedSimpleCmds thus ?thesis using Red_impl assms(5) block_local_rel_generic local.step syn_rel by blast
+    qed auto
+
+    hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" 
+      unfolding valid_configuration_def expr_all_sat_def
+      using concrete_inter get_state.simps is_final.simps by simp
+
+    have "is_final (inter_bb, inter_cont, inter_state)" using concrete_inter by simp 
+    then show ?thesis by (metis Pair_inject concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest valid_inter)
+  next
+    case (Some transfer)
+    then show ?thesis
+    proof (cases transfer)
+      case (Goto x1)
+      then show ?thesis using Some assms(3) by blast
+    next
+      case (Return ret)
+      from step this Some have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None (Some (Return ret)), KStop, inter_state)"
+      proof cases
+        case RedSimpleCmds thus ?thesis using Return Some by blast
+      qed (auto simp add: assms(4))
+  
+      have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+        using dag_verifies_propagate_2  assms(6) cfg_is_correct by blast 
+  
+      from step have "inter_state \<noteq> Failure"
+      proof cases
+        case RedSimpleCmds thus ?thesis using Red_impl using assms(5) block_local_rel_generic local.step syn_rel by blast
+      qed auto
+
+      then show ?thesis
+      proof (cases inter_state)
+        case (Normal x1)
+        then show ?thesis
+        proof (cases j')
+          case 0
+          then show ?thesis using concrete_inter by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps is_final.simps(4) relpowp_0_E rest)
+        next
+          case (Suc j'')
+          from this rest obtain inter_bb2 inter_cont2 inter_state2 where
+            snd_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(inter_bb, inter_cont, inter_state)\<rangle> \<longrightarrow> (inter_bb2, inter_cont2, inter_state2)" and
+            snd_rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb2, inter_cont2, inter_state2) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
+            by (metis get_state.cases relpowp_Suc_E2)
+          then have inter2_conc: "(inter_bb2, inter_cont2, inter_state2) = ((BigBlock name [] None None), KStop, inter_state)" 
+            using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal
+          proof cases
+            case RedReturn thus ?thesis using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal by blast
+          qed auto
+          hence "is_final (inter_bb2, inter_cont2, inter_state2)" by simp
+          then show ?thesis
+            by (metis Ast.valid_configuration_def inter2_conc \<open>inter_state \<noteq> Failure\<close> expr_all_sat_def final_is_static_propagate get_state.simps list.pred_inject(1) rtranclp_power snd_rest)
+        qed
+      next
+        case Failure
+        then show ?thesis using \<open>inter_state \<noteq> Failure\<close> by simp
+      next
+        case Magic
+        then show ?thesis by (metis valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps magic_propagates rest state.simps(5))
+      qed
+    qed
+  qed
+qed
+
+
+text \<open>Global lemma for an ast-bigblock with a non-empty set of simple commands that enters a loop after it executes its simple cmds.\<close>
+lemma block_global_rel_while_successor:
+  assumes j_step_ast_trace: 
+      "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None), cont1, Normal ns1) -n\<longrightarrow>^j 
+                      (reached_bb, reached_cont, reached_state)"
+  and syn_rel: "ast_cfg_rel None [] (BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None) cmds"
+  and "cmds \<noteq> []"
+  and "node_to_block G ! n = cmds"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and block_local_rel:
+    "\<And> reached_bb_inter reached_cont_inter reached_state_inter. 
+    (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None), cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cmds (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cmds, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+  and global_rel_succ:
+        "\<And> ns2 k.
+         k < j \<Longrightarrow>
+         (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, Normal ns2) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+         A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] (Some (ParsedWhile guard invs (body_bb0#body_bbs))) None), KEndBlock cont1, Normal ns2) -n\<longrightarrow>^k 
+                      (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
+         (valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms
+proof cases
+  assume "j = 0"
+  then have "(reached_bb, reached_cont, reached_state) = 
+             ((BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None), cont1, Normal ns1)" using j_step_ast_trace by auto
+  thus ?thesis by (simp add: valid_configuration_def)
+next
+  assume "j \<noteq> 0"
+  from this obtain j' where "j = Suc j'" using not0_implies_Suc by blast
+  from this j_step_ast_trace obtain inter_bb inter_cont inter_state where
+    first_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None), cont1, Normal ns1)\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and 
+    rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+    by (metis (no_types, opaque_lifting) get_state.cases relpowp_Suc_D2)
+  from this have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None), cont1, inter_state)"
+  proof cases
+    case RedSimpleCmds thus ?thesis by blast
+  qed (auto simp add: \<open>cmds \<noteq> []\<close>)
+  have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cmds (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" using dag_verifies_propagate_2 cfg_is_correct assms(4) by blast
+  have local_conclusion: "inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cmds, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+    using Red_impl first_step assms(3) block_local_rel_generic syn_rel by blast 
+  show ?thesis 
+  proof (cases inter_state)
+    case (Normal x1)
+    hence "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cmds, Normal ns1\<rangle> [\<rightarrow>] inter_state)" using local_conclusion by blast
+    then show ?thesis
+    proof (cases j')
+      case 0
+      then show ?thesis 
+        by (metis (full_types, opaque_lifting) Ast.valid_configuration_def expr_all_sat_def get_state.simps list.pred_inject(1) local_conclusion relpowp.simps(1) rest)
+    next
+      case 2: (Suc j'')
+
+      hence Red_cfg_conc: 
+        "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))" 
+        using dag_verifies_propagate Normal \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cmds,Normal ns1\<rangle> [\<rightarrow>] inter_state\<close> assms(4) cfg_is_correct 
+        by blast
+
+      from 2 j_step_ast_trace obtain inter_bb2 inter_cont2 inter_state2 where
+        first_step_2: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(inter_bb, inter_cont, inter_state)\<rangle> \<longrightarrow> (inter_bb2, inter_cont2, inter_state2)" and 
+        rest_2: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb2, inter_cont2, inter_state2) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
+        by (metis get_state.cases relpowp_Suc_E2 rest)
+      from this have a3: "(inter_bb2, inter_cont2, inter_state2) = 
+                          ((BigBlock name [] (Some (ParsedWhile guard invs (body_bb0#body_bbs))) None), KEndBlock cont1, inter_state)"
+        using a1 Normal
+      proof cases
+        case RedParsedWhileWrapper thus ?thesis using a1 by fastforce
+      qed auto 
+
+      have "j'' < j" by (simp add: "2" \<open>j = Suc j'\<close>)
+      then show ?thesis using a3 rest_2 Normal Red_cfg_conc assms(7) by blast
+    qed
+  next
+    case Failure
+    then show ?thesis using local_conclusion by blast
+  next
+    case Magic
+    then show ?thesis by (metis valid_configuration_def get_state.simps local_conclusion magic_propagates rest state.simps(5))
+  qed
+qed
+
+text \<open>Global lemma for a loop-head ast-bigblock with non-empty invariants. The loop is also required to be non-empty.\<close>
+lemma block_global_rel_loop_head:
+  assumes block_rel: "ast_cfg_rel None assertions (BigBlock name [] any_str any_tr) assertions"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  (* TODO: You're requiring that the loop isn't empty! What if it is? *)
+  and bb_successor_while: "any_str = Some (ParsedWhile cont_guard invs (bb0#body_bbs))"
+  and block_local_rel:
+    "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+  (* TODO: The following is a sketchy assumption! Fix it!*)
+  and "assertions \<noteq> []" 
+  and "node_to_block(G) ! n = assertions"
+  and succ_correct: 
+   "\<And> ns1'' loop_guard j'. 
+    j = Suc j' \<Longrightarrow>
+    (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
+    ((cont_guard = Some loop_guard) \<and> 
+      (red_expr A \<Lambda> \<Gamma> \<Omega> loop_guard ns1'' (BoolV True)) \<and> 
+      A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (rev ((BigBlock name [] any_str any_tr)#body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or> 
+    ((cont_guard = Some loop_guard) \<and> 
+      (red_expr A \<Lambda> \<Gamma> \<Omega> loop_guard ns1'' (BoolV False)) \<and> 
+      A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or>
+    ((cont_guard = None) \<and> 
+     ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or>
+      (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (rev ((BigBlock name [] any_str any_tr)#body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state))))  \<Longrightarrow>  
+    (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
+  using assms
+proof cases
+    case (Rel_Invs)
+    thus ?thesis 
+    proof cases
+      assume "j = 0"
+      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))" using ast_trace by simp 
+      thus ?thesis by (simp add: Ast.valid_configuration_def)
+    next
+      assume "j \<noteq> 0" 
+      from this obtain j' where "j = Suc j'" using not0_implies_Suc by blast
+  
+      from ast_trace this obtain inter_bb inter_cont inter_state where
+        first_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+        rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+        by (metis prod_cases3 relpowp_Suc_D2)
+  
+      show ?thesis
+      proof (cases cont_guard)
+        case None
+        from first_step show ?thesis using bb_successor_while
+        proof cases
+          case RedParsedWhileTrue
+          hence concrete_inter1: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont (rev ((BigBlock name [] any_str any_tr)#body_bbs)) (KEndBlock cont1), (Normal ns1))"
+            using bb_successor_while None by blast
+  
+          from first_step
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            by (metis Pair_inject assms(7) block_local_rel cfg_correct concrete_inter1 dag_verifies_propagate dag_verifies_propagate_2)
+  
+          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct None rest concrete_inter1 succ_correct by blast 
+        next 
+          case RedParsedWhileFalse
+          hence concrete_inter2: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1))" by simp
+  
+          from first_step
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            by (metis assms(7) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+  
+          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct None rest concrete_inter2 succ_correct by blast
+        next 
+          case RedParsedWhile_InvFail thus ?thesis using assms(7) block_local_rel cfg_correct dag_verifies_propagate_2 first_step by blast
+        qed auto
+      next
+        case (Some concrete_loop_guard)
+        then show ?thesis 
+        proof cases
+          assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV True))"
+          hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV False))" using expr_eval_determ by blast
+  
+          from first_step show ?thesis 
+          proof cases
+            case RedParsedWhileTrue
+            hence concrete_inter3: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont (rev ((BigBlock name [] any_str any_tr)#body_bbs)) (KEndBlock cont1), (Normal ns1))"
+              using bb_successor_while Some by blast
+  
+            from first_step
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              by (metis Pair_inject assms(7) block_local_rel cfg_correct concrete_inter3 dag_verifies_propagate dag_verifies_propagate_2)
+  
+            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct Some guard_true rest concrete_inter3 succ_correct by blast 
+        next 
+            case RedParsedWhile_InvFail thus ?thesis using assms(7) block_local_rel cfg_correct dag_verifies_propagate_2 first_step by blast
+        qed (auto simp add: bb_successor_while Some guard_not_false)
+      next
+        assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV True))"
+        thus ?thesis 
+        proof cases
+          assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV False))"
+  
+          from first_step show ?thesis 
+          proof cases
+            case RedParsedWhileFalse
+            hence concrete_inter4: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1))" by simp
+
+          from first_step
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            by (metis assms(7) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+  
+            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct Some guard_false rest concrete_inter4 succ_correct by blast
+          next
+            case RedParsedWhile_InvFail thus ?thesis using Some bb_successor_while guard_not_true by blast
+          qed (auto simp add: bb_successor_while Some guard_not_true)
+        next
+          assume guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV False))"
+          from first_step show ?thesis
+          proof cases
+            case RedParsedWhile_InvFail thus ?thesis using Some bb_successor_while guard_not_true by blast
+          qed (auto simp add: bb_successor_while Some guard_not_true guard_not_false)
+        qed
+      qed
+    qed
+  qed
+qed auto
+
+text \<open>Global lemma for an ast-bigblock with a non-empty set of simple cmds which enters an if-statement after executing its simple cmds.\<close>
+lemma block_global_rel_if_successor:
+  assumes block_rel: "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "node_to_block(G) ! n = cs2"
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and bb_successor_if: "any_str = Some (ParsedIf cont_guard (then0#then_bbs) (else0#else_bbs))"
+  and block_local_rel:
+        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+  and succ_correct: 
+       "\<And> ns1'' block_guard k.
+         k < j \<Longrightarrow> 
+        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
+        ((cont_guard = Some block_guard) \<and> 
+          (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV True)) \<and> 
+          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or> 
+        ((cont_guard = Some block_guard) \<and> 
+          (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV False)) \<and> 
+          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or>
+        ( (cont_guard = None) \<and> 
+          ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or>
+          (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state))) ) \<Longrightarrow>  
+        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
+  using assms
+proof cases
+  case Rel_Main_test
+  have not_end: "(cont0 \<noteq> KStop) \<or> any_str \<noteq> None \<or> any_tr \<noteq> None" using bb_successor_if by simp
+  from ast_trace show ?thesis
+  proof (cases j)
+    case 0
+    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace by auto
+    then show ?thesis by (simp add: Ast.valid_configuration_def bb_successor_if) 
+  next
+    case 1: (Suc j')
+    from this obtain inter_bb inter_cont inter_state where
+      first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
+      rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+      by (metis ast_trace get_state.cases relpowp_Suc_E2)
+
+    from cfg_correct \<open>cs2 \<noteq> Nil\<close> \<open>node_to_block(G) ! n = cs2\<close> 
+    have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+      using dag_verifies_propagate_2 by blast
+
+    from local_rel_corr first_step 
+    have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
+      using block_local_rel by simp
+
+    from first_step \<open>cs1 \<noteq> Nil\<close> 
+    have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
+    proof cases
+      case RedSimpleCmds then show ?thesis by (auto simp add: RedSimpleCmds)
+    qed auto
+
+    show ?thesis 
+    proof (cases inter_state)
+      case 2: (Normal x1)
+      from rest_of_steps show ?thesis 
+      proof (cases j')
+        case 0
+        then show ?thesis 
+          by (metis Ast.valid_configuration_def a1 a2 bb_successor_if get_state.simps is_final.simps(3) relpowp_0_E rest_of_steps) 
+      next
+        case 3: (Suc j'')
+        from this rest_of_steps obtain snd_inter_bb snd_inter_cont snd_inter_state where
+          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, inter_state)  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
+          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
+          by (metis a1 get_state.cases relpowp_Suc_D2)
+
+        thus ?thesis 
+        proof (cases cont_guard)
+          case None
+          from snd_step this show ?thesis
+          proof cases
+            case RedParsedIfTrue
+            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
+
+            from first_step 
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            proof cases
+              case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(5) Rel_Main_test(1) cfg_correct by blast
+            qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
+
+            have "j'' < j" using 1 3 using Suc_lessD by blast
+            
+            thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct by blast
+          next
+            case RedParsedIfFalse
+            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
+
+            from first_step 
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            proof cases
+              case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(5) Rel_Main_test(1) cfg_correct by blast
+            qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
+
+            have "j'' < j" using 1 3 using Suc_lessD by blast
+
+            thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct by blast
+          qed (auto simp add: bb_successor_if 2)
+        next
+          case (Some block_guard)
+          then show ?thesis 
+          proof cases
+            assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True))"
+            hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False))" using expr_eval_determ by blast
+            from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, inter_state)" 
+            proof cases
+              case RedParsedIfTrue thus ?thesis using guard_true bb_successor_if by (simp add: RedParsedIfTrue)
+            qed (auto simp add: guard_not_false bb_successor_if 2 Some)
+
+            from first_step 
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            proof cases
+              case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(5) Rel_Main_test(1) cfg_correct by blast
+            qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
+
+            have "j'' < j" using 1 3 using Suc_lessD by blast
+            
+            thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct 2 by blast
+          next
+            assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True))"
+            thus ?thesis 
+            proof cases
+              assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False))"
+              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)" 
+              proof cases
+                case RedParsedIfFalse thus ?thesis using guard_false bb_successor_if by (simp add: RedParsedIfFalse)
+              qed (auto simp add: guard_not_true bb_successor_if 2 Some)
+
+              from first_step 
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              proof cases
+                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(5) Rel_Main_test(1) cfg_correct by blast
+              qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)              
+
+              have "j'' < j" using 1 3 using Suc_lessD by blast
+        
+              thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some 2 succ_cfg_correct by blast
+            next
+              assume guard_not_false2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False)))" and  
+                     guard_not_true2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True)))"
+              thus ?thesis
+              proof -
+                from snd_step have False using guard_not_false2 guard_not_true2 bb_successor_if Some 2 
+                  by (cases) auto
+                thus ?thesis by simp
+              qed
+            qed  
+          qed 
+        qed
+      qed
+    next
+      case Failure
+      then show ?thesis
+        using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+        by linarith
+    next
+      case Magic
+      then show ?thesis by (metis Ast.valid_configuration_def a2 get_state.simps magic_propagates rest_of_steps state.distinct(3))
+    qed
+  qed
+qed auto
+
+text \<open>Global lemma for an ast-bigblock with a non-empty set of simple cmds which is the first bigblock in the else-branch of an if-statement.\<close>
+lemma block_global_rel_if_false:
+  assumes block_rel: "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "node_to_block(G) ! n = cs3"
+  and "cs3 = (c#cs2)"
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
+  and "c = Assume some_cmd"
+  and "(UnOp Not block_guard) \<sim> some_cmd"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(UnOp Not block_guard), ns1\<rangle> \<Down> LitV (LBool True)"
+  and block_local_rel: 
+        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+  and succ_correct: 
+       "\<And>  ns1'' k.
+        k < j \<Longrightarrow> 
+        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+        A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
+        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+     shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
+  using assms
+proof cases
+  case Rel_Main_test
+  have not_end: "(cont0 \<noteq> KStop) \<or> any_str \<noteq> None \<or> any_tr \<noteq> None" using trivial_bb_successor by simp
+  from ast_trace show ?thesis
+  proof (cases j)
+    case 0
+    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace by fastforce
+    then show ?thesis unfolding Ast.valid_configuration_def by (simp add: trivial_bb_successor)
+  next
+    case succ_0: (Suc j')
+    from this obtain inter_bb inter_cont inter_state where
+      first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
+      rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+      by (metis ast_trace prod_cases3 relpowp_Suc_D2)
+
+    from cfg_correct \<open>cs2 \<noteq> Nil\<close> \<open>node_to_block(G) ! n = cs3\<close> 
+    have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+      using dag_verifies_propagate_2 by blast
+
+    from local_rel_corr first_step 
+    have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
+      using block_local_rel by simp
+
+    from first_step \<open>cs1 \<noteq> Nil\<close> 
+    have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
+    proof cases
+      case RedSimpleCmds then show ?thesis by (auto simp add: RedSimpleCmds)
+    qed auto
+
+    show ?thesis 
+    proof (cases inter_state)
+      case 1: (Normal x1)
+      from rest_of_steps show ?thesis 
+      proof (cases j')
+        case 0
+        then show ?thesis
+          by (metis Ast.valid_configuration_def a1 a2 get_state.simps is_final.simps(5) relpowp_0_E rest_of_steps trivial_bb_successor)
+      next
+        case 2: (Suc j'')
+        from this rest_of_steps obtain snd_inter_bb snd_inter_cont snd_inter_state where
+          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, inter_state)  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
+          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
+          by (metis a1 get_state.cases relpowp_Suc_D2)
+        from snd_step have snd_step_equiv: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1, cont1, inter_state)"
+        proof cases
+          case RedSkip thus ?thesis using trivial_bb_successor by (simp add: RedSkip)
+        qed (auto simp add: trivial_bb_successor "1")
+
+        from first_step 
+        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+        proof cases
+          case RedSimpleCmds 
+          hence cmds_red: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c#cs2, Normal ns1\<rangle> [\<rightarrow>] inter_state" 
+            using Rel_Main_test(1) \<open>c = Assume some_cmd\<close> \<open>(UnOp Not block_guard) \<sim> some_cmd\<close> equiv_preserves_value trace_is_possible RedAssumeOk RedCmdListCons 
+            by metis
+          show ?thesis by (metis (no_types, lifting) "1" RedNormalSucc assms(5) assms(6) cfg_correct cmds_red converse_rtranclp_into_rtranclp)
+        qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
+
+        have "j'' < j" using succ_0 2 by simp
+
+        then show ?thesis using snd_step_equiv succ_correct snd_rest_of_steps "1" succ_cfg_correct by blast 
+      qed
+    next
+      case Failure
+      then show ?thesis
+        using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+        by linarith
+    next
+      case Magic
+      then show ?thesis by (metis Ast.valid_configuration_def a2 get_state.simps magic_propagates rest_of_steps state.distinct(3))
+    qed
+  qed
+qed auto
+
+text \<open>Global lemma for an ast-bigblock with a non-empty set of simple cmds which is the first bigblock in the then-branch of an if-statement.\<close>
+lemma block_global_rel_if_true:
+  assumes block_rel: "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "node_to_block(G) ! n = cs3"
+  and "cs3 = c#cs2"
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
+  and "c = Assume block_guard"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>block_guard, ns1\<rangle> \<Down> LitV (LBool True)"
+  and block_local_rel: 
+        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+  and succ_correct: 
+       "\<And>  ns1'' k.
+        k < j \<Longrightarrow> 
+        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+        A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
+        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+     shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
+  using assms
+proof cases
+  case Rel_Main_test
+  have not_end: "(cont0 \<noteq> KStop) \<or> any_str \<noteq> None \<or> any_tr \<noteq> None" using trivial_bb_successor by simp
+  from ast_trace show ?thesis
+  proof (cases j)
+    case 0
+    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace by auto
+    then show ?thesis unfolding Ast.valid_configuration_def by (metis assms(3) get_state.simps is_final.simps(2) neq_Nil_conv state.distinct(1))
+  next
+    case succ_0: (Suc j')
+    from this obtain inter_bb inter_cont inter_state where
+      first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
+      rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+      by (metis ast_trace get_state.cases relpowp_Suc_D2)
+
+    from cfg_correct \<open>cs2 \<noteq> Nil\<close> \<open>node_to_block(G) ! n = cs3\<close> 
+    have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+      using dag_verifies_propagate_2 by blast
+
+    from local_rel_corr first_step 
+    have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
+      using block_local_rel by simp
+
+    from first_step \<open>cs1 \<noteq> Nil\<close> 
+    have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
+    proof cases
+      case RedSimpleCmds then show ?thesis by (auto simp add: RedSimpleCmds)
+    qed auto
+
+    show ?thesis 
+    proof (cases inter_state)
+      case 1: (Normal x1)
+      from rest_of_steps show ?thesis 
+      proof (cases j')
+        case 0
+        then show ?thesis 
+          by (metis valid_configuration_def a1 a2 get_state.simps is_final.simps(5) relpowp_0_E rest_of_steps trivial_bb_successor)
+      next
+        case 2: (Suc j'')
+        from this rest_of_steps obtain snd_inter_bb snd_inter_cont snd_inter_state where
+          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, inter_state)  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
+          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
+          by (metis a1 get_state.cases relpowp_Suc_D2)
+
+        from snd_step have snd_step_equiv: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1, cont1, inter_state)"
+        proof cases
+          case RedSkip thus ?thesis using trivial_bb_successor by (simp add: RedSkip)
+        qed (auto simp add: trivial_bb_successor "1")
+
+        from first_step 
+        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+        proof cases
+          case RedSimpleCmds 
+          hence cmds_red: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c#cs2, Normal ns1\<rangle> [\<rightarrow>] inter_state" 
+            using Rel_Main_test(1) \<open>c = Assume block_guard\<close> trace_is_possible RedAssumeOk RedCmdListCons by blast
+          show ?thesis using "1" assms(5) assms(6) cfg_correct cmds_red dag_verifies_propagate by blast
+        qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
+
+        have "j'' < j" using succ_0 2 by simp
+
+        then show ?thesis using snd_step_equiv succ_correct snd_rest_of_steps "1" succ_cfg_correct by blast 
+      qed
+    next
+      case Failure
+      then show ?thesis
+        using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+        by linarith
+    next
+      case Magic
+      then show ?thesis by (metis valid_configuration_def a2 get_state.simps magic_propagates rest_of_steps state.simps(5))
+    qed
+  qed
+qed auto
+
+text \<open>Global lemma for a generic ast-bigblock with a non-empty set of simple cmds.\<close>
+lemma block_global_rel_generic:
+  assumes block_rel: "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "node_to_block(G) ! n = cs2"
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
+  and block_local_rel: 
+        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+  and succ_correct: 
+       "\<And>  ns1'' k.
+        k < j \<Longrightarrow> 
+        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+        A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
+        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
+  using assms
+proof cases
+  case Rel_Main_test
+  have not_end: "(cont0 \<noteq> KStop) \<or> any_str \<noteq> None \<or> any_tr \<noteq> None" using trivial_bb_successor by simp
+  from ast_trace show ?thesis
+  proof (cases j)
+    case 0
+    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace by auto
+    then show ?thesis unfolding Ast.valid_configuration_def by (simp add: trivial_bb_successor)
+  next
+    case succ_0: (Suc j')
+    from this obtain inter_bb inter_cont inter_state where
+      first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
+      rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+      by (metis ast_trace get_state.cases relpowp_Suc_D2)
+
+    from cfg_correct \<open>cs2 \<noteq> Nil\<close> \<open>node_to_block(G) ! n = cs2\<close> 
+    have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+      using dag_verifies_propagate_2 by blast
+
+    from local_rel_corr first_step 
+    have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
+      using block_local_rel by simp
+
+    from first_step \<open>cs1 \<noteq> Nil\<close> 
+    have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
+    proof cases
+      case RedSimpleCmds then show ?thesis by (auto simp add: RedSimpleCmds)
+    qed auto
+
+    show ?thesis 
+    proof (cases inter_state)
+      case 1: (Normal x1)
+      from rest_of_steps show ?thesis 
+      proof (cases j')
+        case 0
+        then show ?thesis 
+          by (metis valid_configuration_def a1 a2 get_state.simps is_final.simps(5) relpowp_0_E rest_of_steps trivial_bb_successor)
+      next
+        case 2: (Suc j'')
+        from this rest_of_steps obtain snd_inter_bb snd_inter_cont snd_inter_state where
+          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, inter_state)  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
+          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
+          by (metis a1 get_state.cases relpowp_Suc_D2)
+
+        from snd_step have snd_step_equiv: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1, cont1, inter_state)"
+        proof cases
+          case RedSkip thus ?thesis using trivial_bb_successor by (simp add: RedSkip)
+        qed (auto simp add: trivial_bb_successor "1")
+
+        from first_step 
+        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+        proof cases
+          case RedSimpleCmds show ?thesis using 1 snd_step_equiv  RedSimpleCmds(3) dag_verifies_propagate Rel_Main_test(1) cfg_correct assms(5) by blast
+        qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
+
+        have "j'' < j" using succ_0 2 by simp
+
+        then show ?thesis using snd_step_equiv succ_correct snd_rest_of_steps "1" succ_cfg_correct by blast
+      qed
+    next
+      case Failure
+      then show ?thesis
+        using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+        by linarith
+    next
+      case Magic
+      then show ?thesis by (metis valid_configuration_def a2 get_state.simps magic_propagates rest_of_steps state.distinct(3))
+    qed
+  qed
+qed auto
+
+text \<open>Helper lemmas used to complete the procedure correctness proof\<close>
+
+lemma end_to_end_util2:
+  assumes AExpanded: "\<And> \<Gamma> end_bb end_cont end_state ns M.
+           rtranclp (red_bigblock B M \<Lambda> \<Gamma> [] ast) (init_ast ast ns) (end_bb, end_cont, end_state) \<Longrightarrow>
+           (\<And> v. (closed ((type_of_val B) v))) \<Longrightarrow>
+           (\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val B) v) = t)))) \<Longrightarrow>
+           (fun_interp_wf B fun_decls \<Gamma>) \<Longrightarrow>
+           (axiom_assm B \<Gamma> constants (ns::(('a)nstate)) axioms) \<Longrightarrow>
+           (expr_all_sat B \<Lambda> \<Gamma> [] ns all_pres) \<Longrightarrow>
+           (state_typ_wf B [] (local_state ns) (snd \<Lambda>)) \<Longrightarrow>
+           (state_typ_wf B [] (global_state ns) (fst \<Lambda>)) \<Longrightarrow>
+           ((global_state ns) = (old_global_state ns)) \<Longrightarrow>
+           ((binder_state ns) = Map.empty) \<Longrightarrow> 
+           (Ast.valid_configuration B \<Lambda> \<Gamma> [] checked_posts end_bb end_cont end_state)" and
+          "all_pres = proc_all_pres proc_ast" and
+          "checked_posts = proc_checked_posts proc_ast" and
+          ABody: "ast_procedure.proc_body proc_ast = Some (locals, ast)" and
+          AVarContext:"\<Lambda> = (constants@global_vars, (proc_args proc_ast)@locals)" and
+          ARets:"proc_rets proc_ast = []" and
+         (* "fun_decls = prog_funcs prog" and
+          "axs = prog_axioms prog" and*)
+          "proc_ty_args proc_ast = 0" 
+          (*"const_decls = prog_consts prog"*)
+  shows "Ast.proc_is_correct B fun_decls constants global_vars axioms proc_ast"
+proof -
+  show "proc_is_correct B fun_decls constants global_vars axioms proc_ast"
+  proof( (simp only: proc_is_correct.simps), subst ABody, simp split: option.split, (rule allI | rule impI)+,
+         unfold proc_body_satisfies_spec_def,(rule allI | rule impI)+)  
+    fix \<Gamma> \<Omega> gs ls end_bb end_cont end_state
+    assume Atyp:"(\<forall>t. closed t \<longrightarrow> (\<exists>v. type_of_val B v = t)) \<and> (\<forall>v. closed (type_of_val B v))" and
+           FunWf:"fun_interp_wf B fun_decls \<Gamma>" and
+           ARenv: "list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc_ast" and
+           WfGlobal: "state_typ_wf B \<Omega> gs (constants @ global_vars)" and
+           WfLocal: "state_typ_wf B \<Omega> ls (proc_args proc_ast @ locals @ proc_rets proc_ast)" and
+           AxSat: "axioms_sat B (constants, []) \<Gamma>
+        \<lparr>old_global_state = Map.empty, global_state = state_restriction gs constants, local_state = Map.empty, binder_state = Map.empty\<rparr>
+        axioms" and
+        APres:  "expr_all_sat B (constants @ global_vars, proc_args proc_ast @ locals @ proc_rets proc_ast) \<Gamma> \<Omega>
+        \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (map fst (proc_pres proc_ast))" and
+        Ared: "rtranclp 
+               (red_bigblock 
+                B [] (constants @ global_vars,
+                proc_args proc_ast @
+                locals @
+                proc_rets
+                 proc_ast) \<Gamma> \<Omega> ast) (init_ast ast \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr>)
+       (end_bb, end_cont, end_state)"
+    have Contexteq:"\<Lambda> = (constants @ global_vars, proc_args proc_ast @ locals @ proc_rets proc_ast)"
+      using AVarContext ARets by simp
+    from ARenv \<open>proc_ty_args proc_ast = 0\<close> have "\<Omega> = []" by simp
+    have "Ast.valid_configuration B \<Lambda> \<Gamma> [] checked_posts end_bb end_cont end_state"
+      apply (rule AExpanded)
+                apply (subst Contexteq)
+      using Ared \<open>\<Omega> = []\<close>
+                apply fastforce
+              apply (simp add: Atyp)
+             apply (simp add: Atyp)
+            apply (simp add: FunWf)
+      unfolding nstate_global_restriction_def 
+      using AxSat
+           apply simp
+      using APres \<open>\<Omega> = []\<close> \<open>all_pres = _\<close> Contexteq
+          apply simp
+      using Contexteq WfLocal \<open>\<Omega> = []\<close>
+         apply simp
+      using Contexteq WfGlobal \<open>\<Omega> = []\<close>      
+        apply simp
+       apply simp
+      apply simp
+      done
+    thus "Ast.valid_configuration B (constants @ global_vars, proc_args proc_ast @ locals @ proc_rets proc_ast) \<Gamma> \<Omega>
+        (map fst (filter (\<lambda>x. \<not> snd x) (proc_posts proc_ast))) end_bb end_cont end_state"
+      using Contexteq \<open>\<Omega> = []\<close> \<open>checked_posts = _\<close>
+      by simp
+  qed
+qed
+
+lemma valid_config_implies_not_failure:
+  assumes "Semantics.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
+  shows "s' \<noteq> Failure"
+  using Semantics.valid_configuration_def assms by blast
+
+end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/global_data.thy b/BoogieLang/completed_example_proofs/if_example_proofs/global_data.thy
new file mode 100644
index 0000000..51076b5
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/if_example_proofs/global_data.thy
@@ -0,0 +1,34 @@
+theory global_data
+  imports "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics" 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/TypeSafety" 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Util" 
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
new file mode 100644
index 0000000..5923405
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
@@ -0,0 +1,295 @@
+theory if_example_ast_cfg_proof
+  imports Main
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          p_before_cfg_to_dag_prog 
+          if_example_before_ast_cfg
+          p_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+          p_before_passive_prog 
+          p_passification_proof 
+          p_vcphase_proof
+
+begin
+
+abbreviation bigblock_then 
+  where "bigblock_then \<equiv> BigBlock None [(Assign 0 (Lit (LInt 10)))] None None"
+
+abbreviation bigblock_else
+  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 1)))] None None"
+
+lemma bigblock0_local_rel:
+  assumes Red_bb0_to: 
+      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> [Havoc 0] (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Havoc 0], Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  have "ast_cfg_rel None [] bigblock0 p_before_cfg_to_dag_prog.block_0" 
+    unfolding p_before_cfg_to_dag_prog.block_0_def
+    by (rule Rel_Main_test)
+  then show ?thesis 
+    using assms
+    unfolding p_before_cfg_to_dag_prog.block_0_def
+    by (auto simp: block_local_rel_generic) 
+qed
+
+
+lemma bigblock_then_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] bigblock_then [(Assign 0 (Lit (LInt 10)))]" 
+    by (rule Rel_Main_test)
+  show ?thesis
+    unfolding p_before_cfg_to_dag_prog.block_3_def 
+    apply (rule block_local_rel_guard_true[OF syntactic_rel _ _ _  trace_is_possible Red_bb0_to Red0_impl])
+    unfolding p_before_cfg_to_dag_prog.block_3_def 
+    by simp_all
+qed
+
+lemma bigblock_else_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] bigblock_else [(Assign 0 (Lit (LInt 1)))]"
+    by (rule Rel_Main_test)
+  have guard_equiv: "UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))) \<sim> (Lit (LInt 5) \<guillemotleft>Ge\<guillemotright> Var 0)" 
+    by (rule neg_gt2)
+  show ?thesis
+    unfolding p_before_cfg_to_dag_prog.block_1_def 
+    apply (rule block_local_rel_guard_false[OF syntactic_rel _ _ guard_equiv _ trace_is_possible Red_bb0_to Red0_impl])
+    unfolding p_before_cfg_to_dag_prog.block_1_def
+    by simp_all
+qed
+
+lemma block2_global_rel:
+  assumes concrete_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  using assms
+proof -
+  have syn_rel: "ast_cfg_rel None [] bigblock1 [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]" using Rel_Main_test by blast 
+  have cmds: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 2 = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]" 
+    using p_before_cfg_to_dag_prog.block_2_def p_before_cfg_to_dag_prog.node_2 by fastforce
+
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+          apply (rule syn_rel)
+         apply (rule concrete_trace)
+        apply simp
+       apply simp
+      apply simp
+     apply (rule cmds)
+    apply (rule cfg_is_correct)
+    apply simp
+    done
+qed
+
+
+lemma block_then_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] (BigBlock None [(Assign 0 (Lit (LInt 10)))] None None) [(Assign 0 (Lit (LInt 10)))]"
+    by (simp add: Rel_Main_test)
+  have succ: "(out_edges(p_before_cfg_to_dag_prog.proc_body) ! 3) = [2]" 
+    by (simp add: p_before_cfg_to_dag_prog.outEdges_3) 
+
+  show ?thesis 
+    apply (rule block_global_rel_if_true)
+                apply (rule syntactic_rel)
+               apply (rule assms(1))
+              apply simp
+             apply simp
+           apply (rule p_before_cfg_to_dag_prog.node_3)
+          apply (rule p_before_cfg_to_dag_prog.block_3_def)
+          apply (rule assms(2))
+          apply simp
+         apply simp
+        apply simp
+      apply (rule trace_is_possible)
+     apply (rule bigblock_then_local_rel)
+       apply assumption
+      apply assumption
+     apply (rule trace_is_possible)
+    apply (simp add:p_before_cfg_to_dag_prog.outEdges_3)
+    apply ((simp add:member_rec(1)))
+    apply (rule block2_global_rel)
+     apply assumption
+    apply simp
+    done
+qed
+
+
+lemma block_else_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] bigblock_else [(Assign 0 (Lit (LInt 1)))]"
+    by (simp add: Rel_Main_test)
+  have succ: "(out_edges (p_before_cfg_to_dag_prog.proc_body) ! Suc 0) = [2]" 
+    using p_before_cfg_to_dag_prog.outEdges_1 by auto 
+  have guard_equiv: "UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))) \<sim> (Lit (LInt 5) \<guillemotleft>Ge\<guillemotright> Var 0)" 
+    by (rule neg_gt2)
+
+  show ?thesis
+    apply (rule block_global_rel_if_false)
+                apply (rule syntactic_rel)
+               apply (rule assms(1))
+              apply simp
+             apply simp
+            apply (rule p_before_cfg_to_dag_prog.node_1)
+           apply (rule p_before_cfg_to_dag_prog.block_1_def)
+          apply (rule assms(2))
+          apply simp
+         apply simp
+        apply simp
+       apply (rule guard_equiv)
+      apply (rule trace_is_possible)
+     apply (rule bigblock_else_local_rel)
+       apply assumption
+      apply assumption
+     apply (rule trace_is_possible)
+    apply (erule allE[where x=2])
+    apply (simp add: succ)
+    apply (simp add: member_rec(1))
+    apply (rule block2_global_rel)
+     apply assumption
+    apply simp
+    done
+qed
+
+
+lemma block0_global_rel:
+  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+proof -
+  have cmds: "node_to_block(p_before_cfg_to_dag_prog.proc_body) ! 0 = [(Havoc 0)]" 
+    using p_before_cfg_to_dag_prog.block_0_def p_before_cfg_to_dag_prog.node_0 by auto
+  have syntactic_rel: "ast_cfg_rel None [] bigblock0 [Havoc 0]"  
+    by (simp add: Rel_Main_test)
+  have succ: "(out_edges(p_before_cfg_to_dag_prog.proc_body) ! 0) = [3, 1]" 
+    using p_before_cfg_to_dag_prog.outEdges_0 by auto 
+  have "Suc 0 = 1" by simp
+  show ?thesis 
+    apply (rule block_global_rel_if_successor)
+             apply (rule syntactic_rel)
+            apply (rule ast_trace)
+           apply simp
+          apply simp
+        apply (rule cmds)
+       apply (rule assms(1))
+       apply simp
+      apply simp
+     apply (rule bigblock0_local_rel)
+      apply assumption
+     apply assumption
+    apply simp
+    apply (rule disjE)
+      apply assumption
+
+     apply (erule allE[where x=3])
+     apply (simp add:p_before_cfg_to_dag_prog.outEdges_0)
+     apply (simp add:member_rec(1))
+     apply (rule conjE)
+      apply assumption
+    unfolding p_before_cfg_to_dag_prog.post_def
+     apply (rule block_then_global_rel)
+       apply assumption        
+      apply simp
+     apply assumption
+   
+    apply (erule allE[where x=1])
+    apply (simp del: Nat.One_nat_def add:p_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp del: Nat.One_nat_def add:member_rec(1))
+    apply (rule conjE)
+     apply assumption
+    apply (rule block_else_global_rel)
+      apply assumption
+     apply simp
+    apply (simp add: false_equals_not_true)
+    done
+qed
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux3:
+assumes 
+Red: "rtranclp (red_bigblock A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] if_example_before_ast_cfg.proc_body) (bigblock0, (KSeq bigblock1 KStop), Normal ns) (end_bb, end_cont, end_state)" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] p_before_cfg_to_dag_prog.post end_bb end_cont end_state)"
+proof -
+from Red obtain j where Aux:"(A,M,((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)),\<Gamma>,[],if_example_before_ast_cfg.proc_body \<turnstile> (bigblock0, (KSeq bigblock1 KStop), Normal ns) -n\<longrightarrow>^j (end_bb, end_cont, end_state))"
+by (meson rtranclp_imp_relpowp)
+  show ?thesis
+apply (rule block0_global_rel)
+defer
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using OldGlobal apply simp
+using BinderNs apply simp
+done
+qed
+
+lemma initialization:                              
+  assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock0, bigblock1] ns1) (reached_bb, reached_cont, reached_state)"
+  shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, KSeq bigblock1 KStop, Normal ns1) (reached_bb, reached_cont, reached_state)" 
+proof -
+  have "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, convert_list_to_cont (rev [bigblock1]) KStop, Normal ns1) (reached_bb, reached_cont, reached_state)"
+    using assms by fastforce
+  thus ?thesis by simp
+qed
+ 
+
+lemma end_to_end_theorem3:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms if_example_before_ast_cfg.proc_ast))"
+  apply (rule end_to_end_util2[OF end_to_end_theorem_aux3])
+apply (rule initialization)
+unfolding if_example_before_ast_cfg.proc_body_def
+apply assumption using VC apply simp  apply assumption+
+       apply (simp_all add: 
+              exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2
+              if_example_before_ast_cfg.proc_ast_def if_example_before_ast_cfg.proc_body_def 
+              if_example_before_ast_cfg.pres_def if_example_before_ast_cfg.post_def
+              p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+              if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
+              p_before_cfg_to_dag_prog.pres_def p_before_cfg_to_dag_prog.post_def)
+       done
+
+end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~
new file mode 100644
index 0000000..3a3816b
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~
@@ -0,0 +1,4 @@
+theory if_example_ast_form
+
+begin
+end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
new file mode 100644
index 0000000..2311346
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
@@ -0,0 +1,90 @@
+theory if_example_before_ast_cfg
+  imports Main 
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "../global_data"
+
+begin
+abbreviation bigblock0
+  where "bigblock0 \<equiv> 
+          (BigBlock None [(Havoc 0)] 
+            (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) 
+                      [BigBlock None [(Assign 0 (Lit (LInt 10)))] None None] 
+                      [BigBlock None [(Assign 0 (Lit (LInt 1)))] None None])) 
+             None)"
+
+abbreviation bigblock1 
+  where "bigblock1 \<equiv> (BigBlock None [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))] None None)"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 #  bigblock1 # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),None)]"
+
+lemma locals_min_aux:
+shows "(((map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_before_ast_cfg.params_vdecls) )"
+unfolding if_example_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_before_ast_cfg.locals_vdecls) )"
+unfolding if_example_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "ast_procedure"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = if_example_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_example_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec if_example_before_ast_cfg.post),proc_body = (Some (if_example_before_ast_cfg.locals_vdecls,if_example_before_ast_cfg.proc_body))|)"
+
+
+end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..3d7f1e9
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
@@ -0,0 +1,125 @@
+theory p_before_cfg_to_dag_prog
+  imports "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics" 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/TypeSafety" 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Util" 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/generated_example_proofs/if_example_proofs/global_data" 
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
+definition outEdges
+  where
+    "outEdges  = [[3,1],[2],[],[2]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [3,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy
new file mode 100644
index 0000000..414667a
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory p_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy
new file mode 100644
index 0000000..3bf8e12
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy
@@ -0,0 +1,292 @@
+theory p_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_2_def p_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule p_before_cfg_to_dag_prog.node_2)
+apply (rule p_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding p_before_cfg_to_dag_prog.post_def
+apply (rule block_anon3)
+apply assumption+
+by (rule p_before_cfg_to_dag_prog.outEdges_2)
+
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_3_def p_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_3)
+apply (rule p_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon4_Then)
+apply (assumption+)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:p_before_passive_prog.outEdges_1))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_1_def p_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_1)
+apply (rule p_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon4_Else)
+apply (assumption+)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:p_before_passive_prog.outEdges_2))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_0)
+apply (rule p_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:p_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:p_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:p_before_passive_prog.outEdges_4))
+by ((simp add:p_before_passive_prog.node_4 p_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule p_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding p_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=p_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding p_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule p_before_passive_prog.outEdges_5)
+apply ((simp add:p_before_passive_prog.node_4 p_before_passive_prog.block_4_def))
+apply (rule p_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule p_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms p_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy
new file mode 100644
index 0000000..a455b9b
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy
@@ -0,0 +1,262 @@
+theory p_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_0_def p_passive_prog.block_0_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 10))),(0,(Inl 2))]) R_old p_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 1))),(0,(Inl 2))]) R_old p_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_2_def p_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old p_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_3_def p_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_4_def p_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_5_def p_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_3},@{thm p_before_passive_prog.outEdges_3}) (@{thm p_passive_prog.node_3},@{thm p_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon4_Then}, 
+@{thm cfg_block_anon4_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_4},@{thm p_before_passive_prog.outEdges_4}) (@{thm p_passive_prog.node_4},@{thm p_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_5},@{thm p_before_passive_prog.outEdges_5}) (@{thm p_passive_prog.node_5},@{thm p_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using p_before_passive_prog.globals_locals_disj apply auto[1]
+using p_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from p_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy
new file mode 100644
index 0000000..4e1c3f9
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy
@@ -0,0 +1,128 @@
+theory p_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 2) Gt (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 5)))),(Assume (BinOp (Var 2) Eq (Lit (LInt 10))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 1))),(Assume (BinOp (Var 2) Eq (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy
new file mode 100644
index 0000000..baa46e7
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy
@@ -0,0 +1,241 @@
+theory p_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon3
+  where
+    "vc_anon3 x_1 = (x_1 > (0::int))"
+definition vc_anon4_Then
+  where
+    "vc_anon4_Then x_0 x_1 = (((x_0 > (5::int)) \<and> (x_1 = (10::int))) \<longrightarrow> (vc_anon3 x_1))"
+definition vc_anon4_Else
+  where
+    "vc_anon4_Else x_0 x_1 = ((((5::int) \<ge> x_0) \<and> (x_1 = (1::int))) \<longrightarrow> (vc_anon3 x_1))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 x_1 = ((vc_anon4_Then x_0 x_1) \<and> (vc_anon4_Else x_0 x_1))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3
+lemmas forall_poly_thm = forall_vc_type[OF G3]
+lemmas exists_poly_thm = exists_vc_type[OF G3]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon3_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon3AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding p_passive_prog.block_0_def vc.vc_anon3_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Then_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon4_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
+unfolding p_passive_prog.block_1_def vc.vc_anon4_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Else_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon4_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
+unfolding p_passive_prog.block_2_def vc.vc_anon4_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_3 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
+using assms
+unfolding p_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
+using assms
+unfolding p_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding p_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
+using block_anon3AA0[OF _ assms(2)] by blast
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Then vc_x_0 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_1])
+apply (erule block_anon4_ThenAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Else vc_x_0 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_2])
+apply (erule block_anon4_ElseAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_3])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_4])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
+apply (subst lookup_var_local[OF p_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/global_data.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/while_example2_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..1af34bd
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
@@ -0,0 +1,155 @@
+theory p_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_4
+  where
+    "block_4  = [(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[3,2],[1],[4],[6,5],[4],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [6,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy
new file mode 100644
index 0000000..fae5e63
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy
@@ -0,0 +1,139 @@
+theory p_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0))),(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Havoc 0),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Havoc 0),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[2,3],[4],[5,1],[6],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
new file mode 100644
index 0000000..88dd662
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
@@ -0,0 +1,534 @@
+theory p_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def p_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule p_before_passive_prog.node_0)
+apply simp
+unfolding p_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma Mods_anon5_LoopBody:
+shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_2)"
+unfolding p_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_passive_prog.block_1 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_2_def p_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_2)
+apply (rule p_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon5_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon5_LoopBody)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon5_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_6_def p_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule p_before_cfg_to_dag_prog.node_6)
+apply (rule p_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon6_LoopDone)
+apply assumption+
+apply (rule p_before_cfg_to_dag_prog.outEdges_6)
+apply (rule p_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon6_LoopBody:
+shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_5)"
+unfolding p_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 0)))] p_before_passive_prog.block_3 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_5_def p_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] p_before_cfg_to_dag_prog.post ns1 s' 4 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_5)
+apply (rule p_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon6_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon6_LoopBody)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopHead:
+shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_4)"
+unfolding p_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_4_def p_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule p_before_cfg_to_dag_prog.node_4)
+apply (rule p_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon6_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon6_LoopHead)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:p_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:p_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+thm member_elim
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 0)))] p_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_3_def p_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_3)
+apply (rule p_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon5_LoopDone)
+apply (assumption+)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:p_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5_LoopHead:
+shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_1)"
+unfolding p_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_1_def p_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule p_before_cfg_to_dag_prog.node_1)
+apply (rule p_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon5_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon5_LoopHead)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:p_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:p_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_0)
+apply (rule p_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:p_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:p_before_passive_prog.outEdges_8))
+by ((simp add:p_before_passive_prog.node_8 p_before_passive_prog.block_8_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule p_before_passive_prog.node_9)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding p_before_passive_prog.block_9_def
+apply (rule assume_pres_normal[where ?es=p_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding p_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule p_before_passive_prog.outEdges_9)
+apply ((simp add:p_before_passive_prog.node_8 p_before_passive_prog.block_8_def))
+apply (rule p_before_passive_prog.outEdges_8)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule p_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms p_before_cfg_to_dag_prog.proc))"
+  apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
+
+end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
new file mode 100644
index 0000000..d23b383
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
@@ -0,0 +1,343 @@
+theory p_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_0_def p_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(0,(Inl 4))]) R_old p_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_2_def p_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(0,(Inl 5))]) R_old p_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_3_def p_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_4(2)))
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old p_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_4_def p_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_3(2)))
+by simp
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_5_def p_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old p_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_6_def p_passive_prog.block_6_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old p_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_7_def p_passive_prog.block_7_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_8_def p_passive_prog.block_8_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_9_def p_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_anon5_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_anon6_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_3},@{thm p_before_passive_prog.outEdges_3}) (@{thm p_passive_prog.node_3},@{thm p_passive_prog.outEdges_3}) @{thm block_anon6_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_4},@{thm p_before_passive_prog.outEdges_4}) (@{thm p_passive_prog.node_4},@{thm p_passive_prog.outEdges_4}) @{thm block_anon6_LoopHead} [
+@{thm cfg_block_anon6_LoopDone}, 
+@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_5},@{thm p_before_passive_prog.outEdges_5}) (@{thm p_passive_prog.node_5},@{thm p_passive_prog.outEdges_5}) @{thm block_anon5_LoopDone} [
+@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_6},@{thm p_before_passive_prog.outEdges_6}) (@{thm p_passive_prog.node_6},@{thm p_passive_prog.outEdges_6}) @{thm block_anon5_LoopHead} [
+@{thm cfg_block_anon5_LoopDone}, 
+@{thm cfg_block_anon5_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_7},@{thm p_before_passive_prog.outEdges_7}) (@{thm p_passive_prog.node_7},@{thm p_passive_prog.outEdges_7}) @{thm block_anon0} [
+@{thm cfg_block_anon5_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_8},@{thm p_before_passive_prog.outEdges_8}) (@{thm p_passive_prog.node_8},@{thm p_passive_prog.outEdges_8}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_9},@{thm p_before_passive_prog.outEdges_9}) (@{thm p_passive_prog.node_9},@{thm p_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using p_before_passive_prog.globals_locals_disj apply auto[1]
+using p_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 9)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from p_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy
new file mode 100644
index 0000000..fef6ee3
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy
@@ -0,0 +1,199 @@
+theory p_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 4) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 4) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 3))),(Assert (BinOp (Var 3) Eq (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 3) Lt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 3) Add (Lit (LInt 1))))),(Assert (BinOp (Var 5) Le (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 3) Le (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2))),(Assert (BinOp (Var 2) Le (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 2) Ge (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[2,3],[4],[5,1],[6],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(5,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_3:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_4:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_3:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_4:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_4
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy
new file mode 100644
index 0000000..98ae579
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy
@@ -0,0 +1,364 @@
+theory p_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon5_LoopBody
+  where
+    "vc_anon5_LoopBody x_1 x_2 = (((x_1 > (0::int)) \<and> (x_2 = (x_1 - (1::int)))) \<longrightarrow> (x_2 \<ge> (0::int)))"
+definition vc_anon6_LoopDone
+  where
+    "vc_anon6_LoopDone x_3 = (((0::int) \<le> x_3) \<longrightarrow> (x_3 = (0::int)))"
+definition vc_anon6_LoopBody
+  where
+    "vc_anon6_LoopBody x_3 x_4 = (((x_3 < (0::int)) \<and> (x_4 = (x_3 + (1::int)))) \<longrightarrow> (x_4 \<le> (0::int)))"
+definition vc_anon6_LoopHead
+  where
+    "vc_anon6_LoopHead x_3 x_4 = ((x_3 \<le> (0::int)) \<longrightarrow> ((vc_anon6_LoopDone x_3) \<and> (vc_anon6_LoopBody x_3 x_4)))"
+definition vc_anon5_LoopDone
+  where
+    "vc_anon5_LoopDone x_1 x_3 x_4 = (((0::int) \<ge> x_1) \<longrightarrow> ((x_1 \<le> (0::int)) \<and> ((x_1 \<le> (0::int)) \<longrightarrow> (vc_anon6_LoopHead x_3 x_4))))"
+definition vc_anon5_LoopHead
+  where
+    "vc_anon5_LoopHead x_1 x_3 x_4 x_2 = ((x_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon5_LoopDone x_1 x_3 x_4) \<and> (vc_anon5_LoopBody x_1 x_2)))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 x_1 x_3 x_4 x_2 = ((x_0 \<ge> (0::int)) \<and> ((x_0 \<ge> (0::int)) \<longrightarrow> (vc_anon5_LoopHead x_1 x_3 x_4 x_2)))"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry x_0 x_1 x_3 x_4 x_2 = (vc_anon0 x_0 x_1 x_3 x_4 x_2)"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_2)))" and 
+G4: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_3)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_4)))" and 
+G6: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6
+lemmas forall_poly_thm = forall_vc_type[OF G6]
+lemmas exists_poly_thm = exists_vc_type[OF G6]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding p_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon5_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon5_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_x_1 vc_x_2) \<Longrightarrow> (s' = Magic)))"
+unfolding p_passive_prog.block_1_def vc.vc_anon5_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopDone_hints = [
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon6_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_x_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding p_passive_prog.block_2_def vc.vc_anon6_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon6_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_x_3 vc_x_4) \<Longrightarrow> (s' = Magic)))"
+unfolding p_passive_prog.block_3_def vc.vc_anon6_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon6_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopHead vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_3) \<and> (vc.vc_anon6_LoopBody vc_x_3 vc_x_4))))))))"
+unfolding p_passive_prog.block_4_def vc.vc_anon6_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopDone_hints = [
+(AssumeConjR 0,NONE), 
+(AssertSub,NONE)]
+\<close>
+lemma block_anon5_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6_LoopHead vc_x_3 vc_x_4)))))))"
+unfolding p_passive_prog.block_5_def vc.vc_anon5_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopHead vc_x_1 vc_x_3 vc_x_4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))))))))"
+unfolding p_passive_prog.block_6_def vc.vc_anon5_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon0_hints = [
+(AssertSub,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5_LoopHead vc_x_1 vc_x_3 vc_x_4 vc_x_2)))))))"
+unfolding p_passive_prog.block_7_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_8 (Normal n_s) s')" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)))))"
+using assms
+unfolding p_passive_prog.block_8_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding p_passive_prog.block_9_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopBody vc_x_1 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) p_passive_prog.node_1])
+by (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopDone vc_x_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) p_passive_prog.node_2])
+apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopBody vc_x_3 vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) p_passive_prog.node_3])
+by (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopHead vc_x_3 vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_4])
+apply (erule block_anon6_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_5])
+apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopHead vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_6])
+apply (erule block_anon5_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_7])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_8])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_9])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
+apply (subst lookup_var_local[OF p_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_3])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_4])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_4])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (rule HOL.conjunct1[OF sc_x_3])
+apply (rule HOL.conjunct1[OF sc_x_4])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
new file mode 100644
index 0000000..4ba4069
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
@@ -0,0 +1,535 @@
+theory while_example2_ast_cfg_proof
+  imports Main 
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          p_before_cfg_to_dag_prog 
+          while_example2_before_ast_cfg
+          p_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+          p_before_passive_prog 
+          p_passification_proof 
+          p_vcphase_proof
+
+
+(*
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+*)
+begin
+
+
+abbreviation \<Lambda>1_local
+  where
+    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+
+abbreviation body_bb1 
+  where "body_bb1 \<equiv> BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None"
+
+abbreviation body_bb2 
+  where "body_bb2 \<equiv> BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None"
+
+abbreviation unwrapped_bigblock1 where
+  "unwrapped_bigblock1 \<equiv> 
+            (BigBlock None [] 
+            (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) 
+                      [(BinOp (Var 0) Le (Lit (LInt 0)))]
+                      [BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None]))
+             None)"
+
+abbreviation loop_only_bigblock0 where
+  "loop_only_bigblock0 \<equiv> 
+            (BigBlock None [] 
+            (Some (WhileWrapper
+                  (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                  [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                  [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None]))) 
+             None)"
+
+abbreviation unwrapped_bigblock0 where
+  "unwrapped_bigblock0 \<equiv> 
+            (BigBlock None [] 
+            (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                      [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                      [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None])) 
+             None)"
+
+lemma bb0_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] bigblock0 p_before_cfg_to_dag_prog.block_0" 
+    unfolding p_before_cfg_to_dag_prog.block_0_def by (rule Rel_Main_test) 
+  then show ?thesis 
+    using assms
+    unfolding p_before_cfg_to_dag_prog.block_0_def
+    by (auto simp: block_local_rel_generic)
+qed
+
+lemma first_loop_body_bb_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] body_bb1 [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
+    by (rule Rel_Main_test) 
+
+  show ?thesis 
+    unfolding p_before_cfg_to_dag_prog.block_2_def
+    apply (rule block_local_rel_guard_true)
+            apply (rule syntactic_rel)
+           apply simp
+          apply simp
+         apply simp
+      apply (rule trace_is_possible)
+     apply (rule Red_bb)
+    apply (rule Red_impl)
+    unfolding p_before_cfg_to_dag_prog.block_2_def
+    by simp
+qed 
+
+lemma second_loop_body_bb_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (body_bb2, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Lt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] body_bb2 [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]" 
+    by (rule Rel_Main_test) 
+
+  show ?thesis 
+    unfolding p_before_cfg_to_dag_prog.block_5_def
+    apply (rule block_local_rel_guard_true)
+            apply (rule syntactic_rel)
+           apply simp
+          apply simp
+         apply simp
+        apply (rule trace_is_possible)
+      apply (rule Red_bb)
+      apply (rule Red_impl)
+      unfolding p_before_cfg_to_dag_prog.block_5_def
+      by simp
+qed
+
+lemma bb2_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock2 , KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_6, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] bigblock2 [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]" 
+    unfolding p_before_cfg_to_dag_prog.block_6_def
+    by (rule Rel_Main_test) 
+  have guard_equiv: "UnOp Not (BinOp (Var 0) Lt (Lit (LInt 0))) \<sim> (Lit (LInt 0) \<guillemotleft>Le\<guillemotright> Var 0)" 
+    by (rule neg_lt2) 
+
+  show ?thesis 
+    unfolding p_before_cfg_to_dag_prog.block_6_def
+    apply (rule block_local_rel_guard_false)
+            apply (rule syntactic_rel)
+           apply simp
+          apply simp
+        apply (rule guard_equiv)
+       apply simp
+      apply (rule trace_is_possible)
+     apply (rule Red_bb)
+    apply (rule Red_impl)
+    unfolding p_before_cfg_to_dag_prog.block_6_def
+    by simp
+qed
+
+lemma bb2_global_rel:
+  assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock2, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  using assms
+proof -
+  have syn_rel: "ast_cfg_rel None [] bigblock2 [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]" by (simp add: Rel_Main_test)
+  have cmds: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 6 = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]" 
+    using p_before_cfg_to_dag_prog.block_6_def p_before_cfg_to_dag_prog.node_6 by auto
+
+  show ?thesis
+    apply (rule generic_ending_block_after_loop_global_rel)
+             apply (rule syn_rel)
+            apply simp
+           apply simp
+          apply simp
+         apply (rule cmds)
+        apply simp
+       apply (rule neg_lt2[of "(Var 0)" "(Lit (LInt 0))"])
+        apply(rule trace_is_possible)
+       apply (rule concrete_trace)
+      apply (rule cfg_is_correct)
+    apply simp
+    done
+qed
+
+
+
+lemma second_loop_body_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb2, (KSeq unwrapped_bigblock1 (KEndBlock (KSeq bigblock2 KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Lt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
+  and loop_ih:
+        "\<And>k ns1''. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock1, (KEndBlock (KSeq bigblock2 KStop)), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+proof -
+  have syn_rel: "ast_cfg_rel None [] body_bb2 [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]" by (simp add: Rel_Main_test)
+  have cmds: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 5 = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]" 
+    using p_before_cfg_to_dag_prog.block_5_def p_before_cfg_to_dag_prog.node_5 by fastforce
+  show ?thesis
+    apply (rule block_global_rel_if_true)
+               apply (rule syn_rel)
+              apply (rule j_step_ast_trace)
+             apply simp
+            apply simp
+           apply (rule cmds)
+          apply simp
+         apply (rule cfg_is_correct)
+         apply simp
+        apply simp
+       apply simp
+      apply (rule trace_is_possible)
+     apply (rule block_local_rel_guard_true)
+           apply (rule syn_rel)
+          apply (simp, simp, simp)
+       apply (rule trace_is_possible)
+      apply assumption
+     apply assumption
+    apply (simp add: p_before_cfg_to_dag_prog.outEdges_5)
+    apply (simp add: member_rec)
+    apply (rule loop_ih)
+      apply auto
+    done
+qed
+
+lemma second_loop_head_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock1, (KEndBlock (KSeq bigblock2 KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+  case (less j)
+  then show ?case 
+  proof (cases j)
+    case 0
+    then show ?thesis
+      using Ast.valid_configuration_def less.prems(1) by fastforce
+  next
+    case (Suc j')
+    have ast_cfg_rel_concrete sorry
+
+    have transfer_all: "(\<forall>m3 s3 n ns. ((A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow> 
+                        (\<And>m3 s3 n ns. ((A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns) -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure))" by auto
+
+    have node_4_helper: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 4 = [Assert (Var 0 \<guillemotleft>Le\<guillemotright> Lit (LInt 0))]" 
+      by (simp add: p_before_cfg_to_dag_prog.block_4_def p_before_cfg_to_dag_prog.node_4)
+    show ?thesis
+      apply (rule block_global_rel_loop_head)
+             apply (rule Rel_Invs)
+            apply (rule less(2))
+           apply (rule less(3))
+           apply simp
+          apply simp                 
+         apply (rule block_local_rel_loop_head)
+            apply (rule Rel_Invs)
+           apply simp
+          apply simp
+         apply simp
+        apply simp
+       apply simp
+       apply (rule node_4_helper)
+      apply(rule disjE)
+        apply assumption
+
+       apply (erule allE[where x = 5])
+       apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)
+       apply (simp add:member_rec(1))
+       apply (rule conjE)
+        apply assumption
+       apply simp
+       apply (rule second_loop_body_global_rel)
+          apply assumption
+         apply simp
+        apply assumption
+       apply (rule less.IH)
+         apply (erule strictly_smaller_helper2)
+         apply assumption
+         apply assumption
+       apply assumption
+
+      apply (erule allE[where x = 6])
+      apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)
+      apply (simp add:member_rec(1))
+      apply (rule conjE)
+       apply assumption
+      apply simp
+      apply (rule ending)
+          apply assumption
+         apply assumption 
+        (* using allE impCE notE HOL.refl subst sym swap arity_type_nat impI notI rev_mp RedVar_case RedBinOp_case arity_type_state arity_type_val *)
+        apply blast
+        apply assumption
+       apply (simp add: bb2_global_rel)
+   (* TODO: Here auto works after deferring, otherwise it doesn't, why? 
+      Answer: it works without deferring as well but then it changes the other subgoals also. 'subgoal by auto' doesn't work. Why? *)
+   (* apply_trace auto *)
+      done
+  qed
+qed
+
+lemma first_loop_body_global_rel:
+  assumes j_step_ast_trace: 
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb1, (KSeq unwrapped_bigblock0 (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop)))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0), ns1\<rangle> \<Down> BoolV True"
+  and loop_ih:
+        "\<And>k ns1''. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock0, (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+proof -
+  have syn_rel: "ast_cfg_rel None [] body_bb1 [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" by (simp add: Rel_Main_test)
+  have cmds: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
+    using p_before_cfg_to_dag_prog.block_2_def p_before_cfg_to_dag_prog.node_2 by fastforce
+  show ?thesis
+    apply (rule block_global_rel_if_true)
+               apply (rule syn_rel)
+              apply (rule j_step_ast_trace)
+             apply simp
+            apply simp
+           apply (rule cmds)
+          apply simp
+         apply (rule cfg_is_correct)
+         apply simp
+        apply simp
+       apply simp
+      apply (rule trace_is_possible)
+     apply (rule block_local_rel_guard_true)
+           apply (rule syn_rel)
+          apply (simp, simp, simp)
+       apply (rule trace_is_possible)
+      apply assumption
+     apply assumption
+    apply (simp add: p_before_cfg_to_dag_prog.outEdges_2)
+    apply (simp add: member_rec)
+    apply (rule loop_ih)
+      apply auto
+    done
+qed
+
+
+lemma correctness_propagates_through_assumption_concrete:
+  assumes "\<forall>m s. (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile> (Inl 3, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
+      and "node_to_block p_before_cfg_to_dag_prog.proc_body ! 3 = [Assume c]"
+      and "UnOp Not guard \<sim> c"
+      and "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV False"
+    shows "\<And>m1 s1. (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile> (Inl 4, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> s1 \<noteq> Failure"
+  using assms
+proof -
+  have succ: "List.member [4] 4" by (simp add: member_rec(1))
+  fix m1 s1
+  assume prem: "(A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile> (Inl 4, Normal ns1) -n\<rightarrow>* (m1, s1))"
+  show "s1 \<noteq> Failure"
+  apply (rule correctness_propagates_through_assumption)
+       apply (rule assms(1))
+      apply (rule assms(2))
+     apply (rule assms(3))
+    apply (rule assms(4))
+     apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
+     apply (rule succ)
+    apply (rule prem)
+    done
+qed
+
+lemma first_loop_head_global_rel:
+  assumes j_step_ast_trace: 
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock0, (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms 
+proof (induction j arbitrary: ns1 rule: less_induct)
+  case (less j)
+  then show ?case 
+  proof (cases j)
+    case 0
+    then show ?thesis
+      using valid_configuration_def less.prems(1) by fastforce
+  next
+    case (Suc j')
+    have out_edges_Suc0: "((nth (out_edges p_before_cfg_to_dag_prog.proc_body) (Suc 0)) = [3,2])" using p_before_cfg_to_dag_prog.outEdges_1 by auto
+    have node_3_helper: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
+      using p_before_cfg_to_dag_prog.block_3_def p_before_cfg_to_dag_prog.node_3 by auto
+    have node_1_helper: "node_to_block p_before_cfg_to_dag_prog.proc_body ! (Suc 0) = [Assert (Var 0 \<guillemotleft>Ge\<guillemotright> Lit (LInt 0))]" 
+      using p_before_cfg_to_dag_prog.block_1_def p_before_cfg_to_dag_prog.node_1 by auto
+    have succ_helper: "List.member [4] 4"by (simp add: member_rec(1))
+    show ?thesis
+      apply (rule block_global_rel_loop_head) 
+             apply (rule Rel_Invs)
+            apply (rule less(2))
+           apply (rule less(3))
+           apply simp
+          apply simp                 
+         apply (rule block_local_rel_loop_head)
+            apply (rule Rel_Invs)
+           apply simp
+          apply simp
+         apply simp
+        apply simp
+       apply simp
+       apply (rule node_1_helper)
+      apply(rule disjE)
+        apply assumption
+    
+       apply (erule allE[where x = 2])
+       apply (simp add: out_edges_Suc0)
+       apply (simp add:member_rec(1))
+       apply (rule conjE)
+        apply assumption
+       apply simp
+       apply (rule first_loop_body_global_rel)
+          apply assumption
+         apply simp
+        apply assumption
+       apply (rule less.IH)
+         apply (erule strictly_smaller_helper2)
+         apply assumption
+         apply assumption
+       apply assumption
+
+      apply (erule allE[where x = 3])
+      apply (simp add:out_edges_Suc0)
+      apply (simp add:member_rec(1))
+      apply (rule conjE)
+       apply assumption
+      apply simp
+      apply (rule ending2)
+             apply assumption
+            apply assumption
+           apply assumption
+          apply assumption
+         apply (rule node_3_helper)
+        apply (rule neg_gt2)
+       apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
+       apply (rule succ_helper)
+      by (simp add: second_loop_head_global_rel)
+  qed
+qed
+
+lemma entry_block_global_rel:
+  assumes j_step_ast_trace: 
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)"
+  using assms
+proof -
+  have node_0_helper: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 0 = [Havoc 0]" 
+    by (simp add: p_before_cfg_to_dag_prog.block_0_def p_before_cfg_to_dag_prog.node_0)
+  have "[Havoc 0] = p_before_cfg_to_dag_prog.block_0" by (simp only: p_before_cfg_to_dag_prog.block_0_def) 
+  show ?thesis
+    unfolding p_before_cfg_to_dag_prog.post_def
+    apply (rule block_global_rel_while_successor)
+          apply (rule j_step_ast_trace)
+         apply (rule Rel_Main_test)
+        apply simp
+       apply (rule node_0_helper)
+      apply (rule cfg_is_correct)
+      apply simp
+     apply (simp only: \<open>[Havoc 0] = p_before_cfg_to_dag_prog.block_0\<close>)
+     apply (rule bb0_local_rel)
+      apply (simp only: \<open>[Havoc 0] = p_before_cfg_to_dag_prog.block_0\<close>)
+     apply assumption
+    apply (simp del: Nat.One_nat_def add: p_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp del: Nat.One_nat_def add: member_rec)
+    apply (rule first_loop_head_global_rel)
+     apply assumption
+    (* TODO: Again, why does auto work only in the end here? *)
+    by auto
+qed
+
+abbreviation \<Lambda>0_local
+  where
+    "\<Lambda>0_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux2:
+assumes 
+Red: "rtranclp (red_bigblock 
+      A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] 
+            while_example2_before_ast_cfg.proc_body) 
+      (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) (end_bb, end_cont, end_state)" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0_local \<Gamma> [] ns p_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0_local))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0_local))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0_local \<Gamma> [] p_before_cfg_to_dag_prog.post end_bb end_cont end_state)"
+proof -
+  from Red obtain j where 
+    Aux:"(A,M,((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)),\<Gamma>,[],while_example2_before_ast_cfg.proc_body \<turnstile> (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) -n\<longrightarrow>^j (end_bb, end_cont, end_state))"
+by (meson rtranclp_imp_relpowp)
+  show ?thesis
+apply (rule entry_block_global_rel)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using OldGlobal apply simp
+using BinderNs apply simp
+done
+qed
+
+lemma initialization:                              
+  assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock0, bigblock1, bigblock2] ns1) (reached_bb, reached_cont, reached_state)"
+  shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, KSeq bigblock1 (KSeq bigblock2 KStop), Normal ns1) (reached_bb, reached_cont, reached_state)" 
+proof -
+  have "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, convert_list_to_cont (rev [bigblock1, bigblock2]) KStop, Normal ns1) (reached_bb, reached_cont, reached_state)"
+    using assms by fastforce
+  hence "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, convert_list_to_cont (rev [bigblock1]) (KSeq bigblock2 KStop), Normal ns1) (reached_bb, reached_cont, reached_state)"
+    by simp
+  thus ?thesis by simp
+qed
+ 
+
+lemma end_to_end_theorem2:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))"
+shows "(\<And> A. (Ast.proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms while_example2_before_ast_cfg.proc_ast))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux2])
+apply (rule initialization)
+unfolding while_example2_before_ast_cfg.proc_body_def
+apply assumption using VC apply simp  apply assumption+
+  unfolding p_before_cfg_to_dag_prog.pres_def p_before_cfg_to_dag_prog.post_def
+       apply (simp_all add: 
+              exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2
+              while_example2_before_ast_cfg.proc_ast_def while_example2_before_ast_cfg.proc_body_def 
+              while_example2_before_ast_cfg.pres_def while_example2_before_ast_cfg.post_def
+              p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+              while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def)
+  done
+
+end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
new file mode 100644
index 0000000..14bfc5e
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
@@ -0,0 +1,102 @@
+theory while_example2_before_ast_cfg
+  imports Main 
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "../global_data"
+
+begin
+
+abbreviation bigblock0
+  where "bigblock0 \<equiv> 
+          (BigBlock None [(Havoc 0)] 
+            (Some (WhileWrapper 
+                  (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                  [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                  [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None]))) 
+             None)"
+
+abbreviation bigblock1
+  where "bigblock1 \<equiv> 
+          (BigBlock None [] 
+            (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) 
+                      [(BinOp (Var 0) Le (Lit (LInt 0)))]
+                      [BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None]))) 
+             None)"
+
+abbreviation bigblock2
+  where "bigblock2 \<equiv> 
+          (BigBlock None [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] None None)"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 #  bigblock1 # bigblock2 # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),None)]"
+
+lemma locals_min_aux:
+shows "(((map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_example2_before_ast_cfg.params_vdecls) )"
+unfolding while_example2_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_example2_before_ast_cfg.locals_vdecls) )"
+unfolding while_example2_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "ast_procedure"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = while_example2_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_example2_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec while_example2_before_ast_cfg.post),proc_body = (Some (while_example2_before_ast_cfg.locals_vdecls,while_example2_before_ast_cfg.proc_body))|)"
+
+
+
+end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~
new file mode 100644
index 0000000..2a65996
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~
@@ -0,0 +1,9 @@
+theory while_example_2_before_ast_cfg
+  imports Main 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Ast"
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics"
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/generated_example_proofs/while_example2_proofs/global_data"
+
+begin
+
+end
\ No newline at end of file

From 5ae8b6a91fc67bf3e63845b7a1d01aae89ad13eb Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Sun, 22 May 2022 13:09:32 +0200
Subject: [PATCH 14/74] cleaned proofs + nested loop example done

---
 BoogieLang/Ast.thy                            |   16 +-
 BoogieLang/Ast_Cfg_Transformation.thy         | 1442 ++++++++++++-----
 BoogieLang/BackedgeElim.thy                   |    4 +-
 BoogieLang/ROOT                               |    1 +
 BoogieLang/Semantics.thy                      |    2 +-
 .../empty_branch_if_ast_cfg_proof.thy         |  183 +++
 .../empty_branch_if_before_ast_cfg.thy        |   89 +
 ...empty_branch_if_before_cfg_to_dag_prog.thy |  122 ++
 .../empty_branch_if_before_passive_prog.thy   |   95 ++
 .../empty_branch_if_cfgtodag_proof.thy        |  292 ++++
 .../empty_branch_if_passification_proof.thy   |  262 +++
 .../empty_branch_if_passive_prog.thy          |  128 ++
 .../empty_branch_if_vcphase_proof.thy         |  241 +++
 .../empty_branch_if_proofs/global_data.thy    |   32 +
 .../p_proofs/if_example_ast_cfg_proof.thy     |  180 +-
 .../p_proofs/if_example_before_ast_cfg.thy    |    4 +-
 .../nested_loop_proofs/global_data.thy        |   32 +
 .../nested_loop_ast_cfg_proof.thy             |  399 +++++
 .../nested_loop_before_ast_cfg.thy            |  103 ++
 .../nested_loop_before_cfg_to_dag_prog.thy    |  164 ++
 .../nested_loop_before_passive_prog.thy       |  139 ++
 .../nested_loop_cfgtodag_proof.thy            |  557 +++++++
 .../nested_loop_passification_proof.thy       |  349 ++++
 .../nested_loop_passive_prog.thy              |  208 +++
 .../nested_loop_vcphase_proof.thy             |  370 +++++
 .../global_data.thy                           |   32 +
 ...empty_branch_if_before_cfg_to_dag_prog.thy |  111 ++
 ...rd_empty_branch_if_before_passive_prog.thy |   95 ++
 ...o_guard_empty_branch_if_cfgtodag_proof.thy |  250 +++
 ...rd_empty_branch_if_passification_proof.thy |  254 +++
 .../no_guard_empty_branch_if_passive_prog.thy |  119 ++
 ...no_guard_empty_branch_if_vcphase_proof.thy |  213 +++
 .../no_guard_if_proofs/global_data.thy        |   32 +
 .../no_guard_if_ast_cfg_proof.thy             |  158 ++
 .../no_guard_if_before_ast_cfg.thy            |   85 +
 .../no_guard_if_before_cfg_to_dag_prog.thy    |  111 ++
 .../no_guard_if_before_passive_prog.thy       |   95 ++
 .../no_guard_if_cfgtodag_proof.thy            |  250 +++
 .../no_guard_if_passification_proof.thy       |  254 +++
 .../no_guard_if_passive_prog.thy              |  119 ++
 .../no_guard_if_vcphase_proof.thy             |  213 +++
 .../p_proofs/while_example2_ast_cfg_proof.thy |  369 ++---
 .../while_example2_before_ast_cfg.thy         |    6 +-
 .../consecutive_ifs_ast_cfg_proof.thy         |  188 +++
 .../consecutive_ifs_before_ast_cfg.thy        |   93 ++
 ...consecutive_ifs_before_cfg_to_dag_prog.thy |  144 ++
 .../consecutive_ifs_before_passive_prog.thy   |  128 ++
 .../consecutive_ifs_cfgtodag_proof.thy        |  399 +++++
 .../consecutive_ifs_passification_proof.thy   |  317 ++++
 .../consecutive_ifs_passive_prog.thy          |  161 ++
 .../consecutive_ifs_vcphase_proof.thy         |  297 ++++
 .../consecutive_ifs_proofs/global_data.thy    |   32 +
 .../empty_branch_if_ast_cfg_proof.thy         |  183 +++
 .../empty_branch_if_before_ast_cfg.thy        |   89 +
 ...empty_branch_if_before_cfg_to_dag_prog.thy |  122 ++
 .../empty_branch_if_before_passive_prog.thy   |   95 ++
 .../empty_branch_if_cfgtodag_proof.thy        |  292 ++++
 .../empty_branch_if_passification_proof.thy   |  262 +++
 .../empty_branch_if_passive_prog.thy          |  128 ++
 .../empty_branch_if_vcphase_proof.thy         |  241 +++
 .../empty_branch_if_proofs/global_data.thy    |   32 +
 .../empty_generic_block_before_ast_cfg.thy    |   89 +
 ...y_generic_block_before_cfg_to_dag_prog.thy |   89 +
 ...mpty_generic_block_before_passive_prog.thy |   62 +
 .../empty_generic_block_cfgtodag_proof.thy    |  143 ++
 ...mpty_generic_block_passification_proof.thy |  195 +++
 .../empty_generic_block_passive_prog.thy      |   77 +
 .../empty_generic_block_vcphase_proof.thy     |  148 ++
 .../global_data.thy                           |   32 +
 .../goto_example_proofs/global_data.thy       |   32 +
 .../q_proofs/q_before_cfg_to_dag_prog.thy     |   89 +
 .../q_proofs/q_before_passive_prog.thy        |   62 +
 .../q_proofs/q_cfgtodag_proof.thy             |  143 ++
 .../q_proofs/q_passification_proof.thy        |  195 +++
 .../q_proofs/q_passive_prog.thy               |   77 +
 .../q_proofs/q_vcphase_proof.thy              |  148 ++
 .../if_example_proofs/global_data.thy         |   34 +
 .../p_proofs/if_example_ast_cfg_proof.thy     |  287 ++++
 .../p_proofs/if_example_ast_form~             |    4 +
 .../p_proofs/if_example_before_ast_cfg.thy    |   90 +
 .../p_proofs/p_before_cfg_to_dag_prog.thy     |  125 ++
 .../p_proofs/p_before_passive_prog.thy        |   95 ++
 .../p_proofs/p_cfgtodag_proof.thy             |  292 ++++
 .../p_proofs/p_passification_proof.thy        |  262 +++
 .../p_proofs/p_passive_prog.thy               |  128 ++
 .../p_proofs/p_vcphase_proof.thy              |  241 +++
 .../nested_loop_proofs/global_data.thy        |   32 +
 .../nested_loop_ast_cfg_proof.thy             |  399 +++++
 .../nested_loop_before_ast_cfg.thy            |  103 ++
 .../nested_loop_before_cfg_to_dag_prog.thy    |  164 ++
 .../nested_loop_before_passive_prog.thy       |  139 ++
 .../nested_loop_cfgtodag_proof.thy            |  557 +++++++
 .../nested_loop_passification_proof.thy       |  349 ++++
 .../nested_loop_passive_prog.thy              |  208 +++
 .../nested_loop_vcphase_proof.thy             |  370 +++++
 .../global_data.thy                           |   32 +
 ...empty_branch_if_before_cfg_to_dag_prog.thy |  111 ++
 ...rd_empty_branch_if_before_passive_prog.thy |   95 ++
 ...o_guard_empty_branch_if_cfgtodag_proof.thy |  250 +++
 ...rd_empty_branch_if_passification_proof.thy |  254 +++
 .../no_guard_empty_branch_if_passive_prog.thy |  119 ++
 ...no_guard_empty_branch_if_vcphase_proof.thy |  213 +++
 .../no_guard_if_proofs/global_data.thy        |   32 +
 .../no_guard_if_ast_cfg_proof.thy             |  158 ++
 .../no_guard_if_before_ast_cfg.thy            |   85 +
 .../no_guard_if_before_cfg_to_dag_prog.thy    |  111 ++
 .../no_guard_if_before_passive_prog.thy       |   95 ++
 .../no_guard_if_cfgtodag_proof.thy            |  250 +++
 .../no_guard_if_passification_proof.thy       |  254 +++
 .../no_guard_if_passive_prog.thy              |  119 ++
 .../no_guard_if_vcphase_proof.thy             |  213 +++
 .../no_inv_loop_proofs/global_data.thy        |   32 +
 .../no_inv_loop_before_cfg_to_dag_prog.thy    |  122 ++
 .../no_inv_loop_before_passive_prog.thy       |  106 ++
 .../no_inv_loop_cfgtodag_proof.thy            |  338 ++++
 .../no_inv_loop_passification_proof.thy       |  279 ++++
 .../no_inv_loop_passive_prog.thy              |  148 ++
 .../no_inv_loop_vcphase_proof.thy             |  256 +++
 .../while_example2_proofs/global_data.thy     |   32 +
 .../p_proofs/p_before_cfg_to_dag_prog.thy     |  155 ++
 .../p_proofs/p_before_passive_prog.thy        |  139 ++
 .../p_proofs/p_cfgtodag_proof.thy             |  534 ++++++
 .../p_proofs/p_passification_proof.thy        |  343 ++++
 .../p_proofs/p_passive_prog.thy               |  199 +++
 .../p_proofs/p_vcphase_proof.thy              |  364 +++++
 .../p_proofs/while_example2_ast_cfg_proof.thy |  472 ++++++
 .../while_example2_before_ast_cfg.thy         |  102 ++
 .../p_proofs/while_example_2_before_ast_cfg~  |    9 +
 .../while_example_proofs/global_data.thy      |   32 +
 .../m_proofs/m_before_cfg_to_dag_prog.thy     |  131 ++
 .../m_proofs/m_before_passive_prog.thy        |  106 ++
 .../m_proofs/m_cfgtodag_proof.thy             |  346 ++++
 .../m_proofs/m_passification_proof.thy        |  291 ++++
 .../m_proofs/m_passive_prog.thy               |  148 ++
 .../m_proofs/m_vcphase_proof.thy              |  271 ++++
 .../m_proofs/while_example_ast_cfg_proof.thy  |    5 +
 .../m_proofs/while_example_before_ast_cfg.thy |   89 +
 137 files changed, 23576 insertions(+), 707 deletions(-)
 create mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy
 create mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/global_data.thy
 create mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/global_data.thy
 create mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy
 create mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/global_data.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/global_data.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
 create mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_cfg.thy
 create mode 100644 BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/consecutive_ifs_proofs/global_data.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_branch_if_proofs/global_data.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_cfg.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/empty_generic_block_proofs/global_data.thy
 create mode 100644 BoogieLang/generated_example_proofs/goto_example_proofs/global_data.thy
 create mode 100644 BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/global_data.thy
 create mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~
 create mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
 create mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop_proofs/global_data.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/global_data.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_if_proofs/global_data.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_inv_loop_proofs/global_data.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/global_data.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~
 create mode 100644 BoogieLang/generated_example_proofs/while_example_proofs/global_data.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_ast_cfg_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_before_ast_cfg.thy

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index dc78de2..8b7adb0 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -55,7 +55,7 @@ fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Righta
       (if (Some lbl = bb_name) 
         then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (convert_list_to_cont (rev bbs) cont))) 
         else (if (find_label lbl body_bbs cont \<noteq> None) 
-                then (find_label lbl body_bbs (convert_list_to_cont ((rev bbs) @ [(BigBlock None [] (Some (ParsedWhile guard invariants body_bbs)) None)]) cont)) 
+                then (find_label lbl body_bbs (convert_list_to_cont ((BigBlock None [] (Some (ParsedWhile guard invariants body_bbs)) None)#(rev bbs)) cont)) 
                 else (find_label lbl bbs cont)))"  
   | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedBreak n)) None) # bbs) cont = 
       (if (Some lbl = bb_name) 
@@ -76,8 +76,6 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
   ("_,_,_,_,_,_ \<turnstile> (\<langle>_\<rangle> \<longrightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
   where
- (* RedStatic: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>a\<rangle> \<longrightarrow> a" *)
-  
     RedSimpleCmds: 
     "\<lbrakk>(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, (Normal n_s)\<rangle> [\<rightarrow>] s1) \<and> (cs \<noteq> Nil) \<rbrakk> 
       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name cs str_cmd tr_cmd), cont0, Normal n_s)\<rangle> \<longrightarrow> 
@@ -89,12 +87,6 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1)\<rangle> \<longrightarrow> 
                           ((BigBlock bb_name [] None None), KStop, s1)"
 
-  (* TODO: fix this rule! *)
-  (*
-  | RedSkip_emptyCont: 
-    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None None),  (KSeq [] cont0),  Normal n_s)\<rangle> \<longrightarrow> 
-                    ((BigBlock bb_name [] None None), cont0, Normal n_s)"
-  *)
   | RedSkip: 
     "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None None), (KSeq b cont0), Normal n_s)\<rangle> \<longrightarrow> 
                     (b, cont0, Normal n_s)"
@@ -142,7 +134,7 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
             \<langle>((BigBlock bb_name [] 
                      (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> 
-              (bb_hd, convert_list_to_cont (rev ((BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None) # body_bbs)) cont0, Normal n_s)"
+              (bb_hd, convert_list_to_cont ((BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)#(rev body_bbs)) cont0, Normal n_s)"
 
 
   | RedParsedWhileFalse: 
@@ -392,9 +384,9 @@ inductive ast_cfg_rel :: "expr option \<Rightarrow> cmd list \<Rightarrow> bigbl
       "\<lbrakk>ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2; (UnOp Not block_guard) \<sim> c \<rbrakk> \<Longrightarrow>
         ast_cfg_rel (Some block_guard) [] (BigBlock name cs1 any_str any_tr) ((Assume c) # cs2)"
    | Rel_Invs:
-       "ast_cfg_rel None assertions (BigBlock name [] any_str any_tr) assertions"
+      "\<lbrakk>bb = (BigBlock name [] any_str any_tr)\<rbrakk> \<Longrightarrow> ast_cfg_rel None assertions bb assertions"
    | Rel_Main_test:
-      "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs1"
+      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr)\<rbrakk> \<Longrightarrow> ast_cfg_rel None [] bb cs1"
 
 abbreviation red_bigblock_k_step :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> nat \<Rightarrow> 'a ast_config \<Rightarrow> bool"
   ("_,_,_,_,_,_ \<turnstile>_ -n\<longrightarrow>^_/ _" [51,0,0,0,0] 81)
diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index 62b7cb9..870a7db 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -82,6 +82,12 @@ qed
 lemma strictly_smaller_helper2: "j'' < j' \<Longrightarrow> j = Suc j' \<Longrightarrow> j'' < j"
   by simp
 
+lemma strictly_smaller_helper3: "j'' < j' \<Longrightarrow> j''' < j'' \<Longrightarrow> j = Suc j' \<Longrightarrow> j''' < j"
+  by simp
+
+lemma strictly_smaller_helper4: "j' = Suc (Suc j'') \<Longrightarrow> k < j'' \<Longrightarrow> j = Suc j' \<Longrightarrow> k < j"
+  by simp
+
 lemma steps_trans_helper:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
   shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bb0, cont0, Normal ns1'') (reached_bb, reached_cont, reached_state)"
@@ -90,14 +96,41 @@ proof -
   from assms(1) show ?thesis by (simp add: relpowp_imp_rtranclp)
 qed
 
+lemma seq_skip:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, (KSeq bb_next cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
+      and "bb0 = BigBlock None [] None None"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
+            (\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont0, Normal ns3) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc l1) )"
+  using assms
+proof (cases l)
+  case 0
+  then show ?thesis by (metis Ast.valid_configuration_def assms(1) get_state.simps is_final.simps(5) relpowp_0_E state.distinct(1))
+next
+  case 1: (Suc l1)
+  then show ?thesis 
+  proof -
+    from 1 assms obtain inter_bb inter_cont inter_state where
+      step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, (KSeq bb_next cont0), Normal ns3) (inter_bb, inter_cont, inter_state))" and 
+      rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(inter_bb, inter_cont, inter_state) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)" 
+      by (metis (no_types, opaque_lifting) prod_cases3 relpowp_Suc_D2)
+    from this have "(inter_bb, inter_cont, inter_state) = (bb_next, (cont0), Normal ns3)"
+    proof cases
+      case RedSkip thus ?thesis by auto
+    qed auto
+    hence "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont0, Normal ns3) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc l1)" using rest \<open>l = Suc l1\<close> by simp
+    then show ?thesis by blast
+  qed
+qed
+
 lemma endblock_skip:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock None [] None None, KEndBlock (KSeq bb_next cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state) \<or> 
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, KEndBlock (KSeq bb_next cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
+      and "bb0 = BigBlock None [] None None" 
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
             (\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont0, Normal ns3) -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc (Suc l2)) )"
   using assms
 proof (cases l)
   case 0
-  then show ?thesis by (metis Ast.valid_configuration_def assms get_state.simps is_final.simps(6) relpowp_fun_conv state.simps(3))
+  then show ?thesis by (metis Ast.valid_configuration_def assms(1) get_state.simps is_final.simps(6) relpowp_fun_conv state.simps(3))
 next
   case 1: (Suc l1)
   then show ?thesis 
@@ -131,14 +164,97 @@ next
   qed
 qed
 
+lemma correctness_propagates_through_empty:
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
+      and "node_to_block G ! n0 = []"
+      and "List.member (out_edges G ! n0) n1"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> s \<noteq> Failure"
+proof -
+  fix m1 s1
+  have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (rule RedCmdListNil)
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> s1 \<noteq> Failure" 
+  proof -
+    assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
+    thus "s1 \<noteq> Failure" by (metis a1 assms(1-3) dag_verifies_propagate)
+  qed
+qed
+
+lemma wrapper_to_endblock:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
+      and "bb0 = BigBlock name [] (Some (WhileWrapper loop)) None"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
+         (\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock name [] (Some loop) None), KEndBlock cont0, Normal ns) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc l1))"
+  using assms
+proof (cases l)
+  case 0
+  hence "(reached_bb, reached_cont, reached_state) = (bb0, cont0, Normal ns)" using assms(1) by simp
+  then show ?thesis by (simp add: Ast.valid_configuration_def assms(2))
+next
+  case 1: (Suc l1)
+  then show ?thesis 
+  proof -
+    from 1 assms obtain inter_bb inter_cont inter_state where
+      step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb0, cont0, Normal ns) (inter_bb, inter_cont, inter_state))" and 
+      rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(inter_bb, inter_cont, inter_state) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)" 
+      by (metis (no_types, opaque_lifting) prod_cases3 relpowp_Suc_D2)
+    from this have "(inter_bb, inter_cont, inter_state) = (BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns)"
+    proof cases
+      case RedParsedWhileWrapper thus ?thesis using assms(2) by auto
+    qed (auto simp add: assms(2))
+    hence "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc l1)" 
+      using rest \<open>l = Suc l1\<close> assms(2) by simp
+    then show ?thesis by blast
+  qed
+qed
+
+lemma ending3:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)" 
+      and "bb = BigBlock name [] (Some (WhileWrapper loop)) None"
+      and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
+      and "\<And> j''. 
+            j = Suc j'' \<Longrightarrow>
+            A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
+           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+           (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+    shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
+proof -
+  from assms(1-2) have disj_a:
+    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
+       (\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (j = Suc l1) )" 
+    by (simp add: wrapper_to_endblock)
+  thus ?thesis
+  proof cases
+    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
+  next 
+    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
+    hence "(\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j = Suc l2) )" 
+      using disj_a by blast
+    thus ?thesis
+    proof -
+      obtain l2_conc where conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^l2_conc (reached_bb, reached_cont, reached_state))" and 
+                           succ_rel: "(j = Suc l2_conc)"
+        using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j = Suc l2\<close> by blast
+      show ?thesis
+        apply (rule assms(4))
+          apply (rule succ_rel)
+         apply (rule conc_trace)
+        apply (rule assms(3))
+        apply (simp)
+        done
+    qed
+  qed
+qed
+
+
 lemma endblock_skip_wrapper:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock None [] None None, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state) \<or> 
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
+      and "bb0 = BigBlock None [] None None"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
          (\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock name [] (Some str) tr), KEndBlock cont0, Normal ns3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc (Suc (Suc l3))) )"
   using assms
 proof (cases l)
   case 0
-  then show ?thesis by (metis Ast.valid_configuration_def assms get_state.simps is_final.simps(6) relpowp_fun_conv state.simps(3))
+  then show ?thesis by (metis Ast.valid_configuration_def assms(1) get_state.simps is_final.simps(6) relpowp_fun_conv state.simps(3))
 next
   case 1: (Suc l1)
   then show ?thesis 
@@ -201,37 +317,39 @@ next
   qed
 qed
 
+
 text \<open>Local lemmas: The following are lemmas proving local relations between various kinds of ast-bigblocks and cfg-blocks\<close>
 
 text \<open>Local relation between an ast-bigblock starting with a non-empty set of simple commands and a cfg-block containing the same simple commands\<close>
 lemma block_local_rel_generic:
-  assumes block_rel: "ast_cfg_rel guard invs (BigBlock name cs1 any_str any_tr) cs2"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
+  assumes block_rel: "ast_cfg_rel guard invs bb cs2"
   and "guard = None"
   and "invs = []"
-  and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+  and "bb = (BigBlock name cs1 any_str any_tr)"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
   shows "reached_state \<noteq> Failure  \<and>
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
   using assms
 proof (induction arbitrary: ns1)
-  case (Rel_Main_test name cs1 any_str any_tr)
+  case (Rel_Main_test bb name cs1 any_str any_tr)
   thus ?case
   proof (cases cs1)
     case Nil
-    then show ?thesis using Rel_Main_test(2) by simp
+    then show ?thesis using \<open>cs1 \<noteq> Nil\<close> by simp
   next
     case (Cons a list)
     then have "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name (a#list) any_str any_tr), cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-      using Rel_Main_test(5) by simp
+      using Rel_Main_test by blast
     then have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(a#list), Normal ns1\<rangle> [\<rightarrow>] reached_state" using Rel_Main_test(5) 
     proof cases
       case RedSimpleCmds thus ?thesis by (simp add: RedSimpleCmds)
     qed
     then have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs1, Normal ns1\<rangle> [\<rightarrow>] reached_state" using Cons by simp
     
-    then show ?thesis using Rel_Main_test(6) by auto
+    then show ?thesis using Rel_Main_test by auto
   qed 
 qed auto
 
@@ -239,41 +357,43 @@ text \<open>Local relation between (an ast-bigblock starting with a non-empty se
                and (is the first ast-bigblock in the then-branch of an if-statement or is the first ast-bigblock in the body of a while-loop)) 
        and a cfg-block containing the same simple commands\<close>
 lemma block_local_rel_guard_true:
-  assumes block_rel: "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
+  assumes block_rel: "ast_cfg_rel None [] bb cs2"
   and "c = Assume block_guard"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>block_guard, ns1\<rangle> \<Down> LitV (LBool True)"
-  and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs3) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and "bb = (BigBlock name cs1 any_str any_tr)"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "cs3 = (c#cs2)"
   shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(c#cs2), Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
   using assms 
 proof cases
   case Rel_Main_test
   have Red_impl_extended: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-    using trace_is_possible \<open>c = Assume block_guard\<close> Red_impl RedAssumeOk RedCmdListCons by blast
+    using trace_is_possible \<open>c = Assume block_guard\<close> Red_impl RedAssumeOk RedCmdListCons \<open>cs3 = c#cs2\<close> by blast
   hence snd_step_to_end: "reached_state \<noteq> Failure  \<and> (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-    using Red_bb_to assms(2-3) block_local_rel_generic block_rel 
-    by blast 
+    using Red_bb_to assms(6-8) block_local_rel_generic block_rel by metis
   have push_one_cmd: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, Normal ns1\<rangle> \<rightarrow> Normal ns1" 
     using \<open>c = Assume block_guard\<close> trace_is_possible 
     by (simp only: RedAssumeOk)
-  then show ?thesis using snd_step_to_end  by (simp add: RedCmdListCons)
+  then show ?thesis using snd_step_to_end by (simp add: RedCmdListCons \<open>cs3 = c#cs2\<close>)
 qed auto
 
 text \<open>Local relation between (an ast-bigblock starting with a non-empty set of simple commands 
                and (is the first ast-bigblock in the else-branch of an if-statement or is the first ast-bigblock after a while-loop)) 
        and a cfg-block containing the same simple commands\<close>
 lemma block_local_rel_guard_false:
-  assumes block_rel: "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
+  assumes block_rel: "ast_cfg_rel None [] bb cs2"
   and "(UnOp Not block_guard) \<sim> b "
   and "c = Assume b"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(UnOp Not block_guard), ns1\<rangle> \<Down> LitV (LBool True)"
-  and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
   and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and "bb = (BigBlock name cs1 any_str any_tr)"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
   shows "reached_state \<noteq> Failure  \<and>
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(c#cs2), Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
   using assms 
@@ -282,8 +402,7 @@ proof cases
   have Red_impl_extended: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
     using trace_is_possible \<open>c = Assume b\<close> \<open>(UnOp Not block_guard) \<sim> b\<close> equiv_preserves_value  Red_impl RedAssumeOk RedCmdListCons by metis
   hence snd_step_to_end: "reached_state \<noteq> Failure  \<and> (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-    using Red_bb_to assms(2-3) block_local_rel_generic block_rel 
-    by blast 
+    using Red_bb_to assms(7-9) block_local_rel_generic block_rel by metis
   have equiv: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, ns1\<rangle> \<Down> BoolV True" 
     using trace_is_possible equiv_preserves_value \<open>(UnOp Not block_guard) \<sim> b\<close>
     by metis
@@ -295,35 +414,36 @@ qed auto
 
 text \<open>Local relation between a loop-only(no simple commands) ast-bigblock and a corresponding cfg-block containing assertions of the loop invariants\<close>
 lemma block_local_rel_loop_head:
-  assumes block_rel: "ast_cfg_rel None assert_invs (BigBlock name [] (Some (ParsedWhile loop_guard invs (bb0#body_bbs))) any_tr) assertions"
+  assumes block_rel: "ast_cfg_rel None assert_invs bb assertions"
+  and "bb =  (BigBlock name [] (Some (ParsedWhile loop_guard invs (bb0#body_bbs))) any_tr)"
   and "assert_invs = map inv_into_assertion invs"
-  and Red_bb: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] (Some (ParsedWhile loop_guard invs (bb0#body_bbs))) any_tr), cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_bb: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
   and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
   shows "reached_state \<noteq> Failure  \<and>
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
   using assms
 proof cases
   case Rel_Invs
-  hence "assertions = map inv_into_assertion invs" using assms(2) by simp
+  hence "assertions = map inv_into_assertion invs" using assms(3) by simp
   from Red_bb show ?thesis
   proof cases
-    case RedParsedWhileTrue thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold)
+    case RedParsedWhileTrue thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
   next
-    case RedParsedWhileFalse thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold)
+    case RedParsedWhileFalse thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
   next
-    case RedParsedWhile_InvFail thus ?thesis using Red_impl \<open>assertions = map inv_into_assertion invs\<close> one_inv_fails_assertions by blast
-  qed auto
+    case RedParsedWhile_InvFail thus ?thesis using Red_impl \<open>assertions = map inv_into_assertion invs\<close> one_inv_fails_assertions assms(2) by blast
+  qed (auto simp add: assms(2))
 next
   case Rel_Main_test
-  hence "assertions = map inv_into_assertion invs" using assms(2) by simp
+  hence "assertions = map inv_into_assertion invs" using assms(2-3) by simp
   from Red_bb show ?thesis
   proof cases
-    case RedParsedWhileTrue thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold)
+    case RedParsedWhileTrue thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
   next
-    case RedParsedWhileFalse thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold)
+    case RedParsedWhileFalse thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
   next
-    case RedParsedWhile_InvFail thus ?thesis using Red_impl \<open>assertions = map inv_into_assertion invs\<close> one_inv_fails_assertions by blast
-  qed auto
+    case RedParsedWhile_InvFail thus ?thesis using Red_impl \<open>assertions = map inv_into_assertion invs\<close> one_inv_fails_assertions assms(2) by blast
+  qed (auto simp add: assms(2))
 qed
 
 text \<open>Global lemmas: The following are lemmas proving global relations between various kinds of ast-bigblocks and cfg-blocks\<close>
@@ -334,39 +454,40 @@ text \<open>'ending', 'ending2' and 'correctness_propagates_through_assumption'
        we're proving a global lemma for the head of a loop that is followed by another loop (not nested).\<close>
 lemma ending:
   assumes "j = Suc j'" 
-      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock None [] None None, KEndBlock (KSeq bigblock_next KStop), Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, KEndBlock (KSeq bigblock_next cont0), Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+      and "bb = BigBlock None [] None None"
       and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
       and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False" 
       and "\<And> j''. 
             j' = Suc (Suc j'') \<Longrightarrow>
-            A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, KStop, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
+            A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
            (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
-           (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not guard,ns1''\<rangle> \<Down> BoolV True) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
-    shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state"
+           (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not guard,ns1''\<rangle> \<Down> BoolV True) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+    shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
 proof -
-  from assms(2) have disj_a:
-    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state) \<or> 
-       (\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, KStop, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc l2)) )" 
+  from assms(2-3) have disj_a:
+    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
+       (\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc l2)) )" 
     by (simp add: endblock_skip)
   thus ?thesis
   proof cases
-    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" thus ?thesis by simp
+    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
   next 
-    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state))"
-    hence "(\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, KStop, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc l2)) )" 
+    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
+    hence "(\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc l2)) )" 
       using disj_a by blast
     thus ?thesis
     proof -
-      obtain l2_conc where conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, KStop, Normal ns1'') -n\<longrightarrow>^l2_conc (reached_bb, reached_cont, reached_state))" and 
+      obtain l2_conc where conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2_conc (reached_bb, reached_cont, reached_state))" and 
                            succ_rel: "(j' = Suc (Suc l2_conc))"
-        using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, KStop, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j' = Suc (Suc l2)\<close> by blast
+        using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j' = Suc (Suc l2)\<close> by blast
       show ?thesis
-        apply (rule assms(5))
+        apply (rule assms(6))
            apply (rule succ_rel)
           apply (rule conc_trace)
-         apply (rule assms(3))
+         apply (rule assms(4))
          apply (simp)
-        using assms(4) false_equals_not_true 
+        using assms(5) false_equals_not_true 
         by blast
     qed
   qed
@@ -390,12 +511,29 @@ proof -
   qed
 qed
 
+lemma correctness_propagates_through_assumption2:
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
+      and "node_to_block G ! n0 = [Assume guard]"
+      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV True"
+      and "List.member (out_edges G ! n0) n1"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> s \<noteq> Failure"
+proof -
+  fix m1 s1
+  have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume guard], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk assms(3) red_cmd_list.simps)
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> s1 \<noteq> Failure" 
+  proof -
+    assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
+    thus "s1 \<noteq> Failure" using a1 assms(1-2) assms(4) dag_verifies_propagate by blast 
+  qed
+qed
+
 lemma ending2:
   assumes "j = Suc j'"
-      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock None [] None None,
+      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb,
                       KEndBlock (KSeq (BigBlock None [] (Some (WhileWrapper (ParsedWhile next_guard next_invs (next_body_bb#body_bbs)))) None) cont1),
                       Normal ns1'') -n\<longrightarrow>^j'
            (reached_bb, reached_cont, reached_state)"
+      and "bb = BigBlock None [] None None"
       and corr: "\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
       and guard_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1''\<rangle> \<Down> BoolV False" 
       and "node_to_block G ! n = [Assume c]" 
@@ -409,20 +547,20 @@ lemma ending2:
           A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') -n\<longrightarrow>^j''' 
               (reached_bb, reached_cont, reached_state) \<Longrightarrow>
           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow> 
-          (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
-    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+          (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   using assms
 proof -
-  from assms(2) have disj_a:
-    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state) \<or> 
+  from assms(2-3) have disj_a:
+    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
        (\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
               -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc (Suc l3))) )"
     by (simp add: endblock_skip_wrapper)
   thus ?thesis
   proof cases
-    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" thus ?thesis by simp
+    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
   next 
-    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state))"
+    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
     hence skipped_endblock: 
                   "(\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
                    -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc (Suc l3))) )" 
@@ -434,6 +572,118 @@ proof -
                         -n\<longrightarrow>^l3_conc (reached_bb, reached_cont, reached_state))" and 
            succ_rel: "(j' = Suc (Suc (Suc l3_conc))) " 
         using skipped_endblock by blast
+      show ?thesis
+        apply (rule assms(9))
+             apply (rule succ_rel)
+            apply (simp add: assms)
+           apply (rule assms(7))
+          apply (rule assms(8))
+         apply (rule conc_trace)
+        apply (rule correctness_propagates_through_assumption)
+             apply (rule corr)
+            apply (rule assms(6))
+           apply (rule assms(7))
+          apply (rule guard_false)
+         apply (rule assms(8))
+        apply simp
+        done
+    qed
+  qed
+qed
+
+lemma ending_then:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, KSeq bb_next cont1, Normal ns1'') -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+      and "bb = BigBlock None [] None None"
+      and guard_true: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1''\<rangle> \<Down> BoolV True" 
+      and "node_to_block G ! n = cs2"
+      and "cs2 = [Assume guard]"
+      and "List.member (out_edges(G) ! n) n1"
+      and corr: "\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
+      and "\<And> j''.
+          j = (Suc j'') \<Longrightarrow>
+          node_to_block G ! n = cs2 \<Longrightarrow>
+          List.member (out_edges(G) ! n) n1 \<Longrightarrow>
+          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont1, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
+          (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow> 
+          (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  using assms
+proof -
+  from assms(1-2) have disj_a:
+    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
+       (\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb_next, cont1, Normal ns1'') -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (j = Suc l1) )"
+    by (simp add: seq_skip)
+  thus ?thesis
+  proof cases
+    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
+  next 
+    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
+    hence skipped_endblock: 
+                  "(\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont1, Normal ns1'') 
+                   -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (j = Suc l1) )" 
+      using disj_a by blast
+    thus ?thesis
+    proof -
+      obtain l1_conc where 
+           conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont1, Normal ns1'') -n\<longrightarrow>^l1_conc (reached_bb, reached_cont, reached_state))" and 
+           succ_rel: "(j = Suc l1_conc) " 
+        using skipped_endblock by blast
+      show ?thesis
+        apply (rule assms(8))
+             apply (rule succ_rel)
+            apply (simp add: assms)
+           apply (rule assms(6))
+         apply (rule conc_trace)
+        apply (rule correctness_propagates_through_assumption2)
+            apply (rule corr)
+           apply (simp add: assms(4))
+           apply (rule assms(5))
+          apply (rule guard_true)
+         apply (rule assms(6))
+        apply simp
+        done
+    qed
+  qed
+qed
+
+lemma ending_else:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, KSeq bb_next cont1, Normal ns1'') -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+      and "bb = BigBlock None [] None None"
+      and corr: "\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
+      and guard_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1''\<rangle> \<Down> BoolV False" 
+      and "node_to_block G ! n = [Assume c]" 
+      and "(UnOp Not guard) \<sim> c"
+      and "List.member (out_edges(G) ! n) n1"
+      and "\<And> j''.
+          j = (Suc j'') \<Longrightarrow>
+          node_to_block G ! n = [Assume c] \<Longrightarrow>
+          (UnOp Not guard) \<sim> c \<Longrightarrow>
+          List.member (out_edges(G) ! n) n1 \<Longrightarrow>
+          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont1, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
+          (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow> 
+          (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  using assms
+proof -
+  from assms(1-2) have disj_a:
+    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
+       (\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb_next, cont1, Normal ns1'') -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (j = Suc l1) )"
+    by (simp add: seq_skip)
+  thus ?thesis
+  proof cases
+    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
+  next 
+    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
+    hence skipped_endblock: 
+                  "(\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont1, Normal ns1'') 
+                   -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (j = Suc l1) )" 
+      using disj_a by blast
+    thus ?thesis
+    proof -
+      obtain l1_conc where 
+           conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont1, Normal ns1'') -n\<longrightarrow>^l1_conc (reached_bb, reached_cont, reached_state))" and 
+           succ_rel: "(j = Suc l1_conc) " 
+        using skipped_endblock by blast
       show ?thesis
         apply (rule assms(8))
              apply (rule succ_rel)
@@ -453,102 +703,149 @@ proof -
   qed
 qed
 
+
 text \<open>Global lemma for an ast-bigblock with a non-empty set of simple commands which concludes the program and is immediately after a loop.\<close>
 lemma generic_ending_block_after_loop_global_rel:
-  assumes syn_rel: "ast_cfg_rel None [] (BigBlock name cs1 None any_tr) cs2"
+  assumes syn_rel: "ast_cfg_rel None [] bb cs2"
+  and "bb = (BigBlock name cs1 None any_tr)"
   and "(any_tr = None) \<or> (any_tr = (Some (Return val1)))"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
-  and "node_to_block G ! n = (c#cs2)" 
+  and "node_to_block G ! n = (cs3)"
+  and "cs3 = c#cs2"
   and "c = Assume b"
   and "(UnOp Not guard) \<sim> b"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not guard, ns1\<rangle> \<Down> BoolV True"
-  and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cs1 None any_tr), KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   using assms
-proof (cases j)
-  case 0
-  from this j_step_ast_trace have "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
-  then show ?thesis by (simp add: valid_configuration_def expr_all_sat_def)
+proof (cases cs2)
+  case Nil
+  hence "cs1 = []" using ast_cfg_rel.cases syn_rel assms(2) by blast 
+  thus ?thesis
+    proof (cases any_tr)
+      case None
+      then have "is_final ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" using \<open>cs1 = []\<close> by auto 
+      moreover have "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] (BigBlock name cs1 None any_tr) KStop (Normal ns1))" by (simp add: Ast.valid_configuration_def expr_all_sat_def)
+      ultimately show ?thesis by (metis None \<open>cs1 = []\<close> final_is_static_propagate j_step_ast_trace prod.sel(1) prod.sel(2) relpowp_imp_rtranclp assms(2))
+    next
+      case (Some a)
+      then show ?thesis
+      proof (cases j)
+        case 0
+        from this j_step_ast_trace assms(2) have "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
+        then show ?thesis by (simp add: valid_configuration_def expr_all_sat_def)
+      next
+        case (Suc j')
+        thus ?thesis 
+        proof (cases a)
+          case (Return x2) 
+          from Suc j_step_ast_trace assms(2) obtain inter_bb inter_cont inter_state where
+            step0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+            rest0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+            by (metis prod_cases3 relpowp_Suc_D2) 
+          then have inter_conc: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KStop, Normal ns1)" 
+            using \<open>cs1 = []\<close> Return Some
+          proof cases
+            case RedReturn thus ?thesis by blast
+          qed auto
+          then have "is_final (inter_bb, inter_cont, inter_state)" by simp
+          then have "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" using inter_conc valid_configuration_def
+            by (metis expr_all_sat_def get_state.simps list.pred_inject(1) state.simps(3))
+          then show ?thesis
+            by (metis \<open>is_final (inter_bb, inter_cont, inter_state)\<close> final_is_static_propagate inter_conc prod.sel(1) prod.sel(2) relpowp_imp_rtranclp rest0)
+        next
+          case (Goto x3)
+          thus ?thesis using assms(3) Some by blast
+      qed
+    qed
+  qed
 next
-  case (Suc j')
-  from this j_step_ast_trace obtain inter_bb inter_cont inter_state where
-    step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
-    rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-    by (metis prod_cases3 relpowp_Suc_D2) 
-  then show ?thesis 
-  proof (cases any_tr)
-    case None
-    from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, KStop, inter_state)"
-    proof cases
-      case RedSimpleCmds thus ?thesis using None by (auto simp add: RedSimpleCmds)
-    qed auto
-
-    have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-      using dag_verifies_propagate_2  assms(5) cfg_is_correct by blast 
-
-    from step have "inter_state \<noteq> Failure"
-    proof cases
-      case RedSimpleCmds thus ?thesis using Red_impl trace_is_possible
-        by (metis assms(4) assms(7) assms(6) block_local_rel_guard_false step syn_rel)
-    qed auto
-
-    hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" 
-      unfolding valid_configuration_def expr_all_sat_def
-      using concrete_inter get_state.simps is_final.simps by simp
-
-    have "is_final (inter_bb, inter_cont, inter_state)" using concrete_inter by simp 
-    then show ?thesis by (metis Pair_inject concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest valid_inter)
+  case (Cons)
+  hence "cs1 \<noteq> []" using syn_rel assms(2) ast_cfg_rel.simps by blast
+  thus ?thesis 
+  proof (cases j)
+    case 0
+    from this j_step_ast_trace assms(2) have "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
+    then show ?thesis by (simp add: valid_configuration_def expr_all_sat_def)
   next
-    case (Some transfer)
-    then show ?thesis
-    proof (cases transfer)
-      case (Goto x1)
-      then show ?thesis using Some assms(2) by blast
-    next
-      case (Return ret)
-      from step this Some have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None (Some (Return ret)), KStop, inter_state)"
+    case (Suc j')
+    from this j_step_ast_trace assms(2) obtain inter_bb inter_cont inter_state where
+      step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+      rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+      by (metis prod_cases3 relpowp_Suc_D2) 
+    then show ?thesis 
+    proof (cases any_tr)
+      case None
+      from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, KStop, inter_state)"
       proof cases
-        case RedSimpleCmds thus ?thesis using Return Some by blast
-      qed (auto simp add: assms(3))
+        case RedSimpleCmds thus ?thesis using None by (auto simp add: RedSimpleCmds)
+      qed auto
   
       have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-        using dag_verifies_propagate_2  assms(5) cfg_is_correct by blast 
+        using dag_verifies_propagate_2 assms cfg_is_correct by blast 
   
       from step have "inter_state \<noteq> Failure"
       proof cases
         case RedSimpleCmds thus ?thesis using Red_impl trace_is_possible
-          by (metis assms(4) assms(7) assms(6) block_local_rel_guard_false step syn_rel)
+          by (metis assms(5-7) assms(2) block_local_rel_guard_false local.Cons local.step neq_Nil_conv syn_rel)
       qed auto
-      then show ?thesis 
-      proof (cases inter_state)
-        case (Normal x1)
-        then show ?thesis
-        proof (cases j')
-          case 0
-          then show ?thesis using concrete_inter by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps is_final.simps(4) relpowp_0_E rest)
-        next
-          case (Suc j'')
-          from this rest obtain inter_bb2 inter_cont2 inter_state2 where
-            snd_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(inter_bb, inter_cont, inter_state)\<rangle> \<longrightarrow> (inter_bb2, inter_cont2, inter_state2)" and
-            snd_rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb2, inter_cont2, inter_state2) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
-            by (metis get_state.cases relpowp_Suc_E2)
-          then have inter2_conc: "(inter_bb2, inter_cont2, inter_state2) = ((BigBlock name [] None None), KStop, inter_state)" 
-            using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal
-          proof cases
-            case RedReturn thus ?thesis using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal by blast
-          qed auto
-          hence "is_final (inter_bb2, inter_cont2, inter_state2)" by simp
+  
+      hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" 
+        unfolding valid_configuration_def expr_all_sat_def
+        using concrete_inter get_state.simps is_final.simps by simp
+  
+      have "is_final (inter_bb, inter_cont, inter_state)" using concrete_inter by simp 
+      then show ?thesis by (metis Pair_inject concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest valid_inter)
+    next
+      case (Some transfer)
+      then show ?thesis
+      proof (cases transfer)
+        case (Goto x1)
+        then show ?thesis using Some assms(3) by blast
+      next
+        case (Return ret)
+        from step this Some have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None (Some (Return ret)), KStop, inter_state)"
+        proof cases
+          case RedSimpleCmds thus ?thesis using Return Some by blast
+        qed (auto simp add: Cons \<open>cs1 \<noteq> []\<close>)
+    
+        have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+          using dag_verifies_propagate_2 assms cfg_is_correct by blast 
+    
+        from step have "inter_state \<noteq> Failure"
+        proof cases
+          case RedSimpleCmds thus ?thesis using Red_impl trace_is_possible
+            by (metis assms(1-2) assms(5-8) block_local_rel_guard_false local.Cons local.step neq_Nil_conv syn_rel)
+        qed auto
+        then show ?thesis 
+        proof (cases inter_state)
+          case (Normal x1)
           then show ?thesis
-            by (metis Ast.valid_configuration_def inter2_conc \<open>inter_state \<noteq> Failure\<close> expr_all_sat_def final_is_static_propagate get_state.simps list.pred_inject(1) rtranclp_power snd_rest)
+          proof (cases j')
+            case 0
+            then show ?thesis using concrete_inter by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps is_final.simps(4) relpowp_0_E rest)
+          next
+            case (Suc j'')
+            from this rest obtain inter_bb2 inter_cont2 inter_state2 where
+              snd_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(inter_bb, inter_cont, inter_state)\<rangle> \<longrightarrow> (inter_bb2, inter_cont2, inter_state2)" and
+              snd_rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb2, inter_cont2, inter_state2) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
+              by (metis get_state.cases relpowp_Suc_E2)
+            then have inter2_conc: "(inter_bb2, inter_cont2, inter_state2) = ((BigBlock name [] None None), KStop, inter_state)" 
+              using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal
+            proof cases
+              case RedReturn thus ?thesis using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal by blast
+            qed auto
+            hence "is_final (inter_bb2, inter_cont2, inter_state2)" by simp
+            then show ?thesis
+              by (metis Ast.valid_configuration_def inter2_conc \<open>inter_state \<noteq> Failure\<close> expr_all_sat_def final_is_static_propagate get_state.simps list.pred_inject(1) rtranclp_power snd_rest)
+          qed
+        next
+          case Failure
+          then show ?thesis using \<open>inter_state \<noteq> Failure\<close> by simp
+        next
+          case Magic
+          then show ?thesis by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps magic_propagates rest state.simps(5))
         qed
-      next
-        case Failure
-        then show ?thesis using \<open>inter_state \<noteq> Failure\<close> by simp
-      next
-        case Magic
-        then show ?thesis by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps magic_propagates rest state.simps(5))
       qed
     qed
   qed
@@ -557,96 +854,141 @@ qed
 
 text \<open>Global lemma for an ast-bigblock with a non-empty set of simple commands which concludes the program.\<close>
 lemma generic_ending_block_global_rel:
-  assumes syn_rel: "ast_cfg_rel None [] (BigBlock name cs1 None any_tr) cs2"
-  and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cs1 None any_tr), KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  assumes syn_rel: "ast_cfg_rel None [] bb cs2"
+  and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "bb = (BigBlock name cs1 None any_tr)"
   and "(any_tr = None) \<or> (any_tr = (Some (Return val1)))"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
   and "node_to_block G ! n = cs2"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
 shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
   using assms
-proof (cases j)
-  case 0
-  from this j_step_ast_trace have "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
-  then show ?thesis by (simp add: valid_configuration_def expr_all_sat_def)
+proof (cases cs2)
+  case Nil 
+  hence "cs1 = []" using ast_cfg_rel.cases syn_rel assms(3) by blast 
+  thus ?thesis
+    proof (cases any_tr)
+      case None
+      then have "is_final ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" using \<open>cs1 = []\<close> by auto 
+      moreover have "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] (BigBlock name cs1 None any_tr) KStop (Normal ns1))" by (simp add: Ast.valid_configuration_def expr_all_sat_def)
+      ultimately show ?thesis by (metis assms(3) None \<open>cs1 = []\<close> final_is_static_propagate j_step_ast_trace prod.sel(1) prod.sel(2) relpowp_imp_rtranclp)
+    next
+      case (Some a)
+      then show ?thesis
+      proof (cases j)
+        case 0
+        from this j_step_ast_trace assms(3) have "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
+        then show ?thesis by (simp add: valid_configuration_def expr_all_sat_def)
+      next
+        case (Suc j')
+        thus ?thesis 
+        proof (cases a)
+          case (Return x2) 
+          from Suc j_step_ast_trace assms(3) obtain inter_bb inter_cont inter_state where
+            step0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+            rest0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+            by (metis prod_cases3 relpowp_Suc_D2) 
+          then have inter_conc: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KStop, Normal ns1)" 
+            using \<open>cs1 = []\<close> Return Some
+          proof cases
+            case RedReturn thus ?thesis by blast
+          qed auto
+          then have "is_final (inter_bb, inter_cont, inter_state)" by simp
+          then have "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" using inter_conc valid_configuration_def
+            by (metis expr_all_sat_def get_state.simps list.pred_inject(1) state.simps(3))
+          then show ?thesis
+            by (metis \<open>is_final (inter_bb, inter_cont, inter_state)\<close> final_is_static_propagate inter_conc prod.sel(1) prod.sel(2) relpowp_imp_rtranclp rest0)
+        next
+          case (Goto x3)
+          thus ?thesis using assms(4) Some by blast
+      qed
+    qed
+  qed
 next
-  case (Suc j')
-  from this j_step_ast_trace obtain inter_bb inter_cont inter_state where
-    step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
-    rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-    by (metis prod_cases3 relpowp_Suc_D2) 
-  then show ?thesis 
-  proof (cases any_tr)
-    case None
-    from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, KStop, inter_state)"
-    proof cases
-      case RedSimpleCmds thus ?thesis using None by (auto simp add: RedSimpleCmds)
-    qed auto
-
-    have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-      using assms(6) cfg_is_correct dag_verifies_propagate_2 by blast
-
-    from step have "inter_state \<noteq> Failure"
-    proof cases
-      case RedSimpleCmds thus ?thesis using Red_impl assms(5) block_local_rel_generic local.step syn_rel by blast
-    qed auto
-
-    hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" 
-      unfolding valid_configuration_def expr_all_sat_def
-      using concrete_inter get_state.simps is_final.simps by simp
-
-    have "is_final (inter_bb, inter_cont, inter_state)" using concrete_inter by simp 
-    then show ?thesis by (metis Pair_inject concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest valid_inter)
+  case (Cons) 
+  hence "cs1 \<noteq> []" using ast_cfg_rel.simps syn_rel assms(3) by blast
+  thus ?thesis
+  proof (cases j)
+    case 0
+    from this j_step_ast_trace assms(3) have "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
+    then show ?thesis by (simp add: valid_configuration_def expr_all_sat_def)
   next
-    case (Some transfer)
-    then show ?thesis
-    proof (cases transfer)
-      case (Goto x1)
-      then show ?thesis using Some assms(3) by blast
-    next
-      case (Return ret)
-      from step this Some have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None (Some (Return ret)), KStop, inter_state)"
+    case (Suc j')
+    from this j_step_ast_trace assms(3) obtain inter_bb inter_cont inter_state where
+      step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+      rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+      by (metis prod_cases3 relpowp_Suc_D2) 
+    then show ?thesis 
+    proof (cases any_tr)
+      case None
+      from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, KStop, inter_state)"
       proof cases
-        case RedSimpleCmds thus ?thesis using Return Some by blast
-      qed (auto simp add: assms(4))
+        case RedSimpleCmds thus ?thesis using None by (auto simp add: RedSimpleCmds)
+      qed auto
   
-      have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-        using dag_verifies_propagate_2  assms(6) cfg_is_correct by blast 
+      have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+        using assms(5) cfg_is_correct dag_verifies_propagate_2 by blast
   
       from step have "inter_state \<noteq> Failure"
       proof cases
-        case RedSimpleCmds thus ?thesis using Red_impl using assms(5) block_local_rel_generic local.step syn_rel by blast
+        case RedSimpleCmds thus ?thesis using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms(3) by blast
       qed auto
-
+  
+      hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" 
+        unfolding valid_configuration_def expr_all_sat_def
+        using concrete_inter get_state.simps is_final.simps by simp
+  
+      have "is_final (inter_bb, inter_cont, inter_state)" using concrete_inter by simp 
+      then show ?thesis by (metis Pair_inject concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest valid_inter)
+    next
+      case (Some transfer)
       then show ?thesis
-      proof (cases inter_state)
-        case (Normal x1)
+      proof (cases transfer)
+        case (Goto x1)
+        then show ?thesis using Some assms(4) by blast
+      next
+        case (Return ret)
+        from step this Some have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None (Some (Return ret)), KStop, inter_state)"
+        proof cases
+          case RedSimpleCmds thus ?thesis using Return Some by blast
+        qed (auto simp add: \<open>cs1 \<noteq> []\<close>)
+    
+        have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+          using dag_verifies_propagate_2  assms(5) cfg_is_correct by blast 
+    
+        from step have "inter_state \<noteq> Failure"
+        proof cases
+          case RedSimpleCmds thus ?thesis using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms(3) by blast
+        qed auto
+  
         then show ?thesis
-        proof (cases j')
-          case 0
-          then show ?thesis using concrete_inter by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps is_final.simps(4) relpowp_0_E rest)
-        next
-          case (Suc j'')
-          from this rest obtain inter_bb2 inter_cont2 inter_state2 where
-            snd_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(inter_bb, inter_cont, inter_state)\<rangle> \<longrightarrow> (inter_bb2, inter_cont2, inter_state2)" and
-            snd_rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb2, inter_cont2, inter_state2) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
-            by (metis get_state.cases relpowp_Suc_E2)
-          then have inter2_conc: "(inter_bb2, inter_cont2, inter_state2) = ((BigBlock name [] None None), KStop, inter_state)" 
-            using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal
-          proof cases
-            case RedReturn thus ?thesis using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal by blast
-          qed auto
-          hence "is_final (inter_bb2, inter_cont2, inter_state2)" by simp
+        proof (cases inter_state)
+          case (Normal x1)
           then show ?thesis
-            by (metis Ast.valid_configuration_def inter2_conc \<open>inter_state \<noteq> Failure\<close> expr_all_sat_def final_is_static_propagate get_state.simps list.pred_inject(1) rtranclp_power snd_rest)
+          proof (cases j')
+            case 0
+            then show ?thesis using concrete_inter by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps is_final.simps(4) relpowp_0_E rest)
+          next
+            case (Suc j'')
+            from this rest obtain inter_bb2 inter_cont2 inter_state2 where
+              snd_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(inter_bb, inter_cont, inter_state)\<rangle> \<longrightarrow> (inter_bb2, inter_cont2, inter_state2)" and
+              snd_rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb2, inter_cont2, inter_state2) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
+              by (metis get_state.cases relpowp_Suc_E2)
+            then have inter2_conc: "(inter_bb2, inter_cont2, inter_state2) = ((BigBlock name [] None None), KStop, inter_state)" 
+              using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal
+            proof cases
+              case RedReturn thus ?thesis using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal by blast
+            qed auto
+            hence "is_final (inter_bb2, inter_cont2, inter_state2)" by simp
+            then show ?thesis
+              by (metis Ast.valid_configuration_def inter2_conc \<open>inter_state \<noteq> Failure\<close> expr_all_sat_def final_is_static_propagate get_state.simps list.pred_inject(1) rtranclp_power snd_rest)
+          qed
+        next
+          case Failure
+          then show ?thesis using \<open>inter_state \<noteq> Failure\<close> by simp
+        next
+          case Magic
+          then show ?thesis by (metis valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps magic_propagates rest state.simps(5))
         qed
-      next
-        case Failure
-        then show ?thesis using \<open>inter_state \<noteq> Failure\<close> by simp
-      next
-        case Magic
-        then show ?thesis by (metis valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps magic_propagates rest state.simps(5))
       qed
     qed
   qed
@@ -654,37 +996,77 @@ qed
 
 
 text \<open>Global lemma for an ast-bigblock with a non-empty set of simple commands that enters a loop after it executes its simple cmds.\<close>
+
+(*
+lemma inner_loop_head_global_rel_wrapped:
+  assumes j_step_ast_trace: 
+          "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (BigBlock None [] (Some (WhileWrapper loop)) None, cont0, Normal ns1) -n\<longrightarrow>^j 
+                                 (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and loop_ih:
+        "\<And>k ns1'. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms
+proof (cases j)
+  case 0
+  from this j_step_ast_trace have 
+    "(reached_bb, reached_cont, reached_state) = (outer_body_bb1, (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1)" by auto
+  then show ?thesis by (simp add: Ast.valid_configuration_def)
+next
+  case (Suc j')
+  from assms this obtain inter_bb inter_cont inter_state where
+    step: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(outer_body_bb1, (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1)\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+    rest: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+    by (metis (no_types, opaque_lifting) get_state.cases relpowp_Suc_D2)
+  hence "(inter_bb, inter_cont, inter_state) = (outer_body_bb1_unwrapped, KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1)"
+    unfolding outer_body_bb1_unwrapped_def outer_body_bb1_def
+    by (cases) auto
+  hence rest_conc: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1_unwrapped, KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+    using rest by simp
+  show ?thesis 
+    apply (rule inner_loop_head_global_rel)
+      apply (rule rest_conc)
+     apply (rule cfg_is_correct)
+     apply simp
+    using Suc less_SucI loop_ih by blast
+qed
+*)
+
 lemma block_global_rel_while_successor:
   assumes j_step_ast_trace: 
-      "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None), cont1, Normal ns1) -n\<longrightarrow>^j 
+      "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont1, Normal ns1) -n\<longrightarrow>^j 
                       (reached_bb, reached_cont, reached_state)"
-  and syn_rel: "ast_cfg_rel None [] (BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None) cmds"
+  and syn_rel: "ast_cfg_rel None [] bb cmds"
+  and "bb = (BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None)"
   and "cmds \<noteq> []"
   and "node_to_block G ! n = cmds"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and block_local_rel:
     "\<And> reached_bb_inter reached_cont_inter reached_state_inter. 
-    (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None), cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+    (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
     (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cmds (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cmds, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and global_rel_succ:
         "\<And> ns2 k.
          k < j \<Longrightarrow>
          (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, Normal ns2) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] (Some (ParsedWhile guard invs (body_bb0#body_bbs))) None), KEndBlock cont1, Normal ns2) -n\<longrightarrow>^k 
                       (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
-         (valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+         (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   using assms
 proof cases
   assume "j = 0"
   then have "(reached_bb, reached_cont, reached_state) = 
-             ((BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None), cont1, Normal ns1)" using j_step_ast_trace by auto
+             ((BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None), cont1, Normal ns1)" using j_step_ast_trace assms(3) by auto
   thus ?thesis by (simp add: valid_configuration_def)
 next
   assume "j \<noteq> 0"
   from this obtain j' where "j = Suc j'" using not0_implies_Suc by blast
-  from this j_step_ast_trace obtain inter_bb inter_cont inter_state where
+  from this j_step_ast_trace assms(3) obtain inter_bb inter_cont inter_state where
     first_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None), cont1, Normal ns1)\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and 
     rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
     by (metis (no_types, opaque_lifting) get_state.cases relpowp_Suc_D2)
@@ -692,9 +1074,9 @@ next
   proof cases
     case RedSimpleCmds thus ?thesis by blast
   qed (auto simp add: \<open>cmds \<noteq> []\<close>)
-  have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cmds (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" using dag_verifies_propagate_2 cfg_is_correct assms(4) by blast
+  have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cmds (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" using dag_verifies_propagate_2 cfg_is_correct assms(5) by blast
   have local_conclusion: "inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cmds, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-    using Red_impl first_step assms(3) block_local_rel_generic syn_rel by blast 
+    using Red_impl first_step assms(3-4) block_local_rel_generic syn_rel by metis
   show ?thesis 
   proof (cases inter_state)
     case (Normal x1)
@@ -703,16 +1085,15 @@ next
     proof (cases j')
       case 0
       then show ?thesis 
-        by (metis (full_types, opaque_lifting) Ast.valid_configuration_def expr_all_sat_def get_state.simps list.pred_inject(1) local_conclusion relpowp.simps(1) rest)
+        by (metis Normal a1 nat.discI rest wrapper_to_endblock)
     next
       case 2: (Suc j'')
 
       hence Red_cfg_conc: 
         "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))" 
-        using dag_verifies_propagate Normal \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cmds,Normal ns1\<rangle> [\<rightarrow>] inter_state\<close> assms(4) cfg_is_correct 
-        by blast
+        using dag_verifies_propagate Normal \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cmds,Normal ns1\<rangle> [\<rightarrow>] inter_state\<close> assms(5) cfg_is_correct by blast
 
-      from 2 j_step_ast_trace obtain inter_bb2 inter_cont2 inter_state2 where
+      from 2 j_step_ast_trace assms(3) obtain inter_bb2 inter_cont2 inter_state2 where
         first_step_2: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(inter_bb, inter_cont, inter_state)\<rangle> \<longrightarrow> (inter_bb2, inter_cont2, inter_state2)" and 
         rest_2: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb2, inter_cont2, inter_state2) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
         by (metis get_state.cases relpowp_Suc_E2 rest)
@@ -724,7 +1105,7 @@ next
       qed auto 
 
       have "j'' < j" by (simp add: "2" \<open>j = Suc j'\<close>)
-      then show ?thesis using a3 rest_2 Normal Red_cfg_conc assms(7) by blast
+      then show ?thesis using a3 rest_2 Normal Red_cfg_conc assms(8) by blast 
     qed
   next
     case Failure
@@ -735,19 +1116,41 @@ next
   qed
 qed
 
+lemma ending_directly_after_loop_exit:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, KEndBlock KStop, (Normal ns1'')) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+      and "bb = (BigBlock name [] None None)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms
+proof (cases j)
+  case 0
+  hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] None None), KEndBlock KStop, (Normal ns1''))" using assms by auto
+  then show ?thesis by (simp add: Ast.valid_configuration_def)
+next
+  case (Suc j')
+  from assms(1-2) obtain inter_bb inter_cont inter_state where
+    step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name [] None None), KEndBlock KStop, (Normal ns1''))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+    rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+    by (metis (full_types) Suc prod_cases3 relpowp_Suc_E2)
+  hence conc_inter: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KStop, (Normal ns1''))" 
+    by (cases) auto
+  hence "is_final (inter_bb, inter_cont, inter_state)" by simp 
+  moreover have "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" 
+    using valid_configuration_def conc_inter by (metis expr_all_sat_def get_state.simps list.pred_inject(1) state.simps(3))  
+  ultimately show ?thesis using rest by (metis conc_inter final_is_static_propagate prod.sel(1) prod.sel(2) relpowp_imp_rtranclp)
+qed
+
 text \<open>Global lemma for a loop-head ast-bigblock with non-empty invariants. The loop is also required to be non-empty.\<close>
 lemma block_global_rel_loop_head:
-  assumes block_rel: "ast_cfg_rel None assertions (BigBlock name [] any_str any_tr) assertions"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  assumes block_rel: "ast_cfg_rel None assertions bb assertions"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, KEndBlock cont1, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and "bb = (BigBlock name [] any_str any_tr)"
   (* TODO: You're requiring that the loop isn't empty! What if it is? *)
   and bb_successor_while: "any_str = Some (ParsedWhile cont_guard invs (bb0#body_bbs))"
   and block_local_rel:
-    "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+    "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, KEndBlock cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
     (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
     (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  (* TODO: The following is a sketchy assumption! Fix it!*)
-  and "assertions \<noteq> []" 
   and "node_to_block(G) ! n = assertions"
   and succ_correct: 
    "\<And> ns1'' loop_guard j'. 
@@ -755,28 +1158,28 @@ lemma block_global_rel_loop_head:
     (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
     ((cont_guard = Some loop_guard) \<and> 
       (red_expr A \<Lambda> \<Gamma> \<Omega> loop_guard ns1'' (BoolV True)) \<and> 
-      A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (rev ((BigBlock name [] any_str any_tr)#body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or> 
+      A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (bb#(rev body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or> 
     ((cont_guard = Some loop_guard) \<and> 
       (red_expr A \<Lambda> \<Gamma> \<Omega> loop_guard ns1'' (BoolV False)) \<and> 
       A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or>
     ((cont_guard = None) \<and> 
      ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or>
-      (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (rev ((BigBlock name [] any_str any_tr)#body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state))))  \<Longrightarrow>  
+      (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (bb#(rev body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state))))  \<Longrightarrow>  
     (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
   using assms
 proof cases
-    case (Rel_Invs)
+    case Rel_Invs
     thus ?thesis 
     proof cases
       assume "j = 0"
-      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))" using ast_trace by simp 
+      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))" using ast_trace assms(4) by simp 
       thus ?thesis by (simp add: Ast.valid_configuration_def)
     next
       assume "j \<noteq> 0" 
       from this obtain j' where "j = Suc j'" using not0_implies_Suc by blast
   
-      from ast_trace this obtain inter_bb inter_cont inter_state where
+      from ast_trace this assms(4) obtain inter_bb inter_cont inter_state where
         first_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
         rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
         by (metis prod_cases3 relpowp_Suc_D2)
@@ -787,25 +1190,25 @@ proof cases
         from first_step show ?thesis using bb_successor_while
         proof cases
           case RedParsedWhileTrue
-          hence concrete_inter1: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont (rev ((BigBlock name [] any_str any_tr)#body_bbs)) (KEndBlock cont1), (Normal ns1))"
+          hence concrete_inter1: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont ((BigBlock name [] any_str any_tr)#(rev body_bbs)) (KEndBlock cont1), (Normal ns1))"
             using bb_successor_while None by blast
   
           from first_step
           have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            by (metis Pair_inject assms(7) block_local_rel cfg_correct concrete_inter1 dag_verifies_propagate dag_verifies_propagate_2)
+            by (metis Pair_inject assms(4) assms(7) block_local_rel cfg_correct concrete_inter1 dag_verifies_propagate dag_verifies_propagate_2)
   
-          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct None rest concrete_inter1 succ_correct by blast 
+          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct None rest concrete_inter1 succ_correct assms(4) by blast 
         next 
           case RedParsedWhileFalse
           hence concrete_inter2: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1))" by simp
   
           from first_step
           have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            by (metis assms(7) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+            by (metis assms(4) assms(7) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
   
           show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct None rest concrete_inter2 succ_correct by blast
         next 
-          case RedParsedWhile_InvFail thus ?thesis using assms(7) block_local_rel cfg_correct dag_verifies_propagate_2 first_step by blast
+          case RedParsedWhile_InvFail thus ?thesis using assms(7) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(4) by blast
         qed auto
       next
         case (Some concrete_loop_guard)
@@ -817,16 +1220,16 @@ proof cases
           from first_step show ?thesis 
           proof cases
             case RedParsedWhileTrue
-            hence concrete_inter3: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont (rev ((BigBlock name [] any_str any_tr)#body_bbs)) (KEndBlock cont1), (Normal ns1))"
+            hence concrete_inter3: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont ((BigBlock name [] any_str any_tr)#(rev body_bbs)) (KEndBlock cont1), (Normal ns1))"
               using bb_successor_while Some by blast
   
             from first_step
             have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              by (metis Pair_inject assms(7) block_local_rel cfg_correct concrete_inter3 dag_verifies_propagate dag_verifies_propagate_2)
+              by (metis Pair_inject assms(4) assms(7) block_local_rel cfg_correct concrete_inter3 dag_verifies_propagate dag_verifies_propagate_2)
   
-            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct Some guard_true rest concrete_inter3 succ_correct by blast 
+            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct Some guard_true rest concrete_inter3 succ_correct assms(4) by blast 
         next 
-            case RedParsedWhile_InvFail thus ?thesis using assms(7) block_local_rel cfg_correct dag_verifies_propagate_2 first_step by blast
+            case RedParsedWhile_InvFail thus ?thesis using assms(7) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(4) by blast
         qed (auto simp add: bb_successor_while Some guard_not_false)
       next
         assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV True))"
@@ -841,7 +1244,7 @@ proof cases
 
           from first_step
           have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            by (metis assms(7) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+            by (metis assms(4) assms(7) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
   
             show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct Some guard_false rest concrete_inter4 succ_correct by blast
           next
@@ -857,20 +1260,112 @@ proof cases
       qed
     qed
   qed
-qed auto
+next 
+  case Rel_Main_test 
+  thus ?thesis
+    proof cases
+      assume "j = 0"
+      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))" using ast_trace assms(4) by simp 
+      thus ?thesis by (simp add: Ast.valid_configuration_def)
+    next
+      assume "j \<noteq> 0" 
+      from this obtain j' where "j = Suc j'" using not0_implies_Suc by blast
+  
+      from ast_trace this assms(4) obtain inter_bb inter_cont inter_state where
+        first_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+        rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+        by (metis prod_cases3 relpowp_Suc_D2)
+  
+      show ?thesis
+      proof (cases cont_guard)
+        case None
+        from first_step show ?thesis using bb_successor_while
+        proof cases
+          case RedParsedWhileTrue
+          hence concrete_inter1: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont ((BigBlock name [] any_str any_tr)#(rev body_bbs)) (KEndBlock cont1), (Normal ns1))"
+            using bb_successor_while None by blast
+  
+          from first_step
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            by (metis Pair_inject assms(4) assms(7) block_local_rel cfg_correct concrete_inter1 dag_verifies_propagate dag_verifies_propagate_2)
+  
+          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct None rest concrete_inter1 succ_correct assms(4) by blast 
+        next 
+          case RedParsedWhileFalse
+          hence concrete_inter2: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1))" by simp
+  
+          from first_step
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            by (metis assms(4) assms(7) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+  
+          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct None rest concrete_inter2 succ_correct by blast
+        next 
+          case RedParsedWhile_InvFail thus ?thesis using assms(7) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(4) by blast
+        qed auto
+      next
+        case (Some concrete_loop_guard)
+        then show ?thesis 
+        proof cases
+          assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV True))"
+          hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV False))" using expr_eval_determ by blast
+  
+          from first_step show ?thesis 
+          proof cases
+            case RedParsedWhileTrue
+            hence concrete_inter3: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont ((BigBlock name [] any_str any_tr)#(rev body_bbs)) (KEndBlock cont1), (Normal ns1))"
+              using bb_successor_while Some by blast
+  
+            from first_step
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              by (metis Pair_inject assms(4) assms(7) block_local_rel cfg_correct concrete_inter3 dag_verifies_propagate dag_verifies_propagate_2)
+  
+            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct Some guard_true rest concrete_inter3 succ_correct assms(4) by blast 
+        next 
+            case RedParsedWhile_InvFail thus ?thesis using assms(7) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(4) by blast
+        qed (auto simp add: bb_successor_while Some guard_not_false)
+      next
+        assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV True))"
+        thus ?thesis 
+        proof cases
+          assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV False))"
+  
+          from first_step show ?thesis 
+          proof cases
+            case RedParsedWhileFalse
+            hence concrete_inter4: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1))" by simp
+
+          from first_step
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            by (metis assms(4) assms(7) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+  
+            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct Some guard_false rest concrete_inter4 succ_correct by blast
+          next
+            case RedParsedWhile_InvFail thus ?thesis using Some bb_successor_while guard_not_true by blast
+          qed (auto simp add: bb_successor_while Some guard_not_true)
+        next
+          assume guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV False))"
+          from first_step show ?thesis
+          proof cases
+            case RedParsedWhile_InvFail thus ?thesis using Some bb_successor_while guard_not_true by blast
+          qed (auto simp add: bb_successor_while Some guard_not_true guard_not_false)
+        qed
+      qed
+    qed
+  qed
+qed 
 
 text \<open>Global lemma for an ast-bigblock with a non-empty set of simple cmds which enters an if-statement after executing its simple cmds.\<close>
 lemma block_global_rel_if_successor:
-  assumes block_rel: "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
+  assumes block_rel: "ast_cfg_rel None [] bb cs2"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "bb = (BigBlock name cs1 any_str any_tr)"
   and "node_to_block(G) ! n = cs2"
   and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
   and bb_successor_if: "any_str = Some (ParsedIf cont_guard (then0#then_bbs) (else0#else_bbs))"
   and block_local_rel:
         "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> 
+        cs1 \<noteq> [] \<Longrightarrow> cs2 \<noteq> [] \<Longrightarrow>  
         (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and succ_correct: 
        "\<And> ns1'' block_guard k.
@@ -891,123 +1386,320 @@ lemma block_global_rel_if_successor:
 proof cases
   case Rel_Main_test
   have not_end: "(cont0 \<noteq> KStop) \<or> any_str \<noteq> None \<or> any_tr \<noteq> None" using bb_successor_if by simp
-  from ast_trace show ?thesis
-  proof (cases j)
-    case 0
-    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace by auto
-    then show ?thesis by (simp add: Ast.valid_configuration_def bb_successor_if) 
-  next
-    case 1: (Suc j')
-    from this obtain inter_bb inter_cont inter_state where
-      first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
-      rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
-      by (metis ast_trace get_state.cases relpowp_Suc_E2)
-
-    from cfg_correct \<open>cs2 \<noteq> Nil\<close> \<open>node_to_block(G) ! n = cs2\<close> 
-    have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-      using dag_verifies_propagate_2 by blast
-
-    from local_rel_corr first_step 
-    have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
-      using block_local_rel by simp
-
-    from first_step \<open>cs1 \<noteq> Nil\<close> 
-    have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
-    proof cases
-      case RedSimpleCmds then show ?thesis by (auto simp add: RedSimpleCmds)
-    qed auto
-
-    show ?thesis 
-    proof (cases inter_state)
-      case 2: (Normal x1)
-      from rest_of_steps show ?thesis 
-      proof (cases j')
-        case 0
-        then show ?thesis 
-          by (metis Ast.valid_configuration_def a1 a2 bb_successor_if get_state.simps is_final.simps(3) relpowp_0_E rest_of_steps) 
-      next
-        case 3: (Suc j'')
-        from this rest_of_steps obtain snd_inter_bb snd_inter_cont snd_inter_state where
-          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, inter_state)  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
-          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
-          by (metis a1 get_state.cases relpowp_Suc_D2)
-
+  show ?thesis
+  proof (cases cs2)
+    case Nil 
+    thus ?thesis
+    proof (cases j)
+      case 0
+      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(3) by auto
+      then show ?thesis by (simp add: Ast.valid_configuration_def bb_successor_if) 
+    next
+      case 1: (Suc j')
+        from this assms(3) obtain snd_inter_bb snd_inter_cont snd_inter_state where
+          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, (Normal ns1))  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
+          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+          by (metis ast_trace bigblock.inject local.Nil local.Rel_Main_test relpowp_Suc_E2 surj_pair)
+  
         thus ?thesis 
         proof (cases cont_guard)
           case None
           from snd_step this show ?thesis
           proof cases
             case RedParsedIfTrue
-            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
-
-            from first_step 
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            proof cases
-              case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(5) Rel_Main_test(1) cfg_correct by blast
-            qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
-
-            have "j'' < j" using 1 3 using Suc_lessD by blast
+            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
+  
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast
+  
+            have "j' < j" using 1 using Suc_lessD by blast
             
-            thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct by blast
+            thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct by blast
           next
             case RedParsedIfFalse
-            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
-
-            from first_step 
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            proof cases
-              case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(5) Rel_Main_test(1) cfg_correct by blast
-            qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
-
-            have "j'' < j" using 1 3 using Suc_lessD by blast
-
-            thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct by blast
-          qed (auto simp add: bb_successor_if 2)
+            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
+  
+            from snd_step 
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast
+  
+            have "j' < j" using 1 using Suc_lessD by blast
+  
+            thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct by blast
+          qed (auto simp add: bb_successor_if)
         next
           case (Some block_guard)
           then show ?thesis 
           proof cases
-            assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True))"
-            hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False))" using expr_eval_determ by blast
-            from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, inter_state)" 
+            assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True))"
+            hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))" using expr_eval_determ by blast
+            from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, Normal ns1)" 
             proof cases
               case RedParsedIfTrue thus ?thesis using guard_true bb_successor_if by (simp add: RedParsedIfTrue)
-            qed (auto simp add: guard_not_false bb_successor_if 2 Some)
-
-            from first_step 
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            proof cases
-              case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(5) Rel_Main_test(1) cfg_correct by blast
-            qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
-
-            have "j'' < j" using 1 3 using Suc_lessD by blast
+            qed (auto simp add: guard_not_false bb_successor_if Some)
+  
+            from snd_step 
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast
+  
+            have "j' < j" using 1 using Suc_lessD by blast
             
-            thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct 2 by blast
+            thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct by blast
           next
-            assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True))"
+            assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True))"
             thus ?thesis 
             proof cases
-              assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False))"
-              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)" 
+              assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))"
+              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, Normal ns1)" 
               proof cases
                 case RedParsedIfFalse thus ?thesis using guard_false bb_successor_if by (simp add: RedParsedIfFalse)
-              qed (auto simp add: guard_not_true bb_successor_if 2 Some)
-
+              qed (auto simp add: guard_not_true bb_successor_if Some)
+  
+              from snd_step 
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+                using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast              
+  
+              have "j' < j" using 1 using Suc_lessD by blast
+        
+              thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some succ_cfg_correct by blast
+            next
+              assume guard_not_false2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False)))" and  
+                     guard_not_true2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True)))"
+              thus ?thesis
+              proof -
+                from snd_step have False using guard_not_false2 guard_not_true2 bb_successor_if Some 
+                  by (cases) auto
+                thus ?thesis by simp
+              qed
+            qed  
+          qed 
+        qed
+      qed
+  next
+    case (Cons) 
+    hence "cs1 \<noteq> []" using assms(3) local.Rel_Main_test by auto
+    thus ?thesis
+    proof (cases j)
+      case 0
+      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(3) by auto
+      then show ?thesis by (simp add: Ast.valid_configuration_def bb_successor_if) 
+    next
+      case 1: (Suc j')
+      from this assms(3) obtain inter_bb inter_cont inter_state where
+        first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
+        rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+        by (metis ast_trace get_state.cases relpowp_Suc_E2)
+  
+      from cfg_correct Cons \<open>node_to_block(G) ! n = cs2\<close> 
+      have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+        using dag_verifies_propagate_2 by blast
+  
+      from local_rel_corr first_step Cons
+      have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
+        using block_local_rel local.Rel_Main_test assms(3) by blast
+  
+      from first_step Cons \<open>cs1 \<noteq> []\<close>
+      have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
+      proof cases
+        case RedSimpleCmds then show ?thesis by (auto simp add: RedSimpleCmds)
+      qed auto
+  
+      show ?thesis 
+      proof (cases inter_state)
+        case 2: (Normal x1)
+        from rest_of_steps show ?thesis 
+        proof (cases j')
+          case 0
+          then show ?thesis 
+            by (metis Ast.valid_configuration_def a1 a2 bb_successor_if get_state.simps is_final.simps(3) relpowp_0_E rest_of_steps) 
+        next
+          case 3: (Suc j'')
+          from this rest_of_steps obtain snd_inter_bb snd_inter_cont snd_inter_state where
+            snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, inter_state)  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
+            snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
+            by (metis a1 get_state.cases relpowp_Suc_D2)
+  
+          thus ?thesis 
+          proof (cases cont_guard)
+            case None
+            from snd_step this show ?thesis
+            proof cases
+              case RedParsedIfTrue
+              hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
+  
               from first_step 
               have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               proof cases
-                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(5) Rel_Main_test(1) cfg_correct by blast
-              qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)              
-
+                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct by blast
+              qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
+  
+              have "j'' < j" using 1 3 using Suc_lessD by blast
+              
+              thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct by blast
+            next
+              case RedParsedIfFalse
+              hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
+  
+              from first_step 
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              proof cases
+                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct by blast
+              qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
+  
+              have "j'' < j" using 1 3 using Suc_lessD by blast
+  
+              thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct by blast
+            qed (auto simp add: bb_successor_if 2)
+          next
+            case (Some block_guard)
+            then show ?thesis 
+            proof cases
+              assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True))"
+              hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False))" using expr_eval_determ by blast
+              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, inter_state)" 
+              proof cases
+                case RedParsedIfTrue thus ?thesis using guard_true bb_successor_if by (simp add: RedParsedIfTrue)
+              qed (auto simp add: guard_not_false bb_successor_if 2 Some)
+  
+              from first_step 
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              proof cases
+                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct by blast
+              qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
+  
               have "j'' < j" using 1 3 using Suc_lessD by blast
+              
+              thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct 2 by blast
+            next
+              assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True))"
+              thus ?thesis 
+              proof cases
+                assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False))"
+                from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)" 
+                proof cases
+                  case RedParsedIfFalse thus ?thesis using guard_false bb_successor_if by (simp add: RedParsedIfFalse)
+                qed (auto simp add: guard_not_true bb_successor_if 2 Some)
+  
+                from first_step 
+                have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+                proof cases
+                  case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct by blast
+                qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)              
+  
+                have "j'' < j" using 1 3 using Suc_lessD by blast
+          
+                thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some 2 succ_cfg_correct by blast
+              next
+                assume guard_not_false2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False)))" and  
+                       guard_not_true2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True)))"
+                thus ?thesis
+                proof -
+                  from snd_step have False using guard_not_false2 guard_not_true2 bb_successor_if Some 2 
+                    by (cases) auto
+                  thus ?thesis by simp
+                qed
+              qed  
+            qed 
+          qed
+        qed
+      next
+        case Failure
+        then show ?thesis
+          using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+          by linarith
+      next
+        case Magic
+        then show ?thesis by (metis Ast.valid_configuration_def a2 get_state.simps magic_propagates rest_of_steps state.distinct(3))
+      qed
+    qed
+  qed
+next
+  case Rel_Invs
+  hence "cs2 = []" by simp
+  have not_end: "(cont0 \<noteq> KStop) \<or> any_str \<noteq> None \<or> any_tr \<noteq> None" using bb_successor_if by simp
+  show ?thesis
+  proof (cases cs2)
+    case Nil 
+    thus ?thesis
+    proof (cases j)
+      case 0
+      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(3) by auto
+      then show ?thesis by (simp add: Ast.valid_configuration_def bb_successor_if) 
+    next
+      case 1: (Suc j')
+        from this assms(3) obtain snd_inter_bb snd_inter_cont snd_inter_state where
+          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, (Normal ns1))  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
+          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+          using Rel_Invs
+          by (metis ast_trace bigblock.inject local.Rel_Invs(1) relpowp_Suc_E2 surj_pair)
+  
+        thus ?thesis 
+        proof (cases cont_guard)
+          case None
+          from snd_step this show ?thesis
+          proof cases
+            case RedParsedIfTrue
+            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
+  
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast
+  
+            have "j' < j" using 1 using Suc_lessD by blast
+            
+            thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct by blast
+          next
+            case RedParsedIfFalse
+            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
+  
+            from snd_step 
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast
+  
+            have "j' < j" using 1 using Suc_lessD by blast
+  
+            thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct by blast
+          qed (auto simp add: bb_successor_if)
+        next
+          case (Some block_guard)
+          then show ?thesis 
+          proof cases
+            assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True))"
+            hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))" using expr_eval_determ by blast
+            from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, Normal ns1)" 
+            proof cases
+              case RedParsedIfTrue thus ?thesis using guard_true bb_successor_if by (simp add: RedParsedIfTrue)
+            qed (auto simp add: guard_not_false bb_successor_if Some)
+  
+            from snd_step 
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast
+  
+            have "j' < j" using 1 using Suc_lessD by blast
+            
+            thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct by blast
+          next
+            assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True))"
+            thus ?thesis 
+            proof cases
+              assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))"
+              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, Normal ns1)" 
+              proof cases
+                case RedParsedIfFalse thus ?thesis using guard_false bb_successor_if by (simp add: RedParsedIfFalse)
+              qed (auto simp add: guard_not_true bb_successor_if Some)
+  
+              from snd_step 
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+                using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast              
+  
+              have "j' < j" using 1 using Suc_lessD by blast
         
-              thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some 2 succ_cfg_correct by blast
+              thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some succ_cfg_correct by blast
             next
-              assume guard_not_false2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False)))" and  
-                     guard_not_true2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True)))"
+              assume guard_not_false2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False)))" and  
+                     guard_not_true2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True)))"
               thus ?thesis
               proof -
-                from snd_step have False using guard_not_false2 guard_not_true2 bb_successor_if Some 2 
+                from snd_step have False using guard_not_false2 guard_not_true2 bb_successor_if Some 
                   by (cases) auto
                 thus ?thesis by simp
               qed
@@ -1015,22 +1707,16 @@ proof cases
           qed 
         qed
       qed
-    next
-      case Failure
-      then show ?thesis
-        using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
-        by linarith
-    next
-      case Magic
-      then show ?thesis by (metis Ast.valid_configuration_def a2 get_state.simps magic_propagates rest_of_steps state.distinct(3))
-    qed
+  next
+    case (Cons) thus ?thesis using \<open>cs2 = []\<close> by simp
   qed
-qed auto
+qed
 
 text \<open>Global lemma for an ast-bigblock with a non-empty set of simple cmds which is the first bigblock in the else-branch of an if-statement.\<close>
 lemma block_global_rel_if_false:
-  assumes block_rel: "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  assumes block_rel: "ast_cfg_rel None [] bb cs2"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "bb = (BigBlock name cs1 any_str any_tr)"
   and "cs1 \<noteq> Nil"
   and "cs2 \<noteq> Nil"
   and "node_to_block(G) ! n = cs3"
@@ -1041,7 +1727,7 @@ lemma block_global_rel_if_false:
   and "(UnOp Not block_guard) \<sim> some_cmd"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(UnOp Not block_guard), ns1\<rangle> \<Down> LitV (LBool True)"
   and block_local_rel: 
-        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
         (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
         (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and succ_correct: 
@@ -1058,11 +1744,11 @@ proof cases
   from ast_trace show ?thesis
   proof (cases j)
     case 0
-    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace by fastforce
+    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(3) by fastforce
     then show ?thesis unfolding Ast.valid_configuration_def by (simp add: trivial_bb_successor)
   next
     case succ_0: (Suc j')
-    from this obtain inter_bb inter_cont inter_state where
+    from this assms(3) obtain inter_bb inter_cont inter_state where
       first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
       rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
       by (metis ast_trace prod_cases3 relpowp_Suc_D2)
@@ -1073,7 +1759,7 @@ proof cases
 
     from local_rel_corr first_step 
     have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
-      using block_local_rel by simp
+      using block_local_rel assms(3) by simp
 
     from first_step \<open>cs1 \<noteq> Nil\<close> 
     have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
@@ -1105,9 +1791,9 @@ proof cases
         proof cases
           case RedSimpleCmds 
           hence cmds_red: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c#cs2, Normal ns1\<rangle> [\<rightarrow>] inter_state" 
-            using Rel_Main_test(1) \<open>c = Assume some_cmd\<close> \<open>(UnOp Not block_guard) \<sim> some_cmd\<close> equiv_preserves_value trace_is_possible RedAssumeOk RedCmdListCons 
-            by metis
-          show ?thesis by (metis (no_types, lifting) "1" RedNormalSucc assms(5) assms(6) cfg_correct cmds_red converse_rtranclp_into_rtranclp)
+            using  "1" a2 assms(7) 
+            by blast
+          show ?thesis by (metis (no_types, lifting) "1" RedNormalSucc assms(6-7) cfg_correct cmds_red converse_rtranclp_into_rtranclp)
         qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
 
         have "j'' < j" using succ_0 2 by simp
@@ -1128,8 +1814,9 @@ qed auto
 
 text \<open>Global lemma for an ast-bigblock with a non-empty set of simple cmds which is the first bigblock in the then-branch of an if-statement.\<close>
 lemma block_global_rel_if_true:
-  assumes block_rel: "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  assumes block_rel: "ast_cfg_rel None [] bb cs2"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "bb = (BigBlock name cs1 any_str any_tr)"
   and "cs1 \<noteq> Nil"
   and "cs2 \<noteq> Nil"
   and "node_to_block(G) ! n = cs3"
@@ -1139,7 +1826,7 @@ lemma block_global_rel_if_true:
   and "c = Assume block_guard"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>block_guard, ns1\<rangle> \<Down> LitV (LBool True)"
   and block_local_rel: 
-        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
         (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
         (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and succ_correct: 
@@ -1156,11 +1843,11 @@ proof cases
   from ast_trace show ?thesis
   proof (cases j)
     case 0
-    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace by auto
-    then show ?thesis unfolding Ast.valid_configuration_def by (metis assms(3) get_state.simps is_final.simps(2) neq_Nil_conv state.distinct(1))
+    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(3) by auto
+    then show ?thesis unfolding Ast.valid_configuration_def by (metis assms(4) get_state.simps is_final.simps(2) neq_Nil_conv state.distinct(1))
   next
     case succ_0: (Suc j')
-    from this obtain inter_bb inter_cont inter_state where
+    from this assms(3) obtain inter_bb inter_cont inter_state where
       first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
       rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
       by (metis ast_trace get_state.cases relpowp_Suc_D2)
@@ -1171,7 +1858,7 @@ proof cases
 
     from local_rel_corr first_step 
     have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
-      using block_local_rel by simp
+      using block_local_rel assms(3) by simp
 
     from first_step \<open>cs1 \<noteq> Nil\<close> 
     have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
@@ -1204,8 +1891,8 @@ proof cases
         proof cases
           case RedSimpleCmds 
           hence cmds_red: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c#cs2, Normal ns1\<rangle> [\<rightarrow>] inter_state" 
-            using Rel_Main_test(1) \<open>c = Assume block_guard\<close> trace_is_possible RedAssumeOk RedCmdListCons by blast
-          show ?thesis using "1" assms(5) assms(6) cfg_correct cmds_red dag_verifies_propagate by blast
+            using Rel_Main_test(1) \<open>c = Assume block_guard\<close> trace_is_possible RedAssumeOk RedCmdListCons assms(3) by blast
+          show ?thesis using "1" assms(6-7) cfg_correct cmds_red dag_verifies_propagate by blast
         qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
 
         have "j'' < j" using succ_0 2 by simp
@@ -1226,15 +1913,16 @@ qed auto
 
 text \<open>Global lemma for a generic ast-bigblock with a non-empty set of simple cmds.\<close>
 lemma block_global_rel_generic:
-  assumes block_rel: "ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  assumes block_rel: "ast_cfg_rel None [] bb cs2"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "bb = (BigBlock name cs1 any_str any_tr)"
   and "cs1 \<noteq> Nil"
   and "cs2 \<noteq> Nil"
   and "node_to_block(G) ! n = cs2"
   and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
   and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
   and block_local_rel: 
-        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
         (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
         (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and succ_correct: 
@@ -1251,11 +1939,11 @@ proof cases
   from ast_trace show ?thesis
   proof (cases j)
     case 0
-    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace by auto
+    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(3) by auto
     then show ?thesis unfolding Ast.valid_configuration_def by (simp add: trivial_bb_successor)
   next
     case succ_0: (Suc j')
-    from this obtain inter_bb inter_cont inter_state where
+    from this assms(3) obtain inter_bb inter_cont inter_state where
       first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
       rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
       by (metis ast_trace get_state.cases relpowp_Suc_D2)
@@ -1266,7 +1954,7 @@ proof cases
 
     from local_rel_corr first_step 
     have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
-      using block_local_rel by simp
+      using block_local_rel assms(3) by simp
 
     from first_step \<open>cs1 \<noteq> Nil\<close> 
     have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
@@ -1297,7 +1985,7 @@ proof cases
         from first_step 
         have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
         proof cases
-          case RedSimpleCmds show ?thesis using 1 snd_step_equiv  RedSimpleCmds(3) dag_verifies_propagate Rel_Main_test(1) cfg_correct assms(5) by blast
+          case RedSimpleCmds show ?thesis using 1 snd_step_equiv  RedSimpleCmds(3) dag_verifies_propagate Rel_Main_test(1) cfg_correct assms(6) assms(3) by blast
         qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
 
         have "j'' < j" using succ_0 2 by simp
diff --git a/BoogieLang/BackedgeElim.thy b/BoogieLang/BackedgeElim.thy
index b8440cf..a78733c 100644
--- a/BoogieLang/BackedgeElim.thy
+++ b/BoogieLang/BackedgeElim.thy
@@ -1099,7 +1099,7 @@ next
         by blast
       from PostHolds show ?thesis 
         unfolding valid_configuration_def expr_all_sat_def      
-        by (metis "2"(3) finished_remains local.RedNormalReturn(1) local.RedNormalReturn(2) prod.inject relpowp_imp_rtranclp state.distinct(1) state.inject)
+        by (metis "2" (3) finished_remains local.RedNormalReturn(1) local.RedNormalReturn(2) prod.inject relpowp_imp_rtranclp state.distinct(1) state.inject)
   next
     case (RedFailure cs)
     then show ?thesis   
@@ -1115,7 +1115,7 @@ qed
 
 text \<open>The following lemma is a global block theorem helper lemma for the case where the block
 before the CFG-to-DAG phase has no successor (i.e., not a return block) and 
-he corresponding block B' after the CFG-to-DAG phase has one successor B''. B'' is the unique exit block
+the corresponding block B' after the CFG-to-DAG phase has one successor B''. B'' is the unique exit block
 generated by Boogie and the assertion of the postcondition is added to the end of B''.\<close>
 
 lemma cfg_dag_helper_return_2:
diff --git a/BoogieLang/ROOT b/BoogieLang/ROOT
index 130461f..83fc8ef 100644
--- a/BoogieLang/ROOT
+++ b/BoogieLang/ROOT
@@ -17,3 +17,4 @@ session Boogie_Lang = "HOL" +
     PassificationML
     BackedgeElim
     Ast
+    Ast_Cfg_Transformation
diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index 4c16e7c..ea190be 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -529,7 +529,7 @@ text \<open>Command list reduction (big-step semantics)\<close>
 
 inductive red_cmd_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd list \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
   ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) [\<rightarrow>]/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp"
+  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where
     RedCmdListNil: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[],s\<rangle> [\<rightarrow>] s"
   | RedCmdListCons: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s''; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s''\<rangle> [\<rightarrow>] s' \<rbrakk> \<Longrightarrow> 
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
new file mode 100644
index 0000000..68bb528
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
@@ -0,0 +1,183 @@
+theory empty_branch_if_ast_cfg_proof
+  imports Main
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          empty_branch_if_before_cfg_to_dag_prog 
+          empty_branch_if_before_ast_cfg
+          empty_branch_if_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+
+begin
+declare Nat.One_nat_def[simp del]
+
+definition bigblock_then 
+  where "bigblock_then \<equiv> BigBlock None [] None None"
+
+definition bigblock_else
+  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 6)))] None None"
+
+lemma bigblock0_local_rel:
+  assumes Red_bb0_to: 
+      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>empty_branch_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock0 _ empty_branch_if_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl, simp)
+      apply (simp add: bigblock0_def)
+     apply simp
+    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+    done
+qed
+
+lemma bigblock_else_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>empty_branch_if_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis
+    unfolding empty_branch_if_before_cfg_to_dag_prog.block_1_def 
+    apply (rule block_local_rel_guard_false)
+            apply (rule Rel_Main_test[of bigblock_else])
+            apply (simp add: bigblock_else_def)
+           apply (rule neg_gt2)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl)
+       apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_1_def)
+      apply (simp add: bigblock_else_def)
+    by simp_all
+qed
+
+lemma block2_global_rel:
+  assumes concrete_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  using assms
+proof -
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+         apply (rule Rel_Main_test[of bigblock1 _ empty_branch_if_before_cfg_to_dag_prog.block_2])
+         apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)
+        apply (rule concrete_trace)
+       apply (simp add: bigblock1_def)
+      apply simp
+     apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
+    apply (rule cfg_is_correct)
+    apply simp
+    done
+qed
+
+
+lemma block_then_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -                    
+  show ?thesis 
+    apply (rule ending_then)
+           apply (rule assms(1))
+          apply (simp add: bigblock_then_def)
+         apply (rule trace_is_possible)
+        apply (rule empty_branch_if_before_cfg_to_dag_prog.node_3)
+       apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_3_def)
+      apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_3)
+      apply (simp add: member_rec)
+     apply (simp add: assms(2))
+     apply (simp add: block2_global_rel)
+    done
+qed
+
+
+lemma block_else_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis
+    apply (rule block_global_rel_if_false)
+                 apply (rule Rel_Main_test[of bigblock_else])
+                 apply (simp add: bigblock_else_def)
+               apply (rule assms(1))
+              apply (simp add: bigblock_else_def)
+              apply simp
+             apply simp
+            apply (rule empty_branch_if_before_cfg_to_dag_prog.node_1)
+           apply (rule empty_branch_if_before_cfg_to_dag_prog.block_1_def)
+          apply (rule assms(2))
+          apply simp
+         apply simp
+        apply simp
+       apply (rule neg_gt2)
+      apply (rule trace_is_possible)
+     apply (rule bigblock_else_local_rel)
+       apply assumption
+      apply assumption
+     apply (rule trace_is_possible)
+    apply (erule allE[where x=2])
+    apply (rule block2_global_rel)
+     apply assumption
+    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
+    apply (simp add: member_rec(1))
+    done
+qed
+
+
+lemma block0_global_rel:
+  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis 
+    apply (rule block_global_rel_if_successor)
+           apply (rule Rel_Main_test[of bigblock0 _ empty_branch_if_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+          apply (rule ast_trace)
+         apply (simp add: bigblock0_def)
+        apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
+       apply (rule assms(1))
+       apply simp
+      apply simp
+     apply (rule bigblock0_local_rel)
+      apply (simp add: bigblock0_def)
+     apply assumption
+    apply simp
+    apply (rule disjE)
+      apply assumption
+
+     apply (erule allE[where x=3])
+     apply (simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
+     apply (simp add:member_rec(1))
+     apply (rule conjE)
+      apply assumption
+    unfolding empty_branch_if_before_cfg_to_dag_prog.post_def
+     apply (rule block_then_global_rel)
+       apply (simp add: bigblock_then_def)       
+      apply simp
+     apply assumption
+   
+    apply (erule allE[where x=1])
+    apply (simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add:member_rec(1))
+    apply (rule conjE)
+     apply assumption
+    apply (rule block_else_global_rel)
+      apply (simp add: bigblock_else_def)
+     apply simp
+    apply (simp add: false_equals_not_true)
+    done
+qed
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy
new file mode 100644
index 0000000..3c29d5a
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy
@@ -0,0 +1,89 @@
+theory empty_branch_if_before_ast_cfg
+  imports Main
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "../global_data"
+
+begin
+
+definition bigblock0
+  where "bigblock0 \<equiv> 
+          (BigBlock None [(Havoc 0)] 
+            (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) 
+                  [BigBlock None [] None None] [BigBlock None [(Assign 0 (Lit (LInt 6)))] None None])) 
+             None)"
+
+definition bigblock1
+  where "bigblock1 \<equiv> 
+          (BigBlock None [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))] None None)"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 #  bigblock1  # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding empty_branch_if_before_ast_cfg.params_vdecls_def empty_branch_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_cfg.params_vdecls) )"
+unfolding empty_branch_if_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_cfg.locals_vdecls) )"
+unfolding empty_branch_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_ast_cfg.post),proc_body = (Some (empty_branch_if_before_ast_cfg.locals_vdecls,empty_branch_if_before_ast_cfg.proc_body))|)"
+
+end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..41c064e
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
@@ -0,0 +1,122 @@
+theory empty_branch_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]"
+definition block_2
+  where
+    "block_2  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]"
+definition outEdges
+  where
+    "outEdges  = [[3,1],[2],[],[2]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [3,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_cfg_to_dag_prog.post),proc_body = (Some (empty_branch_if_before_cfg_to_dag_prog.locals_vdecls,empty_branch_if_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
new file mode 100644
index 0000000..2d6d7db
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory empty_branch_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
new file mode 100644
index 0000000..a3919c0
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
@@ -0,0 +1,292 @@
+theory empty_branch_if_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_branch_if_before_cfg_to_dag_prog empty_branch_if_before_passive_prog empty_branch_if_passification_proof empty_branch_if_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding empty_branch_if_before_cfg_to_dag_prog.block_2_def empty_branch_if_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
+apply (rule empty_branch_if_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding empty_branch_if_before_cfg_to_dag_prog.post_def
+apply (rule block_anon3)
+apply assumption+
+by (rule empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
+
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding empty_branch_if_before_cfg_to_dag_prog.block_3_def empty_branch_if_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_3)
+apply (rule empty_branch_if_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon4_Then)
+apply (assumption+)
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:empty_branch_if_before_passive_prog.outEdges_1))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding empty_branch_if_before_cfg_to_dag_prog.block_1_def empty_branch_if_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_1)
+apply (rule empty_branch_if_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon4_Else)
+apply (assumption+)
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:empty_branch_if_before_passive_prog.outEdges_2))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding empty_branch_if_before_cfg_to_dag_prog.block_0_def empty_branch_if_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
+apply (rule empty_branch_if_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:empty_branch_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:empty_branch_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:empty_branch_if_before_passive_prog.outEdges_4))
+by ((simp add:empty_branch_if_before_passive_prog.node_4 empty_branch_if_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 empty_branch_if_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule empty_branch_if_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding empty_branch_if_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=empty_branch_if_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding empty_branch_if_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule empty_branch_if_before_passive_prog.outEdges_5)
+apply ((simp add:empty_branch_if_before_passive_prog.node_4 empty_branch_if_before_passive_prog.block_4_def))
+apply (rule empty_branch_if_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_branch_if_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule empty_branch_if_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms empty_branch_if_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 empty_branch_if_before_cfg_to_dag_prog.proc_def empty_branch_if_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
new file mode 100644
index 0000000..f80e262
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
@@ -0,0 +1,262 @@
+theory empty_branch_if_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_passive_prog empty_branch_if_passive_prog Boogie_Lang.PassificationML empty_branch_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_branch_if_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_branch_if_before_passive_prog.block_0_def empty_branch_if_passive_prog.block_0_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old empty_branch_if_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_branch_if_before_passive_prog.block_1_def empty_branch_if_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.l_x(2) empty_branch_if_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 6))),(0,(Inl 2))]) R_old empty_branch_if_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_branch_if_before_passive_prog.block_2_def empty_branch_if_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.l_x(2) empty_branch_if_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old empty_branch_if_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_branch_if_before_passive_prog.block_3_def empty_branch_if_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.l_x(2) empty_branch_if_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_branch_if_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_branch_if_before_passive_prog.block_4_def empty_branch_if_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_branch_if_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_branch_if_before_passive_prog.block_5_def empty_branch_if_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_branch_if_before_passive_prog.node_0},@{thm empty_branch_if_before_passive_prog.outEdges_0}) (@{thm empty_branch_if_passive_prog.node_0},@{thm empty_branch_if_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_branch_if_before_passive_prog.node_1},@{thm empty_branch_if_before_passive_prog.outEdges_1}) (@{thm empty_branch_if_passive_prog.node_1},@{thm empty_branch_if_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_branch_if_before_passive_prog.node_2},@{thm empty_branch_if_before_passive_prog.outEdges_2}) (@{thm empty_branch_if_passive_prog.node_2},@{thm empty_branch_if_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_branch_if_before_passive_prog.node_3},@{thm empty_branch_if_before_passive_prog.outEdges_3}) (@{thm empty_branch_if_passive_prog.node_3},@{thm empty_branch_if_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon4_Then}, 
+@{thm cfg_block_anon4_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_branch_if_before_passive_prog.node_4},@{thm empty_branch_if_before_passive_prog.outEdges_4}) (@{thm empty_branch_if_passive_prog.node_4},@{thm empty_branch_if_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_branch_if_before_passive_prog.node_5},@{thm empty_branch_if_before_passive_prog.outEdges_5}) (@{thm empty_branch_if_passive_prog.node_5},@{thm empty_branch_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv empty_branch_if_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding empty_branch_if_passive_prog.params_vdecls_def empty_branch_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using empty_branch_if_before_passive_prog.globals_locals_disj apply auto[1]
+using empty_branch_if_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from empty_branch_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
new file mode 100644
index 0000000..78928d4
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
@@ -0,0 +1,128 @@
+theory empty_branch_if_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 2) Gt (Lit (LInt 5))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 5)))),(Assume (BinOp (Var 2) Eq (Var 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 1))),(Assume (BinOp (Var 2) Eq (Lit (LInt 6))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_branch_if_passive_prog.params_vdecls_def empty_branch_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
new file mode 100644
index 0000000..0958308
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
@@ -0,0 +1,241 @@
+theory empty_branch_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML empty_branch_if_passive_prog empty_branch_if_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon3
+  where
+    "vc_anon3 x_1 = (x_1 > (5::int))"
+definition vc_anon4_Then
+  where
+    "vc_anon4_Then x_0 x_1 = (((x_0 > (5::int)) \<and> (x_1 = x_0)) \<longrightarrow> (vc_anon3 x_1))"
+definition vc_anon4_Else
+  where
+    "vc_anon4_Else x_0 x_1 = ((((5::int) \<ge> x_0) \<and> (x_1 = (6::int))) \<longrightarrow> (vc_anon3 x_1))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 x_1 = ((vc_anon4_Then x_0 x_1) \<and> (vc_anon4_Else x_0 x_1))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3
+lemmas forall_poly_thm = forall_vc_type[OF G3]
+lemmas exists_poly_thm = exists_vc_type[OF G3]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon3_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon3AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding empty_branch_if_passive_prog.block_0_def vc.vc_anon3_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Then_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon4_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
+unfolding empty_branch_if_passive_prog.block_1_def vc.vc_anon4_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Else_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon4_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
+unfolding empty_branch_if_passive_prog.block_2_def vc.vc_anon4_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_3 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
+using assms
+unfolding empty_branch_if_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
+using assms
+unfolding empty_branch_if_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding empty_branch_if_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) empty_branch_if_passive_prog.node_0 empty_branch_if_passive_prog.outEdges_0])
+using block_anon3AA0[OF _ assms(2)] by blast
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Then vc_x_0 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_1])
+apply (erule block_anon4_ThenAA0[OF _ assms(2)])
+apply ((simp add:empty_branch_if_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Else vc_x_0 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_2])
+apply (erule block_anon4_ElseAA0[OF _ assms(2)])
+apply ((simp add:empty_branch_if_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_3])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:empty_branch_if_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_4])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:empty_branch_if_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:empty_branch_if_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x])
+apply (subst lookup_var_local[OF empty_branch_if_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF empty_branch_if_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF empty_branch_if_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/global_data.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
index 5923405..b6aa719 100644
--- a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
+++ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
@@ -13,27 +13,33 @@ theory if_example_ast_cfg_proof
           p_vcphase_proof
 
 begin
+declare Nat.One_nat_def[simp del]
 
-abbreviation bigblock_then 
+definition bigblock_then 
   where "bigblock_then \<equiv> BigBlock None [(Assign 0 (Lit (LInt 10)))] None None"
 
-abbreviation bigblock_else
+definition bigblock_else
   where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 1)))] None None"
 
 lemma bigblock0_local_rel:
   assumes Red_bb0_to: 
       "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> [Havoc 0] (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
   shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Havoc 0], Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
 proof -
-  have "ast_cfg_rel None [] bigblock0 p_before_cfg_to_dag_prog.block_0" 
-    unfolding p_before_cfg_to_dag_prog.block_0_def
-    by (rule Rel_Main_test)
-  then show ?thesis 
-    using assms
-    unfolding p_before_cfg_to_dag_prog.block_0_def
-    by (auto simp: block_local_rel_generic) 
+  show ?thesis 
+    apply (rule block_local_rel_generic) 
+           apply (rule Rel_Main_test[of bigblock0])
+           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl, simp)
+      apply (simp add: bigblock0_def)
+     apply simp
+    apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
+    done
 qed
 
 
@@ -44,13 +50,18 @@ lemma bigblock_then_local_rel:
   shows "reached_state \<noteq> Failure \<and> 
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] bigblock_then [(Assign 0 (Lit (LInt 10)))]" 
-    by (rule Rel_Main_test)
   show ?thesis
-    unfolding p_before_cfg_to_dag_prog.block_3_def 
-    apply (rule block_local_rel_guard_true[OF syntactic_rel _ _ _  trace_is_possible Red_bb0_to Red0_impl])
-    unfolding p_before_cfg_to_dag_prog.block_3_def 
-    by simp_all
+    apply (rule block_local_rel_guard_true)
+           apply (rule Rel_Main_test[of bigblock_then])
+           apply (simp add: bigblock_then_def)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl, simp)
+      apply (simp add: bigblock_then_def)
+      apply simp+
+    apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
+    done
 qed
 
 lemma bigblock_else_local_rel:
@@ -60,14 +71,19 @@ lemma bigblock_else_local_rel:
   shows "reached_state \<noteq> Failure \<and> 
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] bigblock_else [(Assign 0 (Lit (LInt 1)))]"
-    by (rule Rel_Main_test)
-  have guard_equiv: "UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))) \<sim> (Lit (LInt 5) \<guillemotleft>Ge\<guillemotright> Var 0)" 
-    by (rule neg_gt2)
   show ?thesis
     unfolding p_before_cfg_to_dag_prog.block_1_def 
-    apply (rule block_local_rel_guard_false[OF syntactic_rel _ _ guard_equiv _ trace_is_possible Red_bb0_to Red0_impl])
-    unfolding p_before_cfg_to_dag_prog.block_1_def
+    apply (rule block_local_rel_guard_false)
+            apply (rule Rel_Main_test[of bigblock_else])
+            apply (simp add: bigblock_else_def)
+ (* FIXME how does one know what rule is to be used here? *)
+           apply (rule neg_gt2)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl)
+       apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
+      apply (simp add: bigblock_else_def)
     by simp_all
 qed
 
@@ -77,18 +93,14 @@ lemma block2_global_rel:
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   using assms
 proof -
-  have syn_rel: "ast_cfg_rel None [] bigblock1 [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]" using Rel_Main_test by blast 
-  have cmds: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 2 = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]" 
-    using p_before_cfg_to_dag_prog.block_2_def p_before_cfg_to_dag_prog.node_2 by fastforce
-
   show ?thesis
     apply (rule generic_ending_block_global_rel)
-          apply (rule syn_rel)
-         apply (rule concrete_trace)
-        apply simp
-       apply simp
+         apply (rule Rel_Main_test[of bigblock1 _ p_before_cfg_to_dag_prog.block_2])
+         apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)
+        apply (rule concrete_trace)
+       apply (simp add: bigblock1_def)
       apply simp
-     apply (rule cmds)
+     apply (rule p_before_cfg_to_dag_prog.node_2)
     apply (rule cfg_is_correct)
     apply simp
     done
@@ -101,17 +113,14 @@ lemma block_then_global_rel:
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] (BigBlock None [(Assign 0 (Lit (LInt 10)))] None None) [(Assign 0 (Lit (LInt 10)))]"
-    by (simp add: Rel_Main_test)
-  have succ: "(out_edges(p_before_cfg_to_dag_prog.proc_body) ! 3) = [2]" 
-    by (simp add: p_before_cfg_to_dag_prog.outEdges_3) 
-
   show ?thesis 
     apply (rule block_global_rel_if_true)
-                apply (rule syntactic_rel)
+                apply (rule Rel_Main_test[of bigblock_then])
+                apply (simp add: bigblock_then_def)
                apply (rule assms(1))
-              apply simp
+              apply (simp add: bigblock_then_def)
              apply simp
+            apply simp
            apply (rule p_before_cfg_to_dag_prog.node_3)
           apply (rule p_before_cfg_to_dag_prog.block_3_def)
           apply (rule assms(2))
@@ -138,17 +147,12 @@ lemma block_else_global_rel:
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] bigblock_else [(Assign 0 (Lit (LInt 1)))]"
-    by (simp add: Rel_Main_test)
-  have succ: "(out_edges (p_before_cfg_to_dag_prog.proc_body) ! Suc 0) = [2]" 
-    using p_before_cfg_to_dag_prog.outEdges_1 by auto 
-  have guard_equiv: "UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))) \<sim> (Lit (LInt 5) \<guillemotleft>Ge\<guillemotright> Var 0)" 
-    by (rule neg_gt2)
-
   show ?thesis
     apply (rule block_global_rel_if_false)
-                apply (rule syntactic_rel)
+                 apply (rule Rel_Main_test[of bigblock_else])
+                 apply (simp add: bigblock_else_def)
                apply (rule assms(1))
+              apply (simp add: bigblock_else_def)
               apply simp
              apply simp
             apply (rule p_before_cfg_to_dag_prog.node_1)
@@ -157,18 +161,17 @@ proof -
           apply simp
          apply simp
         apply simp
-       apply (rule guard_equiv)
+       apply (rule neg_gt2)
       apply (rule trace_is_possible)
      apply (rule bigblock_else_local_rel)
        apply assumption
       apply assumption
      apply (rule trace_is_possible)
     apply (erule allE[where x=2])
-    apply (simp add: succ)
-    apply (simp add: member_rec(1))
     apply (rule block2_global_rel)
      apply assumption
-    apply simp
+    apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
+    apply (simp add: member_rec(1))
     done
 qed
 
@@ -176,27 +179,20 @@ qed
 lemma block0_global_rel:
   assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
-  have cmds: "node_to_block(p_before_cfg_to_dag_prog.proc_body) ! 0 = [(Havoc 0)]" 
-    using p_before_cfg_to_dag_prog.block_0_def p_before_cfg_to_dag_prog.node_0 by auto
-  have syntactic_rel: "ast_cfg_rel None [] bigblock0 [Havoc 0]"  
-    by (simp add: Rel_Main_test)
-  have succ: "(out_edges(p_before_cfg_to_dag_prog.proc_body) ! 0) = [3, 1]" 
-    using p_before_cfg_to_dag_prog.outEdges_0 by auto 
-  have "Suc 0 = 1" by simp
   show ?thesis 
     apply (rule block_global_rel_if_successor)
-             apply (rule syntactic_rel)
-            apply (rule ast_trace)
-           apply simp
-          apply simp
-        apply (rule cmds)
+           apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def) 
+          apply (rule ast_trace)
+         apply (simp add: bigblock0_def)
+        apply (rule p_before_cfg_to_dag_prog.node_0)
        apply (rule assms(1))
        apply simp
       apply simp
      apply (rule bigblock0_local_rel)
-      apply assumption
+      apply (simp add: bigblock0_def)
      apply assumption
     apply simp
     apply (rule disjE)
@@ -207,19 +203,19 @@ proof -
      apply (simp add:member_rec(1))
      apply (rule conjE)
       apply assumption
-    unfolding p_before_cfg_to_dag_prog.post_def
+    unfolding if_example_before_ast_cfg.post_def
      apply (rule block_then_global_rel)
-       apply assumption        
+       apply (simp add: bigblock_then_def)
       apply simp
      apply assumption
    
     apply (erule allE[where x=1])
-    apply (simp del: Nat.One_nat_def add:p_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp del: Nat.One_nat_def add:member_rec(1))
+    apply (simp add:p_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add:member_rec(1))
     apply (rule conjE)
      apply assumption
     apply (rule block_else_global_rel)
-      apply assumption
+      apply (simp add: bigblock_else_def)
      apply simp
     apply (simp add: false_equals_not_true)
     done
@@ -227,23 +223,23 @@ qed
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls))"
 lemma end_to_end_theorem_aux3:
 assumes 
-Red: "rtranclp (red_bigblock A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] if_example_before_ast_cfg.proc_body) (bigblock0, (KSeq bigblock1 KStop), Normal ns) (end_bb, end_cont, end_state)" and 
+Red: "rtranclp (red_bigblock A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) \<Gamma> [] if_example_before_ast_cfg.proc_body) (bigblock0, (KSeq bigblock1 KStop), Normal ns) (end_bb, end_cont, end_state)" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
 FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
 Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_cfg_to_dag_prog.pres)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_example_before_ast_cfg.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] p_before_cfg_to_dag_prog.post end_bb end_cont end_state)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] if_example_before_ast_cfg.post end_bb end_cont end_state)"
 proof -
-from Red obtain j where Aux:"(A,M,((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)),\<Gamma>,[],if_example_before_ast_cfg.proc_body \<turnstile> (bigblock0, (KSeq bigblock1 KStop), Normal ns) -n\<longrightarrow>^j (end_bb, end_cont, end_state))"
+from Red obtain j where Aux:"(A,M,((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)),\<Gamma>,[],if_example_before_ast_cfg.proc_body \<turnstile> (bigblock0, (KSeq bigblock1 KStop), Normal ns) -n\<longrightarrow>^j (end_bb, end_cont, end_state))"
 by (meson rtranclp_imp_relpowp)
   show ?thesis
 apply (rule block0_global_rel)
@@ -251,14 +247,18 @@ defer
 apply (rule Aux)
 apply (rule valid_config_implies_not_failure)
 apply (rule end_to_end_theorem_aux)
-apply assumption
+apply (simp add: if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
+                 p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
 using VC apply simp
 using Closed apply simp
 using NonEmptyTypes apply simp
 apply (rule FInterp)
 using Axioms apply simp
-using Precondition apply simp
-using ParamsLocal apply simp
+using Precondition apply (simp add: if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
+                                    p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+                                    if_example_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
+                                    p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
 using ConstsGlobal apply simp
 using OldGlobal apply simp
 using BinderNs apply simp
@@ -268,28 +268,20 @@ qed
 lemma initialization:                              
   assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock0, bigblock1] ns1) (reached_bb, reached_cont, reached_state)"
   shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, KSeq bigblock1 KStop, Normal ns1) (reached_bb, reached_cont, reached_state)" 
-proof -
-  have "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, convert_list_to_cont (rev [bigblock1]) KStop, Normal ns1) (reached_bb, reached_cont, reached_state)"
-    using assms by fastforce
-  thus ?thesis by simp
-qed
- 
+  using assms 
+  by simp
+
 
 lemma end_to_end_theorem3:
 assumes 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
 shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms if_example_before_ast_cfg.proc_ast))"
-  apply (rule end_to_end_util2[OF end_to_end_theorem_aux3])
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux3])
 apply (rule initialization)
 unfolding if_example_before_ast_cfg.proc_body_def
 apply assumption using VC apply simp  apply assumption+
-       apply (simp_all add: 
-              exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2
-              if_example_before_ast_cfg.proc_ast_def if_example_before_ast_cfg.proc_body_def 
-              if_example_before_ast_cfg.pres_def if_example_before_ast_cfg.post_def
-              p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
-              if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
-              p_before_cfg_to_dag_prog.pres_def p_before_cfg_to_dag_prog.post_def)
-       done
-
+apply (simp_all add: 
+      exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2
+      if_example_before_ast_cfg.proc_ast_def if_example_before_ast_cfg.proc_body_def)
+done
 end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
index 2311346..6c46a7a 100644
--- a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
+++ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
@@ -5,7 +5,7 @@ theory if_example_before_ast_cfg
           "../global_data"
 
 begin
-abbreviation bigblock0
+definition bigblock0
   where "bigblock0 \<equiv> 
           (BigBlock None [(Havoc 0)] 
             (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) 
@@ -13,7 +13,7 @@ abbreviation bigblock0
                       [BigBlock None [(Assign 0 (Lit (LInt 1)))] None None])) 
              None)"
 
-abbreviation bigblock1 
+definition bigblock1 
   where "bigblock1 \<equiv> (BigBlock None [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))] None None)"
 
 definition proc_body
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/global_data.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/nested_loop_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
new file mode 100644
index 0000000..2df320d
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
@@ -0,0 +1,399 @@
+theory nested_loop_ast_cfg_proof
+  imports Main 
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          nested_loop_before_cfg_to_dag_prog 
+          nested_loop_before_ast_cfg
+          nested_loop_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+
+begin
+declare Nat.One_nat_def[simp del]
+
+
+abbreviation \<Lambda>1_local
+  where
+    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
+
+definition outer_body_bb1 
+  where "outer_body_bb1 \<equiv> 
+                     (BigBlock None [] 
+                     (Some (WhileWrapper 
+                           (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                            [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                            [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
+                      None)"
+
+definition outer_body_bb2
+  where "outer_body_bb2 \<equiv> (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)"
+
+definition outer_body_bb1_unwrapped where
+  "outer_body_bb1_unwrapped \<equiv> 
+                   (BigBlock None [] 
+                   (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                          [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                          [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None])) 
+                    None)"
+
+definition inner_body_bb1 
+  where "inner_body_bb1 \<equiv> (BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None)"
+
+definition loop_only_bigblock0 where
+  "loop_only_bigblock0 \<equiv> 
+                      (BigBlock None []
+                      (Some (WhileWrapper 
+                            (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                            [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                            [(BigBlock None [] 
+                             (Some (WhileWrapper 
+                                   (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                                    [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                                    [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
+                             None),
+                             (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
+                       None)"
+
+definition bb0_unwrapped where
+  "bb0_unwrapped \<equiv> (BigBlock None []
+                    (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                          [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                          [(BigBlock None [] 
+                           (Some (WhileWrapper 
+                                 (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                                  [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                                  [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
+                           None),
+                           (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)])) 
+                     None)"
+
+lemma bb0_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock0 _ nested_loop_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
+          apply simp+
+        apply (rule Red_bb)
+       apply (rule Red_impl, simp)
+      apply (simp add: nested_loop_before_ast_cfg.bigblock0_def)
+     apply simp
+    apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
+    done
+qed
+
+lemma inner_body_bb1_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (inner_body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_4, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    unfolding nested_loop_before_cfg_to_dag_prog.block_4_def 
+    apply (rule block_local_rel_guard_true)
+            apply (rule Rel_Main_test[of inner_body_bb1])
+           apply (simp add: inner_body_bb1_def)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb)
+       apply (rule Red_impl)
+       apply (simp add: nested_loop_before_cfg_to_dag_prog.block_4_def)
+      apply (simp add: inner_body_bb1_def)
+     apply simp+
+    done
+qed
+
+lemma outer_body_bb2_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (outer_body_bb2 , KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    unfolding nested_loop_before_cfg_to_dag_prog.block_5_def
+    apply (rule block_local_rel_guard_false)
+           apply (rule Rel_Main_test[of outer_body_bb2])
+           apply (simp add: outer_body_bb2_def)
+           apply (rule neg_gt2)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb)
+       apply (rule Red_impl)
+       apply (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def) 
+      apply (simp add: outer_body_bb2_def)
+     apply simp+
+    done 
+qed
+
+lemma outer_body_bb2_global_rel:
+  assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb2, KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  and loop_ih:
+        "\<And>k ns1'. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, (KEndBlock KStop), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  using assms
+proof -
+  show ?thesis
+    apply (rule block_global_rel_if_false)
+                 apply (rule Rel_Main_test[of outer_body_bb2])
+                 apply (simp add: outer_body_bb2_def)
+                apply (rule concrete_trace)
+               apply (simp add: outer_body_bb2_def)
+              apply simp
+             apply simp
+            apply (rule nested_loop_before_cfg_to_dag_prog.node_5)
+           apply (rule nested_loop_before_cfg_to_dag_prog.block_5_def)
+          apply (rule cfg_is_correct)
+          apply simp+
+       apply (rule neg_gt2[of "(Var 1)" "(Lit (LInt 0))"])
+      apply (rule trace_is_possible)
+     apply (rule outer_body_bb2_local_rel)
+       apply assumption
+      apply simp
+     apply (rule trace_is_possible)
+    apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_5)
+    apply (simp add: member_rec)
+    apply (rule loop_ih)
+      apply auto
+    done
+qed
+
+
+
+lemma inner_loop_body_global_rel:
+  assumes j_step_ast_trace: 
+          "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (inner_body_bb1, (KSeq outer_body_bb1_unwrapped (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))))), Normal ns1) -n\<longrightarrow>^j 
+                                 (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
+  and loop_ih:
+        "\<And>k ns1''. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(outer_body_bb1_unwrapped, (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop)))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+proof -
+  show ?thesis
+    apply (rule block_global_rel_if_true)
+                 apply (rule Rel_Main_test[of inner_body_bb1])
+                 apply (simp add: inner_body_bb1_def)
+               apply (rule j_step_ast_trace)
+              apply (simp add: inner_body_bb1_def)
+             apply simp
+            apply simp
+           apply (rule nested_loop_before_cfg_to_dag_prog.node_4)
+          apply (rule nested_loop_before_cfg_to_dag_prog.block_4_def)
+         apply (rule cfg_is_correct)
+         apply simp+
+      apply (rule trace_is_possible)
+     apply (rule inner_body_bb1_local_rel)
+       apply assumption+
+     apply (rule trace_is_possible)
+    apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_4)
+    apply (simp add: member_rec)
+    apply (rule loop_ih)
+      apply auto
+    done
+qed
+
+
+lemma inner_loop_head_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1_unwrapped, (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop)))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and loop_ih:
+        "\<And>k ns1'. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+  case (less j)
+  then show ?case 
+  proof (cases j)
+    case 0
+    then show ?thesis
+      using Ast.valid_configuration_def less.prems(1) by fastforce
+  next
+    case (Suc j')
+    show ?thesis
+      apply (rule block_global_rel_loop_head)
+              apply (rule Rel_Invs[of outer_body_bb1_unwrapped _ _ _ nested_loop_before_cfg_to_dag_prog.block_3])
+              apply (simp add: outer_body_bb1_unwrapped_def nested_loop_before_cfg_to_dag_prog.block_3_def)
+             apply (rule less(2))
+            apply (rule less(3), simp)
+           apply (simp add: outer_body_bb1_unwrapped_def)
+          apply simp
+         apply (rule block_local_rel_loop_head)
+             apply (rule Rel_Invs[of outer_body_bb1_unwrapped])
+             apply (simp add: outer_body_bb1_unwrapped_def)
+            apply (simp add: outer_body_bb1_unwrapped_def)
+           apply (simp)
+          apply (rule nested_loop_before_cfg_to_dag_prog.block_3_def)
+         apply (simp, simp)
+       apply (simp add: nested_loop_before_cfg_to_dag_prog.node_3)
+      apply(rule disjE)
+        apply assumption
+
+       apply (erule allE[where x = 4])
+       apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)
+       apply (simp add:member_rec(1))
+       apply (rule conjE)
+        apply assumption
+       apply simp
+       apply (rule inner_loop_body_global_rel) 
+          apply (simp add: inner_body_bb1_def)
+         apply simp
+        apply assumption
+       apply (rule less.IH)
+         apply (rule strictly_smaller_helper2)
+           apply assumption+
+       apply (rule less.prems(3))
+         apply (rule strictly_smaller_helper3)
+           apply assumption+
+
+      apply (erule allE[where x = 5])
+      apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)
+      apply (simp add:member_rec(1))
+      apply (rule conjE)
+       apply assumption
+      apply simp
+      apply (rule ending)
+           apply assumption
+          apply assumption
+         apply simp
+        apply blast
+       apply assumption
+      apply (rule outer_body_bb2_global_rel)
+         apply assumption+
+      apply (rule less.prems(3))
+        apply (rule strictly_smaller_helper4)
+          apply assumption+
+      done
+  qed
+qed
+
+lemma inner_loop_head_global_rel_wrapped:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1, (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and loop_ih:
+        "\<And>k ns1'. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  apply (rule ending3)
+     apply (rule j_step_ast_trace)
+    apply (simp add: outer_body_bb1_def)
+   apply (rule cfg_is_correct, simp)
+  apply (rule inner_loop_head_global_rel)
+    apply (simp add: outer_body_bb1_unwrapped_def)
+   apply assumption
+  apply (rule loop_ih)
+    apply (rule strictly_smaller_helper2)
+     apply assumption+
+  done
+
+lemma outer_loop_head_global_rel:
+  assumes j_step_ast_trace: 
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bb0_unwrapped, KEndBlock KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms 
+proof (induction j arbitrary: ns1 rule: less_induct)
+  case (less j)
+  then show ?case 
+  proof (cases j)
+    case 0
+    then show ?thesis
+      using valid_configuration_def less.prems(1) by fastforce
+  next
+    case (Suc j')
+    show ?thesis
+      apply (rule block_global_rel_loop_head) 
+              apply (rule Rel_Invs[of bb0_unwrapped])
+              apply (simp add: bb0_unwrapped_def)
+             apply (rule less(2))
+            apply (rule less(3), simp)
+           apply (simp add: bb0_unwrapped_def)
+          apply simp
+         apply (rule block_local_rel_loop_head)
+              apply (rule Rel_Invs[of bb0_unwrapped])
+              apply (simp add: bb0_unwrapped_def)
+            apply (simp add: bb0_unwrapped_def)
+           apply (simp, simp, simp)
+       apply (simp add: nested_loop_before_cfg_to_dag_prog.node_1)
+       apply (simp add: nested_loop_before_cfg_to_dag_prog.block_1_def)
+      apply(rule disjE)
+        apply assumption
+    
+       apply (erule allE[where x = 2])
+       apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_1)
+       apply (simp add:member_rec(1))
+       apply (rule conjE)
+        apply assumption
+       apply simp
+       apply (rule inner_loop_head_global_rel_wrapped)
+         apply (simp add: outer_body_bb1_def outer_body_bb2_def)
+        apply (rule correctness_propagates_through_assumption2)
+            apply assumption
+           apply (simp add: nested_loop_before_cfg_to_dag_prog.node_2)
+           apply (simp add: nested_loop_before_cfg_to_dag_prog.block_2_def)
+          apply assumption
+         apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_2)
+         apply (simp add: member_rec)
+        apply assumption
+       apply (rule less.IH)
+         apply (rule strictly_smaller_helper2)
+          apply assumption+
+
+      apply (erule allE[where x = 6])
+      apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1)
+      apply (simp add:member_rec(1))
+      apply (rule conjE)
+       apply assumption
+      apply simp
+      apply (rule ending_directly_after_loop_exit)
+       apply assumption
+      apply simp
+      done
+  qed
+qed
+
+lemma entry_block_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)"
+  using assms
+proof -
+  show ?thesis
+    unfolding nested_loop_before_cfg_to_dag_prog.post_def
+    apply (rule block_global_rel_while_successor)
+           apply (rule j_step_ast_trace)
+          apply (rule Rel_Main_test[of bigblock0 _ nested_loop_before_cfg_to_dag_prog.block_0])
+          apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
+         apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
+        apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
+       apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
+      apply (rule cfg_is_correct, simp)
+     apply (simp add: nested_loop_before_cfg_to_dag_prog.node_0)
+     apply (rule bb0_local_rel)
+      apply assumption
+     apply simp
+    apply (rule outer_loop_head_global_rel)
+     apply (simp add: bb0_unwrapped_def)
+    apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add: member_rec(1))
+    done
+qed
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy
new file mode 100644
index 0000000..9933ba9
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy
@@ -0,0 +1,103 @@
+theory nested_loop_before_ast_cfg
+  imports
+    Boogie_Lang.Ast
+    Boogie_Lang.Semantics 
+    Boogie_Lang.TypeSafety 
+    Boogie_Lang.Util 
+    "../global_data"
+begin
+
+definition bigblock0 
+  where "bigblock0 \<equiv> (BigBlock None [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]
+                      (Some (WhileWrapper 
+                            (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                            [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                            [(BigBlock None [] 
+                             (Some (WhileWrapper 
+                                   (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                                    [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                                    [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
+                             None),
+                             (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
+                       None)"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 # []"
+
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop_before_ast_cfg.params_vdecls_def nested_loop_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_cfg.params_vdecls) )"
+unfolding nested_loop_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_cfg.locals_vdecls) )"
+unfolding nested_loop_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = nested_loop_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec nested_loop_before_ast_cfg.post),proc_body = (Some (nested_loop_before_ast_cfg.locals_vdecls,nested_loop_before_ast_cfg.proc_body))|)"
+
+end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..dd2e91f
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
@@ -0,0 +1,164 @@
+theory nested_loop_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]"
+definition block_1
+  where
+    "block_1  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[6,2],[3],[5,4],[3],[1],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [6,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [5,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = nested_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop_before_cfg_to_dag_prog.post),proc_body = (Some (nested_loop_before_cfg_to_dag_prog.locals_vdecls,nested_loop_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
new file mode 100644
index 0000000..4d9e13e
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
@@ -0,0 +1,139 @@
+theory nested_loop_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Havoc 1),(Assume (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Havoc 0),(Havoc 1),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[2,3],[4],[1,5],[6],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [1,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
new file mode 100644
index 0000000..bb20376
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
@@ -0,0 +1,557 @@
+theory nested_loop_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop_before_cfg_to_dag_prog nested_loop_before_passive_prog nested_loop_passification_proof nested_loop_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def nested_loop_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule nested_loop_before_passive_prog.node_0)
+apply simp
+unfolding nested_loop_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon4_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_6_def nested_loop_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_6)
+apply (rule nested_loop_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon4_LoopDone)
+apply assumption+
+apply (rule nested_loop_before_cfg_to_dag_prog.outEdges_6)
+apply (rule nested_loop_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon5_LoopDone:
+shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_5)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_5_def nested_loop_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_5)
+apply (rule nested_loop_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon5_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon5_LoopDone)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon4_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5_LoopBody:
+shows "(mods_contained_in (set [1]) nested_loop_before_cfg_to_dag_prog.block_4)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_3 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_4_def nested_loop_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_y(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 3 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_4)
+apply (rule nested_loop_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon5_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon5_LoopBody)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon5_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5_LoopHead:
+shows "(mods_contained_in (set [1]) nested_loop_before_cfg_to_dag_prog.block_3)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_3_def nested_loop_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+  show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_3)
+apply (rule nested_loop_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon5_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon5_LoopHead)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon4_LoopBody:
+shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_2)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon4_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_2_def nested_loop_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_y(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon4_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_2)
+apply (rule nested_loop_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon4_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon4_LoopBody)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon4_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon4_LoopHead:
+shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_1)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon4_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_1_def nested_loop_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_x(1)))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon4_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_1)
+apply (rule nested_loop_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon4_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon4_LoopHead)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_0_def nested_loop_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
+apply (rule nested_loop_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:nested_loop_before_passive_prog.outEdges_8))
+by ((simp add:nested_loop_before_passive_prog.node_8 nested_loop_before_passive_prog.block_8_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule nested_loop_before_passive_prog.node_9)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding nested_loop_before_passive_prog.block_9_def
+apply (rule assume_pres_normal[where ?es=nested_loop_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding nested_loop_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule nested_loop_before_passive_prog.outEdges_9)
+apply ((simp add:nested_loop_before_passive_prog.node_8 nested_loop_before_passive_prog.block_8_def))
+apply (rule nested_loop_before_passive_prog.outEdges_8)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule nested_loop_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms nested_loop_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_loop_before_cfg_to_dag_prog.proc_def nested_loop_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
new file mode 100644
index 0000000..f624a39
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
@@ -0,0 +1,349 @@
+theory nested_loop_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_passive_prog nested_loop_passive_prog Boogie_Lang.PassificationML nested_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_0_def nested_loop_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_1_def nested_loop_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old nested_loop_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_2_def nested_loop_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_x(2) nested_loop_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(1,(Inl 5))]) R_old nested_loop_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_3_def nested_loop_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(2) nested_loop_passive_prog.l_y_2(2)))
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(1,(Inl 4))]) R_old nested_loop_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_4_def nested_loop_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(2) nested_loop_passive_prog.l_y_1(2)))
+by simp
+
+lemma block_anon4_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 3)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_5_def nested_loop_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old nested_loop_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_6_def nested_loop_passive_prog.block_6_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_x(2) nested_loop_passive_prog.l_x_0(2)))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(2) nested_loop_passive_prog.l_y_0(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10))),(1,(Inr (LInt 10)))]) R_old nested_loop_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_7_def nested_loop_passive_prog.block_7_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_8_def nested_loop_passive_prog.block_8_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_9_def nested_loop_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_0},@{thm nested_loop_before_passive_prog.outEdges_0}) (@{thm nested_loop_passive_prog.node_0},@{thm nested_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon4_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_1},@{thm nested_loop_before_passive_prog.outEdges_1}) (@{thm nested_loop_passive_prog.node_1},@{thm nested_loop_passive_prog.outEdges_1}) @{thm block_anon4_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_2},@{thm nested_loop_before_passive_prog.outEdges_2}) (@{thm nested_loop_passive_prog.node_2},@{thm nested_loop_passive_prog.outEdges_2}) @{thm block_anon5_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_3},@{thm nested_loop_before_passive_prog.outEdges_3}) (@{thm nested_loop_passive_prog.node_3},@{thm nested_loop_passive_prog.outEdges_3}) @{thm block_anon5_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_4},@{thm nested_loop_before_passive_prog.outEdges_4}) (@{thm nested_loop_passive_prog.node_4},@{thm nested_loop_passive_prog.outEdges_4}) @{thm block_anon5_LoopHead} [
+@{thm cfg_block_anon5_LoopDone}, 
+@{thm cfg_block_anon5_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon4_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 3)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_5},@{thm nested_loop_before_passive_prog.outEdges_5}) (@{thm nested_loop_passive_prog.node_5},@{thm nested_loop_passive_prog.outEdges_5}) @{thm block_anon4_LoopBody} [
+@{thm cfg_block_anon5_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon4_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_6},@{thm nested_loop_before_passive_prog.outEdges_6}) (@{thm nested_loop_passive_prog.node_6},@{thm nested_loop_passive_prog.outEdges_6}) @{thm block_anon4_LoopHead} [
+@{thm cfg_block_anon4_LoopDone}, 
+@{thm cfg_block_anon4_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_7},@{thm nested_loop_before_passive_prog.outEdges_7}) (@{thm nested_loop_passive_prog.node_7},@{thm nested_loop_passive_prog.outEdges_7}) @{thm block_anon0} [
+@{thm cfg_block_anon4_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_8},@{thm nested_loop_before_passive_prog.outEdges_8}) (@{thm nested_loop_passive_prog.node_8},@{thm nested_loop_passive_prog.outEdges_8}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_9},@{thm nested_loop_before_passive_prog.outEdges_9}) (@{thm nested_loop_passive_prog.node_9},@{thm nested_loop_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv nested_loop_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding nested_loop_passive_prog.params_vdecls_def nested_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using nested_loop_before_passive_prog.globals_locals_disj apply auto[1]
+using nested_loop_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_loop_passive_prog.proc_body u (Inl 9)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_loop_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from nested_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
new file mode 100644
index 0000000..5eadc7c
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
@@ -0,0 +1,208 @@
+theory nested_loop_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4))),(Assume (BinOp (Var 6) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 6) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 4) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 5) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 4) Ge (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 3) Ge (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 2) Ge (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assert (BinOp (Lit (LInt 10)) Ge (Lit (LInt 0))))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[2,3],[4],[1,5],[6],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [1,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(5,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop_passive_prog.params_vdecls_def nested_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
new file mode 100644
index 0000000..01eeeb3
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
@@ -0,0 +1,370 @@
+theory nested_loop_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML nested_loop_passive_prog nested_loop_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon4_LoopDone
+  where
+    "vc_anon4_LoopDone  = True"
+definition vc_anon5_LoopDone
+  where
+    "vc_anon5_LoopDone y_1 x_1 x_0 = ((((0::int) \<ge> y_1) \<and> (x_1 = (x_0 - (1::int)))) \<longrightarrow> (x_1 \<ge> (0::int)))"
+definition vc_anon5_LoopBody
+  where
+    "vc_anon5_LoopBody y_1 y_2 = (((y_1 > (0::int)) \<and> (y_2 = (y_1 - (1::int)))) \<longrightarrow> (y_2 \<ge> (0::int)))"
+definition vc_anon5_LoopHead
+  where
+    "vc_anon5_LoopHead y_1 x_1 x_0 y_2 = ((y_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon5_LoopDone y_1 x_1 x_0) \<and> (vc_anon5_LoopBody y_1 y_2)))"
+definition vc_anon4_LoopBody
+  where
+    "vc_anon4_LoopBody x_0 y_0 y_1 x_1 y_2 = ((x_0 > (0::int)) \<longrightarrow> ((y_0 \<ge> (0::int)) \<and> ((y_0 \<ge> (0::int)) \<longrightarrow> (vc_anon5_LoopHead y_1 x_1 x_0 y_2))))"
+definition vc_anon4_LoopHead
+  where
+    "vc_anon4_LoopHead x_0 y_0 y_1 x_1 y_2 = ((x_0 \<ge> (0::int)) \<longrightarrow> ((vc_anon4_LoopDone ) \<and> (vc_anon4_LoopBody x_0 y_0 y_1 x_1 y_2)))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 y_0 y_1 x_1 y_2 = (((10::int) \<ge> (0::int)) \<and> (((10::int) \<ge> (0::int)) \<longrightarrow> (vc_anon4_LoopHead x_0 y_0 y_1 x_1 y_2)))"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry x_0 y_0 y_1 x_1 y_2 = (vc_anon0 x_0 y_0 y_1 x_1 y_2)"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_y_2 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_1)))" and 
+G5: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_1)))" and 
+G6: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_2)))" and 
+G7: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7
+lemmas forall_poly_thm = forall_vc_type[OF G7]
+lemmas exists_poly_thm = exists_vc_type[OF G7]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding nested_loop_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon4_LoopDone_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon4_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopDone ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding nested_loop_passive_prog.block_1_def vc.vc_anon4_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopDone_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon5_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop_passive_prog.block_2_def vc.vc_anon5_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon5_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_y_1 vc_y_2) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop_passive_prog.block_3_def vc.vc_anon5_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0) \<and> (vc.vc_anon5_LoopBody vc_y_1 vc_y_2))))))))"
+unfolding nested_loop_passive_prog.block_4_def vc.vc_anon5_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_LoopBody_hints = [
+(AssumeConjR 0,NONE), 
+(AssertSub,NONE)]
+\<close>
+lemma block_anon4_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2)))))))"
+unfolding nested_loop_passive_prog.block_5_def vc.vc_anon4_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon4_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_LoopDone ) \<and> (vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))))))))"
+unfolding nested_loop_passive_prog.block_6_def vc.vc_anon4_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon0_hints = [
+(AssertSub,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))))"
+unfolding nested_loop_passive_prog.block_7_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_8 (Normal n_s) s')" and 
+"(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))"
+using assms
+unfolding nested_loop_passive_prog.block_8_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding nested_loop_passive_prog.block_9_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) nested_loop_passive_prog.node_0 nested_loop_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon4_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_LoopDone )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_loop_passive_prog.node_1])
+apply (erule block_anon4_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop_passive_prog.node_2])
+by (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopBody vc_y_1 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop_passive_prog.node_3])
+by (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_4])
+apply (erule block_anon5_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon4_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_5])
+apply (erule block_anon4_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon4_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_6])
+apply (erule block_anon4_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_7])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_8])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_9])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) \<Gamma> [] nested_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/global_data.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..caf8832
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
@@ -0,0 +1,111 @@
+theory no_guard_empty_branch_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assign 0 (Lit (LInt 6)))]"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[2,1],[],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [2,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_cfg_to_dag_prog.post),proc_body = (Some (no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls,no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
new file mode 100644
index 0000000..05f60ff
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory no_guard_empty_branch_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assign 0 (Lit (LInt 6)))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
new file mode 100644
index 0000000..4c9441e
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
@@ -0,0 +1,250 @@
+theory no_guard_empty_branch_if_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_empty_branch_if_before_cfg_to_dag_prog no_guard_empty_branch_if_before_passive_prog no_guard_empty_branch_if_passification_proof no_guard_empty_branch_if_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_empty_branch_if_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def no_guard_empty_branch_if_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule no_guard_empty_branch_if_before_passive_prog.node_0)
+apply simp
+unfolding no_guard_empty_branch_if_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def no_guard_empty_branch_if_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
+apply (rule no_guard_empty_branch_if_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_Then)
+apply assumption+
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def no_guard_empty_branch_if_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
+apply (rule no_guard_empty_branch_if_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_Else)
+apply assumption+
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def no_guard_empty_branch_if_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
+apply (rule no_guard_empty_branch_if_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:no_guard_empty_branch_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:no_guard_empty_branch_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:no_guard_empty_branch_if_before_passive_prog.outEdges_4))
+by ((simp add:no_guard_empty_branch_if_before_passive_prog.node_4 no_guard_empty_branch_if_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_empty_branch_if_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule no_guard_empty_branch_if_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding no_guard_empty_branch_if_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=no_guard_empty_branch_if_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_5)
+apply ((simp add:no_guard_empty_branch_if_before_passive_prog.node_4 no_guard_empty_branch_if_before_passive_prog.block_4_def))
+apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_empty_branch_if_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule no_guard_empty_branch_if_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms no_guard_empty_branch_if_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_def no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
new file mode 100644
index 0000000..29765aa
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
@@ -0,0 +1,254 @@
+theory no_guard_empty_branch_if_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_passive_prog no_guard_empty_branch_if_passive_prog Boogie_Lang.PassificationML no_guard_empty_branch_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_empty_branch_if_before_passive_prog.block_0_def no_guard_empty_branch_if_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_empty_branch_if_before_passive_prog.block_1_def no_guard_empty_branch_if_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 6)))]) R_old no_guard_empty_branch_if_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_empty_branch_if_before_passive_prog.block_2_def no_guard_empty_branch_if_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old no_guard_empty_branch_if_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_empty_branch_if_before_passive_prog.block_3_def no_guard_empty_branch_if_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.l_x(2) no_guard_empty_branch_if_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_empty_branch_if_before_passive_prog.block_4_def no_guard_empty_branch_if_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_empty_branch_if_before_passive_prog.block_5_def no_guard_empty_branch_if_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_0},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_0}) (@{thm no_guard_empty_branch_if_passive_prog.node_0},@{thm no_guard_empty_branch_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon3_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_1},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_1}) (@{thm no_guard_empty_branch_if_passive_prog.node_1},@{thm no_guard_empty_branch_if_passive_prog.outEdges_1}) @{thm block_anon3_Then} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon3_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_2},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_2}) (@{thm no_guard_empty_branch_if_passive_prog.node_2},@{thm no_guard_empty_branch_if_passive_prog.outEdges_2}) @{thm block_anon3_Else} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_3},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_3}) (@{thm no_guard_empty_branch_if_passive_prog.node_3},@{thm no_guard_empty_branch_if_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon3_Then}, 
+@{thm cfg_block_anon3_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_4},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_4}) (@{thm no_guard_empty_branch_if_passive_prog.node_4},@{thm no_guard_empty_branch_if_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_5},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_5}) (@{thm no_guard_empty_branch_if_passive_prog.node_5},@{thm no_guard_empty_branch_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv no_guard_empty_branch_if_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding no_guard_empty_branch_if_passive_prog.params_vdecls_def no_guard_empty_branch_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using no_guard_empty_branch_if_before_passive_prog.globals_locals_disj apply auto[1]
+using no_guard_empty_branch_if_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from no_guard_empty_branch_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
new file mode 100644
index 0000000..9e83877
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
@@ -0,0 +1,119 @@
+theory no_guard_empty_branch_if_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_empty_branch_if_passive_prog.params_vdecls_def no_guard_empty_branch_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
new file mode 100644
index 0000000..f961fcc
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
@@ -0,0 +1,213 @@
+theory no_guard_empty_branch_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML no_guard_empty_branch_if_passive_prog no_guard_empty_branch_if_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2
+lemmas forall_poly_thm = forall_vc_type[OF G2]
+lemmas exists_poly_thm = exists_vc_type[OF G2]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_empty_branch_if_passive_prog.block_0_def
+apply cases
+by auto
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_1 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_empty_branch_if_passive_prog.block_1_def
+apply cases
+by auto
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_2 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_empty_branch_if_passive_prog.block_2_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_3 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_empty_branch_if_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_4 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_empty_branch_if_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding no_guard_empty_branch_if_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) no_guard_empty_branch_if_passive_prog.node_0 no_guard_empty_branch_if_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon3_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_1])
+apply (erule block_anon3_Then)
+apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_2])
+apply (erule block_anon3_Else)
+apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_3])
+apply (erule block_anon0)
+apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_4])
+apply (erule block_0)
+apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_empty_branch_if_passive_prog.m_x])
+apply (subst lookup_var_local[OF no_guard_empty_branch_if_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_empty_branch_if_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF no_guard_empty_branch_if_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/global_data.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_if_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
new file mode 100644
index 0000000..f58c89d
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
@@ -0,0 +1,158 @@
+theory no_guard_if_ast_cfg_proof
+  imports Main
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          no_guard_if_before_cfg_to_dag_prog 
+          no_guard_if_before_ast_cfg
+          no_guard_if_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+
+begin
+
+definition bigblock_then 
+  where "bigblock_then \<equiv> BigBlock None [(Assign 0 (Lit (LInt 0)))] None None"
+
+definition bigblock_else
+  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 1)))] None None"
+
+lemma bigblock0_local_rel:
+  assumes Red_bb0_to: 
+      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock0])
+           apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl, simp)
+      apply (simp add: bigblock0_def)
+     apply (simp)
+    apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)
+    done
+qed
+
+
+lemma bigblock_then_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis
+    unfolding no_guard_if_before_cfg_to_dag_prog.block_2_def 
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock_then])
+           apply (simp add: bigblock_then_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl)
+       apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_2_def)
+      apply (simp add: bigblock_then_def)
+    by simp_all
+qed
+
+lemma bigblock_else_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis
+    unfolding no_guard_if_before_cfg_to_dag_prog.block_1_def 
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock_else])
+           apply (simp add: bigblock_else_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl)
+       apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_1_def)
+      apply (simp add: bigblock_else_def)
+    by simp_all
+qed
+
+
+lemma block_then_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis 
+    apply (rule generic_ending_block_global_rel)
+         apply (rule Rel_Main_test[of bigblock_then _ no_guard_if_before_cfg_to_dag_prog.block_2])
+         apply (simp add: bigblock_then_def no_guard_if_before_cfg_to_dag_prog.block_2_def)
+        apply (rule assms(1))
+       apply (simp add: bigblock_then_def)
+      apply simp
+     apply (rule no_guard_if_before_cfg_to_dag_prog.node_2)
+    apply (rule assms(2))
+    apply simp
+    done
+qed
+
+
+lemma block_else_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+           apply (rule Rel_Main_test[of bigblock_else _ no_guard_if_before_cfg_to_dag_prog.block_1])
+         apply (simp add: bigblock_else_def no_guard_if_before_cfg_to_dag_prog.block_1_def)
+        apply (rule assms(1))
+       apply (simp add: bigblock_else_def)
+      apply simp
+     apply (rule no_guard_if_before_cfg_to_dag_prog.node_1)
+    apply (rule assms(2))
+    apply simp
+    done
+qed
+
+
+lemma block0_global_rel:
+  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis 
+    apply (rule block_global_rel_if_successor)
+           apply (rule Rel_Main_test[of bigblock0 _ no_guard_if_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
+          apply (rule ast_trace)
+         apply (simp add: bigblock0_def)
+        apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
+       apply (rule assms(1))
+       apply simp
+      apply simp
+     apply (rule bigblock0_local_rel)
+      apply (simp add: bigblock0_def)
+     apply assumption
+    apply simp
+    apply (rule disjE)
+      apply assumption
+
+     apply (erule allE[where x=2])
+     apply (simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0)
+     apply (simp add:member_rec(1))
+    unfolding no_guard_if_before_cfg_to_dag_prog.post_def
+     apply (rule block_then_global_rel)
+      apply (simp add: bigblock_then_def)
+    apply simp
+   
+    apply (erule allE[where x=1])
+    apply (simp del: Nat.One_nat_def add:no_guard_if_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp del: Nat.One_nat_def add:member_rec(1))
+    apply (rule block_else_global_rel)
+      apply (simp add: bigblock_else_def)
+    apply simp
+    done
+qed
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy
new file mode 100644
index 0000000..324a21d
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy
@@ -0,0 +1,85 @@
+theory no_guard_if_before_ast_cfg
+  imports Main
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "../global_data"
+
+begin
+
+definition bigblock0
+  where "bigblock0 \<equiv> 
+          (BigBlock None [(Havoc 0)] 
+            (Some (ParsedIf None 
+                  [BigBlock None [(Assign 0 (Lit (LInt 0)))] None None] [BigBlock None [(Assign 0 (Lit (LInt 1)))] None None])) 
+             None)"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_if_before_ast_cfg.params_vdecls_def no_guard_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_cfg.params_vdecls) )"
+unfolding no_guard_if_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_cfg.locals_vdecls) )"
+unfolding no_guard_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = no_guard_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec no_guard_if_before_ast_cfg.post),proc_body = (Some (no_guard_if_before_ast_cfg.locals_vdecls,no_guard_if_before_ast_cfg.proc_body))|)"
+
+end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..a616969
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
@@ -0,0 +1,111 @@
+theory no_guard_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assign 0 (Lit (LInt 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assign 0 (Lit (LInt 0)))]"
+definition outEdges
+  where
+    "outEdges  = [[2,1],[],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [2,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = no_guard_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_if_before_cfg_to_dag_prog.post),proc_body = (Some (no_guard_if_before_cfg_to_dag_prog.locals_vdecls,no_guard_if_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
new file mode 100644
index 0000000..63101c3
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory no_guard_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assign 0 (Lit (LInt 0)))]"
+definition block_2
+  where
+    "block_2  = [(Assign 0 (Lit (LInt 1)))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
new file mode 100644
index 0000000..f4a541d
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
@@ -0,0 +1,250 @@
+theory no_guard_if_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_if_before_cfg_to_dag_prog no_guard_if_before_passive_prog no_guard_if_passification_proof no_guard_if_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_if_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def no_guard_if_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule no_guard_if_before_passive_prog.node_0)
+apply simp
+unfolding no_guard_if_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_guard_if_before_cfg_to_dag_prog.block_2_def no_guard_if_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule no_guard_if_before_cfg_to_dag_prog.node_2)
+apply (rule no_guard_if_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_Then)
+apply assumption+
+apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule no_guard_if_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_guard_if_before_cfg_to_dag_prog.block_1_def no_guard_if_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule no_guard_if_before_cfg_to_dag_prog.node_1)
+apply (rule no_guard_if_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_Else)
+apply assumption+
+apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule no_guard_if_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_guard_if_before_cfg_to_dag_prog.block_0_def no_guard_if_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
+apply (rule no_guard_if_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:no_guard_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:no_guard_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:no_guard_if_before_passive_prog.outEdges_4))
+by ((simp add:no_guard_if_before_passive_prog.node_4 no_guard_if_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_if_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule no_guard_if_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding no_guard_if_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=no_guard_if_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding no_guard_if_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule no_guard_if_before_passive_prog.outEdges_5)
+apply ((simp add:no_guard_if_before_passive_prog.node_4 no_guard_if_before_passive_prog.block_4_def))
+apply (rule no_guard_if_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_if_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule no_guard_if_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms no_guard_if_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_guard_if_before_cfg_to_dag_prog.proc_def no_guard_if_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
new file mode 100644
index 0000000..a115244
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
@@ -0,0 +1,254 @@
+theory no_guard_if_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_passive_prog no_guard_if_passive_prog Boogie_Lang.PassificationML no_guard_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_if_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_if_before_passive_prog.block_0_def no_guard_if_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old no_guard_if_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_if_before_passive_prog.block_1_def no_guard_if_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 1)))]) R_old no_guard_if_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_if_before_passive_prog.block_2_def no_guard_if_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old no_guard_if_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_if_before_passive_prog.block_3_def no_guard_if_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:no_guard_if_before_cfg_to_dag_prog.l_x(2) no_guard_if_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_if_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_if_before_passive_prog.block_4_def no_guard_if_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_if_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_if_before_passive_prog.block_5_def no_guard_if_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_0},@{thm no_guard_if_before_passive_prog.outEdges_0}) (@{thm no_guard_if_passive_prog.node_0},@{thm no_guard_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon3_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_1},@{thm no_guard_if_before_passive_prog.outEdges_1}) (@{thm no_guard_if_passive_prog.node_1},@{thm no_guard_if_passive_prog.outEdges_1}) @{thm block_anon3_Then} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon3_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_2},@{thm no_guard_if_before_passive_prog.outEdges_2}) (@{thm no_guard_if_passive_prog.node_2},@{thm no_guard_if_passive_prog.outEdges_2}) @{thm block_anon3_Else} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_3},@{thm no_guard_if_before_passive_prog.outEdges_3}) (@{thm no_guard_if_passive_prog.node_3},@{thm no_guard_if_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon3_Then}, 
+@{thm cfg_block_anon3_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_4},@{thm no_guard_if_before_passive_prog.outEdges_4}) (@{thm no_guard_if_passive_prog.node_4},@{thm no_guard_if_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_5},@{thm no_guard_if_before_passive_prog.outEdges_5}) (@{thm no_guard_if_passive_prog.node_5},@{thm no_guard_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv no_guard_if_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding no_guard_if_passive_prog.params_vdecls_def no_guard_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using no_guard_if_before_passive_prog.globals_locals_disj apply auto[1]
+using no_guard_if_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] no_guard_if_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] no_guard_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from no_guard_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
new file mode 100644
index 0000000..31ce339
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
@@ -0,0 +1,119 @@
+theory no_guard_if_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_if_passive_prog.params_vdecls_def no_guard_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
new file mode 100644
index 0000000..cf00163
--- /dev/null
+++ b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
@@ -0,0 +1,213 @@
+theory no_guard_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML no_guard_if_passive_prog no_guard_if_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2
+lemmas forall_poly_thm = forall_vc_type[OF G2]
+lemmas exists_poly_thm = exists_vc_type[OF G2]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_if_passive_prog.block_0_def
+apply cases
+by auto
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_1 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_if_passive_prog.block_1_def
+apply cases
+by auto
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_2 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_if_passive_prog.block_2_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_3 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_if_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_4 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_if_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding no_guard_if_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) no_guard_if_passive_prog.node_0 no_guard_if_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon3_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_1])
+apply (erule block_anon3_Then)
+apply ((simp add:no_guard_if_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_2])
+apply (erule block_anon3_Else)
+apply ((simp add:no_guard_if_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_3])
+apply (erule block_anon0)
+apply ((simp add:no_guard_if_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_4])
+apply (erule block_0)
+apply ((simp add:no_guard_if_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:no_guard_if_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) \<Gamma> [] no_guard_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_if_passive_prog.m_x])
+apply (subst lookup_var_local[OF no_guard_if_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_if_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF no_guard_if_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
index 4ba4069..cf279de 100644
--- a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
+++ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
@@ -12,27 +12,20 @@ theory while_example2_ast_cfg_proof
           p_passification_proof 
           p_vcphase_proof
 
-
-(*
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
-*)
 begin
-
+declare Nat.One_nat_def[simp del]
 
 abbreviation \<Lambda>1_local
   where
-    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
 
-abbreviation body_bb1 
+definition body_bb1 
   where "body_bb1 \<equiv> BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None"
 
-abbreviation body_bb2 
+definition body_bb2 
   where "body_bb2 \<equiv> BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None"
 
-abbreviation unwrapped_bigblock1 where
+definition unwrapped_bigblock1 where
   "unwrapped_bigblock1 \<equiv> 
             (BigBlock None [] 
             (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) 
@@ -40,7 +33,7 @@ abbreviation unwrapped_bigblock1 where
                       [BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None]))
              None)"
 
-abbreviation loop_only_bigblock0 where
+definition loop_only_bigblock0 where
   "loop_only_bigblock0 \<equiv> 
             (BigBlock None [] 
             (Some (WhileWrapper
@@ -49,7 +42,7 @@ abbreviation loop_only_bigblock0 where
                   [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None]))) 
              None)"
 
-abbreviation unwrapped_bigblock0 where
+definition unwrapped_bigblock0 where
   "unwrapped_bigblock0 \<equiv> 
             (BigBlock None [] 
             (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
@@ -63,12 +56,17 @@ lemma bb0_local_rel:
   shows "reached_state \<noteq> Failure  \<and>
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] bigblock0 p_before_cfg_to_dag_prog.block_0" 
-    unfolding p_before_cfg_to_dag_prog.block_0_def by (rule Rel_Main_test) 
-  then show ?thesis 
-    using assms
-    unfolding p_before_cfg_to_dag_prog.block_0_def
-    by (auto simp: block_local_rel_generic)
+  show ?thesis 
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+          apply simp+
+        apply (rule Red_bb)
+       apply (rule Red_impl, simp)
+      apply (simp add: bigblock0_def)
+     apply simp
+    apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
+    done
 qed
 
 lemma first_loop_body_bb_local_rel:
@@ -78,21 +76,19 @@ lemma first_loop_body_bb_local_rel:
   shows "reached_state \<noteq> Failure  \<and>
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] body_bb1 [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
-    by (rule Rel_Main_test) 
-
   show ?thesis 
-    unfolding p_before_cfg_to_dag_prog.block_2_def
+    unfolding p_before_cfg_to_dag_prog.block_2_def 
     apply (rule block_local_rel_guard_true)
-            apply (rule syntactic_rel)
-           apply simp
+           apply (rule Rel_Main_test[of body_bb1])
+           apply (simp add: body_bb1_def)
           apply simp
-         apply simp
-      apply (rule trace_is_possible)
-     apply (rule Red_bb)
-    apply (rule Red_impl)
-    unfolding p_before_cfg_to_dag_prog.block_2_def
-    by simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb)
+       apply (rule Red_impl)
+       apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
+      apply (simp add: body_bb1_def)
+     apply simp+
+    done
 qed 
 
 lemma second_loop_body_bb_local_rel:
@@ -102,21 +98,19 @@ lemma second_loop_body_bb_local_rel:
   shows "reached_state \<noteq> Failure  \<and>
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] body_bb2 [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]" 
-    by (rule Rel_Main_test) 
-
   show ?thesis 
     unfolding p_before_cfg_to_dag_prog.block_5_def
     apply (rule block_local_rel_guard_true)
-            apply (rule syntactic_rel)
-           apply simp
+           apply (rule Rel_Main_test[of body_bb2])
+           apply (simp add: body_bb2_def)
           apply simp
-         apply simp
-        apply (rule trace_is_possible)
-      apply (rule Red_bb)
-      apply (rule Red_impl)
-      unfolding p_before_cfg_to_dag_prog.block_5_def
-      by simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb)
+       apply (rule Red_impl)
+       apply (simp add: p_before_cfg_to_dag_prog.block_5_def)
+      apply (simp add: body_bb2_def)
+     apply simp+
+    done
 qed
 
 lemma bb2_local_rel:
@@ -126,25 +120,20 @@ lemma bb2_local_rel:
   shows "reached_state \<noteq> Failure  \<and>
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_6, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] bigblock2 [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]" 
-    unfolding p_before_cfg_to_dag_prog.block_6_def
-    by (rule Rel_Main_test) 
-  have guard_equiv: "UnOp Not (BinOp (Var 0) Lt (Lit (LInt 0))) \<sim> (Lit (LInt 0) \<guillemotleft>Le\<guillemotright> Var 0)" 
-    by (rule neg_lt2) 
-
   show ?thesis 
     unfolding p_before_cfg_to_dag_prog.block_6_def
     apply (rule block_local_rel_guard_false)
-            apply (rule syntactic_rel)
-           apply simp
+            apply (rule Rel_Main_test[of bigblock2])
+            apply (simp add: bigblock2_def)
+           apply (rule neg_lt2)
           apply simp
-        apply (rule guard_equiv)
-       apply simp
-      apply (rule trace_is_possible)
-     apply (rule Red_bb)
-    apply (rule Red_impl)
-    unfolding p_before_cfg_to_dag_prog.block_6_def
-    by simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb)
+       apply (rule Red_impl)
+       apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
+      apply (simp add: bigblock2_def)
+     apply simp+
+    done
 qed
 
 lemma bb2_global_rel:
@@ -154,19 +143,16 @@ lemma bb2_global_rel:
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   using assms
 proof -
-  have syn_rel: "ast_cfg_rel None [] bigblock2 [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]" by (simp add: Rel_Main_test)
-  have cmds: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 6 = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]" 
-    using p_before_cfg_to_dag_prog.block_6_def p_before_cfg_to_dag_prog.node_6 by auto
-
   show ?thesis
     apply (rule generic_ending_block_after_loop_global_rel)
-             apply (rule syn_rel)
-            apply simp
+            apply (rule Rel_Main_test[of bigblock2])
+            apply (simp add: bigblock2_def)
+           apply (simp add: bigblock2_def)
            apply simp
-          apply simp
-         apply (rule cmds)
+          apply (rule p_before_cfg_to_dag_prog.node_6)
+         apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
         apply simp
-       apply (rule neg_lt2[of "(Var 0)" "(Lit (LInt 0))"])
+       apply (rule neg_lt2)
         apply(rule trace_is_possible)
        apply (rule concrete_trace)
       apply (rule cfg_is_correct)
@@ -187,28 +173,22 @@ lemma second_loop_body_global_rel:
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
 proof -
-  have syn_rel: "ast_cfg_rel None [] body_bb2 [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]" by (simp add: Rel_Main_test)
-  have cmds: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 5 = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]" 
-    using p_before_cfg_to_dag_prog.block_5_def p_before_cfg_to_dag_prog.node_5 by fastforce
   show ?thesis
     apply (rule block_global_rel_if_true)
-               apply (rule syn_rel)
+                apply (rule Rel_Main_test[of body_bb2])
+                apply (simp add: body_bb2_def)
               apply (rule j_step_ast_trace)
+             apply (simp add: body_bb2_def)
              apply simp
             apply simp
-           apply (rule cmds)
-          apply simp
+           apply (rule p_before_cfg_to_dag_prog.node_5)
+          apply (rule p_before_cfg_to_dag_prog.block_5_def)
          apply (rule cfg_is_correct)
-         apply simp
-        apply simp
-       apply simp
+         apply simp+
       apply (rule trace_is_possible)
-     apply (rule block_local_rel_guard_true)
-           apply (rule syn_rel)
-          apply (simp, simp, simp)
-       apply (rule trace_is_possible)
-      apply assumption
-     apply assumption
+     apply (rule second_loop_body_bb_local_rel)
+       apply assumption+
+     apply (rule trace_is_possible)
     apply (simp add: p_before_cfg_to_dag_prog.outEdges_5)
     apply (simp add: member_rec)
     apply (rule loop_ih)
@@ -230,28 +210,24 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       using Ast.valid_configuration_def less.prems(1) by fastforce
   next
     case (Suc j')
-    have ast_cfg_rel_concrete sorry
-
-    have transfer_all: "(\<forall>m3 s3 n ns. ((A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow> 
-                        (\<And>m3 s3 n ns. ((A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns) -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure))" by auto
-
-    have node_4_helper: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 4 = [Assert (Var 0 \<guillemotleft>Le\<guillemotright> Lit (LInt 0))]" 
-      by (simp add: p_before_cfg_to_dag_prog.block_4_def p_before_cfg_to_dag_prog.node_4)
     show ?thesis
       apply (rule block_global_rel_loop_head)
-             apply (rule Rel_Invs)
-            apply (rule less(2))
-           apply (rule less(3))
-           apply simp
+              apply (rule Rel_Invs[of unwrapped_bigblock1 _ _ _ p_before_cfg_to_dag_prog.block_4])
+              apply (simp add: unwrapped_bigblock1_def p_before_cfg_to_dag_prog.block_4_def)
+             apply (rule less(2))
+            apply (rule less(3), simp)
+           apply (simp add: unwrapped_bigblock1_def)
           apply simp                 
          apply (rule block_local_rel_loop_head)
-            apply (rule Rel_Invs)
+              apply (rule Rel_Invs[of unwrapped_bigblock1])
+              apply (simp add: unwrapped_bigblock1_def)
+           apply (simp add: unwrapped_bigblock1_def)
            apply simp
+           apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
           apply simp
          apply simp
-        apply simp
-       apply simp
-       apply (rule node_4_helper)
+        apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
+       apply (simp add: p_before_cfg_to_dag_prog.node_4)
       apply(rule disjE)
         apply assumption
 
@@ -262,14 +238,12 @@ proof (induction j arbitrary: ns1 rule: less_induct)
         apply assumption
        apply simp
        apply (rule second_loop_body_global_rel)
-          apply assumption
+          apply (simp add: body_bb2_def)
          apply simp
         apply assumption
        apply (rule less.IH)
          apply (erule strictly_smaller_helper2)
-         apply assumption
-         apply assumption
-       apply assumption
+         apply assumption+
 
       apply (erule allE[where x = 6])
       apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)
@@ -278,15 +252,13 @@ proof (induction j arbitrary: ns1 rule: less_induct)
        apply assumption
       apply simp
       apply (rule ending)
-          apply assumption
-         apply assumption 
-        (* using allE impCE notE HOL.refl subst sym swap arity_type_nat impI notI rev_mp RedVar_case RedBinOp_case arity_type_state arity_type_val *)
+           apply assumption
+          apply assumption 
+         apply simp
         apply blast
-        apply assumption
-       apply (simp add: bb2_global_rel)
-   (* TODO: Here auto works after deferring, otherwise it doesn't, why? 
-      Answer: it works without deferring as well but then it changes the other subgoals also. 'subgoal by auto' doesn't work. Why? *)
-   (* apply_trace auto *)
+       apply assumption
+      apply (rule bb2_global_rel)
+        apply assumption+
       done
   qed
 qed
@@ -302,28 +274,23 @@ lemma first_loop_body_global_rel:
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
 proof -
-  have syn_rel: "ast_cfg_rel None [] body_bb1 [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" by (simp add: Rel_Main_test)
-  have cmds: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
-    using p_before_cfg_to_dag_prog.block_2_def p_before_cfg_to_dag_prog.node_2 by fastforce
   show ?thesis
     apply (rule block_global_rel_if_true)
-               apply (rule syn_rel)
+              apply (rule Rel_Main_test[of body_bb1])
+              apply (simp add: body_bb1_def)
               apply (rule j_step_ast_trace)
+             apply (simp add: body_bb1_def)
              apply simp
             apply simp
-           apply (rule cmds)
-          apply simp
+           apply (rule p_before_cfg_to_dag_prog.node_2)
+          apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
          apply (rule cfg_is_correct)
-         apply simp
-        apply simp
-       apply simp
+         apply simp+
       apply (rule trace_is_possible)
-     apply (rule block_local_rel_guard_true)
-           apply (rule syn_rel)
-          apply (simp, simp, simp)
-       apply (rule trace_is_possible)
-      apply assumption
-     apply assumption
+     apply (rule first_loop_body_bb_local_rel)
+       apply assumption
+      apply simp
+     apply (rule trace_is_possible)
     apply (simp add: p_before_cfg_to_dag_prog.outEdges_2)
     apply (simp add: member_rec)
     apply (rule loop_ih)
@@ -331,30 +298,6 @@ proof -
     done
 qed
 
-
-lemma correctness_propagates_through_assumption_concrete:
-  assumes "\<forall>m s. (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile> (Inl 3, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
-      and "node_to_block p_before_cfg_to_dag_prog.proc_body ! 3 = [Assume c]"
-      and "UnOp Not guard \<sim> c"
-      and "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV False"
-    shows "\<And>m1 s1. (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile> (Inl 4, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> s1 \<noteq> Failure"
-  using assms
-proof -
-  have succ: "List.member [4] 4" by (simp add: member_rec(1))
-  fix m1 s1
-  assume prem: "(A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile> (Inl 4, Normal ns1) -n\<rightarrow>* (m1, s1))"
-  show "s1 \<noteq> Failure"
-  apply (rule correctness_propagates_through_assumption)
-       apply (rule assms(1))
-      apply (rule assms(2))
-     apply (rule assms(3))
-    apply (rule assms(4))
-     apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
-     apply (rule succ)
-    apply (rule prem)
-    done
-qed
-
 lemma first_loop_head_global_rel:
   assumes j_step_ast_trace: 
     "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock0, (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
@@ -370,62 +313,63 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       using valid_configuration_def less.prems(1) by fastforce
   next
     case (Suc j')
-    have out_edges_Suc0: "((nth (out_edges p_before_cfg_to_dag_prog.proc_body) (Suc 0)) = [3,2])" using p_before_cfg_to_dag_prog.outEdges_1 by auto
-    have node_3_helper: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
-      using p_before_cfg_to_dag_prog.block_3_def p_before_cfg_to_dag_prog.node_3 by auto
-    have node_1_helper: "node_to_block p_before_cfg_to_dag_prog.proc_body ! (Suc 0) = [Assert (Var 0 \<guillemotleft>Ge\<guillemotright> Lit (LInt 0))]" 
-      using p_before_cfg_to_dag_prog.block_1_def p_before_cfg_to_dag_prog.node_1 by auto
-    have succ_helper: "List.member [4] 4"by (simp add: member_rec(1))
     show ?thesis
       apply (rule block_global_rel_loop_head) 
-             apply (rule Rel_Invs)
-            apply (rule less(2))
-           apply (rule less(3))
-           apply simp
+               apply (rule Rel_Invs[of unwrapped_bigblock0 _ _ _ p_before_cfg_to_dag_prog.block_1])
+              apply (simp add: unwrapped_bigblock0_def p_before_cfg_to_dag_prog.block_1_def)
+             apply (rule less(2))
+            apply (rule less(3), simp)
+            apply (simp add: unwrapped_bigblock0_def)
           apply simp                 
          apply (rule block_local_rel_loop_head)
-            apply (rule Rel_Invs)
-           apply simp
+             apply (rule Rel_Invs[of unwrapped_bigblock0])
+             apply (simp add: unwrapped_bigblock0_def)
+           apply (simp add: unwrapped_bigblock0_def)
+           apply (simp)
+           apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
           apply simp
          apply simp
-        apply simp
-       apply simp
-       apply (rule node_1_helper)
+        apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
+       apply (simp add: p_before_cfg_to_dag_prog.node_1)
+       apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
       apply(rule disjE)
         apply assumption
     
        apply (erule allE[where x = 2])
-       apply (simp add: out_edges_Suc0)
+       apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
        apply (simp add:member_rec(1))
        apply (rule conjE)
         apply assumption
        apply simp
        apply (rule first_loop_body_global_rel)
-          apply assumption
+          apply (simp add: body_bb1_def)
          apply simp
         apply assumption
        apply (rule less.IH)
          apply (erule strictly_smaller_helper2)
-         apply assumption
-         apply assumption
-       apply assumption
+         apply assumption+
 
       apply (erule allE[where x = 3])
-      apply (simp add:out_edges_Suc0)
+      apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
       apply (simp add:member_rec(1))
       apply (rule conjE)
        apply assumption
       apply simp
       apply (rule ending2)
-             apply assumption
-            apply assumption
+              apply assumption
+             apply (simp add: bigblock1_def bigblock2_def)
+            apply simp
            apply assumption
           apply assumption
-         apply (rule node_3_helper)
+         apply (simp add: p_before_cfg_to_dag_prog.node_3)
+         apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
         apply (rule neg_gt2)
        apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
-       apply (rule succ_helper)
-      by (simp add: second_loop_head_global_rel)
+       apply (simp add: member_rec)
+      apply (rule second_loop_head_global_rel)
+       apply (simp add: unwrapped_bigblock1_def bigblock2_def)
+      apply auto
+      done
   qed
 qed
 
@@ -433,40 +377,37 @@ lemma entry_block_global_rel:
   assumes j_step_ast_trace: 
     "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
 proof -
-  have node_0_helper: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 0 = [Havoc 0]" 
-    by (simp add: p_before_cfg_to_dag_prog.block_0_def p_before_cfg_to_dag_prog.node_0)
-  have "[Havoc 0] = p_before_cfg_to_dag_prog.block_0" by (simp only: p_before_cfg_to_dag_prog.block_0_def) 
   show ?thesis
-    unfolding p_before_cfg_to_dag_prog.post_def
+    unfolding while_example2_before_ast_cfg.post_def
     apply (rule block_global_rel_while_successor)
           apply (rule j_step_ast_trace)
-         apply (rule Rel_Main_test)
-        apply simp
-       apply (rule node_0_helper)
-      apply (rule cfg_is_correct)
-      apply simp
-     apply (simp only: \<open>[Havoc 0] = p_before_cfg_to_dag_prog.block_0\<close>)
+          apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
+          apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+         apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+        apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
+       apply (rule p_before_cfg_to_dag_prog.node_0)
+      apply (rule cfg_is_correct, simp)
+     apply (simp add: p_before_cfg_to_dag_prog.node_0)
      apply (rule bb0_local_rel)
-      apply (simp only: \<open>[Havoc 0] = p_before_cfg_to_dag_prog.block_0\<close>)
-     apply assumption
-    apply (simp del: Nat.One_nat_def add: p_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp del: Nat.One_nat_def add: member_rec)
+      apply assumption
+     apply simp
     apply (rule first_loop_head_global_rel)
-     apply assumption
-    (* TODO: Again, why does auto work only in the end here? *)
-    by auto
+     apply (simp add: unwrapped_bigblock0_def)
+    apply (simp add: p_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add: member_rec(1))
+    done
 qed
 
 abbreviation \<Lambda>0_local
   where
-    "\<Lambda>0_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
 lemma end_to_end_theorem_aux2:
 assumes 
 Red: "rtranclp (red_bigblock 
-      A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] 
+      A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<Gamma> [] 
             while_example2_before_ast_cfg.proc_body) 
       (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) (end_bb, end_cont, end_state)" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
@@ -474,30 +415,35 @@ Closed: "(\<And> v. (closed ((type_of_val A) v)))" and
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
 FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
 Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0_local \<Gamma> [] ns p_before_cfg_to_dag_prog.pres)" and 
+Precondition: "(expr_all_sat A \<Lambda>0_local \<Gamma> [] ns while_example2_before_ast_cfg.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0_local))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0_local))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0_local \<Gamma> [] p_before_cfg_to_dag_prog.post end_bb end_cont end_state)"
+shows "(Ast.valid_configuration A \<Lambda>0_local \<Gamma> [] while_example2_before_ast_cfg.post end_bb end_cont end_state)"
 proof -
   from Red obtain j where 
-    Aux:"(A,M,((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)),\<Gamma>,[],while_example2_before_ast_cfg.proc_body \<turnstile> (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) -n\<longrightarrow>^j (end_bb, end_cont, end_state))"
+    Aux:"(A,M,((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)),\<Gamma>,[],while_example2_before_ast_cfg.proc_body \<turnstile> (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) -n\<longrightarrow>^j (end_bb, end_cont, end_state))"
 by (meson rtranclp_imp_relpowp)
   show ?thesis
 apply (rule entry_block_global_rel)
 apply (rule Aux)
 apply (rule valid_config_implies_not_failure)
 apply (rule end_to_end_theorem_aux)
-apply assumption
+apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
+                 p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
 using VC apply simp
 using Closed apply simp
 using NonEmptyTypes apply simp
 apply (rule FInterp)
 using Axioms apply simp
-using Precondition apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
+using Precondition apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
+                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def
+                                   while_example2_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
+                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
+                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
 using OldGlobal apply simp
 using BinderNs apply simp
 done
@@ -506,13 +452,8 @@ qed
 lemma initialization:                              
   assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock0, bigblock1, bigblock2] ns1) (reached_bb, reached_cont, reached_state)"
   shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, KSeq bigblock1 (KSeq bigblock2 KStop), Normal ns1) (reached_bb, reached_cont, reached_state)" 
-proof -
-  have "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, convert_list_to_cont (rev [bigblock1, bigblock2]) KStop, Normal ns1) (reached_bb, reached_cont, reached_state)"
-    using assms by fastforce
-  hence "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, convert_list_to_cont (rev [bigblock1]) (KSeq bigblock2 KStop), Normal ns1) (reached_bb, reached_cont, reached_state)"
-    by simp
-  thus ?thesis by simp
-qed
+  using assms
+  by simp
  
 
 lemma end_to_end_theorem2:
@@ -523,13 +464,9 @@ apply (rule end_to_end_util2[OF end_to_end_theorem_aux2])
 apply (rule initialization)
 unfolding while_example2_before_ast_cfg.proc_body_def
 apply assumption using VC apply simp  apply assumption+
-  unfolding p_before_cfg_to_dag_prog.pres_def p_before_cfg_to_dag_prog.post_def
-       apply (simp_all add: 
-              exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2
-              while_example2_before_ast_cfg.proc_ast_def while_example2_before_ast_cfg.proc_body_def 
-              while_example2_before_ast_cfg.pres_def while_example2_before_ast_cfg.post_def
-              p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
-              while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def)
-  done
+apply (simp_all add: 
+      exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2
+      while_example2_before_ast_cfg.proc_ast_def while_example2_before_ast_cfg.proc_body_def)
+done
 
 end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
index 14bfc5e..ac8ef55 100644
--- a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
+++ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
@@ -6,7 +6,7 @@ theory while_example2_before_ast_cfg
 
 begin
 
-abbreviation bigblock0
+definition bigblock0
   where "bigblock0 \<equiv> 
           (BigBlock None [(Havoc 0)] 
             (Some (WhileWrapper 
@@ -15,7 +15,7 @@ abbreviation bigblock0
                   [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None]))) 
              None)"
 
-abbreviation bigblock1
+definition bigblock1
   where "bigblock1 \<equiv> 
           (BigBlock None [] 
             (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) 
@@ -23,7 +23,7 @@ abbreviation bigblock1
                       [BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None]))) 
              None)"
 
-abbreviation bigblock2
+definition bigblock2
   where "bigblock2 \<equiv> 
           (BigBlock None [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] None None)"
 
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy
new file mode 100644
index 0000000..e068b52
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy
@@ -0,0 +1,188 @@
+theory consecutive_ifs_ast_cfg_proof
+  imports Main
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          consecutive_ifs_before_cfg_to_dag_prog 
+          consecutive_ifs_before_ast_cfg
+          consecutive_ifs_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+
+begin
+
+abbreviation bigblock_then0 
+  where "bigblock_then0 \<equiv> BigBlock None [(Assign 0 (Lit (LInt 5)))] None None"
+
+abbreviation bigblock_else0
+  where "bigblock_else0 \<equiv> BigBlock None [] None None"
+
+abbreviation bigblock_then1 
+  where "bigblock_then1 \<equiv> BigBlock None [(Assign 0 (Lit (LInt 1)))] None None"
+
+abbreviation bigblock_else1
+  where "bigblock_else1 \<equiv> BigBlock None [(Assign 0 (UnOp UMinus (Lit (LInt 1))))] None None"
+
+lemma bigblock0_local_rel:
+  assumes Red_bb0_to: 
+      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> [Havoc 0] (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Havoc 0], Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  have "ast_cfg_rel None [] bigblock0 consecutive_ifs_before_cfg_to_dag_prog.block_0" 
+    unfolding consecutive_ifs_before_cfg_to_dag_prog.block_0_def
+    by (rule Rel_Main_test)
+  then show ?thesis 
+    using assms
+    unfolding consecutive_ifs_before_cfg_to_dag_prog.block_0_def
+    by (auto simp: block_local_rel_generic) 
+qed
+
+
+lemma bigblock_then0_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>consecutive_ifs_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] bigblock_then0 [(Assign 0 (Lit (LInt 5)))]" 
+    by (rule Rel_Main_test)
+  show ?thesis
+    unfolding consecutive_ifs_before_cfg_to_dag_prog.block_5_def 
+    apply (rule block_local_rel_guard_true[OF syntactic_rel _ _ _  trace_is_possible Red_bb0_to Red0_impl])
+    unfolding consecutive_ifs_before_cfg_to_dag_prog.block_5_def 
+    by simp_all
+qed
+
+lemma bigblock_then1_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then1, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>consecutive_ifs_before_cfg_to_dag_prog.block_4, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] bigblock_then1 [(Assign 0 (Lit (LInt 1)))]" 
+    by (rule Rel_Main_test)
+  show ?thesis
+    unfolding consecutive_ifs_before_cfg_to_dag_prog.block_4_def 
+    apply (rule block_local_rel_generic)
+          apply (rule syntactic_rel)
+         apply simp
+        apply simp
+       apply simp
+      apply simp
+     apply (rule Red_bb0_to)
+    by (simp add: Red0_impl consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
+qed
+
+lemma bigblock_else1_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else1, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>consecutive_ifs_before_cfg_to_dag_prog.block_3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] bigblock_else1 [(Assign 0 (UnOp UMinus (Lit (LInt 1))))]" 
+    by (rule Rel_Main_test)
+  show ?thesis
+    unfolding consecutive_ifs_before_cfg_to_dag_prog.block_3_def 
+    apply (rule block_local_rel_generic)
+          apply (rule syntactic_rel)
+         apply simp
+        apply simp
+       apply simp
+      apply simp
+     apply (rule Red_bb0_to)
+    by (simp add: Red0_impl consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
+qed
+
+
+lemma block_then1_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] bigblock_then1 [(Assign 0 (Lit (LInt 1)))]"
+    by (simp add: Rel_Main_test)
+  have succ: "(out_edges(consecutive_ifs_before_cfg_to_dag_prog.proc_body) ! 4) = []" 
+    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_4) 
+  have node_4_local: "node_to_block(consecutive_ifs_before_cfg_to_dag_prog.proc_body) ! 4 = [Assign 0 (Lit (LInt 1))]"
+    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def consecutive_ifs_before_cfg_to_dag_prog.node_4)
+
+  show ?thesis 
+    apply (rule generic_ending_block_global_rel)
+        apply (rule syntactic_rel)
+       apply (rule assms(1))
+      apply simp
+     apply (rule node_4_local)
+    apply (rule assms(2))
+    apply simp
+    done
+qed
+
+lemma block_else1_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  have syntactic_rel: "ast_cfg_rel None [] bigblock_else1  [(Assign 0 (UnOp UMinus (Lit (LInt 1))))]"
+    by (simp add: Rel_Main_test)
+  have succ: "(out_edges(consecutive_ifs_before_cfg_to_dag_prog.proc_body) ! 3) = []" 
+    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_3) 
+  have node_3_local: "node_to_block(consecutive_ifs_before_cfg_to_dag_prog.proc_body) ! 3 = [(Assign 0 (UnOp UMinus (Lit (LInt 1))))]"
+    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def consecutive_ifs_before_cfg_to_dag_prog.node_3)
+
+  show ?thesis 
+    apply (rule generic_ending_block_global_rel)
+        apply (rule syntactic_rel)
+       apply (rule assms(1))
+      apply simp
+     apply (rule node_3_local)
+    apply (rule assms(2))
+    apply simp
+    done
+qed
+
+
+lemma block1_global_rel:
+  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+proof -
+  have cmds: "node_to_block(consecutive_ifs_before_cfg_to_dag_prog.proc_body) ! 2 = []" 
+    using consecutive_ifs_before_cfg_to_dag_prog.block_2_def consecutive_ifs_before_cfg_to_dag_prog.node_2 by auto
+  have syntactic_rel: "ast_cfg_rel None [] bigblock1 []"  
+    by (simp add: Rel_Main_test)
+  have succ: "(out_edges(consecutive_ifs_before_cfg_to_dag_prog.proc_body) ! 2) = [4, 3]" 
+    using consecutive_ifs_before_cfg_to_dag_prog.outEdges_2 by auto 
+  show ?thesis 
+    apply (rule block_global_rel_if_successor)
+          apply (rule syntactic_rel)
+         apply (rule ast_trace)
+        apply (rule cmds)
+       apply (rule assms(1))
+       apply simp
+      apply simp
+     apply simp
+    apply simp
+    apply (rule disjE)
+      apply assumption
+
+     apply (erule allE[where x=4])
+     apply (simp add:succ)
+     apply (simp add:member_rec(1))
+    unfolding consecutive_ifs_before_cfg_to_dag_prog.post_def
+     apply (rule block_then1_global_rel)
+      apply assumption
+     apply simp
+   
+    apply (erule allE[where x=3])
+    apply (simp del: Nat.One_nat_def add:succ)
+    apply (simp del: Nat.One_nat_def add:member_rec(1))
+    apply (rule block_else1_global_rel)
+     apply assumption
+    apply simp
+    done
+qed
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_cfg.thy
new file mode 100644
index 0000000..5a76cfd
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_cfg.thy
@@ -0,0 +1,93 @@
+theory consecutive_ifs_before_ast_cfg
+  imports Main
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "../global_data"
+
+begin
+
+abbreviation bigblock0
+  where "bigblock0 \<equiv> 
+          (BigBlock None [(Havoc 0)] 
+            (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                  [BigBlock None [(Assign 0 (Lit (LInt 5)))] None None] [BigBlock None [] None None])) 
+             None)"
+
+abbreviation bigblock1
+  where "bigblock1 \<equiv> 
+          (BigBlock None [] 
+            (Some (ParsedIf None 
+                  [BigBlock None [(Assign 0 (Lit (LInt 1)))] None None] [BigBlock None [(Assign 0 (UnOp UMinus (Lit (LInt 1))))] None None])) 
+             None)"
+
+
+definition proc_body
+  where
+    "proc_body = bigblock0 # bigblock1 # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_ifs_before_ast_cfg.params_vdecls_def consecutive_ifs_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_ast_cfg.params_vdecls) )"
+unfolding consecutive_ifs_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_ast_cfg.locals_vdecls) )"
+unfolding consecutive_ifs_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = consecutive_ifs_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_ifs_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec consecutive_ifs_before_ast_cfg.post),proc_body = (Some (consecutive_ifs_before_ast_cfg.locals_vdecls,consecutive_ifs_before_ast_cfg.proc_body))|)"
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..2698501
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy
@@ -0,0 +1,144 @@
+theory consecutive_ifs_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_2
+  where
+    "block_2  = []"
+definition block_3
+  where
+    "block_3  = [(Assign 0 (UnOp UMinus (Lit (LInt 1))))]"
+definition block_4
+  where
+    "block_4  = [(Assign 0 (Lit (LInt 1)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (Lit (LInt 5)))]"
+definition outEdges
+  where
+    "outEdges  = [[5,1],[2],[4,3],[],[],[2]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [5,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [4,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = consecutive_ifs_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_ifs_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_ifs_before_cfg_to_dag_prog.post),proc_body = (Some (consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls,consecutive_ifs_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy
new file mode 100644
index 0000000..7a08b52
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy
@@ -0,0 +1,128 @@
+theory consecutive_ifs_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_ifs_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assign 0 (Lit (LInt 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assign 0 (UnOp UMinus (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (Lit (LInt 5)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_6
+  where
+    "block_6  = [(Havoc 0)]"
+definition block_7
+  where
+    "block_7  = []"
+definition block_8
+  where
+    "block_8  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[3],[4,5],[6],[7]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 8,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [4,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy
new file mode 100644
index 0000000..e68ce40
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy
@@ -0,0 +1,399 @@
+theory consecutive_ifs_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_ifs_before_cfg_to_dag_prog consecutive_ifs_before_passive_prog consecutive_ifs_passification_proof consecutive_ifs_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_ifs_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def consecutive_ifs_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule consecutive_ifs_before_passive_prog.node_0)
+apply simp
+unfolding consecutive_ifs_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon7_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_ifs_before_cfg_to_dag_prog.block_4_def consecutive_ifs_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_4)
+apply (rule consecutive_ifs_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon7_Then)
+apply assumption+
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_4)
+apply (rule consecutive_ifs_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon7_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_ifs_before_cfg_to_dag_prog.block_3_def consecutive_ifs_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_3)
+apply (rule consecutive_ifs_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon7_Else)
+apply assumption+
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_3)
+apply (rule consecutive_ifs_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_ifs_before_cfg_to_dag_prog.block_2_def consecutive_ifs_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_2)
+apply (rule consecutive_ifs_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon3)
+apply (assumption+)
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon6_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_ifs_before_cfg_to_dag_prog.block_5_def consecutive_ifs_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_5)
+apply (rule consecutive_ifs_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon6_Then)
+apply (assumption+)
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon6_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_ifs_before_cfg_to_dag_prog.block_1_def consecutive_ifs_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_1)
+apply (rule consecutive_ifs_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon6_Else)
+apply (assumption+)
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_ifs_before_cfg_to_dag_prog.block_0_def consecutive_ifs_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_0)
+apply (rule consecutive_ifs_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_7))
+by ((simp add:consecutive_ifs_before_passive_prog.node_7 consecutive_ifs_before_passive_prog.block_7_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_ifs_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule consecutive_ifs_before_passive_prog.node_8)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding consecutive_ifs_before_passive_prog.block_8_def
+apply (rule assume_pres_normal[where ?es=consecutive_ifs_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding consecutive_ifs_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule consecutive_ifs_before_passive_prog.outEdges_8)
+apply ((simp add:consecutive_ifs_before_passive_prog.node_7 consecutive_ifs_before_passive_prog.block_7_def))
+apply (rule consecutive_ifs_before_passive_prog.outEdges_7)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_ifs_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule consecutive_ifs_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms consecutive_ifs_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 consecutive_ifs_before_cfg_to_dag_prog.proc_def consecutive_ifs_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy
new file mode 100644
index 0000000..f7080ba
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy
@@ -0,0 +1,317 @@
+theory consecutive_ifs_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_ifs_before_passive_prog consecutive_ifs_passive_prog Boogie_Lang.PassificationML consecutive_ifs_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_ifs_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_ifs_before_passive_prog.block_0_def consecutive_ifs_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 1)))]) R_old consecutive_ifs_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_ifs_before_passive_prog.block_1_def consecutive_ifs_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old consecutive_ifs_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_ifs_before_passive_prog.block_2_def consecutive_ifs_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.l_x(2) consecutive_ifs_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_ifs_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_ifs_before_passive_prog.block_3_def consecutive_ifs_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 5)))]) R_old consecutive_ifs_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_ifs_before_passive_prog.block_4_def consecutive_ifs_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_ifs_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_ifs_before_passive_prog.block_5_def consecutive_ifs_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old consecutive_ifs_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_ifs_before_passive_prog.block_6_def consecutive_ifs_passive_prog.block_6_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.l_x(2) consecutive_ifs_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_ifs_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_ifs_before_passive_prog.block_7_def consecutive_ifs_passive_prog.block_7_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_ifs_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_ifs_before_passive_prog.block_8_def consecutive_ifs_passive_prog.block_8_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_0},@{thm consecutive_ifs_before_passive_prog.outEdges_0}) (@{thm consecutive_ifs_passive_prog.node_0},@{thm consecutive_ifs_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon7_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_1},@{thm consecutive_ifs_before_passive_prog.outEdges_1}) (@{thm consecutive_ifs_passive_prog.node_1},@{thm consecutive_ifs_passive_prog.outEdges_1}) @{thm block_anon7_Then} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon7_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_2},@{thm consecutive_ifs_before_passive_prog.outEdges_2}) (@{thm consecutive_ifs_passive_prog.node_2},@{thm consecutive_ifs_passive_prog.outEdges_2}) @{thm block_anon7_Else} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_3},@{thm consecutive_ifs_before_passive_prog.outEdges_3}) (@{thm consecutive_ifs_passive_prog.node_3},@{thm consecutive_ifs_passive_prog.outEdges_3}) @{thm block_anon3} [
+@{thm cfg_block_anon7_Then}, 
+@{thm cfg_block_anon7_Else}] 1\<close>))
+
+lemma cfg_block_anon6_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_ifs_before_passive_prog.node_4},@{thm consecutive_ifs_before_passive_prog.outEdges_4}) (@{thm consecutive_ifs_passive_prog.node_4},@{thm consecutive_ifs_passive_prog.outEdges_4}) @{thm block_anon6_Then} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon6_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_ifs_before_passive_prog.node_5},@{thm consecutive_ifs_before_passive_prog.outEdges_5}) (@{thm consecutive_ifs_passive_prog.node_5},@{thm consecutive_ifs_passive_prog.outEdges_5}) @{thm block_anon6_Else} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_6},@{thm consecutive_ifs_before_passive_prog.outEdges_6}) (@{thm consecutive_ifs_passive_prog.node_6},@{thm consecutive_ifs_passive_prog.outEdges_6}) @{thm block_anon0} [
+@{thm cfg_block_anon6_Then}, 
+@{thm cfg_block_anon6_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_7},@{thm consecutive_ifs_before_passive_prog.outEdges_7}) (@{thm consecutive_ifs_passive_prog.node_7},@{thm consecutive_ifs_passive_prog.outEdges_7}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_8},@{thm consecutive_ifs_before_passive_prog.outEdges_8}) (@{thm consecutive_ifs_passive_prog.node_8},@{thm consecutive_ifs_passive_prog.outEdges_8}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 8),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv consecutive_ifs_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding consecutive_ifs_passive_prog.params_vdecls_def consecutive_ifs_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using consecutive_ifs_before_passive_prog.globals_locals_disj apply auto[1]
+using consecutive_ifs_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] consecutive_ifs_passive_prog.proc_body u (Inl 8)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] consecutive_ifs_passive_prog.proc_body ((Inl 8),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from consecutive_ifs_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy
new file mode 100644
index 0000000..ba80e73
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy
@@ -0,0 +1,161 @@
+theory consecutive_ifs_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_ifs_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 2) Eq (UnOp UMinus (Lit (LInt 1)))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = []"
+definition block_8
+  where
+    "block_8  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[3],[4,5],[6],[7]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 8,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [4,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_ifs_passive_prog.params_vdecls_def consecutive_ifs_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy
new file mode 100644
index 0000000..9979abc
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy
@@ -0,0 +1,297 @@
+theory consecutive_ifs_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML consecutive_ifs_passive_prog consecutive_ifs_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3
+lemmas forall_poly_thm = forall_vc_type[OF G3]
+lemmas exists_poly_thm = exists_vc_type[OF G3]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding consecutive_ifs_passive_prog.block_0_def
+apply cases
+by auto
+
+lemma block_anon7_Then:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_1 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding consecutive_ifs_passive_prog.block_1_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon7_Else_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon7_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding consecutive_ifs_passive_prog.block_2_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_3 (Normal n_s) s')" and 
+"(vc.vc_anon0 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
+using assms
+unfolding consecutive_ifs_passive_prog.block_3_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon6_Then_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon6_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
+unfolding consecutive_ifs_passive_prog.block_4_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_Else_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon6_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
+unfolding consecutive_ifs_passive_prog.block_5_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_6 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding consecutive_ifs_passive_prog.block_6_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_7 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding consecutive_ifs_passive_prog.block_7_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding consecutive_ifs_passive_prog.block_8_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) consecutive_ifs_passive_prog.node_0 consecutive_ifs_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon7_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) consecutive_ifs_passive_prog.node_1])
+apply (erule block_anon7_Then)
+apply ((simp add:consecutive_ifs_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) consecutive_ifs_passive_prog.node_2])
+apply (erule block_anon7_ElseAA0[OF _ assms(2)])
+apply ((simp add:consecutive_ifs_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_ifs_passive_prog.node_3])
+apply (erule block_anon3[OF _ assms(2)])
+apply ((simp add:consecutive_ifs_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_ifs_passive_prog.node_4])
+apply (erule block_anon6_ThenAA0[OF _ assms(2)])
+apply ((simp add:consecutive_ifs_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_ifs_passive_prog.node_5])
+apply (erule block_anon6_ElseAA0[OF _ assms(2)])
+apply ((simp add:consecutive_ifs_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_ifs_passive_prog.node_6])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:consecutive_ifs_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_ifs_passive_prog.node_7])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:consecutive_ifs_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_ifs_passive_prog.node_8])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:consecutive_ifs_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_ifs_passive_prog.m_x])
+apply (subst lookup_var_local[OF consecutive_ifs_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_ifs_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF consecutive_ifs_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_ifs_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF consecutive_ifs_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/global_data.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
new file mode 100644
index 0000000..68bb528
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
@@ -0,0 +1,183 @@
+theory empty_branch_if_ast_cfg_proof
+  imports Main
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          empty_branch_if_before_cfg_to_dag_prog 
+          empty_branch_if_before_ast_cfg
+          empty_branch_if_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+
+begin
+declare Nat.One_nat_def[simp del]
+
+definition bigblock_then 
+  where "bigblock_then \<equiv> BigBlock None [] None None"
+
+definition bigblock_else
+  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 6)))] None None"
+
+lemma bigblock0_local_rel:
+  assumes Red_bb0_to: 
+      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>empty_branch_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock0 _ empty_branch_if_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl, simp)
+      apply (simp add: bigblock0_def)
+     apply simp
+    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+    done
+qed
+
+lemma bigblock_else_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>empty_branch_if_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis
+    unfolding empty_branch_if_before_cfg_to_dag_prog.block_1_def 
+    apply (rule block_local_rel_guard_false)
+            apply (rule Rel_Main_test[of bigblock_else])
+            apply (simp add: bigblock_else_def)
+           apply (rule neg_gt2)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl)
+       apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_1_def)
+      apply (simp add: bigblock_else_def)
+    by simp_all
+qed
+
+lemma block2_global_rel:
+  assumes concrete_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  using assms
+proof -
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+         apply (rule Rel_Main_test[of bigblock1 _ empty_branch_if_before_cfg_to_dag_prog.block_2])
+         apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)
+        apply (rule concrete_trace)
+       apply (simp add: bigblock1_def)
+      apply simp
+     apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
+    apply (rule cfg_is_correct)
+    apply simp
+    done
+qed
+
+
+lemma block_then_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -                    
+  show ?thesis 
+    apply (rule ending_then)
+           apply (rule assms(1))
+          apply (simp add: bigblock_then_def)
+         apply (rule trace_is_possible)
+        apply (rule empty_branch_if_before_cfg_to_dag_prog.node_3)
+       apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_3_def)
+      apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_3)
+      apply (simp add: member_rec)
+     apply (simp add: assms(2))
+     apply (simp add: block2_global_rel)
+    done
+qed
+
+
+lemma block_else_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis
+    apply (rule block_global_rel_if_false)
+                 apply (rule Rel_Main_test[of bigblock_else])
+                 apply (simp add: bigblock_else_def)
+               apply (rule assms(1))
+              apply (simp add: bigblock_else_def)
+              apply simp
+             apply simp
+            apply (rule empty_branch_if_before_cfg_to_dag_prog.node_1)
+           apply (rule empty_branch_if_before_cfg_to_dag_prog.block_1_def)
+          apply (rule assms(2))
+          apply simp
+         apply simp
+        apply simp
+       apply (rule neg_gt2)
+      apply (rule trace_is_possible)
+     apply (rule bigblock_else_local_rel)
+       apply assumption
+      apply assumption
+     apply (rule trace_is_possible)
+    apply (erule allE[where x=2])
+    apply (rule block2_global_rel)
+     apply assumption
+    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
+    apply (simp add: member_rec(1))
+    done
+qed
+
+
+lemma block0_global_rel:
+  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis 
+    apply (rule block_global_rel_if_successor)
+           apply (rule Rel_Main_test[of bigblock0 _ empty_branch_if_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+          apply (rule ast_trace)
+         apply (simp add: bigblock0_def)
+        apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
+       apply (rule assms(1))
+       apply simp
+      apply simp
+     apply (rule bigblock0_local_rel)
+      apply (simp add: bigblock0_def)
+     apply assumption
+    apply simp
+    apply (rule disjE)
+      apply assumption
+
+     apply (erule allE[where x=3])
+     apply (simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
+     apply (simp add:member_rec(1))
+     apply (rule conjE)
+      apply assumption
+    unfolding empty_branch_if_before_cfg_to_dag_prog.post_def
+     apply (rule block_then_global_rel)
+       apply (simp add: bigblock_then_def)       
+      apply simp
+     apply assumption
+   
+    apply (erule allE[where x=1])
+    apply (simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add:member_rec(1))
+    apply (rule conjE)
+     apply assumption
+    apply (rule block_else_global_rel)
+      apply (simp add: bigblock_else_def)
+     apply simp
+    apply (simp add: false_equals_not_true)
+    done
+qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy
new file mode 100644
index 0000000..3c29d5a
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy
@@ -0,0 +1,89 @@
+theory empty_branch_if_before_ast_cfg
+  imports Main
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "../global_data"
+
+begin
+
+definition bigblock0
+  where "bigblock0 \<equiv> 
+          (BigBlock None [(Havoc 0)] 
+            (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) 
+                  [BigBlock None [] None None] [BigBlock None [(Assign 0 (Lit (LInt 6)))] None None])) 
+             None)"
+
+definition bigblock1
+  where "bigblock1 \<equiv> 
+          (BigBlock None [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))] None None)"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 #  bigblock1  # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding empty_branch_if_before_ast_cfg.params_vdecls_def empty_branch_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_cfg.params_vdecls) )"
+unfolding empty_branch_if_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_cfg.locals_vdecls) )"
+unfolding empty_branch_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_ast_cfg.post),proc_body = (Some (empty_branch_if_before_ast_cfg.locals_vdecls,empty_branch_if_before_ast_cfg.proc_body))|)"
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..41c064e
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
@@ -0,0 +1,122 @@
+theory empty_branch_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]"
+definition block_2
+  where
+    "block_2  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]"
+definition outEdges
+  where
+    "outEdges  = [[3,1],[2],[],[2]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [3,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_cfg_to_dag_prog.post),proc_body = (Some (empty_branch_if_before_cfg_to_dag_prog.locals_vdecls,empty_branch_if_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
new file mode 100644
index 0000000..2d6d7db
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory empty_branch_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
new file mode 100644
index 0000000..a3919c0
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
@@ -0,0 +1,292 @@
+theory empty_branch_if_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_branch_if_before_cfg_to_dag_prog empty_branch_if_before_passive_prog empty_branch_if_passification_proof empty_branch_if_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding empty_branch_if_before_cfg_to_dag_prog.block_2_def empty_branch_if_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
+apply (rule empty_branch_if_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding empty_branch_if_before_cfg_to_dag_prog.post_def
+apply (rule block_anon3)
+apply assumption+
+by (rule empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
+
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding empty_branch_if_before_cfg_to_dag_prog.block_3_def empty_branch_if_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_3)
+apply (rule empty_branch_if_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon4_Then)
+apply (assumption+)
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:empty_branch_if_before_passive_prog.outEdges_1))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding empty_branch_if_before_cfg_to_dag_prog.block_1_def empty_branch_if_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_1)
+apply (rule empty_branch_if_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon4_Else)
+apply (assumption+)
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:empty_branch_if_before_passive_prog.outEdges_2))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding empty_branch_if_before_cfg_to_dag_prog.block_0_def empty_branch_if_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
+apply (rule empty_branch_if_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:empty_branch_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:empty_branch_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:empty_branch_if_before_passive_prog.outEdges_4))
+by ((simp add:empty_branch_if_before_passive_prog.node_4 empty_branch_if_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 empty_branch_if_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule empty_branch_if_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding empty_branch_if_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=empty_branch_if_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding empty_branch_if_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule empty_branch_if_before_passive_prog.outEdges_5)
+apply ((simp add:empty_branch_if_before_passive_prog.node_4 empty_branch_if_before_passive_prog.block_4_def))
+apply (rule empty_branch_if_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_branch_if_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule empty_branch_if_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms empty_branch_if_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 empty_branch_if_before_cfg_to_dag_prog.proc_def empty_branch_if_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
new file mode 100644
index 0000000..f80e262
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
@@ -0,0 +1,262 @@
+theory empty_branch_if_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_passive_prog empty_branch_if_passive_prog Boogie_Lang.PassificationML empty_branch_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_branch_if_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_branch_if_before_passive_prog.block_0_def empty_branch_if_passive_prog.block_0_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old empty_branch_if_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_branch_if_before_passive_prog.block_1_def empty_branch_if_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.l_x(2) empty_branch_if_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 6))),(0,(Inl 2))]) R_old empty_branch_if_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_branch_if_before_passive_prog.block_2_def empty_branch_if_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.l_x(2) empty_branch_if_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old empty_branch_if_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_branch_if_before_passive_prog.block_3_def empty_branch_if_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.l_x(2) empty_branch_if_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_branch_if_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_branch_if_before_passive_prog.block_4_def empty_branch_if_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_branch_if_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_branch_if_before_passive_prog.block_5_def empty_branch_if_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_branch_if_before_passive_prog.node_0},@{thm empty_branch_if_before_passive_prog.outEdges_0}) (@{thm empty_branch_if_passive_prog.node_0},@{thm empty_branch_if_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_branch_if_before_passive_prog.node_1},@{thm empty_branch_if_before_passive_prog.outEdges_1}) (@{thm empty_branch_if_passive_prog.node_1},@{thm empty_branch_if_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_branch_if_before_passive_prog.node_2},@{thm empty_branch_if_before_passive_prog.outEdges_2}) (@{thm empty_branch_if_passive_prog.node_2},@{thm empty_branch_if_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_branch_if_before_passive_prog.node_3},@{thm empty_branch_if_before_passive_prog.outEdges_3}) (@{thm empty_branch_if_passive_prog.node_3},@{thm empty_branch_if_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon4_Then}, 
+@{thm cfg_block_anon4_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_branch_if_before_passive_prog.node_4},@{thm empty_branch_if_before_passive_prog.outEdges_4}) (@{thm empty_branch_if_passive_prog.node_4},@{thm empty_branch_if_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_branch_if_before_passive_prog.node_5},@{thm empty_branch_if_before_passive_prog.outEdges_5}) (@{thm empty_branch_if_passive_prog.node_5},@{thm empty_branch_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv empty_branch_if_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding empty_branch_if_passive_prog.params_vdecls_def empty_branch_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using empty_branch_if_before_passive_prog.globals_locals_disj apply auto[1]
+using empty_branch_if_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from empty_branch_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
new file mode 100644
index 0000000..78928d4
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
@@ -0,0 +1,128 @@
+theory empty_branch_if_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 2) Gt (Lit (LInt 5))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 5)))),(Assume (BinOp (Var 2) Eq (Var 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 1))),(Assume (BinOp (Var 2) Eq (Lit (LInt 6))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_branch_if_passive_prog.params_vdecls_def empty_branch_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
new file mode 100644
index 0000000..0958308
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
@@ -0,0 +1,241 @@
+theory empty_branch_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML empty_branch_if_passive_prog empty_branch_if_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon3
+  where
+    "vc_anon3 x_1 = (x_1 > (5::int))"
+definition vc_anon4_Then
+  where
+    "vc_anon4_Then x_0 x_1 = (((x_0 > (5::int)) \<and> (x_1 = x_0)) \<longrightarrow> (vc_anon3 x_1))"
+definition vc_anon4_Else
+  where
+    "vc_anon4_Else x_0 x_1 = ((((5::int) \<ge> x_0) \<and> (x_1 = (6::int))) \<longrightarrow> (vc_anon3 x_1))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 x_1 = ((vc_anon4_Then x_0 x_1) \<and> (vc_anon4_Else x_0 x_1))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3
+lemmas forall_poly_thm = forall_vc_type[OF G3]
+lemmas exists_poly_thm = exists_vc_type[OF G3]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon3_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon3AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding empty_branch_if_passive_prog.block_0_def vc.vc_anon3_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Then_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon4_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
+unfolding empty_branch_if_passive_prog.block_1_def vc.vc_anon4_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Else_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon4_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
+unfolding empty_branch_if_passive_prog.block_2_def vc.vc_anon4_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_3 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
+using assms
+unfolding empty_branch_if_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
+using assms
+unfolding empty_branch_if_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding empty_branch_if_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) empty_branch_if_passive_prog.node_0 empty_branch_if_passive_prog.outEdges_0])
+using block_anon3AA0[OF _ assms(2)] by blast
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Then vc_x_0 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_1])
+apply (erule block_anon4_ThenAA0[OF _ assms(2)])
+apply ((simp add:empty_branch_if_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Else vc_x_0 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_2])
+apply (erule block_anon4_ElseAA0[OF _ assms(2)])
+apply ((simp add:empty_branch_if_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_3])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:empty_branch_if_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_4])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:empty_branch_if_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:empty_branch_if_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x])
+apply (subst lookup_var_local[OF empty_branch_if_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF empty_branch_if_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF empty_branch_if_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/global_data.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_cfg.thy
new file mode 100644
index 0000000..424dc10
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_cfg.thy
@@ -0,0 +1,89 @@
+theory empty_generic_block_before_ast_cfg
+  imports Main
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "../global_data"
+
+begin
+
+abbreviation bigblock0
+  where "bigblock0 \<equiv> 
+          (BigBlock None [(Havoc 0)] 
+            (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) 
+                  [BigBlock None [] None None] [BigBlock None [(Assign 0 (Lit (LInt 6)))] None None])) 
+             None)"
+
+abbreviation bigblock1
+  where "bigblock1 \<equiv> 
+          (BigBlock None [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))] None None)"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 #  bigblock1  # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding empty_branch_if_before_ast_cfg.params_vdecls_def empty_branch_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_cfg.params_vdecls) )"
+unfolding empty_branch_if_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_cfg.locals_vdecls) )"
+unfolding empty_branch_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_ast_cfg.post),proc_body = (Some (empty_branch_if_before_ast_cfg.locals_vdecls,empty_branch_if_before_ast_cfg.proc_body))|)"
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..d1b19cf
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy
@@ -0,0 +1,89 @@
+theory empty_generic_block_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = empty_generic_block_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_generic_block_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_generic_block_before_cfg_to_dag_prog.post),proc_body = (Some (empty_generic_block_before_cfg_to_dag_prog.locals_vdecls,empty_generic_block_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy
new file mode 100644
index 0000000..5bc5e43
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy
@@ -0,0 +1,62 @@
+theory empty_generic_block_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_generic_block_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy
new file mode 100644
index 0000000..6aef149
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy
@@ -0,0 +1,143 @@
+theory empty_generic_block_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_generic_block_before_cfg_to_dag_prog empty_generic_block_before_passive_prog empty_generic_block_passification_proof empty_generic_block_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_generic_block_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding empty_generic_block_before_cfg_to_dag_prog.block_0_def empty_generic_block_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule empty_generic_block_before_cfg_to_dag_prog.node_0)
+apply (rule empty_generic_block_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding empty_generic_block_before_cfg_to_dag_prog.post_def
+apply (rule block_anon0)
+apply assumption+
+by (rule empty_generic_block_before_cfg_to_dag_prog.outEdges_0)
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:empty_generic_block_before_passive_prog.outEdges_1))
+by ((simp add:empty_generic_block_before_passive_prog.node_1 empty_generic_block_before_passive_prog.block_1_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 empty_generic_block_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule empty_generic_block_before_passive_prog.node_2)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding empty_generic_block_before_passive_prog.block_2_def
+apply (rule assume_pres_normal[where ?es=empty_generic_block_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding empty_generic_block_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule empty_generic_block_before_passive_prog.outEdges_2)
+apply ((simp add:empty_generic_block_before_passive_prog.node_1 empty_generic_block_before_passive_prog.block_1_def))
+apply (rule empty_generic_block_before_passive_prog.outEdges_1)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_generic_block_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule empty_generic_block_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms empty_generic_block_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 empty_generic_block_before_cfg_to_dag_prog.proc_def empty_generic_block_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy
new file mode 100644
index 0000000..619977f
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy
@@ -0,0 +1,195 @@
+theory empty_generic_block_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_generic_block_before_passive_prog empty_generic_block_passive_prog Boogie_Lang.PassificationML empty_generic_block_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old empty_generic_block_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_generic_block_before_passive_prog.block_0_def empty_generic_block_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_generic_block_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_generic_block_before_passive_prog.block_1_def empty_generic_block_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_generic_block_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_generic_block_before_passive_prog.block_2_def empty_generic_block_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_generic_block_before_passive_prog.node_0},@{thm empty_generic_block_before_passive_prog.outEdges_0}) (@{thm empty_generic_block_passive_prog.node_0},@{thm empty_generic_block_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_generic_block_before_passive_prog.node_1},@{thm empty_generic_block_before_passive_prog.outEdges_1}) (@{thm empty_generic_block_passive_prog.node_1},@{thm empty_generic_block_passive_prog.outEdges_1}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_generic_block_before_passive_prog.node_2},@{thm empty_generic_block_before_passive_prog.outEdges_2}) (@{thm empty_generic_block_passive_prog.node_2},@{thm empty_generic_block_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv empty_generic_block_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding empty_generic_block_passive_prog.params_vdecls_def empty_generic_block_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using empty_generic_block_before_passive_prog.globals_locals_disj apply auto[1]
+using empty_generic_block_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] empty_generic_block_passive_prog.proc_body u (Inl 2)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] empty_generic_block_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from empty_generic_block_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy
new file mode 100644
index 0000000..bda2aa5
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy
@@ -0,0 +1,77 @@
+theory empty_generic_block_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_generic_block_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Lit (LInt 0)) Eq (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_generic_block_passive_prog.params_vdecls_def empty_generic_block_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy
new file mode 100644
index 0000000..b5195ff
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy
@@ -0,0 +1,148 @@
+theory empty_generic_block_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML empty_generic_block_passive_prog empty_generic_block_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = ((0::int) = (0::int))"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry  = (vc_anon0 )"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1
+lemmas forall_poly_thm = forall_vc_type[OF G1]
+lemmas exists_poly_thm = exists_vc_type[OF G1]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon0_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding empty_generic_block_passive_prog.block_0_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_1 (Normal n_s) s')" and 
+"(vc.vc_anon0 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
+using assms
+unfolding empty_generic_block_passive_prog.block_1_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding empty_generic_block_passive_prog.block_2_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) empty_generic_block_passive_prog.node_0 empty_generic_block_passive_prog.outEdges_0])
+using block_anon0AA0[OF _ assms(2)] by blast
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_generic_block_passive_prog.node_1])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:empty_generic_block_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_generic_block_passive_prog.node_2])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:empty_generic_block_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_generic_block_passive_prog.m_x])
+apply (subst lookup_var_local[OF empty_generic_block_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/global_data.thy b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/global_data.thy b/BoogieLang/generated_example_proofs/goto_example_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/goto_example_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..9c21c20
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_cfg_to_dag_prog.thy
@@ -0,0 +1,89 @@
+theory q_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding q_before_cfg_to_dag_prog.params_vdecls_def q_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) q_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding q_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) q_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding q_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = q_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec q_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec q_before_cfg_to_dag_prog.post),proc_body = (Some (q_before_cfg_to_dag_prog.locals_vdecls,q_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_passive_prog.thy b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_passive_prog.thy
new file mode 100644
index 0000000..03071fe
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_passive_prog.thy
@@ -0,0 +1,62 @@
+theory q_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util q_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding q_before_cfg_to_dag_prog.params_vdecls_def q_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_cfgtodag_proof.thy
new file mode 100644
index 0000000..8d27920
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_cfgtodag_proof.thy
@@ -0,0 +1,143 @@
+theory q_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML q_before_cfg_to_dag_prog q_before_passive_prog q_passification_proof q_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] q_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] q_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] q_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding q_before_cfg_to_dag_prog.block_0_def q_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] q_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] q_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] q_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule q_before_cfg_to_dag_prog.node_0)
+apply (rule q_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding q_before_cfg_to_dag_prog.post_def
+apply (rule block_anon0)
+apply assumption+
+by (rule q_before_cfg_to_dag_prog.outEdges_0)
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] q_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] q_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:q_before_passive_prog.outEdges_1))
+by ((simp add:q_before_passive_prog.node_1 q_before_passive_prog.block_1_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] q_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] q_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 q_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] q_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule q_before_passive_prog.node_2)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding q_before_passive_prog.block_2_def
+apply (rule assume_pres_normal[where ?es=q_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding q_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule q_before_passive_prog.outEdges_2)
+apply ((simp add:q_before_passive_prog.node_1 q_before_passive_prog.block_1_def))
+apply (rule q_before_passive_prog.outEdges_1)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] q_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns q_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] q_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] q_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule q_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms q_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 q_before_cfg_to_dag_prog.proc_def q_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passification_proof.thy b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passification_proof.thy
new file mode 100644
index 0000000..9a9c3c6
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passification_proof.thy
@@ -0,0 +1,195 @@
+theory q_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util q_before_passive_prog q_passive_prog Boogie_Lang.PassificationML q_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> q_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old q_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding q_before_passive_prog.block_0_def q_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> q_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old q_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding q_before_passive_prog.block_1_def q_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> q_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old q_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding q_before_passive_prog.block_2_def q_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> q_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> q_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm q_before_passive_prog.node_0},@{thm q_before_passive_prog.outEdges_0}) (@{thm q_passive_prog.node_0},@{thm q_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> q_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> q_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm q_before_passive_prog.node_1},@{thm q_before_passive_prog.outEdges_1}) (@{thm q_passive_prog.node_1},@{thm q_passive_prog.outEdges_1}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> q_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> q_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm q_before_passive_prog.node_2},@{thm q_before_passive_prog.outEdges_2}) (@{thm q_passive_prog.node_2},@{thm q_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] q_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv q_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding q_passive_prog.params_vdecls_def q_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using q_before_passive_prog.globals_locals_disj apply auto[1]
+using q_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] q_passive_prog.proc_body u (Inl 2)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] q_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from q_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passive_prog.thy b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passive_prog.thy
new file mode 100644
index 0000000..6374952
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passive_prog.thy
@@ -0,0 +1,77 @@
+theory q_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util q_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Lit (LInt 0)) Eq (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding q_passive_prog.params_vdecls_def q_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_vcphase_proof.thy b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_vcphase_proof.thy
new file mode 100644
index 0000000..64a0f54
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_vcphase_proof.thy
@@ -0,0 +1,148 @@
+theory q_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML q_passive_prog q_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = ((0::int) = (0::int))"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry  = (vc_anon0 )"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1
+lemmas forall_poly_thm = forall_vc_type[OF G1]
+lemmas exists_poly_thm = exists_vc_type[OF G1]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon0_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> q_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding q_passive_prog.block_0_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> q_passive_prog.block_1 (Normal n_s) s')" and 
+"(vc.vc_anon0 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
+using assms
+unfolding q_passive_prog.block_1_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> q_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding q_passive_prog.block_2_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> q_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) q_passive_prog.node_0 q_passive_prog.outEdges_0])
+using block_anon0AA0[OF _ assms(2)] by blast
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> q_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) q_passive_prog.node_1])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:q_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> q_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) q_passive_prog.node_2])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:q_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)) \<Gamma> [] q_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF q_passive_prog.m_x])
+apply (subst lookup_var_local[OF q_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/global_data.thy b/BoogieLang/generated_example_proofs/if_example_proofs/global_data.thy
new file mode 100644
index 0000000..51076b5
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/global_data.thy
@@ -0,0 +1,34 @@
+theory global_data
+  imports "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics" 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/TypeSafety" 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Util" 
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
new file mode 100644
index 0000000..b6aa719
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
@@ -0,0 +1,287 @@
+theory if_example_ast_cfg_proof
+  imports Main
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          p_before_cfg_to_dag_prog 
+          if_example_before_ast_cfg
+          p_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+          p_before_passive_prog 
+          p_passification_proof 
+          p_vcphase_proof
+
+begin
+declare Nat.One_nat_def[simp del]
+
+definition bigblock_then 
+  where "bigblock_then \<equiv> BigBlock None [(Assign 0 (Lit (LInt 10)))] None None"
+
+definition bigblock_else
+  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 1)))] None None"
+
+lemma bigblock0_local_rel:
+  assumes Red_bb0_to: 
+      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis 
+    apply (rule block_local_rel_generic) 
+           apply (rule Rel_Main_test[of bigblock0])
+           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl, simp)
+      apply (simp add: bigblock0_def)
+     apply simp
+    apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
+    done
+qed
+
+
+lemma bigblock_then_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis
+    apply (rule block_local_rel_guard_true)
+           apply (rule Rel_Main_test[of bigblock_then])
+           apply (simp add: bigblock_then_def)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl, simp)
+      apply (simp add: bigblock_then_def)
+      apply simp+
+    apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
+    done
+qed
+
+lemma bigblock_else_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis
+    unfolding p_before_cfg_to_dag_prog.block_1_def 
+    apply (rule block_local_rel_guard_false)
+            apply (rule Rel_Main_test[of bigblock_else])
+            apply (simp add: bigblock_else_def)
+ (* FIXME how does one know what rule is to be used here? *)
+           apply (rule neg_gt2)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl)
+       apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
+      apply (simp add: bigblock_else_def)
+    by simp_all
+qed
+
+lemma block2_global_rel:
+  assumes concrete_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  using assms
+proof -
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+         apply (rule Rel_Main_test[of bigblock1 _ p_before_cfg_to_dag_prog.block_2])
+         apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)
+        apply (rule concrete_trace)
+       apply (simp add: bigblock1_def)
+      apply simp
+     apply (rule p_before_cfg_to_dag_prog.node_2)
+    apply (rule cfg_is_correct)
+    apply simp
+    done
+qed
+
+
+lemma block_then_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis 
+    apply (rule block_global_rel_if_true)
+                apply (rule Rel_Main_test[of bigblock_then])
+                apply (simp add: bigblock_then_def)
+               apply (rule assms(1))
+              apply (simp add: bigblock_then_def)
+             apply simp
+            apply simp
+           apply (rule p_before_cfg_to_dag_prog.node_3)
+          apply (rule p_before_cfg_to_dag_prog.block_3_def)
+          apply (rule assms(2))
+          apply simp
+         apply simp
+        apply simp
+      apply (rule trace_is_possible)
+     apply (rule bigblock_then_local_rel)
+       apply assumption
+      apply assumption
+     apply (rule trace_is_possible)
+    apply (simp add:p_before_cfg_to_dag_prog.outEdges_3)
+    apply ((simp add:member_rec(1)))
+    apply (rule block2_global_rel)
+     apply assumption
+    apply simp
+    done
+qed
+
+
+lemma block_else_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis
+    apply (rule block_global_rel_if_false)
+                 apply (rule Rel_Main_test[of bigblock_else])
+                 apply (simp add: bigblock_else_def)
+               apply (rule assms(1))
+              apply (simp add: bigblock_else_def)
+              apply simp
+             apply simp
+            apply (rule p_before_cfg_to_dag_prog.node_1)
+           apply (rule p_before_cfg_to_dag_prog.block_1_def)
+          apply (rule assms(2))
+          apply simp
+         apply simp
+        apply simp
+       apply (rule neg_gt2)
+      apply (rule trace_is_possible)
+     apply (rule bigblock_else_local_rel)
+       apply assumption
+      apply assumption
+     apply (rule trace_is_possible)
+    apply (erule allE[where x=2])
+    apply (rule block2_global_rel)
+     apply assumption
+    apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
+    apply (simp add: member_rec(1))
+    done
+qed
+
+
+lemma block0_global_rel:
+  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis 
+    apply (rule block_global_rel_if_successor)
+           apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def) 
+          apply (rule ast_trace)
+         apply (simp add: bigblock0_def)
+        apply (rule p_before_cfg_to_dag_prog.node_0)
+       apply (rule assms(1))
+       apply simp
+      apply simp
+     apply (rule bigblock0_local_rel)
+      apply (simp add: bigblock0_def)
+     apply assumption
+    apply simp
+    apply (rule disjE)
+      apply assumption
+
+     apply (erule allE[where x=3])
+     apply (simp add:p_before_cfg_to_dag_prog.outEdges_0)
+     apply (simp add:member_rec(1))
+     apply (rule conjE)
+      apply assumption
+    unfolding if_example_before_ast_cfg.post_def
+     apply (rule block_then_global_rel)
+       apply (simp add: bigblock_then_def)
+      apply simp
+     apply assumption
+   
+    apply (erule allE[where x=1])
+    apply (simp add:p_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add:member_rec(1))
+    apply (rule conjE)
+     apply assumption
+    apply (rule block_else_global_rel)
+      apply (simp add: bigblock_else_def)
+     apply simp
+    apply (simp add: false_equals_not_true)
+    done
+qed
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls))"
+lemma end_to_end_theorem_aux3:
+assumes 
+Red: "rtranclp (red_bigblock A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) \<Gamma> [] if_example_before_ast_cfg.proc_body) (bigblock0, (KSeq bigblock1 KStop), Normal ns) (end_bb, end_cont, end_state)" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_example_before_ast_cfg.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] if_example_before_ast_cfg.post end_bb end_cont end_state)"
+proof -
+from Red obtain j where Aux:"(A,M,((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)),\<Gamma>,[],if_example_before_ast_cfg.proc_body \<turnstile> (bigblock0, (KSeq bigblock1 KStop), Normal ns) -n\<longrightarrow>^j (end_bb, end_cont, end_state))"
+by (meson rtranclp_imp_relpowp)
+  show ?thesis
+apply (rule block0_global_rel)
+defer
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
+                 p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
+                                    p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+                                    if_example_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
+                                    p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply simp
+using OldGlobal apply simp
+using BinderNs apply simp
+done
+qed
+
+lemma initialization:                              
+  assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock0, bigblock1] ns1) (reached_bb, reached_cont, reached_state)"
+  shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, KSeq bigblock1 KStop, Normal ns1) (reached_bb, reached_cont, reached_state)" 
+  using assms 
+  by simp
+
+
+lemma end_to_end_theorem3:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms if_example_before_ast_cfg.proc_ast))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux3])
+apply (rule initialization)
+unfolding if_example_before_ast_cfg.proc_body_def
+apply assumption using VC apply simp  apply assumption+
+apply (simp_all add: 
+      exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2
+      if_example_before_ast_cfg.proc_ast_def if_example_before_ast_cfg.proc_body_def)
+done
+end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~
new file mode 100644
index 0000000..3a3816b
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~
@@ -0,0 +1,4 @@
+theory if_example_ast_form
+
+begin
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
new file mode 100644
index 0000000..6c46a7a
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
@@ -0,0 +1,90 @@
+theory if_example_before_ast_cfg
+  imports Main 
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "../global_data"
+
+begin
+definition bigblock0
+  where "bigblock0 \<equiv> 
+          (BigBlock None [(Havoc 0)] 
+            (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) 
+                      [BigBlock None [(Assign 0 (Lit (LInt 10)))] None None] 
+                      [BigBlock None [(Assign 0 (Lit (LInt 1)))] None None])) 
+             None)"
+
+definition bigblock1 
+  where "bigblock1 \<equiv> (BigBlock None [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))] None None)"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 #  bigblock1 # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),None)]"
+
+lemma locals_min_aux:
+shows "(((map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_before_ast_cfg.params_vdecls) )"
+unfolding if_example_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_before_ast_cfg.locals_vdecls) )"
+unfolding if_example_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "ast_procedure"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = if_example_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_example_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec if_example_before_ast_cfg.post),proc_body = (Some (if_example_before_ast_cfg.locals_vdecls,if_example_before_ast_cfg.proc_body))|)"
+
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..3d7f1e9
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
@@ -0,0 +1,125 @@
+theory p_before_cfg_to_dag_prog
+  imports "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics" 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/TypeSafety" 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Util" 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/generated_example_proofs/if_example_proofs/global_data" 
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
+definition outEdges
+  where
+    "outEdges  = [[3,1],[2],[],[2]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [3,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy
new file mode 100644
index 0000000..414667a
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory p_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy
new file mode 100644
index 0000000..3bf8e12
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy
@@ -0,0 +1,292 @@
+theory p_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_2_def p_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule p_before_cfg_to_dag_prog.node_2)
+apply (rule p_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding p_before_cfg_to_dag_prog.post_def
+apply (rule block_anon3)
+apply assumption+
+by (rule p_before_cfg_to_dag_prog.outEdges_2)
+
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_3_def p_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_3)
+apply (rule p_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon4_Then)
+apply (assumption+)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:p_before_passive_prog.outEdges_1))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_1_def p_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_1)
+apply (rule p_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon4_Else)
+apply (assumption+)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:p_before_passive_prog.outEdges_2))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_0)
+apply (rule p_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:p_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:p_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:p_before_passive_prog.outEdges_4))
+by ((simp add:p_before_passive_prog.node_4 p_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule p_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding p_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=p_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding p_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule p_before_passive_prog.outEdges_5)
+apply ((simp add:p_before_passive_prog.node_4 p_before_passive_prog.block_4_def))
+apply (rule p_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule p_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms p_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy
new file mode 100644
index 0000000..a455b9b
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy
@@ -0,0 +1,262 @@
+theory p_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_0_def p_passive_prog.block_0_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 10))),(0,(Inl 2))]) R_old p_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 1))),(0,(Inl 2))]) R_old p_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_2_def p_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old p_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_3_def p_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_4_def p_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_5_def p_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_3},@{thm p_before_passive_prog.outEdges_3}) (@{thm p_passive_prog.node_3},@{thm p_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon4_Then}, 
+@{thm cfg_block_anon4_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_4},@{thm p_before_passive_prog.outEdges_4}) (@{thm p_passive_prog.node_4},@{thm p_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_5},@{thm p_before_passive_prog.outEdges_5}) (@{thm p_passive_prog.node_5},@{thm p_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using p_before_passive_prog.globals_locals_disj apply auto[1]
+using p_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from p_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy
new file mode 100644
index 0000000..4e1c3f9
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy
@@ -0,0 +1,128 @@
+theory p_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 2) Gt (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 5)))),(Assume (BinOp (Var 2) Eq (Lit (LInt 10))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 1))),(Assume (BinOp (Var 2) Eq (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy
new file mode 100644
index 0000000..baa46e7
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy
@@ -0,0 +1,241 @@
+theory p_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon3
+  where
+    "vc_anon3 x_1 = (x_1 > (0::int))"
+definition vc_anon4_Then
+  where
+    "vc_anon4_Then x_0 x_1 = (((x_0 > (5::int)) \<and> (x_1 = (10::int))) \<longrightarrow> (vc_anon3 x_1))"
+definition vc_anon4_Else
+  where
+    "vc_anon4_Else x_0 x_1 = ((((5::int) \<ge> x_0) \<and> (x_1 = (1::int))) \<longrightarrow> (vc_anon3 x_1))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 x_1 = ((vc_anon4_Then x_0 x_1) \<and> (vc_anon4_Else x_0 x_1))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3
+lemmas forall_poly_thm = forall_vc_type[OF G3]
+lemmas exists_poly_thm = exists_vc_type[OF G3]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon3_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon3AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding p_passive_prog.block_0_def vc.vc_anon3_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Then_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon4_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
+unfolding p_passive_prog.block_1_def vc.vc_anon4_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Else_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon4_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
+unfolding p_passive_prog.block_2_def vc.vc_anon4_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_3 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
+using assms
+unfolding p_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
+using assms
+unfolding p_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding p_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
+using block_anon3AA0[OF _ assms(2)] by blast
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Then vc_x_0 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_1])
+apply (erule block_anon4_ThenAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Else vc_x_0 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_2])
+apply (erule block_anon4_ElseAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_3])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_4])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
+apply (subst lookup_var_local[OF p_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/global_data.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
new file mode 100644
index 0000000..2df320d
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
@@ -0,0 +1,399 @@
+theory nested_loop_ast_cfg_proof
+  imports Main 
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          nested_loop_before_cfg_to_dag_prog 
+          nested_loop_before_ast_cfg
+          nested_loop_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+
+begin
+declare Nat.One_nat_def[simp del]
+
+
+abbreviation \<Lambda>1_local
+  where
+    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
+
+definition outer_body_bb1 
+  where "outer_body_bb1 \<equiv> 
+                     (BigBlock None [] 
+                     (Some (WhileWrapper 
+                           (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                            [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                            [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
+                      None)"
+
+definition outer_body_bb2
+  where "outer_body_bb2 \<equiv> (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)"
+
+definition outer_body_bb1_unwrapped where
+  "outer_body_bb1_unwrapped \<equiv> 
+                   (BigBlock None [] 
+                   (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                          [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                          [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None])) 
+                    None)"
+
+definition inner_body_bb1 
+  where "inner_body_bb1 \<equiv> (BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None)"
+
+definition loop_only_bigblock0 where
+  "loop_only_bigblock0 \<equiv> 
+                      (BigBlock None []
+                      (Some (WhileWrapper 
+                            (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                            [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                            [(BigBlock None [] 
+                             (Some (WhileWrapper 
+                                   (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                                    [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                                    [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
+                             None),
+                             (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
+                       None)"
+
+definition bb0_unwrapped where
+  "bb0_unwrapped \<equiv> (BigBlock None []
+                    (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                          [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                          [(BigBlock None [] 
+                           (Some (WhileWrapper 
+                                 (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                                  [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                                  [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
+                           None),
+                           (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)])) 
+                     None)"
+
+lemma bb0_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock0 _ nested_loop_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
+          apply simp+
+        apply (rule Red_bb)
+       apply (rule Red_impl, simp)
+      apply (simp add: nested_loop_before_ast_cfg.bigblock0_def)
+     apply simp
+    apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
+    done
+qed
+
+lemma inner_body_bb1_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (inner_body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_4, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    unfolding nested_loop_before_cfg_to_dag_prog.block_4_def 
+    apply (rule block_local_rel_guard_true)
+            apply (rule Rel_Main_test[of inner_body_bb1])
+           apply (simp add: inner_body_bb1_def)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb)
+       apply (rule Red_impl)
+       apply (simp add: nested_loop_before_cfg_to_dag_prog.block_4_def)
+      apply (simp add: inner_body_bb1_def)
+     apply simp+
+    done
+qed
+
+lemma outer_body_bb2_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (outer_body_bb2 , KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    unfolding nested_loop_before_cfg_to_dag_prog.block_5_def
+    apply (rule block_local_rel_guard_false)
+           apply (rule Rel_Main_test[of outer_body_bb2])
+           apply (simp add: outer_body_bb2_def)
+           apply (rule neg_gt2)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb)
+       apply (rule Red_impl)
+       apply (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def) 
+      apply (simp add: outer_body_bb2_def)
+     apply simp+
+    done 
+qed
+
+lemma outer_body_bb2_global_rel:
+  assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb2, KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  and loop_ih:
+        "\<And>k ns1'. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, (KEndBlock KStop), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  using assms
+proof -
+  show ?thesis
+    apply (rule block_global_rel_if_false)
+                 apply (rule Rel_Main_test[of outer_body_bb2])
+                 apply (simp add: outer_body_bb2_def)
+                apply (rule concrete_trace)
+               apply (simp add: outer_body_bb2_def)
+              apply simp
+             apply simp
+            apply (rule nested_loop_before_cfg_to_dag_prog.node_5)
+           apply (rule nested_loop_before_cfg_to_dag_prog.block_5_def)
+          apply (rule cfg_is_correct)
+          apply simp+
+       apply (rule neg_gt2[of "(Var 1)" "(Lit (LInt 0))"])
+      apply (rule trace_is_possible)
+     apply (rule outer_body_bb2_local_rel)
+       apply assumption
+      apply simp
+     apply (rule trace_is_possible)
+    apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_5)
+    apply (simp add: member_rec)
+    apply (rule loop_ih)
+      apply auto
+    done
+qed
+
+
+
+lemma inner_loop_body_global_rel:
+  assumes j_step_ast_trace: 
+          "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (inner_body_bb1, (KSeq outer_body_bb1_unwrapped (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))))), Normal ns1) -n\<longrightarrow>^j 
+                                 (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
+  and loop_ih:
+        "\<And>k ns1''. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(outer_body_bb1_unwrapped, (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop)))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+proof -
+  show ?thesis
+    apply (rule block_global_rel_if_true)
+                 apply (rule Rel_Main_test[of inner_body_bb1])
+                 apply (simp add: inner_body_bb1_def)
+               apply (rule j_step_ast_trace)
+              apply (simp add: inner_body_bb1_def)
+             apply simp
+            apply simp
+           apply (rule nested_loop_before_cfg_to_dag_prog.node_4)
+          apply (rule nested_loop_before_cfg_to_dag_prog.block_4_def)
+         apply (rule cfg_is_correct)
+         apply simp+
+      apply (rule trace_is_possible)
+     apply (rule inner_body_bb1_local_rel)
+       apply assumption+
+     apply (rule trace_is_possible)
+    apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_4)
+    apply (simp add: member_rec)
+    apply (rule loop_ih)
+      apply auto
+    done
+qed
+
+
+lemma inner_loop_head_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1_unwrapped, (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop)))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and loop_ih:
+        "\<And>k ns1'. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+  case (less j)
+  then show ?case 
+  proof (cases j)
+    case 0
+    then show ?thesis
+      using Ast.valid_configuration_def less.prems(1) by fastforce
+  next
+    case (Suc j')
+    show ?thesis
+      apply (rule block_global_rel_loop_head)
+              apply (rule Rel_Invs[of outer_body_bb1_unwrapped _ _ _ nested_loop_before_cfg_to_dag_prog.block_3])
+              apply (simp add: outer_body_bb1_unwrapped_def nested_loop_before_cfg_to_dag_prog.block_3_def)
+             apply (rule less(2))
+            apply (rule less(3), simp)
+           apply (simp add: outer_body_bb1_unwrapped_def)
+          apply simp
+         apply (rule block_local_rel_loop_head)
+             apply (rule Rel_Invs[of outer_body_bb1_unwrapped])
+             apply (simp add: outer_body_bb1_unwrapped_def)
+            apply (simp add: outer_body_bb1_unwrapped_def)
+           apply (simp)
+          apply (rule nested_loop_before_cfg_to_dag_prog.block_3_def)
+         apply (simp, simp)
+       apply (simp add: nested_loop_before_cfg_to_dag_prog.node_3)
+      apply(rule disjE)
+        apply assumption
+
+       apply (erule allE[where x = 4])
+       apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)
+       apply (simp add:member_rec(1))
+       apply (rule conjE)
+        apply assumption
+       apply simp
+       apply (rule inner_loop_body_global_rel) 
+          apply (simp add: inner_body_bb1_def)
+         apply simp
+        apply assumption
+       apply (rule less.IH)
+         apply (rule strictly_smaller_helper2)
+           apply assumption+
+       apply (rule less.prems(3))
+         apply (rule strictly_smaller_helper3)
+           apply assumption+
+
+      apply (erule allE[where x = 5])
+      apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)
+      apply (simp add:member_rec(1))
+      apply (rule conjE)
+       apply assumption
+      apply simp
+      apply (rule ending)
+           apply assumption
+          apply assumption
+         apply simp
+        apply blast
+       apply assumption
+      apply (rule outer_body_bb2_global_rel)
+         apply assumption+
+      apply (rule less.prems(3))
+        apply (rule strictly_smaller_helper4)
+          apply assumption+
+      done
+  qed
+qed
+
+lemma inner_loop_head_global_rel_wrapped:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1, (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and loop_ih:
+        "\<And>k ns1'. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  apply (rule ending3)
+     apply (rule j_step_ast_trace)
+    apply (simp add: outer_body_bb1_def)
+   apply (rule cfg_is_correct, simp)
+  apply (rule inner_loop_head_global_rel)
+    apply (simp add: outer_body_bb1_unwrapped_def)
+   apply assumption
+  apply (rule loop_ih)
+    apply (rule strictly_smaller_helper2)
+     apply assumption+
+  done
+
+lemma outer_loop_head_global_rel:
+  assumes j_step_ast_trace: 
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bb0_unwrapped, KEndBlock KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms 
+proof (induction j arbitrary: ns1 rule: less_induct)
+  case (less j)
+  then show ?case 
+  proof (cases j)
+    case 0
+    then show ?thesis
+      using valid_configuration_def less.prems(1) by fastforce
+  next
+    case (Suc j')
+    show ?thesis
+      apply (rule block_global_rel_loop_head) 
+              apply (rule Rel_Invs[of bb0_unwrapped])
+              apply (simp add: bb0_unwrapped_def)
+             apply (rule less(2))
+            apply (rule less(3), simp)
+           apply (simp add: bb0_unwrapped_def)
+          apply simp
+         apply (rule block_local_rel_loop_head)
+              apply (rule Rel_Invs[of bb0_unwrapped])
+              apply (simp add: bb0_unwrapped_def)
+            apply (simp add: bb0_unwrapped_def)
+           apply (simp, simp, simp)
+       apply (simp add: nested_loop_before_cfg_to_dag_prog.node_1)
+       apply (simp add: nested_loop_before_cfg_to_dag_prog.block_1_def)
+      apply(rule disjE)
+        apply assumption
+    
+       apply (erule allE[where x = 2])
+       apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_1)
+       apply (simp add:member_rec(1))
+       apply (rule conjE)
+        apply assumption
+       apply simp
+       apply (rule inner_loop_head_global_rel_wrapped)
+         apply (simp add: outer_body_bb1_def outer_body_bb2_def)
+        apply (rule correctness_propagates_through_assumption2)
+            apply assumption
+           apply (simp add: nested_loop_before_cfg_to_dag_prog.node_2)
+           apply (simp add: nested_loop_before_cfg_to_dag_prog.block_2_def)
+          apply assumption
+         apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_2)
+         apply (simp add: member_rec)
+        apply assumption
+       apply (rule less.IH)
+         apply (rule strictly_smaller_helper2)
+          apply assumption+
+
+      apply (erule allE[where x = 6])
+      apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1)
+      apply (simp add:member_rec(1))
+      apply (rule conjE)
+       apply assumption
+      apply simp
+      apply (rule ending_directly_after_loop_exit)
+       apply assumption
+      apply simp
+      done
+  qed
+qed
+
+lemma entry_block_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)"
+  using assms
+proof -
+  show ?thesis
+    unfolding nested_loop_before_cfg_to_dag_prog.post_def
+    apply (rule block_global_rel_while_successor)
+           apply (rule j_step_ast_trace)
+          apply (rule Rel_Main_test[of bigblock0 _ nested_loop_before_cfg_to_dag_prog.block_0])
+          apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
+         apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
+        apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
+       apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
+      apply (rule cfg_is_correct, simp)
+     apply (simp add: nested_loop_before_cfg_to_dag_prog.node_0)
+     apply (rule bb0_local_rel)
+      apply assumption
+     apply simp
+    apply (rule outer_loop_head_global_rel)
+     apply (simp add: bb0_unwrapped_def)
+    apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add: member_rec(1))
+    done
+qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy
new file mode 100644
index 0000000..9933ba9
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy
@@ -0,0 +1,103 @@
+theory nested_loop_before_ast_cfg
+  imports
+    Boogie_Lang.Ast
+    Boogie_Lang.Semantics 
+    Boogie_Lang.TypeSafety 
+    Boogie_Lang.Util 
+    "../global_data"
+begin
+
+definition bigblock0 
+  where "bigblock0 \<equiv> (BigBlock None [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]
+                      (Some (WhileWrapper 
+                            (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                            [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                            [(BigBlock None [] 
+                             (Some (WhileWrapper 
+                                   (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                                    [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                                    [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
+                             None),
+                             (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
+                       None)"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 # []"
+
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop_before_ast_cfg.params_vdecls_def nested_loop_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_cfg.params_vdecls) )"
+unfolding nested_loop_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_cfg.locals_vdecls) )"
+unfolding nested_loop_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = nested_loop_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec nested_loop_before_ast_cfg.post),proc_body = (Some (nested_loop_before_ast_cfg.locals_vdecls,nested_loop_before_ast_cfg.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..dd2e91f
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
@@ -0,0 +1,164 @@
+theory nested_loop_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]"
+definition block_1
+  where
+    "block_1  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[6,2],[3],[5,4],[3],[1],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [6,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [5,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = nested_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop_before_cfg_to_dag_prog.post),proc_body = (Some (nested_loop_before_cfg_to_dag_prog.locals_vdecls,nested_loop_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
new file mode 100644
index 0000000..4d9e13e
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
@@ -0,0 +1,139 @@
+theory nested_loop_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Havoc 1),(Assume (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Havoc 0),(Havoc 1),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[2,3],[4],[1,5],[6],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [1,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
new file mode 100644
index 0000000..bb20376
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
@@ -0,0 +1,557 @@
+theory nested_loop_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop_before_cfg_to_dag_prog nested_loop_before_passive_prog nested_loop_passification_proof nested_loop_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def nested_loop_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule nested_loop_before_passive_prog.node_0)
+apply simp
+unfolding nested_loop_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon4_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_6_def nested_loop_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_6)
+apply (rule nested_loop_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon4_LoopDone)
+apply assumption+
+apply (rule nested_loop_before_cfg_to_dag_prog.outEdges_6)
+apply (rule nested_loop_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon5_LoopDone:
+shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_5)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_5_def nested_loop_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_5)
+apply (rule nested_loop_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon5_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon5_LoopDone)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon4_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5_LoopBody:
+shows "(mods_contained_in (set [1]) nested_loop_before_cfg_to_dag_prog.block_4)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_3 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_4_def nested_loop_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_y(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 3 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_4)
+apply (rule nested_loop_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon5_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon5_LoopBody)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon5_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5_LoopHead:
+shows "(mods_contained_in (set [1]) nested_loop_before_cfg_to_dag_prog.block_3)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_3_def nested_loop_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+  show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_3)
+apply (rule nested_loop_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon5_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon5_LoopHead)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon4_LoopBody:
+shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_2)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon4_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_2_def nested_loop_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_y(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon4_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_2)
+apply (rule nested_loop_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon4_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon4_LoopBody)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon4_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon4_LoopHead:
+shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_1)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon4_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_1_def nested_loop_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_x(1)))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon4_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_1)
+apply (rule nested_loop_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon4_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon4_LoopHead)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_0_def nested_loop_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
+apply (rule nested_loop_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:nested_loop_before_passive_prog.outEdges_8))
+by ((simp add:nested_loop_before_passive_prog.node_8 nested_loop_before_passive_prog.block_8_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule nested_loop_before_passive_prog.node_9)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding nested_loop_before_passive_prog.block_9_def
+apply (rule assume_pres_normal[where ?es=nested_loop_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding nested_loop_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule nested_loop_before_passive_prog.outEdges_9)
+apply ((simp add:nested_loop_before_passive_prog.node_8 nested_loop_before_passive_prog.block_8_def))
+apply (rule nested_loop_before_passive_prog.outEdges_8)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule nested_loop_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms nested_loop_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_loop_before_cfg_to_dag_prog.proc_def nested_loop_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
new file mode 100644
index 0000000..f624a39
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
@@ -0,0 +1,349 @@
+theory nested_loop_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_passive_prog nested_loop_passive_prog Boogie_Lang.PassificationML nested_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_0_def nested_loop_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_1_def nested_loop_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old nested_loop_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_2_def nested_loop_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_x(2) nested_loop_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(1,(Inl 5))]) R_old nested_loop_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_3_def nested_loop_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(2) nested_loop_passive_prog.l_y_2(2)))
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(1,(Inl 4))]) R_old nested_loop_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_4_def nested_loop_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(2) nested_loop_passive_prog.l_y_1(2)))
+by simp
+
+lemma block_anon4_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 3)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_5_def nested_loop_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old nested_loop_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_6_def nested_loop_passive_prog.block_6_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_x(2) nested_loop_passive_prog.l_x_0(2)))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(2) nested_loop_passive_prog.l_y_0(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10))),(1,(Inr (LInt 10)))]) R_old nested_loop_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_7_def nested_loop_passive_prog.block_7_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_8_def nested_loop_passive_prog.block_8_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_9_def nested_loop_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_0},@{thm nested_loop_before_passive_prog.outEdges_0}) (@{thm nested_loop_passive_prog.node_0},@{thm nested_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon4_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_1},@{thm nested_loop_before_passive_prog.outEdges_1}) (@{thm nested_loop_passive_prog.node_1},@{thm nested_loop_passive_prog.outEdges_1}) @{thm block_anon4_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_2},@{thm nested_loop_before_passive_prog.outEdges_2}) (@{thm nested_loop_passive_prog.node_2},@{thm nested_loop_passive_prog.outEdges_2}) @{thm block_anon5_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_3},@{thm nested_loop_before_passive_prog.outEdges_3}) (@{thm nested_loop_passive_prog.node_3},@{thm nested_loop_passive_prog.outEdges_3}) @{thm block_anon5_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_4},@{thm nested_loop_before_passive_prog.outEdges_4}) (@{thm nested_loop_passive_prog.node_4},@{thm nested_loop_passive_prog.outEdges_4}) @{thm block_anon5_LoopHead} [
+@{thm cfg_block_anon5_LoopDone}, 
+@{thm cfg_block_anon5_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon4_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 3)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_5},@{thm nested_loop_before_passive_prog.outEdges_5}) (@{thm nested_loop_passive_prog.node_5},@{thm nested_loop_passive_prog.outEdges_5}) @{thm block_anon4_LoopBody} [
+@{thm cfg_block_anon5_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon4_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_6},@{thm nested_loop_before_passive_prog.outEdges_6}) (@{thm nested_loop_passive_prog.node_6},@{thm nested_loop_passive_prog.outEdges_6}) @{thm block_anon4_LoopHead} [
+@{thm cfg_block_anon4_LoopDone}, 
+@{thm cfg_block_anon4_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_7},@{thm nested_loop_before_passive_prog.outEdges_7}) (@{thm nested_loop_passive_prog.node_7},@{thm nested_loop_passive_prog.outEdges_7}) @{thm block_anon0} [
+@{thm cfg_block_anon4_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_8},@{thm nested_loop_before_passive_prog.outEdges_8}) (@{thm nested_loop_passive_prog.node_8},@{thm nested_loop_passive_prog.outEdges_8}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_9},@{thm nested_loop_before_passive_prog.outEdges_9}) (@{thm nested_loop_passive_prog.node_9},@{thm nested_loop_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv nested_loop_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding nested_loop_passive_prog.params_vdecls_def nested_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using nested_loop_before_passive_prog.globals_locals_disj apply auto[1]
+using nested_loop_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_loop_passive_prog.proc_body u (Inl 9)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_loop_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from nested_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
new file mode 100644
index 0000000..5eadc7c
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
@@ -0,0 +1,208 @@
+theory nested_loop_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4))),(Assume (BinOp (Var 6) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 6) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 4) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 5) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 4) Ge (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 3) Ge (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 2) Ge (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assert (BinOp (Lit (LInt 10)) Ge (Lit (LInt 0))))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[2,3],[4],[1,5],[6],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [1,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(5,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop_passive_prog.params_vdecls_def nested_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
new file mode 100644
index 0000000..01eeeb3
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
@@ -0,0 +1,370 @@
+theory nested_loop_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML nested_loop_passive_prog nested_loop_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon4_LoopDone
+  where
+    "vc_anon4_LoopDone  = True"
+definition vc_anon5_LoopDone
+  where
+    "vc_anon5_LoopDone y_1 x_1 x_0 = ((((0::int) \<ge> y_1) \<and> (x_1 = (x_0 - (1::int)))) \<longrightarrow> (x_1 \<ge> (0::int)))"
+definition vc_anon5_LoopBody
+  where
+    "vc_anon5_LoopBody y_1 y_2 = (((y_1 > (0::int)) \<and> (y_2 = (y_1 - (1::int)))) \<longrightarrow> (y_2 \<ge> (0::int)))"
+definition vc_anon5_LoopHead
+  where
+    "vc_anon5_LoopHead y_1 x_1 x_0 y_2 = ((y_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon5_LoopDone y_1 x_1 x_0) \<and> (vc_anon5_LoopBody y_1 y_2)))"
+definition vc_anon4_LoopBody
+  where
+    "vc_anon4_LoopBody x_0 y_0 y_1 x_1 y_2 = ((x_0 > (0::int)) \<longrightarrow> ((y_0 \<ge> (0::int)) \<and> ((y_0 \<ge> (0::int)) \<longrightarrow> (vc_anon5_LoopHead y_1 x_1 x_0 y_2))))"
+definition vc_anon4_LoopHead
+  where
+    "vc_anon4_LoopHead x_0 y_0 y_1 x_1 y_2 = ((x_0 \<ge> (0::int)) \<longrightarrow> ((vc_anon4_LoopDone ) \<and> (vc_anon4_LoopBody x_0 y_0 y_1 x_1 y_2)))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 y_0 y_1 x_1 y_2 = (((10::int) \<ge> (0::int)) \<and> (((10::int) \<ge> (0::int)) \<longrightarrow> (vc_anon4_LoopHead x_0 y_0 y_1 x_1 y_2)))"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry x_0 y_0 y_1 x_1 y_2 = (vc_anon0 x_0 y_0 y_1 x_1 y_2)"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_y_2 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_1)))" and 
+G5: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_1)))" and 
+G6: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_2)))" and 
+G7: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7
+lemmas forall_poly_thm = forall_vc_type[OF G7]
+lemmas exists_poly_thm = exists_vc_type[OF G7]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding nested_loop_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon4_LoopDone_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon4_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopDone ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding nested_loop_passive_prog.block_1_def vc.vc_anon4_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopDone_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon5_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop_passive_prog.block_2_def vc.vc_anon5_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon5_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_y_1 vc_y_2) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop_passive_prog.block_3_def vc.vc_anon5_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0) \<and> (vc.vc_anon5_LoopBody vc_y_1 vc_y_2))))))))"
+unfolding nested_loop_passive_prog.block_4_def vc.vc_anon5_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_LoopBody_hints = [
+(AssumeConjR 0,NONE), 
+(AssertSub,NONE)]
+\<close>
+lemma block_anon4_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2)))))))"
+unfolding nested_loop_passive_prog.block_5_def vc.vc_anon4_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon4_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_LoopDone ) \<and> (vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))))))))"
+unfolding nested_loop_passive_prog.block_6_def vc.vc_anon4_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon0_hints = [
+(AssertSub,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))))"
+unfolding nested_loop_passive_prog.block_7_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_8 (Normal n_s) s')" and 
+"(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))"
+using assms
+unfolding nested_loop_passive_prog.block_8_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding nested_loop_passive_prog.block_9_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) nested_loop_passive_prog.node_0 nested_loop_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon4_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_LoopDone )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_loop_passive_prog.node_1])
+apply (erule block_anon4_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop_passive_prog.node_2])
+by (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopBody vc_y_1 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop_passive_prog.node_3])
+by (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_4])
+apply (erule block_anon5_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon4_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_5])
+apply (erule block_anon4_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon4_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_6])
+apply (erule block_anon4_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_7])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_8])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_9])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) \<Gamma> [] nested_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/global_data.thy b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..caf8832
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
@@ -0,0 +1,111 @@
+theory no_guard_empty_branch_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assign 0 (Lit (LInt 6)))]"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[2,1],[],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [2,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_cfg_to_dag_prog.post),proc_body = (Some (no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls,no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
new file mode 100644
index 0000000..05f60ff
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory no_guard_empty_branch_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assign 0 (Lit (LInt 6)))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
new file mode 100644
index 0000000..4c9441e
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
@@ -0,0 +1,250 @@
+theory no_guard_empty_branch_if_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_empty_branch_if_before_cfg_to_dag_prog no_guard_empty_branch_if_before_passive_prog no_guard_empty_branch_if_passification_proof no_guard_empty_branch_if_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_empty_branch_if_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def no_guard_empty_branch_if_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule no_guard_empty_branch_if_before_passive_prog.node_0)
+apply simp
+unfolding no_guard_empty_branch_if_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def no_guard_empty_branch_if_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
+apply (rule no_guard_empty_branch_if_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_Then)
+apply assumption+
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def no_guard_empty_branch_if_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
+apply (rule no_guard_empty_branch_if_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_Else)
+apply assumption+
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def no_guard_empty_branch_if_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
+apply (rule no_guard_empty_branch_if_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:no_guard_empty_branch_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:no_guard_empty_branch_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:no_guard_empty_branch_if_before_passive_prog.outEdges_4))
+by ((simp add:no_guard_empty_branch_if_before_passive_prog.node_4 no_guard_empty_branch_if_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_empty_branch_if_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule no_guard_empty_branch_if_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding no_guard_empty_branch_if_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=no_guard_empty_branch_if_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_5)
+apply ((simp add:no_guard_empty_branch_if_before_passive_prog.node_4 no_guard_empty_branch_if_before_passive_prog.block_4_def))
+apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_empty_branch_if_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule no_guard_empty_branch_if_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms no_guard_empty_branch_if_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_def no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
new file mode 100644
index 0000000..29765aa
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
@@ -0,0 +1,254 @@
+theory no_guard_empty_branch_if_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_passive_prog no_guard_empty_branch_if_passive_prog Boogie_Lang.PassificationML no_guard_empty_branch_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_empty_branch_if_before_passive_prog.block_0_def no_guard_empty_branch_if_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_empty_branch_if_before_passive_prog.block_1_def no_guard_empty_branch_if_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 6)))]) R_old no_guard_empty_branch_if_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_empty_branch_if_before_passive_prog.block_2_def no_guard_empty_branch_if_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old no_guard_empty_branch_if_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_empty_branch_if_before_passive_prog.block_3_def no_guard_empty_branch_if_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.l_x(2) no_guard_empty_branch_if_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_empty_branch_if_before_passive_prog.block_4_def no_guard_empty_branch_if_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_empty_branch_if_before_passive_prog.block_5_def no_guard_empty_branch_if_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_0},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_0}) (@{thm no_guard_empty_branch_if_passive_prog.node_0},@{thm no_guard_empty_branch_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon3_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_1},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_1}) (@{thm no_guard_empty_branch_if_passive_prog.node_1},@{thm no_guard_empty_branch_if_passive_prog.outEdges_1}) @{thm block_anon3_Then} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon3_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_2},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_2}) (@{thm no_guard_empty_branch_if_passive_prog.node_2},@{thm no_guard_empty_branch_if_passive_prog.outEdges_2}) @{thm block_anon3_Else} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_3},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_3}) (@{thm no_guard_empty_branch_if_passive_prog.node_3},@{thm no_guard_empty_branch_if_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon3_Then}, 
+@{thm cfg_block_anon3_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_4},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_4}) (@{thm no_guard_empty_branch_if_passive_prog.node_4},@{thm no_guard_empty_branch_if_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_5},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_5}) (@{thm no_guard_empty_branch_if_passive_prog.node_5},@{thm no_guard_empty_branch_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv no_guard_empty_branch_if_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding no_guard_empty_branch_if_passive_prog.params_vdecls_def no_guard_empty_branch_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using no_guard_empty_branch_if_before_passive_prog.globals_locals_disj apply auto[1]
+using no_guard_empty_branch_if_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from no_guard_empty_branch_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
new file mode 100644
index 0000000..9e83877
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
@@ -0,0 +1,119 @@
+theory no_guard_empty_branch_if_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_empty_branch_if_passive_prog.params_vdecls_def no_guard_empty_branch_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
new file mode 100644
index 0000000..f961fcc
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
@@ -0,0 +1,213 @@
+theory no_guard_empty_branch_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML no_guard_empty_branch_if_passive_prog no_guard_empty_branch_if_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2
+lemmas forall_poly_thm = forall_vc_type[OF G2]
+lemmas exists_poly_thm = exists_vc_type[OF G2]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_empty_branch_if_passive_prog.block_0_def
+apply cases
+by auto
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_1 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_empty_branch_if_passive_prog.block_1_def
+apply cases
+by auto
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_2 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_empty_branch_if_passive_prog.block_2_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_3 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_empty_branch_if_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_4 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_empty_branch_if_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding no_guard_empty_branch_if_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) no_guard_empty_branch_if_passive_prog.node_0 no_guard_empty_branch_if_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon3_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_1])
+apply (erule block_anon3_Then)
+apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_2])
+apply (erule block_anon3_Else)
+apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_3])
+apply (erule block_anon0)
+apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_4])
+apply (erule block_0)
+apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_empty_branch_if_passive_prog.m_x])
+apply (subst lookup_var_local[OF no_guard_empty_branch_if_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_empty_branch_if_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF no_guard_empty_branch_if_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/global_data.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_if_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
new file mode 100644
index 0000000..f58c89d
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
@@ -0,0 +1,158 @@
+theory no_guard_if_ast_cfg_proof
+  imports Main
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          no_guard_if_before_cfg_to_dag_prog 
+          no_guard_if_before_ast_cfg
+          no_guard_if_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+
+begin
+
+definition bigblock_then 
+  where "bigblock_then \<equiv> BigBlock None [(Assign 0 (Lit (LInt 0)))] None None"
+
+definition bigblock_else
+  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 1)))] None None"
+
+lemma bigblock0_local_rel:
+  assumes Red_bb0_to: 
+      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock0])
+           apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl, simp)
+      apply (simp add: bigblock0_def)
+     apply (simp)
+    apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)
+    done
+qed
+
+
+lemma bigblock_then_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis
+    unfolding no_guard_if_before_cfg_to_dag_prog.block_2_def 
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock_then])
+           apply (simp add: bigblock_then_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl)
+       apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_2_def)
+      apply (simp add: bigblock_then_def)
+    by simp_all
+qed
+
+lemma bigblock_else_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis
+    unfolding no_guard_if_before_cfg_to_dag_prog.block_1_def 
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock_else])
+           apply (simp add: bigblock_else_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl)
+       apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_1_def)
+      apply (simp add: bigblock_else_def)
+    by simp_all
+qed
+
+
+lemma block_then_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis 
+    apply (rule generic_ending_block_global_rel)
+         apply (rule Rel_Main_test[of bigblock_then _ no_guard_if_before_cfg_to_dag_prog.block_2])
+         apply (simp add: bigblock_then_def no_guard_if_before_cfg_to_dag_prog.block_2_def)
+        apply (rule assms(1))
+       apply (simp add: bigblock_then_def)
+      apply simp
+     apply (rule no_guard_if_before_cfg_to_dag_prog.node_2)
+    apply (rule assms(2))
+    apply simp
+    done
+qed
+
+
+lemma block_else_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+           apply (rule Rel_Main_test[of bigblock_else _ no_guard_if_before_cfg_to_dag_prog.block_1])
+         apply (simp add: bigblock_else_def no_guard_if_before_cfg_to_dag_prog.block_1_def)
+        apply (rule assms(1))
+       apply (simp add: bigblock_else_def)
+      apply simp
+     apply (rule no_guard_if_before_cfg_to_dag_prog.node_1)
+    apply (rule assms(2))
+    apply simp
+    done
+qed
+
+
+lemma block0_global_rel:
+  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis 
+    apply (rule block_global_rel_if_successor)
+           apply (rule Rel_Main_test[of bigblock0 _ no_guard_if_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
+          apply (rule ast_trace)
+         apply (simp add: bigblock0_def)
+        apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
+       apply (rule assms(1))
+       apply simp
+      apply simp
+     apply (rule bigblock0_local_rel)
+      apply (simp add: bigblock0_def)
+     apply assumption
+    apply simp
+    apply (rule disjE)
+      apply assumption
+
+     apply (erule allE[where x=2])
+     apply (simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0)
+     apply (simp add:member_rec(1))
+    unfolding no_guard_if_before_cfg_to_dag_prog.post_def
+     apply (rule block_then_global_rel)
+      apply (simp add: bigblock_then_def)
+    apply simp
+   
+    apply (erule allE[where x=1])
+    apply (simp del: Nat.One_nat_def add:no_guard_if_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp del: Nat.One_nat_def add:member_rec(1))
+    apply (rule block_else_global_rel)
+      apply (simp add: bigblock_else_def)
+    apply simp
+    done
+qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy
new file mode 100644
index 0000000..324a21d
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy
@@ -0,0 +1,85 @@
+theory no_guard_if_before_ast_cfg
+  imports Main
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "../global_data"
+
+begin
+
+definition bigblock0
+  where "bigblock0 \<equiv> 
+          (BigBlock None [(Havoc 0)] 
+            (Some (ParsedIf None 
+                  [BigBlock None [(Assign 0 (Lit (LInt 0)))] None None] [BigBlock None [(Assign 0 (Lit (LInt 1)))] None None])) 
+             None)"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_if_before_ast_cfg.params_vdecls_def no_guard_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_cfg.params_vdecls) )"
+unfolding no_guard_if_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_cfg.locals_vdecls) )"
+unfolding no_guard_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = no_guard_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec no_guard_if_before_ast_cfg.post),proc_body = (Some (no_guard_if_before_ast_cfg.locals_vdecls,no_guard_if_before_ast_cfg.proc_body))|)"
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..a616969
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
@@ -0,0 +1,111 @@
+theory no_guard_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assign 0 (Lit (LInt 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assign 0 (Lit (LInt 0)))]"
+definition outEdges
+  where
+    "outEdges  = [[2,1],[],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [2,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = no_guard_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_if_before_cfg_to_dag_prog.post),proc_body = (Some (no_guard_if_before_cfg_to_dag_prog.locals_vdecls,no_guard_if_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
new file mode 100644
index 0000000..63101c3
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory no_guard_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assign 0 (Lit (LInt 0)))]"
+definition block_2
+  where
+    "block_2  = [(Assign 0 (Lit (LInt 1)))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
new file mode 100644
index 0000000..f4a541d
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
@@ -0,0 +1,250 @@
+theory no_guard_if_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_if_before_cfg_to_dag_prog no_guard_if_before_passive_prog no_guard_if_passification_proof no_guard_if_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_if_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def no_guard_if_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule no_guard_if_before_passive_prog.node_0)
+apply simp
+unfolding no_guard_if_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_guard_if_before_cfg_to_dag_prog.block_2_def no_guard_if_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule no_guard_if_before_cfg_to_dag_prog.node_2)
+apply (rule no_guard_if_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_Then)
+apply assumption+
+apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule no_guard_if_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_guard_if_before_cfg_to_dag_prog.block_1_def no_guard_if_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule no_guard_if_before_cfg_to_dag_prog.node_1)
+apply (rule no_guard_if_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_Else)
+apply assumption+
+apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule no_guard_if_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_guard_if_before_cfg_to_dag_prog.block_0_def no_guard_if_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
+apply (rule no_guard_if_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:no_guard_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:no_guard_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:no_guard_if_before_passive_prog.outEdges_4))
+by ((simp add:no_guard_if_before_passive_prog.node_4 no_guard_if_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_if_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule no_guard_if_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding no_guard_if_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=no_guard_if_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding no_guard_if_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule no_guard_if_before_passive_prog.outEdges_5)
+apply ((simp add:no_guard_if_before_passive_prog.node_4 no_guard_if_before_passive_prog.block_4_def))
+apply (rule no_guard_if_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_if_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule no_guard_if_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms no_guard_if_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_guard_if_before_cfg_to_dag_prog.proc_def no_guard_if_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
new file mode 100644
index 0000000..a115244
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
@@ -0,0 +1,254 @@
+theory no_guard_if_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_passive_prog no_guard_if_passive_prog Boogie_Lang.PassificationML no_guard_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_if_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_if_before_passive_prog.block_0_def no_guard_if_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old no_guard_if_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_if_before_passive_prog.block_1_def no_guard_if_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 1)))]) R_old no_guard_if_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_if_before_passive_prog.block_2_def no_guard_if_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old no_guard_if_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_if_before_passive_prog.block_3_def no_guard_if_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:no_guard_if_before_cfg_to_dag_prog.l_x(2) no_guard_if_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_if_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_if_before_passive_prog.block_4_def no_guard_if_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_if_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_guard_if_before_passive_prog.block_5_def no_guard_if_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_0},@{thm no_guard_if_before_passive_prog.outEdges_0}) (@{thm no_guard_if_passive_prog.node_0},@{thm no_guard_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon3_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_1},@{thm no_guard_if_before_passive_prog.outEdges_1}) (@{thm no_guard_if_passive_prog.node_1},@{thm no_guard_if_passive_prog.outEdges_1}) @{thm block_anon3_Then} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon3_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_2},@{thm no_guard_if_before_passive_prog.outEdges_2}) (@{thm no_guard_if_passive_prog.node_2},@{thm no_guard_if_passive_prog.outEdges_2}) @{thm block_anon3_Else} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_3},@{thm no_guard_if_before_passive_prog.outEdges_3}) (@{thm no_guard_if_passive_prog.node_3},@{thm no_guard_if_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon3_Then}, 
+@{thm cfg_block_anon3_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_4},@{thm no_guard_if_before_passive_prog.outEdges_4}) (@{thm no_guard_if_passive_prog.node_4},@{thm no_guard_if_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_5},@{thm no_guard_if_before_passive_prog.outEdges_5}) (@{thm no_guard_if_passive_prog.node_5},@{thm no_guard_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv no_guard_if_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding no_guard_if_passive_prog.params_vdecls_def no_guard_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using no_guard_if_before_passive_prog.globals_locals_disj apply auto[1]
+using no_guard_if_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] no_guard_if_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] no_guard_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from no_guard_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
new file mode 100644
index 0000000..31ce339
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
@@ -0,0 +1,119 @@
+theory no_guard_if_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_if_passive_prog.params_vdecls_def no_guard_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
new file mode 100644
index 0000000..cf00163
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
@@ -0,0 +1,213 @@
+theory no_guard_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML no_guard_if_passive_prog no_guard_if_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2
+lemmas forall_poly_thm = forall_vc_type[OF G2]
+lemmas exists_poly_thm = exists_vc_type[OF G2]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_if_passive_prog.block_0_def
+apply cases
+by auto
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_1 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_if_passive_prog.block_1_def
+apply cases
+by auto
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_2 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_if_passive_prog.block_2_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_3 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_if_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_4 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_guard_if_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding no_guard_if_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) no_guard_if_passive_prog.node_0 no_guard_if_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon3_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_1])
+apply (erule block_anon3_Then)
+apply ((simp add:no_guard_if_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_2])
+apply (erule block_anon3_Else)
+apply ((simp add:no_guard_if_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_3])
+apply (erule block_anon0)
+apply ((simp add:no_guard_if_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_4])
+apply (erule block_0)
+apply ((simp add:no_guard_if_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:no_guard_if_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) \<Gamma> [] no_guard_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_if_passive_prog.m_x])
+apply (subst lookup_var_local[OF no_guard_if_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_if_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF no_guard_if_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/global_data.thy b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..1de73ea
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy
@@ -0,0 +1,122 @@
+theory no_inv_loop_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[3,2],[1],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = no_inv_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_inv_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_inv_loop_before_cfg_to_dag_prog.post),proc_body = (Some (no_inv_loop_before_cfg_to_dag_prog.locals_vdecls,no_inv_loop_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy
new file mode 100644
index 0000000..25b55c4
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy
@@ -0,0 +1,106 @@
+theory no_inv_loop_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_inv_loop_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = [(Havoc 0)]"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy
new file mode 100644
index 0000000..a89ee19
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy
@@ -0,0 +1,338 @@
+theory no_inv_loop_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_inv_loop_before_cfg_to_dag_prog no_inv_loop_before_passive_prog no_inv_loop_passification_proof no_inv_loop_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_inv_loop_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def no_inv_loop_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule no_inv_loop_before_passive_prog.node_0)
+apply simp
+unfolding no_inv_loop_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon2_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_inv_loop_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_inv_loop_before_cfg_to_dag_prog.block_3_def no_inv_loop_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon2_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule no_inv_loop_before_cfg_to_dag_prog.node_3)
+apply (rule no_inv_loop_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon2_LoopDone)
+apply assumption+
+apply (rule no_inv_loop_before_cfg_to_dag_prog.outEdges_3)
+apply (rule no_inv_loop_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon2_LoopBody:
+shows "(mods_contained_in (set [0]) no_inv_loop_before_cfg_to_dag_prog.block_2)"
+unfolding no_inv_loop_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon2_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_inv_loop_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_inv_loop_before_cfg_to_dag_prog.block_2_def no_inv_loop_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon2_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon2_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body [0] [] no_inv_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule no_inv_loop_before_cfg_to_dag_prog.node_2)
+apply (rule no_inv_loop_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon2_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon2_LoopBody)
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon2_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon2_LoopHead:
+shows "(mods_contained_in (set [0]) no_inv_loop_before_cfg_to_dag_prog.block_1)"
+unfolding no_inv_loop_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon2_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_inv_loop_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_inv_loop_before_cfg_to_dag_prog.block_1_def no_inv_loop_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon2_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule no_inv_loop_before_cfg_to_dag_prog.node_1)
+apply (rule no_inv_loop_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon2_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon2_LoopHead)
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:no_inv_loop_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:no_inv_loop_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_inv_loop_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding no_inv_loop_before_cfg_to_dag_prog.block_0_def no_inv_loop_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule no_inv_loop_before_cfg_to_dag_prog.node_0)
+apply (rule no_inv_loop_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:no_inv_loop_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:no_inv_loop_before_passive_prog.outEdges_5))
+by ((simp add:no_inv_loop_before_passive_prog.node_5 no_inv_loop_before_passive_prog.block_5_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_inv_loop_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule no_inv_loop_before_passive_prog.node_6)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding no_inv_loop_before_passive_prog.block_6_def
+apply (rule assume_pres_normal[where ?es=no_inv_loop_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding no_inv_loop_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule no_inv_loop_before_passive_prog.outEdges_6)
+apply ((simp add:no_inv_loop_before_passive_prog.node_5 no_inv_loop_before_passive_prog.block_5_def))
+apply (rule no_inv_loop_before_passive_prog.outEdges_5)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_inv_loop_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule no_inv_loop_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms no_inv_loop_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_inv_loop_before_cfg_to_dag_prog.proc_def no_inv_loop_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy
new file mode 100644
index 0000000..96658e5
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy
@@ -0,0 +1,279 @@
+theory no_inv_loop_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_inv_loop_before_passive_prog no_inv_loop_passive_prog Boogie_Lang.PassificationML no_inv_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_inv_loop_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_inv_loop_before_passive_prog.block_0_def no_inv_loop_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon2_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_inv_loop_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_inv_loop_before_passive_prog.block_1_def no_inv_loop_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon2_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old no_inv_loop_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_inv_loop_before_passive_prog.block_2_def no_inv_loop_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.l_x(2) no_inv_loop_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon2_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old no_inv_loop_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_inv_loop_before_passive_prog.block_3_def no_inv_loop_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.l_x(2) no_inv_loop_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old no_inv_loop_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_inv_loop_before_passive_prog.block_4_def no_inv_loop_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.l_x(2) no_inv_loop_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_inv_loop_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_inv_loop_before_passive_prog.block_5_def no_inv_loop_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_inv_loop_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding no_inv_loop_before_passive_prog.block_6_def no_inv_loop_passive_prog.block_6_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_inv_loop_before_passive_prog.node_0},@{thm no_inv_loop_before_passive_prog.outEdges_0}) (@{thm no_inv_loop_passive_prog.node_0},@{thm no_inv_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon2_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm no_inv_loop_before_passive_prog.node_1},@{thm no_inv_loop_before_passive_prog.outEdges_1}) (@{thm no_inv_loop_passive_prog.node_1},@{thm no_inv_loop_passive_prog.outEdges_1}) @{thm block_anon2_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon2_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm no_inv_loop_before_passive_prog.node_2},@{thm no_inv_loop_before_passive_prog.outEdges_2}) (@{thm no_inv_loop_passive_prog.node_2},@{thm no_inv_loop_passive_prog.outEdges_2}) @{thm block_anon2_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon2_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_inv_loop_before_passive_prog.node_3},@{thm no_inv_loop_before_passive_prog.outEdges_3}) (@{thm no_inv_loop_passive_prog.node_3},@{thm no_inv_loop_passive_prog.outEdges_3}) @{thm block_anon2_LoopHead} [
+@{thm cfg_block_anon2_LoopDone}, 
+@{thm cfg_block_anon2_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_inv_loop_before_passive_prog.node_4},@{thm no_inv_loop_before_passive_prog.outEdges_4}) (@{thm no_inv_loop_passive_prog.node_4},@{thm no_inv_loop_passive_prog.outEdges_4}) @{thm block_anon0} [
+@{thm cfg_block_anon2_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_inv_loop_before_passive_prog.node_5},@{thm no_inv_loop_before_passive_prog.outEdges_5}) (@{thm no_inv_loop_passive_prog.node_5},@{thm no_inv_loop_passive_prog.outEdges_5}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_inv_loop_before_passive_prog.node_6},@{thm no_inv_loop_before_passive_prog.outEdges_6}) (@{thm no_inv_loop_passive_prog.node_6},@{thm no_inv_loop_passive_prog.outEdges_6}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv no_inv_loop_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding no_inv_loop_passive_prog.params_vdecls_def no_inv_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using no_inv_loop_before_passive_prog.globals_locals_disj apply auto[1]
+using no_inv_loop_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] no_inv_loop_passive_prog.proc_body u (Inl 6)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] no_inv_loop_passive_prog.proc_body ((Inl 6),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from no_inv_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy
new file mode 100644
index 0000000..128a014
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy
@@ -0,0 +1,148 @@
+theory no_inv_loop_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_inv_loop_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 3) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_inv_loop_passive_prog.params_vdecls_def no_inv_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy
new file mode 100644
index 0000000..c0aa666
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy
@@ -0,0 +1,256 @@
+theory no_inv_loop_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML no_inv_loop_passive_prog no_inv_loop_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_2)))" and 
+G4: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4
+lemmas forall_poly_thm = forall_vc_type[OF G4]
+lemmas exists_poly_thm = exists_vc_type[OF G4]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding no_inv_loop_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon2_LoopDone_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon2_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding no_inv_loop_passive_prog.block_1_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon2_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon2_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding no_inv_loop_passive_prog.block_2_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopBody_hints \<close>)
+by (auto?)
+
+lemma block_anon2_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_3 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding no_inv_loop_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding no_inv_loop_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_5 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding no_inv_loop_passive_prog.block_5_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding no_inv_loop_passive_prog.block_6_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) no_inv_loop_passive_prog.node_0 no_inv_loop_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon2_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_inv_loop_passive_prog.node_1])
+apply (erule block_anon2_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:no_inv_loop_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon2_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) no_inv_loop_passive_prog.node_2])
+by (erule block_anon2_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon2_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) no_inv_loop_passive_prog.node_3])
+apply (erule block_anon2_LoopHead[OF _ assms(2)])
+apply ((simp add:no_inv_loop_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) no_inv_loop_passive_prog.node_4])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:no_inv_loop_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) no_inv_loop_passive_prog.node_5])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:no_inv_loop_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) no_inv_loop_passive_prog.node_6])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:no_inv_loop_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_inv_loop_passive_prog.m_x])
+apply (subst lookup_var_local[OF no_inv_loop_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_inv_loop_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF no_inv_loop_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_inv_loop_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF no_inv_loop_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_inv_loop_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF no_inv_loop_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/global_data.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..1af34bd
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
@@ -0,0 +1,155 @@
+theory p_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_4
+  where
+    "block_4  = [(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[3,2],[1],[4],[6,5],[4],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [6,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy
new file mode 100644
index 0000000..fae5e63
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy
@@ -0,0 +1,139 @@
+theory p_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0))),(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Havoc 0),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Havoc 0),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[2,3],[4],[5,1],[6],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
new file mode 100644
index 0000000..88dd662
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
@@ -0,0 +1,534 @@
+theory p_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def p_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule p_before_passive_prog.node_0)
+apply simp
+unfolding p_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma Mods_anon5_LoopBody:
+shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_2)"
+unfolding p_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_passive_prog.block_1 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_2_def p_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_2)
+apply (rule p_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon5_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon5_LoopBody)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon5_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_6_def p_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule p_before_cfg_to_dag_prog.node_6)
+apply (rule p_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon6_LoopDone)
+apply assumption+
+apply (rule p_before_cfg_to_dag_prog.outEdges_6)
+apply (rule p_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon6_LoopBody:
+shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_5)"
+unfolding p_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 0)))] p_before_passive_prog.block_3 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_5_def p_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] p_before_cfg_to_dag_prog.post ns1 s' 4 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_5)
+apply (rule p_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon6_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon6_LoopBody)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopHead:
+shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_4)"
+unfolding p_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_4_def p_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule p_before_cfg_to_dag_prog.node_4)
+apply (rule p_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon6_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon6_LoopHead)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:p_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:p_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+thm member_elim
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 0)))] p_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_3_def p_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_3)
+apply (rule p_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon5_LoopDone)
+apply (assumption+)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:p_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5_LoopHead:
+shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_1)"
+unfolding p_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_1_def p_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule p_before_cfg_to_dag_prog.node_1)
+apply (rule p_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon5_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon5_LoopHead)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:p_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:p_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule p_before_cfg_to_dag_prog.node_0)
+apply (rule p_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:p_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:p_before_passive_prog.outEdges_8))
+by ((simp add:p_before_passive_prog.node_8 p_before_passive_prog.block_8_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule p_before_passive_prog.node_9)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding p_before_passive_prog.block_9_def
+apply (rule assume_pres_normal[where ?es=p_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding p_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule p_before_passive_prog.outEdges_9)
+apply ((simp add:p_before_passive_prog.node_8 p_before_passive_prog.block_8_def))
+apply (rule p_before_passive_prog.outEdges_8)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule p_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms p_before_cfg_to_dag_prog.proc))"
+  apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
new file mode 100644
index 0000000..d23b383
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
@@ -0,0 +1,343 @@
+theory p_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_0_def p_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(0,(Inl 4))]) R_old p_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_2_def p_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(0,(Inl 5))]) R_old p_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_3_def p_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_4(2)))
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old p_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_4_def p_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_3(2)))
+by simp
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_5_def p_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old p_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_6_def p_passive_prog.block_6_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old p_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_7_def p_passive_prog.block_7_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_8_def p_passive_prog.block_8_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding p_before_passive_prog.block_9_def p_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_anon5_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_anon6_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_3},@{thm p_before_passive_prog.outEdges_3}) (@{thm p_passive_prog.node_3},@{thm p_passive_prog.outEdges_3}) @{thm block_anon6_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_4},@{thm p_before_passive_prog.outEdges_4}) (@{thm p_passive_prog.node_4},@{thm p_passive_prog.outEdges_4}) @{thm block_anon6_LoopHead} [
+@{thm cfg_block_anon6_LoopDone}, 
+@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_5},@{thm p_before_passive_prog.outEdges_5}) (@{thm p_passive_prog.node_5},@{thm p_passive_prog.outEdges_5}) @{thm block_anon5_LoopDone} [
+@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_6},@{thm p_before_passive_prog.outEdges_6}) (@{thm p_passive_prog.node_6},@{thm p_passive_prog.outEdges_6}) @{thm block_anon5_LoopHead} [
+@{thm cfg_block_anon5_LoopDone}, 
+@{thm cfg_block_anon5_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_7},@{thm p_before_passive_prog.outEdges_7}) (@{thm p_passive_prog.node_7},@{thm p_passive_prog.outEdges_7}) @{thm block_anon0} [
+@{thm cfg_block_anon5_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_8},@{thm p_before_passive_prog.outEdges_8}) (@{thm p_passive_prog.node_8},@{thm p_passive_prog.outEdges_8}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_9},@{thm p_before_passive_prog.outEdges_9}) (@{thm p_passive_prog.node_9},@{thm p_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using p_before_passive_prog.globals_locals_disj apply auto[1]
+using p_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 9)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from p_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy
new file mode 100644
index 0000000..fef6ee3
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy
@@ -0,0 +1,199 @@
+theory p_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 4) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 4) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 3))),(Assert (BinOp (Var 3) Eq (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 3) Lt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 3) Add (Lit (LInt 1))))),(Assert (BinOp (Var 5) Le (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 3) Le (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2))),(Assert (BinOp (Var 2) Le (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 2) Ge (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[2,3],[4],[5,1],[6],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(5,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_3:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_4:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_3:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_4:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_4
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy
new file mode 100644
index 0000000..98ae579
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy
@@ -0,0 +1,364 @@
+theory p_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon5_LoopBody
+  where
+    "vc_anon5_LoopBody x_1 x_2 = (((x_1 > (0::int)) \<and> (x_2 = (x_1 - (1::int)))) \<longrightarrow> (x_2 \<ge> (0::int)))"
+definition vc_anon6_LoopDone
+  where
+    "vc_anon6_LoopDone x_3 = (((0::int) \<le> x_3) \<longrightarrow> (x_3 = (0::int)))"
+definition vc_anon6_LoopBody
+  where
+    "vc_anon6_LoopBody x_3 x_4 = (((x_3 < (0::int)) \<and> (x_4 = (x_3 + (1::int)))) \<longrightarrow> (x_4 \<le> (0::int)))"
+definition vc_anon6_LoopHead
+  where
+    "vc_anon6_LoopHead x_3 x_4 = ((x_3 \<le> (0::int)) \<longrightarrow> ((vc_anon6_LoopDone x_3) \<and> (vc_anon6_LoopBody x_3 x_4)))"
+definition vc_anon5_LoopDone
+  where
+    "vc_anon5_LoopDone x_1 x_3 x_4 = (((0::int) \<ge> x_1) \<longrightarrow> ((x_1 \<le> (0::int)) \<and> ((x_1 \<le> (0::int)) \<longrightarrow> (vc_anon6_LoopHead x_3 x_4))))"
+definition vc_anon5_LoopHead
+  where
+    "vc_anon5_LoopHead x_1 x_3 x_4 x_2 = ((x_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon5_LoopDone x_1 x_3 x_4) \<and> (vc_anon5_LoopBody x_1 x_2)))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 x_1 x_3 x_4 x_2 = ((x_0 \<ge> (0::int)) \<and> ((x_0 \<ge> (0::int)) \<longrightarrow> (vc_anon5_LoopHead x_1 x_3 x_4 x_2)))"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry x_0 x_1 x_3 x_4 x_2 = (vc_anon0 x_0 x_1 x_3 x_4 x_2)"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_2)))" and 
+G4: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_3)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_4)))" and 
+G6: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6
+lemmas forall_poly_thm = forall_vc_type[OF G6]
+lemmas exists_poly_thm = exists_vc_type[OF G6]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding p_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon5_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon5_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_x_1 vc_x_2) \<Longrightarrow> (s' = Magic)))"
+unfolding p_passive_prog.block_1_def vc.vc_anon5_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopDone_hints = [
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon6_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_x_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding p_passive_prog.block_2_def vc.vc_anon6_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon6_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_x_3 vc_x_4) \<Longrightarrow> (s' = Magic)))"
+unfolding p_passive_prog.block_3_def vc.vc_anon6_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon6_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopHead vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_3) \<and> (vc.vc_anon6_LoopBody vc_x_3 vc_x_4))))))))"
+unfolding p_passive_prog.block_4_def vc.vc_anon6_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopDone_hints = [
+(AssumeConjR 0,NONE), 
+(AssertSub,NONE)]
+\<close>
+lemma block_anon5_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6_LoopHead vc_x_3 vc_x_4)))))))"
+unfolding p_passive_prog.block_5_def vc.vc_anon5_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopHead vc_x_1 vc_x_3 vc_x_4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))))))))"
+unfolding p_passive_prog.block_6_def vc.vc_anon5_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon0_hints = [
+(AssertSub,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5_LoopHead vc_x_1 vc_x_3 vc_x_4 vc_x_2)))))))"
+unfolding p_passive_prog.block_7_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_8 (Normal n_s) s')" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)))))"
+using assms
+unfolding p_passive_prog.block_8_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding p_passive_prog.block_9_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopBody vc_x_1 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) p_passive_prog.node_1])
+by (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopDone vc_x_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) p_passive_prog.node_2])
+apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopBody vc_x_3 vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) p_passive_prog.node_3])
+by (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopHead vc_x_3 vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_4])
+apply (erule block_anon6_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_5])
+apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopHead vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_6])
+apply (erule block_anon5_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_7])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_8])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_9])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
+apply (subst lookup_var_local[OF p_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_3])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_4])
+apply (subst lookup_var_local[OF p_passive_prog.m_x_4])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (rule HOL.conjunct1[OF sc_x_3])
+apply (rule HOL.conjunct1[OF sc_x_4])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
new file mode 100644
index 0000000..cf279de
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
@@ -0,0 +1,472 @@
+theory while_example2_ast_cfg_proof
+  imports Main 
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          p_before_cfg_to_dag_prog 
+          while_example2_before_ast_cfg
+          p_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+          p_before_passive_prog 
+          p_passification_proof 
+          p_vcphase_proof
+
+begin
+declare Nat.One_nat_def[simp del]
+
+abbreviation \<Lambda>1_local
+  where
+    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
+
+definition body_bb1 
+  where "body_bb1 \<equiv> BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None"
+
+definition body_bb2 
+  where "body_bb2 \<equiv> BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None"
+
+definition unwrapped_bigblock1 where
+  "unwrapped_bigblock1 \<equiv> 
+            (BigBlock None [] 
+            (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) 
+                      [(BinOp (Var 0) Le (Lit (LInt 0)))]
+                      [BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None]))
+             None)"
+
+definition loop_only_bigblock0 where
+  "loop_only_bigblock0 \<equiv> 
+            (BigBlock None [] 
+            (Some (WhileWrapper
+                  (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                  [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                  [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None]))) 
+             None)"
+
+definition unwrapped_bigblock0 where
+  "unwrapped_bigblock0 \<equiv> 
+            (BigBlock None [] 
+            (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                      [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                      [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None])) 
+             None)"
+
+lemma bb0_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+          apply simp+
+        apply (rule Red_bb)
+       apply (rule Red_impl, simp)
+      apply (simp add: bigblock0_def)
+     apply simp
+    apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
+    done
+qed
+
+lemma first_loop_body_bb_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    unfolding p_before_cfg_to_dag_prog.block_2_def 
+    apply (rule block_local_rel_guard_true)
+           apply (rule Rel_Main_test[of body_bb1])
+           apply (simp add: body_bb1_def)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb)
+       apply (rule Red_impl)
+       apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
+      apply (simp add: body_bb1_def)
+     apply simp+
+    done
+qed 
+
+lemma second_loop_body_bb_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (body_bb2, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Lt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    unfolding p_before_cfg_to_dag_prog.block_5_def
+    apply (rule block_local_rel_guard_true)
+           apply (rule Rel_Main_test[of body_bb2])
+           apply (simp add: body_bb2_def)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb)
+       apply (rule Red_impl)
+       apply (simp add: p_before_cfg_to_dag_prog.block_5_def)
+      apply (simp add: body_bb2_def)
+     apply simp+
+    done
+qed
+
+lemma bb2_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock2 , KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_6, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    unfolding p_before_cfg_to_dag_prog.block_6_def
+    apply (rule block_local_rel_guard_false)
+            apply (rule Rel_Main_test[of bigblock2])
+            apply (simp add: bigblock2_def)
+           apply (rule neg_lt2)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule Red_bb)
+       apply (rule Red_impl)
+       apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
+      apply (simp add: bigblock2_def)
+     apply simp+
+    done
+qed
+
+lemma bb2_global_rel:
+  assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock2, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  using assms
+proof -
+  show ?thesis
+    apply (rule generic_ending_block_after_loop_global_rel)
+            apply (rule Rel_Main_test[of bigblock2])
+            apply (simp add: bigblock2_def)
+           apply (simp add: bigblock2_def)
+           apply simp
+          apply (rule p_before_cfg_to_dag_prog.node_6)
+         apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
+        apply simp
+       apply (rule neg_lt2)
+        apply(rule trace_is_possible)
+       apply (rule concrete_trace)
+      apply (rule cfg_is_correct)
+    apply simp
+    done
+qed
+
+
+
+lemma second_loop_body_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb2, (KSeq unwrapped_bigblock1 (KEndBlock (KSeq bigblock2 KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Lt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
+  and loop_ih:
+        "\<And>k ns1''. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock1, (KEndBlock (KSeq bigblock2 KStop)), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+proof -
+  show ?thesis
+    apply (rule block_global_rel_if_true)
+                apply (rule Rel_Main_test[of body_bb2])
+                apply (simp add: body_bb2_def)
+              apply (rule j_step_ast_trace)
+             apply (simp add: body_bb2_def)
+             apply simp
+            apply simp
+           apply (rule p_before_cfg_to_dag_prog.node_5)
+          apply (rule p_before_cfg_to_dag_prog.block_5_def)
+         apply (rule cfg_is_correct)
+         apply simp+
+      apply (rule trace_is_possible)
+     apply (rule second_loop_body_bb_local_rel)
+       apply assumption+
+     apply (rule trace_is_possible)
+    apply (simp add: p_before_cfg_to_dag_prog.outEdges_5)
+    apply (simp add: member_rec)
+    apply (rule loop_ih)
+      apply auto
+    done
+qed
+
+lemma second_loop_head_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock1, (KEndBlock (KSeq bigblock2 KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+  case (less j)
+  then show ?case 
+  proof (cases j)
+    case 0
+    then show ?thesis
+      using Ast.valid_configuration_def less.prems(1) by fastforce
+  next
+    case (Suc j')
+    show ?thesis
+      apply (rule block_global_rel_loop_head)
+              apply (rule Rel_Invs[of unwrapped_bigblock1 _ _ _ p_before_cfg_to_dag_prog.block_4])
+              apply (simp add: unwrapped_bigblock1_def p_before_cfg_to_dag_prog.block_4_def)
+             apply (rule less(2))
+            apply (rule less(3), simp)
+           apply (simp add: unwrapped_bigblock1_def)
+          apply simp                 
+         apply (rule block_local_rel_loop_head)
+              apply (rule Rel_Invs[of unwrapped_bigblock1])
+              apply (simp add: unwrapped_bigblock1_def)
+           apply (simp add: unwrapped_bigblock1_def)
+           apply simp
+           apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
+          apply simp
+         apply simp
+        apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
+       apply (simp add: p_before_cfg_to_dag_prog.node_4)
+      apply(rule disjE)
+        apply assumption
+
+       apply (erule allE[where x = 5])
+       apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)
+       apply (simp add:member_rec(1))
+       apply (rule conjE)
+        apply assumption
+       apply simp
+       apply (rule second_loop_body_global_rel)
+          apply (simp add: body_bb2_def)
+         apply simp
+        apply assumption
+       apply (rule less.IH)
+         apply (erule strictly_smaller_helper2)
+         apply assumption+
+
+      apply (erule allE[where x = 6])
+      apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)
+      apply (simp add:member_rec(1))
+      apply (rule conjE)
+       apply assumption
+      apply simp
+      apply (rule ending)
+           apply assumption
+          apply assumption 
+         apply simp
+        apply blast
+       apply assumption
+      apply (rule bb2_global_rel)
+        apply assumption+
+      done
+  qed
+qed
+
+lemma first_loop_body_global_rel:
+  assumes j_step_ast_trace: 
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb1, (KSeq unwrapped_bigblock0 (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop)))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0), ns1\<rangle> \<Down> BoolV True"
+  and loop_ih:
+        "\<And>k ns1''. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock0, (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+proof -
+  show ?thesis
+    apply (rule block_global_rel_if_true)
+              apply (rule Rel_Main_test[of body_bb1])
+              apply (simp add: body_bb1_def)
+              apply (rule j_step_ast_trace)
+             apply (simp add: body_bb1_def)
+             apply simp
+            apply simp
+           apply (rule p_before_cfg_to_dag_prog.node_2)
+          apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
+         apply (rule cfg_is_correct)
+         apply simp+
+      apply (rule trace_is_possible)
+     apply (rule first_loop_body_bb_local_rel)
+       apply assumption
+      apply simp
+     apply (rule trace_is_possible)
+    apply (simp add: p_before_cfg_to_dag_prog.outEdges_2)
+    apply (simp add: member_rec)
+    apply (rule loop_ih)
+      apply auto
+    done
+qed
+
+lemma first_loop_head_global_rel:
+  assumes j_step_ast_trace: 
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock0, (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms 
+proof (induction j arbitrary: ns1 rule: less_induct)
+  case (less j)
+  then show ?case 
+  proof (cases j)
+    case 0
+    then show ?thesis
+      using valid_configuration_def less.prems(1) by fastforce
+  next
+    case (Suc j')
+    show ?thesis
+      apply (rule block_global_rel_loop_head) 
+               apply (rule Rel_Invs[of unwrapped_bigblock0 _ _ _ p_before_cfg_to_dag_prog.block_1])
+              apply (simp add: unwrapped_bigblock0_def p_before_cfg_to_dag_prog.block_1_def)
+             apply (rule less(2))
+            apply (rule less(3), simp)
+            apply (simp add: unwrapped_bigblock0_def)
+          apply simp                 
+         apply (rule block_local_rel_loop_head)
+             apply (rule Rel_Invs[of unwrapped_bigblock0])
+             apply (simp add: unwrapped_bigblock0_def)
+           apply (simp add: unwrapped_bigblock0_def)
+           apply (simp)
+           apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
+          apply simp
+         apply simp
+        apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
+       apply (simp add: p_before_cfg_to_dag_prog.node_1)
+       apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
+      apply(rule disjE)
+        apply assumption
+    
+       apply (erule allE[where x = 2])
+       apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
+       apply (simp add:member_rec(1))
+       apply (rule conjE)
+        apply assumption
+       apply simp
+       apply (rule first_loop_body_global_rel)
+          apply (simp add: body_bb1_def)
+         apply simp
+        apply assumption
+       apply (rule less.IH)
+         apply (erule strictly_smaller_helper2)
+         apply assumption+
+
+      apply (erule allE[where x = 3])
+      apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
+      apply (simp add:member_rec(1))
+      apply (rule conjE)
+       apply assumption
+      apply simp
+      apply (rule ending2)
+              apply assumption
+             apply (simp add: bigblock1_def bigblock2_def)
+            apply simp
+           apply assumption
+          apply assumption
+         apply (simp add: p_before_cfg_to_dag_prog.node_3)
+         apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
+        apply (rule neg_gt2)
+       apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
+       apply (simp add: member_rec)
+      apply (rule second_loop_head_global_rel)
+       apply (simp add: unwrapped_bigblock1_def bigblock2_def)
+      apply auto
+      done
+  qed
+qed
+
+lemma entry_block_global_rel:
+  assumes j_step_ast_trace: 
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
+  using assms
+proof -
+  show ?thesis
+    unfolding while_example2_before_ast_cfg.post_def
+    apply (rule block_global_rel_while_successor)
+          apply (rule j_step_ast_trace)
+          apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
+          apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+         apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+        apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
+       apply (rule p_before_cfg_to_dag_prog.node_0)
+      apply (rule cfg_is_correct, simp)
+     apply (simp add: p_before_cfg_to_dag_prog.node_0)
+     apply (rule bb0_local_rel)
+      apply assumption
+     apply simp
+    apply (rule first_loop_head_global_rel)
+     apply (simp add: unwrapped_bigblock0_def)
+    apply (simp add: p_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add: member_rec(1))
+    done
+qed
+
+abbreviation \<Lambda>0_local
+  where
+    "\<Lambda>0_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
+lemma end_to_end_theorem_aux2:
+assumes 
+Red: "rtranclp (red_bigblock 
+      A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<Gamma> [] 
+            while_example2_before_ast_cfg.proc_body) 
+      (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) (end_bb, end_cont, end_state)" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0_local \<Gamma> [] ns while_example2_before_ast_cfg.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0_local))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0_local))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0_local \<Gamma> [] while_example2_before_ast_cfg.post end_bb end_cont end_state)"
+proof -
+  from Red obtain j where 
+    Aux:"(A,M,((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)),\<Gamma>,[],while_example2_before_ast_cfg.proc_body \<turnstile> (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) -n\<longrightarrow>^j (end_bb, end_cont, end_state))"
+by (meson rtranclp_imp_relpowp)
+  show ?thesis
+apply (rule entry_block_global_rel)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
+                 p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
+                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def
+                                   while_example2_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
+                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
+                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+done
+qed
+
+lemma initialization:                              
+  assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock0, bigblock1, bigblock2] ns1) (reached_bb, reached_cont, reached_state)"
+  shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, KSeq bigblock1 (KSeq bigblock2 KStop), Normal ns1) (reached_bb, reached_cont, reached_state)" 
+  using assms
+  by simp
+ 
+
+lemma end_to_end_theorem2:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))"
+shows "(\<And> A. (Ast.proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms while_example2_before_ast_cfg.proc_ast))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux2])
+apply (rule initialization)
+unfolding while_example2_before_ast_cfg.proc_body_def
+apply assumption using VC apply simp  apply assumption+
+apply (simp_all add: 
+      exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2
+      while_example2_before_ast_cfg.proc_ast_def while_example2_before_ast_cfg.proc_body_def)
+done
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
new file mode 100644
index 0000000..ac8ef55
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
@@ -0,0 +1,102 @@
+theory while_example2_before_ast_cfg
+  imports Main 
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "../global_data"
+
+begin
+
+definition bigblock0
+  where "bigblock0 \<equiv> 
+          (BigBlock None [(Havoc 0)] 
+            (Some (WhileWrapper 
+                  (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                  [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                  [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None]))) 
+             None)"
+
+definition bigblock1
+  where "bigblock1 \<equiv> 
+          (BigBlock None [] 
+            (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) 
+                      [(BinOp (Var 0) Le (Lit (LInt 0)))]
+                      [BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None]))) 
+             None)"
+
+definition bigblock2
+  where "bigblock2 \<equiv> 
+          (BigBlock None [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] None None)"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 #  bigblock1 # bigblock2 # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),None)]"
+
+lemma locals_min_aux:
+shows "(((map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_example2_before_ast_cfg.params_vdecls) )"
+unfolding while_example2_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_example2_before_ast_cfg.locals_vdecls) )"
+unfolding while_example2_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "ast_procedure"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = while_example2_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_example2_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec while_example2_before_ast_cfg.post),proc_body = (Some (while_example2_before_ast_cfg.locals_vdecls,while_example2_before_ast_cfg.proc_body))|)"
+
+
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~
new file mode 100644
index 0000000..2a65996
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~
@@ -0,0 +1,9 @@
+theory while_example_2_before_ast_cfg
+  imports Main 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Ast"
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics"
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/generated_example_proofs/while_example2_proofs/global_data"
+
+begin
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/global_data.thy b/BoogieLang/generated_example_proofs/while_example_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..7e2363b
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
@@ -0,0 +1,131 @@
+theory m_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = [(Assert (BinOp (Var 0) Le (Var 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Lt (Var 1))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 1) Le (Var 0))),(Assert (BinOp (Var 0) Ge (Var 1)))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[3,2],[1],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding m_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding m_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_i:
+shows "((map_of (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_n:
+shows "((map_of (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_i:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_i
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_n:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = m_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec m_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec m_before_cfg_to_dag_prog.post),proc_body = (Some (m_before_cfg_to_dag_prog.locals_vdecls,m_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_passive_prog.thy b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_passive_prog.thy
new file mode 100644
index 0000000..5e21755
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_passive_prog.thy
@@ -0,0 +1,106 @@
+theory m_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Le (Var 0))),(Assert (BinOp (Var 0) Ge (Var 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Lt (Var 1))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Var 1))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Var 1)))]"
+definition block_4
+  where
+    "block_4  = [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 0) Le (Var 1)))]"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_cfgtodag_proof.thy
new file mode 100644
index 0000000..9c04d95
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_cfgtodag_proof.thy
@@ -0,0 +1,346 @@
+theory m_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML m_before_cfg_to_dag_prog m_before_passive_prog m_passification_proof m_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 m_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def m_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule m_before_passive_prog.node_0)
+apply simp
+unfolding m_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon3_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding m_before_cfg_to_dag_prog.block_3_def m_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule m_before_cfg_to_dag_prog.node_3)
+apply (rule m_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_LoopDone)
+apply assumption+
+apply (rule m_before_cfg_to_dag_prog.outEdges_3)
+apply (rule m_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon3_LoopBody:
+shows "(mods_contained_in (set [0]) m_before_cfg_to_dag_prog.block_2)"
+unfolding m_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon3_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Var 1))] m_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding m_before_cfg_to_dag_prog.block_2_def m_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf m_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms m_before_cfg_to_dag_prog.l_i(2) m_before_cfg_to_dag_prog.l_n(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon3_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon3_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Var 1))] m_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule m_before_cfg_to_dag_prog.node_2)
+apply (rule m_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon3_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon3_LoopBody)
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon3_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon3_LoopHead:
+shows "(mods_contained_in (set [0]) m_before_cfg_to_dag_prog.block_1)"
+unfolding m_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon3_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Var 1))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding m_before_cfg_to_dag_prog.block_1_def m_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:m_before_cfg_to_dag_prog.l_i(1)))
+apply simp
+done
+
+lemma cfg_block_anon3_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Var 1))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule m_before_cfg_to_dag_prog.node_1)
+apply (rule m_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon3_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon3_LoopHead)
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:m_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:m_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Var 1))] m_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding m_before_cfg_to_dag_prog.block_0_def m_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf m_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms m_before_cfg_to_dag_prog.l_i(2) m_before_cfg_to_dag_prog.l_n(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule m_before_cfg_to_dag_prog.node_0)
+apply (rule m_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:m_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:m_before_passive_prog.outEdges_5))
+by ((simp add:m_before_passive_prog.node_5 m_before_passive_prog.block_5_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 m_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule m_before_passive_prog.node_6)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding m_before_passive_prog.block_6_def
+apply (rule assume_pres_normal[where ?es=m_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding m_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule m_before_passive_prog.outEdges_6)
+apply ((simp add:m_before_passive_prog.node_5 m_before_passive_prog.block_5_def))
+apply (rule m_before_passive_prog.outEdges_5)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns m_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] m_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule m_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms m_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 m_before_cfg_to_dag_prog.proc_def m_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passification_proof.thy b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passification_proof.thy
new file mode 100644
index 0000000..41c28c7
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passification_proof.thy
@@ -0,0 +1,291 @@
+theory m_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_passive_prog m_passive_prog Boogie_Lang.PassificationML m_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_0_def m_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_1_def m_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old m_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_2_def m_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:m_before_cfg_to_dag_prog.l_i(2) m_passive_prog.l_i_1(2)))
+by simp
+
+lemma block_anon3_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old m_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_3_def m_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:m_before_cfg_to_dag_prog.l_i(2) m_passive_prog.l_i_0(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old m_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_4_def m_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_5_def m_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_6_def m_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm m_before_passive_prog.node_0},@{thm m_before_passive_prog.outEdges_0}) (@{thm m_passive_prog.node_0},@{thm m_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon3_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_1},@{thm m_before_passive_prog.outEdges_1}) (@{thm m_passive_prog.node_1},@{thm m_passive_prog.outEdges_1}) @{thm block_anon3_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon3_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_2},@{thm m_before_passive_prog.outEdges_2}) (@{thm m_passive_prog.node_2},@{thm m_passive_prog.outEdges_2}) @{thm block_anon3_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon3_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_3},@{thm m_before_passive_prog.outEdges_3}) (@{thm m_passive_prog.node_3},@{thm m_passive_prog.outEdges_3}) @{thm block_anon3_LoopHead} [
+@{thm cfg_block_anon3_LoopDone}, 
+@{thm cfg_block_anon3_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_4},@{thm m_before_passive_prog.outEdges_4}) (@{thm m_passive_prog.node_4},@{thm m_passive_prog.outEdges_4}) @{thm block_anon0} [
+@{thm cfg_block_anon3_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_5},@{thm m_before_passive_prog.outEdges_5}) (@{thm m_passive_prog.node_5},@{thm m_passive_prog.outEdges_5}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_6},@{thm m_before_passive_prog.outEdges_6}) (@{thm m_passive_prog.node_6},@{thm m_passive_prog.outEdges_6}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] m_before_passive_prog.proc_body ((Inl 6),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = [(1,(Inl 1))]"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+apply ((simp add:m_before_cfg_to_dag_prog.l_n(2) m_passive_prog.l_n(2)))
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv m_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding m_passive_prog.params_vdecls_def m_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using m_before_passive_prog.globals_locals_disj apply auto[1]
+using m_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 1)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] m_passive_prog.proc_body u (Inl 6)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] m_passive_prog.proc_body ((Inl 6),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from m_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passive_prog.thy b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passive_prog.thy
new file mode 100644
index 0000000..61a9be6
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passive_prog.thy
@@ -0,0 +1,148 @@
+theory m_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Le (Var 2))),(Assert (BinOp (Var 2) Ge (Var 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 2) Lt (Var 1))),(Assume (BinOp (Var 3) Eq (BinOp (Var 2) Add (Lit (LInt 1))))),(Assert (BinOp (Var 3) Le (Var 1))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 2) Le (Var 1)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assert (BinOp (Lit (LInt 0)) Le (Var 1)))]"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding m_passive_prog.params_vdecls_def m_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_i:
+shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_n:
+shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_i_0:
+shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_i_1:
+shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_i:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_i
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_n:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_i_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_i_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_i_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_i_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_vcphase_proof.thy b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_vcphase_proof.thy
new file mode 100644
index 0000000..8716396
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_vcphase_proof.thy
@@ -0,0 +1,271 @@
+theory m_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML m_passive_prog m_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon3_LoopDone
+  where
+    "vc_anon3_LoopDone n i_0 = ((n \<le> i_0) \<longrightarrow> (i_0 \<ge> n))"
+definition vc_anon3_LoopBody
+  where
+    "vc_anon3_LoopBody i_0 n i_1 = (((i_0 < n) \<and> (i_1 = (i_0 + (1::int)))) \<longrightarrow> (i_1 \<le> n))"
+definition vc_anon3_LoopHead
+  where
+    "vc_anon3_LoopHead i_0 n i_1 = ((i_0 \<le> n) \<longrightarrow> ((vc_anon3_LoopDone n i_0) \<and> (vc_anon3_LoopBody i_0 n i_1)))"
+definition vc_anon0
+  where
+    "vc_anon0 n i_0 i_1 = ((n > (0::int)) \<longrightarrow> (((0::int) \<le> n) \<and> (((0::int) \<le> n) \<longrightarrow> (vc_anon3_LoopHead i_0 n i_1))))"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry n i_0 i_1 = (vc_anon0 n i_0 i_1)"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_i :: "int" and vc_n :: "int" and vc_i_0 :: "int" and vc_i_1 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_i)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_n)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_i_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_i_1)))" and 
+G4: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4
+lemmas forall_poly_thm = forall_vc_type[OF G4]
+lemmas exists_poly_thm = exists_vc_type[OF G4]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding m_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon3_LoopDone_hints = [
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon3_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding m_passive_prog.block_1_def vc.vc_anon3_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon3_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon3_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopBody vc_i_0 vc_n vc_i_1) \<Longrightarrow> (s' = Magic)))"
+unfolding m_passive_prog.block_2_def vc.vc_anon3_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon3_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon3_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopHead vc_i_0 vc_n vc_i_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<and> (vc.vc_anon3_LoopBody vc_i_0 vc_n vc_i_1))))))))"
+unfolding m_passive_prog.block_3_def vc.vc_anon3_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon0_hints = [
+(AssumeConjR 0,NONE), 
+(AssertSub,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_n vc_i_0 vc_i_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3_LoopHead vc_i_0 vc_n vc_i_1)))))))"
+unfolding m_passive_prog.block_4_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_5 (Normal n_s) s')" and 
+"(vc.vc_anon0 vc_n vc_i_0 vc_i_1)"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_i_0 vc_i_1)))))"
+using assms
+unfolding m_passive_prog.block_5_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_i_0 vc_i_1)))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding m_passive_prog.block_6_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) m_passive_prog.node_0 m_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon3_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3_LoopDone vc_n vc_i_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) m_passive_prog.node_1])
+apply (erule block_anon3_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3_LoopBody vc_i_0 vc_n vc_i_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) m_passive_prog.node_2])
+by (erule block_anon3_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon3_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3_LoopHead vc_i_0 vc_n vc_i_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_3])
+apply (erule block_anon3_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_n vc_i_0 vc_i_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_4])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_n vc_i_0 vc_i_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_5])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_6])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) \<Gamma> [] m_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_i:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i])
+apply (subst lookup_var_local[OF m_passive_prog.m_i])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_n:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_n])
+apply (subst lookup_var_local[OF m_passive_prog.m_n])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_i_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i_0])
+apply (subst lookup_var_local[OF m_passive_prog.m_i_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_i_1:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i_1])
+apply (subst lookup_var_local[OF m_passive_prog.m_i_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_i])
+apply (rule HOL.conjunct1[OF sc_n])
+apply (rule HOL.conjunct1[OF sc_i_0])
+apply (rule HOL.conjunct1[OF sc_i_1])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_ast_cfg_proof.thy
new file mode 100644
index 0000000..2e235b2
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_ast_cfg_proof.thy
@@ -0,0 +1,5 @@
+theory while_example_ast_cfg_proof
+  imports Main Boogie_Lang.Ast Boogie_Lang.Semantics "../global_data" while_example_before_ast_cfg m_before_cfg_to_dag_prog
+
+begin
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_before_ast_cfg.thy
new file mode 100644
index 0000000..a7f11c0
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_before_ast_cfg.thy
@@ -0,0 +1,89 @@
+theory while_example_before_ast_cfg
+  imports Main 
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Ast"
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics"
+          "/home/alex/boogie_related/foundational_boogie/BoogieLang/generated_example_proofs/while_example_proofs/global_data"
+
+begin
+
+definition bigblock0
+  where "bigblock0 = 
+          (BigBlock None [(Assign 0 (Lit (LInt 0))), (Assume (BinOp (Var 1) Gt (Lit (LInt 0))))] 
+            (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Var 1))) 
+                      [(BinOp (Var 0) Le (Var 1))]
+                      [BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None])) 
+             None)"
+
+definition bigblock1
+  where "bigblock1 = 
+          (BigBlock None [(Assert (BinOp (Var 0) Ge (Var 1)))] None None)"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 #  bigblock1  # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+
+lemma locals_min_aux:
+shows "(((map fst (append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding while_example_before_ast_cfg.params_vdecls_def while_example_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_example_before_ast_cfg.params_vdecls) )"
+unfolding while_example_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_example_before_ast_cfg.locals_vdecls) )"
+unfolding while_example_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "ast_procedure"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = while_example_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_example_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec while_example_before_ast_cfg.post),proc_body = (Some (while_example_before_ast_cfg.locals_vdecls,while_example_before_ast_cfg.proc_body))|)"

From 3753ed43198a9bb6a420bb2ffc4feb486e65a7ea Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Thu, 2 Jun 2022 00:07:59 +0200
Subject: [PATCH 15/74] annotated Ast_Cfg_Transformation.thy

---
 BoogieLang/Ast.thy                            |  167 +-
 BoogieLang/Ast_Cfg_Transformation.thy         | 1993 +++++++----------
 BoogieLang/Ast_to_Cfg_Validation.thy          |  207 ++
 .../empty_branch_if_ast_cfg_proof.thy         |  183 --
 .../empty_branch_if_before_ast_cfg.thy        |   89 -
 ...empty_branch_if_before_cfg_to_dag_prog.thy |  122 -
 .../empty_branch_if_before_passive_prog.thy   |   95 -
 .../empty_branch_if_cfgtodag_proof.thy        |  292 ---
 .../empty_branch_if_passification_proof.thy   |  262 ---
 .../empty_branch_if_passive_prog.thy          |  128 --
 .../empty_branch_if_vcphase_proof.thy         |  241 --
 .../if_example_proofs/global_data.thy         |   34 -
 .../p_proofs/if_example_ast_cfg_proof.thy     |  287 ---
 .../p_proofs/if_example_ast_form~             |    4 -
 .../p_proofs/if_example_before_ast_cfg.thy    |   90 -
 .../p_proofs/p_before_cfg_to_dag_prog.thy     |  125 --
 .../p_proofs/p_before_passive_prog.thy        |   95 -
 .../p_proofs/p_cfgtodag_proof.thy             |  292 ---
 .../p_proofs/p_passification_proof.thy        |  262 ---
 .../p_proofs/p_passive_prog.thy               |  128 --
 .../p_proofs/p_vcphase_proof.thy              |  241 --
 .../nested_loop_before_ast_cfg.thy            |  103 -
 .../nested_loop_before_cfg_to_dag_prog.thy    |  164 --
 .../nested_loop_cfgtodag_proof.thy            |  557 -----
 .../nested_loop_passification_proof.thy       |  349 ---
 .../nested_loop_passive_prog.thy              |  208 --
 .../nested_loop_vcphase_proof.thy             |  370 ---
 ...empty_branch_if_before_cfg_to_dag_prog.thy |  111 -
 ...rd_empty_branch_if_before_passive_prog.thy |   95 -
 ...o_guard_empty_branch_if_cfgtodag_proof.thy |  250 ---
 ...rd_empty_branch_if_passification_proof.thy |  254 ---
 .../no_guard_empty_branch_if_passive_prog.thy |  119 -
 ...no_guard_empty_branch_if_vcphase_proof.thy |  213 --
 .../no_guard_if_proofs/global_data.thy        |   32 -
 .../no_guard_if_ast_cfg_proof.thy             |  158 --
 .../no_guard_if_before_ast_cfg.thy            |   85 -
 .../no_guard_if_before_cfg_to_dag_prog.thy    |  111 -
 .../no_guard_if_before_passive_prog.thy       |   95 -
 .../no_guard_if_cfgtodag_proof.thy            |  250 ---
 .../no_guard_if_passification_proof.thy       |  254 ---
 .../no_guard_if_passive_prog.thy              |  119 -
 .../no_guard_if_vcphase_proof.thy             |  213 --
 .../while_example2_proofs/global_data.thy     |   32 -
 .../p_proofs/p_before_cfg_to_dag_prog.thy     |  155 --
 .../p_proofs/p_cfgtodag_proof.thy             |  534 -----
 .../p_proofs/p_passive_prog.thy               |  199 --
 .../p_proofs/p_vcphase_proof.thy              |  364 ---
 .../p_proofs/while_example2_ast_cfg_proof.thy |  472 ----
 .../while_example2_before_ast_cfg.thy         |  102 -
 .../p_proofs/while_example_2_before_ast_cfg~  |    9 -
 .../consecutive_ifs_ast_cfg_proof.thy         |  307 ++-
 .../consecutive_ifs_before_ast_cfg.thy        |    4 +-
 .../empty_branch_if_ast_cfg_proof.thy         |  154 +-
 .../p_proofs/if_example_ast_cfg_proof.thy     |  168 +-
 .../nested_if_proofs}/global_data.thy         |    0
 .../nested_if_ast_cfg_proof.thy               |  311 +++
 .../nested_if_before_ast_cfg.thy              |   99 +
 .../nested_if_before_cfg_to_dag_prog.thy      |  142 ++
 .../nested_if_before_passive_prog.thy}        |   58 +-
 .../nested_if_cfgtodag_proof.thy              |  342 +++
 .../nested_if_passification_proof.thy}        |  229 +-
 .../nested_if_passive_prog.thy                |  168 ++
 .../nested_if_vcphase_proof.thy               |  291 +++
 .../nested_loop2_proofs}/global_data.thy      |    0
 .../nested_loop2_ast_cfg_proof.thy}           |  320 ++-
 .../nested_loop2_before_ast_cfg.thy           |  108 +
 .../nested_loop2_before_cfg_to_dag_prog.thy   |  197 ++
 .../nested_loop2_before_passive_prog.thy}     |   79 +-
 .../nested_loop2_cfgtodag_proof.thy           |  760 +++++++
 .../nested_loop2_passification_proof.thy      |  411 ++++
 .../nested_loop2_passive_prog.thy             |  259 +++
 .../nested_loop2_vcphase_proof.thy            |  456 ++++
 .../nested_loop_ast_cfg_proof.thy             |  209 +-
 ...no_guard_empty_branch_if_ast_cfg_proof.thy |  148 ++
 ...o_guard_empty_branch_if_before_ast_cfg.thy |   87 +
 .../no_guard_if_ast_cfg_proof.thy             |   55 +-
 .../no_inv_loop_ast_cfg_proof.thy             |  256 +++
 .../no_inv_loop_before_ast_cfg.thy            |   86 +
 .../triangle_example_proofs}/global_data.thy  |    0
 .../triangle_ast_cfg_proof.thy                |  296 +++
 .../triangle_before_ast_cfg.thy               |  109 +
 .../triangle_before_cfg_to_dag_prog.thy       |  140 ++
 .../triangle_before_passive_prog.thy          |  106 +
 .../triangle_cfgtodag_proof.thy               |  372 +++
 .../triangle_passification_proof.thy          |  303 +++
 .../triangle_proofs/triangle_passive_prog.thy |  184 ++
 .../triangle_vcphase_proof.thy                |  309 +++
 .../p_proofs/while_example2_ast_cfg_proof.thy |  225 +-
 88 files changed, 8155 insertions(+), 10907 deletions(-)
 create mode 100644 BoogieLang/Ast_to_Cfg_Validation.thy
 delete mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy
 delete mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/global_data.thy
 delete mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~
 delete mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
 delete mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy
 delete mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/global_data.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/global_data.thy
 delete mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy
 delete mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
 delete mode 100644 BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~
 rename BoogieLang/{completed_example_proofs/empty_branch_if_proofs => generated_example_proofs/nested_if_proofs}/global_data.thy (100%)
 create mode 100644 BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_ast_cfg_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_cfg.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy
 rename BoogieLang/{completed_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy => generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy} (50%)
 create mode 100644 BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy
 rename BoogieLang/{completed_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy => generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy} (50%)
 create mode 100644 BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy
 rename BoogieLang/{completed_example_proofs/nested_loop_proofs => generated_example_proofs/nested_loop2_proofs}/global_data.thy (100%)
 rename BoogieLang/{completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy => generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy} (57%)
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_ast_cfg.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy
 rename BoogieLang/{completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy => generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy} (53%)
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_ast_cfg_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_cfg.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_ast_cfg_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_cfg.thy
 rename BoogieLang/{completed_example_proofs/no_guard_empty_branch_if_proofs => generated_example_proofs/triangle_example_proofs}/global_data.thy (100%)
 create mode 100644 BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_ast_cfg_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_cfg.thy
 create mode 100644 BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy
 create mode 100644 BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy
 create mode 100644 BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 8b7adb0..66ac21f 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -1,8 +1,12 @@
+section \<open>Semantics of the AST\<close>
+
 theory Ast
   imports Main Semantics Lang BackedgeElim
 
 begin
 
+subsection \<open>Defining the AST and how to step through it. An AST is list of \<^term>\<open>bigblock\<close> .\<close>
+
 type_synonym name = string
 type_synonym label = string
 type_synonym guard = expr
@@ -10,7 +14,7 @@ type_synonym invariant = expr
 
 datatype transfer_cmd
  = Goto label
- | Return "expr option"
+ | Return
 
 datatype parsed_structured_cmd
  = ParsedIf "guard option" "bigblock list" "bigblock list"
@@ -23,7 +27,7 @@ and bigblock
 
 type_synonym ast = "bigblock list"
 
-(* continuations; used for formalizing Gotos and numbered Breaks *)
+text \<open>continuations; used for formalizing Gotos and numbered Breaks\<close>
 datatype cont 
  = KStop 
  | KSeq "bigblock" cont
@@ -36,7 +40,7 @@ fun convert_list_to_cont :: "bigblock list \<Rightarrow> cont \<Rightarrow> cont
   | "convert_list_to_cont (x#xs) cont0 = convert_list_to_cont xs (KSeq x cont0)" 
 
 
-(* auxillary function to find the label a Goto statement is referring to *)
+text\<open>auxillary function to find the label a Goto statement is referring to\<close>
 fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Rightarrow> ((bigblock * cont) option)" where
     "find_label lbl [] cont = None" 
   | "find_label lbl ((BigBlock bb_name cmds None None) # []) cont = 
@@ -69,9 +73,8 @@ fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Righta
         else (find_label lbl bbs cont))"
   | "find_label lbl ((BigBlock bb_name cmds (Some s) (Some t)) # bbs) cont = None"
 
-
-(* function defining the semantics of bigblocks; small-step semantics *)
-(* Note: arrow symbols in the 'syntactic sugar' clash if the exact same syntax is used as in red_cmd *)
+text\<open>function defining the semantics of bigblocks; small-step semantics 
+      Note: arrow symbols in the 'syntactic sugar' clash if the exact same syntax is used as in red_cmd\<close>
 inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
   ("_,_,_,_,_,_ \<turnstile> (\<langle>_\<rangle> \<longrightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
@@ -96,7 +99,7 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
                     ((BigBlock bb_name [] None None), cont0, Normal n_s)"
 
   | RedReturn: 
-    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock bb_name [] None (Some (Return val)), cont0, Normal n_s)\<rangle> \<longrightarrow> 
+    "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock bb_name [] None (Some Return), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                           ((BigBlock bb_name [] None None), KStop, Normal n_s)"
 
   | RedParsedIfTrue: 
@@ -163,16 +166,32 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None (Some (Goto label))), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                             (found_bigblock, found_cont, (Normal n_s))"
 
+abbreviation red_bigblock_k_step :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> nat \<Rightarrow> 'a ast_config \<Rightarrow> bool"
+  ("_,_,_,_,_,_ \<turnstile>_ -n\<longrightarrow>^_/ _" [51,0,0,0,0] 81)
+where "red_bigblock_k_step A M \<Lambda> \<Gamma> \<Omega> T c1 n c2 \<equiv> ((red_bigblock A M \<Lambda> \<Gamma> \<Omega> T)^^n) c1 c2"
+
+(*
 inductive red_bigblock_trans :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
   ("_,_,_,_,_,_ \<turnstile> (\<langle>_\<rangle> [\<longrightarrow>]/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
   where
     BBRefl: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>config\<rangle> [\<longrightarrow>] config"
   | BBTrans: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>start_config\<rangle> \<longrightarrow> inter_config;  A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>inter_config\<rangle> [\<longrightarrow>] end_config\<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>start_config\<rangle> [\<longrightarrow>] end_config"
+*)
 
+subsection \<open>Procedure Correctness\<close>
 
+text\<open>defining correctness of the AST\<close>
+
+record ast_procedure =
+  proc_ty_args :: nat
+  proc_args :: vdecls
+  proc_rets :: vdecls
+  proc_modifs :: "vname list"
+  proc_pres :: "(expr \<times> bool) list" 
+  proc_posts :: "(expr \<times> bool) list"
+  proc_body :: "(vdecls \<times> ast) option"
 
-(* defining correctness of the AST *)
 fun get_state :: "'a ast_config \<Rightarrow> 'a state"
   where
     "get_state (bb, cont, s1) = s1"
@@ -198,15 +217,6 @@ definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> proc_cont
           (\<forall> bb cont state. (rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> ast) (init_ast ast ns) (bb, cont, state)) \<longrightarrow> 
                     valid_configuration A \<Lambda> \<Gamma> \<Omega> posts bb cont state)"
 
-record ast_procedure =
-  proc_ty_args :: nat
-  proc_args :: vdecls
-  proc_rets :: vdecls
-  proc_modifs :: "vname list"
-  proc_pres :: "(expr \<times> bool) list" 
-  proc_posts :: "(expr \<times> bool) list"
-  proc_body :: "(vdecls \<times> ast) option"
-
 fun proc_all_pres :: "ast_procedure \<Rightarrow> expr list"
   where "proc_all_pres p = map fst (proc_pres p)"
 
@@ -232,6 +242,7 @@ fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdec
           )))
       | None \<Rightarrow> True)"
 
+(* TODO: Rework this! *)
 inductive syntactic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infixl "\<sim>" 40) 
   where
     refl [simp]:   "a \<sim> a"
@@ -254,7 +265,6 @@ inductive syntactic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infix
   | conj_True:     "a \<guillemotleft>And\<guillemotright> (Lit (LBool True)) \<sim> a"
   | disj_True:     "a \<guillemotleft>Or\<guillemotright> (Lit (LBool True)) \<sim> (Lit (LBool True))"
   | neg_lt:        "UnOp Not (a \<guillemotleft>Lt\<guillemotright> b) \<sim> (a \<guillemotleft>Ge\<guillemotright> b)"
-  (* TODO: combine whichever rules you can and prove symmetry! *)
   | neg_gt1:        "UnOp Not (a \<guillemotleft>Gt\<guillemotright> b) \<sim> (a \<guillemotleft>Le\<guillemotright> b)"
   | neg_gt2:        "UnOp Not (a \<guillemotleft>Gt\<guillemotright> b) \<sim> (b \<guillemotleft>Ge\<guillemotright> a)"
   | neg_le:        "UnOp Not (a \<guillemotleft>Le\<guillemotright> b) \<sim> (a \<guillemotleft>Gt\<guillemotright> b)"
@@ -268,129 +278,18 @@ definition semantic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infix
   "exp1 \<approx> exp2 \<longleftrightarrow> (\<forall> A \<Lambda> \<Gamma> \<Omega> ns val. ((red_expr A \<Lambda> \<Gamma> \<Omega> exp1 ns val) = (red_expr A \<Lambda> \<Gamma> \<Omega> exp2 ns val)))"
 *)
 
-lemma not_true_equals_false:
-  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV True"
-  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV False"
-  using assms
-  sorry
-
-lemma not_false_equals_true:
-  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV False"
-  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV True"
-  using assms
-  sorry
-
-lemma true_equals_not_false:
-  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV True"
-  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV False"
-  using assms
-  sorry
-
-lemma false_equals_not_true:
-  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV False"
-  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV True"
-  using assms
-  sorry
-
-lemma equiv_preserves_value:
-  assumes "a \<sim> b"
-  and "red_expr A \<Lambda> \<Gamma> \<Omega> a ns (BoolV boolean)"
-  shows "red_expr A \<Lambda> \<Gamma> \<Omega> b ns (BoolV boolean)"
-  using assms
-  sorry
-
-(* TODO: Can I avoid needing this? *)
-fun inv_into_assertion :: "expr \<Rightarrow> cmd" where
-  "inv_into_assertion e = (Assert e)"
-
-lemma asserts_hold_if_invs_hold: 
-  assumes "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs"
-  and "assertions = map inv_into_assertion invs"
-  shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1"
-  using assms
-proof (induction invs arbitrary: assertions)
-  case Nil
-  then show ?case  by (simp add: RedCmdListNil)
-next
-  case (Cons e_inv invs_tail)
-  from Cons(2) have prem1: "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs_tail" by (simp add: expr_all_sat_def)
-  from Cons(3) have prem2: "List.tl assertions = map inv_into_assertion invs_tail" by simp
-  from prem1 prem2 have end2: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>List.tl assertions,Normal ns1\<rangle> [\<rightarrow>] Normal ns1" using Cons(1) by blast
-
-  from Cons(2) have act1: "expr_sat A \<Lambda> \<Gamma> \<Omega> ns1 e_inv" by (simp add: expr_all_sat_def)
-  from Cons(3) have act2: "List.hd assertions = (Assert e_inv)" by simp
-  from act1 act2 have end1: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>List.hd assertions,Normal ns1\<rangle> \<rightarrow> Normal ns1" by (simp add: expr_sat_def red_cmd.intros(1))
-
-  then show ?case using end1 end2 by (simp add: Cons.prems(2) RedCmdListCons)
-qed
-
-lemma invs_hold_if_asserts_reduce: 
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, s0\<rangle> [\<rightarrow>] s1"
-  and "s0 = Normal ns1"
-  and "s1 \<noteq> Failure"
-  and "assertions = map inv_into_assertion invs"
-  shows "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs"
-  using assms
-proof (induction arbitrary: invs rule: red_cmd_list.induct)
-  case (RedCmdListNil s)
-  hence "invs = []" by simp
-  then show ?case by (simp add: expr_all_sat_def)
-next
-  case (RedCmdListCons c s s'' cs s')  
-  from RedCmdListCons have "cs = map inv_into_assertion (List.tl invs)" using assms by auto
-  from RedCmdListCons have "c = Assert (hd invs)" by auto 
-
-  from RedCmdListCons(1) this \<open>s = Normal ns1\<close> show ?case
-  proof cases
-    case RedAssertOk thus ?thesis 
-      using RedCmdListCons(1) \<open>c = Assert (hd invs)\<close> \<open>s = Normal ns1\<close> \<open>cs = map inv_into_assertion (List.tl invs)\<close> 
-      by (metis RedCmdListCons.IH RedCmdListCons.prems(2)
-          RedCmdListCons.prems(3) cmd.inject(1) expr_all_sat_def expr_sat_def 
-          list.collapse list.discI list.map_disc_iff list_all_simps(1) state.inject)
-  next
-    case RedAssertFail thus ?thesis using failure_stays_cmd_list RedCmdListCons(2) RedCmdListCons(5) by blast
-  qed auto
-qed
-
-lemma one_inv_fails_assertions: 
-  assumes "invs = invs1 @ [I] @ invs2"
-      and "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs1"
-      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>I,ns1\<rangle> \<Down> BoolV False"
-      and "assertions = map inv_into_assertion invs"
-    shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Failure"
-  using assms
-proof -
-  from assms(4) assms(1) obtain assum1 a_fail assum2 where
-    left: "assum1 = map inv_into_assertion invs1" and
-    mid_fail: "a_fail = inv_into_assertion I" and
-    right: "assum2 = map inv_into_assertion invs2" and
-    concat: "assertions = assum1 @ [a_fail] @ assum2"
-    by simp
-  from assms(2) left have left_red: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assum1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1" using asserts_hold_if_invs_hold by simp
-  from mid_fail have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>a_fail, Normal ns1\<rangle> \<rightarrow> Failure" using red_cmd.intros(2) assms(3) by simp
-  from this left_red have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assum1 @ [a_fail] @ assum2, Normal ns1\<rangle> [\<rightarrow>] Failure" using failure_stays_cmd_list 
-    by (simp add: RedCmdListCons failure_red_cmd_list red_cmd_list_append)
-  thus ?thesis using concat by auto
-qed
-
-
-(* TODO: Discuss Rel_Invs case!  *)
 inductive ast_cfg_rel :: "expr option \<Rightarrow> cmd list \<Rightarrow> bigblock \<Rightarrow> cmd list \<Rightarrow> bool"
   where 
      Rel_Guard_true:
-      "\<lbrakk>ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2\<rbrakk> \<Longrightarrow>
-        ast_cfg_rel (Some block_guard) [] (BigBlock name cs1 any_str any_tr) ((Assume block_guard) # cs2)"
+      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); ast_cfg_rel None [] bb cs2\<rbrakk> \<Longrightarrow>
+        ast_cfg_rel (Some block_guard) [] bb ((Assume block_guard) # cs2)"
    | Rel_Guard_false:
-      "\<lbrakk>ast_cfg_rel None [] (BigBlock name cs1 any_str any_tr) cs2; (UnOp Not block_guard) \<sim> c \<rbrakk> \<Longrightarrow>
-        ast_cfg_rel (Some block_guard) [] (BigBlock name cs1 any_str any_tr) ((Assume c) # cs2)"
+      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); ast_cfg_rel None [] bb cs2; (UnOp Not block_guard) \<sim> c \<rbrakk> \<Longrightarrow>
+        ast_cfg_rel (Some block_guard) [] bb ((Assume c) # cs2)"
    | Rel_Invs:
       "\<lbrakk>bb = (BigBlock name [] any_str any_tr)\<rbrakk> \<Longrightarrow> ast_cfg_rel None assertions bb assertions"
    | Rel_Main_test:
-      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr)\<rbrakk> \<Longrightarrow> ast_cfg_rel None [] bb cs1"
-
-abbreviation red_bigblock_k_step :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> nat \<Rightarrow> 'a ast_config \<Rightarrow> bool"
-  ("_,_,_,_,_,_ \<turnstile>_ -n\<longrightarrow>^_/ _" [51,0,0,0,0] 81)
-where "red_bigblock_k_step A M \<Lambda> \<Gamma> \<Omega> T c1 n c2 \<equiv> ((red_bigblock A M \<Lambda> \<Gamma> \<Omega> T)^^n) c1 c2"
+      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); cs1 = c#cs\<rbrakk> \<Longrightarrow> ast_cfg_rel None [] bb cs1"
 
 end
 
diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index 870a7db..abf9c00 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -1,17 +1,135 @@
-theory Ast_Cfg_Transformation 
+section \<open>Generic lemmas used to validate AST-to-CFG phase\<close>
+
+theory Ast_Cfg_Transformation
    imports Main
           "Boogie_Lang.Ast"
           "Boogie_Lang.Semantics"
           "Boogie_Lang.BackedgeElim"
-begin 
+begin
+subsection \<open>Miscellaneous helper lemmas\<close>
+
+lemma not_true_equals_false:
+  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV True"
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV False"
+  using assms
+  sorry
+
+lemma not_false_equals_true:
+  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV False"
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV True"
+  using assms
+  sorry
+
+lemma true_equals_not_false:
+  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV True"
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV False"
+  using assms
+  sorry
+
+lemma false_equals_not_true:
+  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV False"
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV True"
+  using assms
+  sorry
+
+lemma equiv_preserves_value:
+  assumes "a \<sim> b"
+  and "red_expr A \<Lambda> \<Gamma> \<Omega> a ns (BoolV boolean)"
+  shows "red_expr A \<Lambda> \<Gamma> \<Omega> b ns (BoolV boolean)"
+  using assms
+  sorry
+
+(* TODO: Can I avoid needing this? *)
+fun inv_into_assertion :: "expr \<Rightarrow> cmd" where
+  "inv_into_assertion e = (Assert e)"
+
+text \<open>If all invariants hold, then the block containing the assertions corresponding to the invariants doesn't fail\<close>
+lemma asserts_hold_if_invs_hold: 
+  assumes "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs"
+  and "assertions = map inv_into_assertion invs"
+  shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1"
+  using assms
+proof (induction invs arbitrary: assertions)
+  case Nil
+  then show ?case  by (simp add: RedCmdListNil)
+next
+  case (Cons e_inv invs_tail)
+  from Cons(2) have prem1: "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs_tail" by (simp add: expr_all_sat_def)
+  from Cons(3) have prem2: "List.tl assertions = map inv_into_assertion invs_tail" by simp
+  from prem1 prem2 have end2: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>List.tl assertions,Normal ns1\<rangle> [\<rightarrow>] Normal ns1" using Cons(1) by blast
 
-text \<open>The following are various miscellaneous helper lemmas used later in the proofs of the local and global relation lemmas.\<close>
+  from Cons(2) have act1: "expr_sat A \<Lambda> \<Gamma> \<Omega> ns1 e_inv" by (simp add: expr_all_sat_def)
+  from Cons(3) have act2: "List.hd assertions = (Assert e_inv)" by simp
+  from act1 act2 have end1: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>List.hd assertions,Normal ns1\<rangle> \<rightarrow> Normal ns1" by (simp add: expr_sat_def red_cmd.intros(1))
 
-lemmas converse_rtranclp_induct3 =
-  converse_rtranclp_induct [of _ "(ax, ay, az)" "(bx, by, bz)", split_rule, consumes 1, case_names refl step]
+  then show ?case using end1 end2 by (simp add: Cons.prems(2) RedCmdListCons)
+qed
+
+text \<open>If the block containing the assertions corresponding to the invariants doesn't fail, then all invariants hold\<close>
+lemma invs_hold_if_asserts_reduce: 
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, s0\<rangle> [\<rightarrow>] s1"
+  and "s0 = Normal ns1"
+  and "s1 \<noteq> Failure"
+  and "assertions = map inv_into_assertion invs"
+  shows "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs"
+  using assms
+proof (induction arbitrary: invs rule: red_cmd_list.induct)
+  case (RedCmdListNil s)
+  hence "invs = []" by simp
+  then show ?case by (simp add: expr_all_sat_def)
+next
+  case (RedCmdListCons c s s'' cs s')  
+  from RedCmdListCons have "cs = map inv_into_assertion (List.tl invs)" using assms by auto
+  from RedCmdListCons have "c = Assert (hd invs)" by auto 
+
+  from RedCmdListCons(1) this \<open>s = Normal ns1\<close> show ?case
+  proof cases
+    case RedAssertOk thus ?thesis 
+      using RedCmdListCons(1) \<open>c = Assert (hd invs)\<close> \<open>s = Normal ns1\<close> \<open>cs = map inv_into_assertion (List.tl invs)\<close> 
+      by (metis RedCmdListCons.IH RedCmdListCons.prems(2)
+          RedCmdListCons.prems(3) cmd.inject(1) expr_all_sat_def expr_sat_def 
+          list.collapse list.discI list.map_disc_iff list_all_simps(1) state.inject)
+  next
+    case RedAssertFail thus ?thesis using failure_stays_cmd_list RedCmdListCons(2) RedCmdListCons(5) by blast
+  qed auto
+qed
+
+text \<open>If one invariant doesn't hold, then the block containing the assert cmds corresponding to the invariants fails\<close>
+lemma one_inv_fails_assertions: 
+  assumes "invs = invs1 @ [I] @ invs2"
+      and "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs1"
+      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>I,ns1\<rangle> \<Down> BoolV False"
+      and "assertions = map inv_into_assertion invs"
+    shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Failure"
+  using assms
+proof -
+  from assms(4) assms(1) obtain assum1 a_fail assum2 where
+    left: "assum1 = map inv_into_assertion invs1" and
+    mid_fail: "a_fail = inv_into_assertion I" and
+    right: "assum2 = map inv_into_assertion invs2" and
+    concat: "assertions = assum1 @ [a_fail] @ assum2"
+    by simp
+  from assms(2) left have left_red: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assum1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1" using asserts_hold_if_invs_hold by simp
+  from mid_fail have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>a_fail, Normal ns1\<rangle> \<rightarrow> Failure" using red_cmd.intros(2) assms(3) by simp
+  from this left_red have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assum1 @ [a_fail] @ assum2, Normal ns1\<rangle> [\<rightarrow>] Failure" using failure_stays_cmd_list 
+    by (simp add: RedCmdListCons failure_red_cmd_list red_cmd_list_append)
+  thus ?thesis using concat by auto
+qed
+
+lemma valid_config_implies_not_failure:
+  assumes "Semantics.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
+  shows "s' \<noteq> Failure"
+  using Semantics.valid_configuration_def assms by blast
 
-lemmas converse_rtranclpE3 = converse_rtranclpE [of _ "(xa,xb,xc)" "(za,zb,zc)", split_rule]
+text \<open>If an \<^term>\<open>ast_config\<close> (bigblock, cont, state) is an ending configuration, then any correspoding cfg block is locally correct.\<close>
+lemma end_static:
+  assumes "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock None [] None None, KStop, Normal ns1)\<rangle> \<longrightarrow> (step_bb, step_cont, step_state)"
+  shows "step_state \<noteq> Failure \<and>
+         (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>any_block ,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')"
+  using assms
+  by (cases) auto
 
+text \<open>If an ast configuration is final, then any transition in the ast will stay in the same configuration.\<close>
 lemma final_is_static: 
   assumes "is_final ((BigBlock name [] None None), start_cont, start_state)"
   shows "\<And>A M \<Lambda> \<Gamma> \<Omega> T end_bb end_cont end_state. 
@@ -21,7 +139,6 @@ lemma final_is_static:
 proof -
   fix A M \<Lambda> \<Gamma> \<Omega> T end_bb  end_cont end_state
   have cont_eq: "start_cont = KStop" using assms is_final.elims(1) by blast  
-
   assume prem1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] None None), start_cont, start_state) (end_bb, end_cont, end_state))"
   from prem1 show "((end_bb, end_cont, end_state) = ((BigBlock name [] None None), start_cont, start_state))" using cont_eq
   proof cases 
@@ -42,7 +159,6 @@ next
   case (rtrancl_into_rtrancl a b c)
   then have inter_is_same: "b = (BigBlock name [] None None, start_cont, start_state)" and inter_is_final: "is_final b" by auto
   have "start_cont = KStop" using rtrancl_into_rtrancl(4) is_final.elims(1) rtrancl_into_rtrancl.prems(2) by blast
-
   from rtrancl_into_rtrancl(2) show ?case
     using inter_is_same inter_is_final \<open>start_cont = KStop\<close>
   proof cases
@@ -50,7 +166,6 @@ next
   qed auto
 qed
 
-
 lemma magic_propagates: 
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont, Magic) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
     shows "reached_state = Magic"
@@ -74,10 +189,18 @@ next
     by (metis get_state.simps is_final.elims(2))
   from this obtain name1 where concrete: "first_inter = ((BigBlock name1 [] None None), KStop, Magic)" 
     by blast 
-
   from red_rest show ?thesis using final_config magic_reached concrete final_is_static_propagate by (metis prod.inject relpowp_imp_rtranclp)
 qed 
 
+text \<open>The following are simple helper lemmas used in the proofs that involve applying induction hypotheses to prove global correctness of loop-heads.\<close>
+lemma smaller_helper: "k < j \<Longrightarrow> k < (Suc j)"
+  by simp
+
+lemma less_trans_inv: "y < z \<Longrightarrow> x < y \<Longrightarrow> x < z"
+  using less_trans
+  sorry
+
+lemma eq_to_succ: "x = y \<Longrightarrow> x < (Suc y)" by simp 
 
 lemma strictly_smaller_helper2: "j'' < j' \<Longrightarrow> j = Suc j' \<Longrightarrow> j'' < j"
   by simp
@@ -88,41 +211,192 @@ lemma strictly_smaller_helper3: "j'' < j' \<Longrightarrow> j''' < j'' \<Longrig
 lemma strictly_smaller_helper4: "j' = Suc (Suc j'') \<Longrightarrow> k < j'' \<Longrightarrow> j = Suc j' \<Longrightarrow> k < j"
   by simp
 
-lemma steps_trans_helper:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-  shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bb0, cont0, Normal ns1'') (reached_bb, reached_cont, reached_state)"
-  using assms
+text \<open>The following are helper lemmas related to taking steps through assume cmds in a given ast- or cfg-trace.\<close>
+lemma push_through_assumption_test1: 
+  assumes "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)"
+  and  assume_cmd: "c = Assume guard"
+  and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
+shows "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)"  
+  using RedAssumeOk RedCmdListCons assms(1) assume_cmd guard_holds by blast
+
+lemma push_through_assumption0: 
+  assumes assume_cmd: "c = Assume guard"
+  and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "\<And> s. (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s) \<Longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s)" 
+  using RedAssumeOk RedCmdListCons assume_cmd guard_holds by blast
+
+lemma push_through_assumption1: 
+  assumes assume_cmd: "c = Assume not_guard"
+  and "UnOp Not guard \<sim> not_guard"
+  and guard_fails: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool False)"
+shows "\<And> s. (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s) \<Longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s)"
+  by (metis assms(2) assume_cmd equiv_preserves_value false_equals_not_true guard_fails push_through_assumption0)
+
+lemma guard_holds_push_through_assumption: 
+  assumes block_correctness: "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))"
+  and assume_cmd: "c = Assume guard"
+  and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
+shows "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))" 
+  by (simp add: assume_cmd block_correctness guard_holds push_through_assumption0)
+
+lemma guard_holds_push_through_assumption2: 
+  assumes block_correctness: "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))"
+  and assume_cmd: "c = Assume guard"
+  and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
+shows "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))" 
+  using assume_cmd assume_true_cmds block_correctness by blast
+
+lemma guard_fails_push_through_assumption: 
+  assumes block_correctness: "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))"
+  and assume_cmd: "c = Assume not_guard"
+  and "UnOp Not guard \<sim> not_guard"
+  and guard_fails: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool False)"
+shows "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))" 
+  using assms(3) assume_cmd block_correctness guard_fails push_through_assumption1 by blast
+
+lemma guard_fails_push_through_assumption2: 
+  assumes block_correctness: "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))"
+  and assume_cmd: "c = Assume not_guard"
+  and "UnOp Not guard \<sim> not_guard"
+  and guard_fails: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool False)"
+shows "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))" 
+  using assume_cmd assume_true_cmds block_correctness by blast
+
+lemma correctness_propagates_through_assumption:
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
+      and "node_to_block G ! n0 = [Assume c]"
+      and "UnOp Not guard \<sim> c"
+      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV False"
+      and "List.member (out_edges G ! n0) n1"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> s \<noteq> Failure"
 proof -
-  from assms(1) show ?thesis by (simp add: relpowp_imp_rtranclp)
+  fix m1 s1
+  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, ns1\<rangle> \<Down> BoolV True" using assms(3-4) equiv_preserves_value false_equals_not_true by blast
+  then have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume c], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk RedCmdListCons RedCmdListNil)
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> s1 \<noteq> Failure" 
+  proof -
+    assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
+    thus "s1 \<noteq> Failure" using a1 assms(1-2) assms(5) dag_verifies_propagate by blast 
+  qed
 qed
 
-lemma seq_skip:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, (KSeq bb_next cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
-      and "bb0 = BigBlock None [] None None"
+lemma correctness_propagates_through_assumption2:
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
+      and "node_to_block G ! n0 = [Assume guard]"
+      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV True"
+      and "List.member (out_edges G ! n0) n1"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> s \<noteq> Failure"
+proof -
+  fix m1 s1
+  have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume guard], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk assms(3) red_cmd_list.simps)
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> s1 \<noteq> Failure" 
+  proof -
+    assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
+    thus "s1 \<noteq> Failure" using a1 assms(1-2) assms(4) dag_verifies_propagate by blast 
+  qed
+qed
+
+lemma correctness_propagates_through_empty:
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
+      and "node_to_block G ! n0 = []"
+      and "List.member (out_edges G ! n0) n1"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> s \<noteq> Failure"
+proof -
+  fix m1 s1
+  have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (rule RedCmdListNil)
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> s1 \<noteq> Failure" 
+  proof -
+    assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
+    thus "s1 \<noteq> Failure" by (metis a1 assms(1-3) dag_verifies_propagate)
+  qed
+qed
+
+subsection \<open>Pairs of helper lemma + global lemma for certain special cases.\<close>
+
+text \<open>The following are pairs of lemmas. Each pair consists of a helper lemma and a global block lemma. 
+      The helper lemma ensures that 
+          if a valid ast configuration is a starting point of a trace and 
+          the configuration is such that only certain rules, which don't change the state of the configuration, can be applied for the trace to continue,
+          then either the trace will finish in a valid configuration after applying them or 
+               a different valid configuration will be reached from which the trace will continue.
+      The global block lemma proves the correctness of that ast trace, given the correctness of all cfg traces starting in a cfg block 
+        related to the big block in the starting ast configuration.
+      Note that a syntactic relation between the big block and the cfg block does not need to be shown here, as these global block lemmas are only ever applied in conjuction with
+        other more generic global block lemmas, which will have already shown the syntactic relation.\<close>
+
+text \<open>Pair 1: The starting configuration represents a point in the program after a loop, and therefore the continuation needs to be adjusted.\<close>
+lemma endblock_skip:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, KEndBlock cont0, Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
+      and "bb0 = BigBlock name [] None None" 
   shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
-            (\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont0, Normal ns3) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc l1) )"
-  using assms
+            (\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns3) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc l1) )"
 proof (cases l)
   case 0
-  then show ?thesis by (metis Ast.valid_configuration_def assms(1) get_state.simps is_final.simps(5) relpowp_0_E state.distinct(1))
+  then show ?thesis by (metis Ast.valid_configuration_def assms(1) get_state.simps is_final.simps(6) relpowp_fun_conv state.simps(3))
 next
   case 1: (Suc l1)
   then show ?thesis 
   proof -
-    from 1 assms obtain inter_bb inter_cont inter_state where
-      step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, (KSeq bb_next cont0), Normal ns3) (inter_bb, inter_cont, inter_state))" and 
+    from 1 assms obtain inter_bb inter_cont inter_state  where
+      step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock name [] None None, KEndBlock cont0, Normal ns3) (inter_bb, inter_cont, inter_state))" and 
       rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(inter_bb, inter_cont, inter_state) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)" 
       by (metis (no_types, opaque_lifting) prod_cases3 relpowp_Suc_D2)
-    from this have "(inter_bb, inter_cont, inter_state) = (bb_next, (cont0), Normal ns3)"
-    proof cases
-      case RedSkip thus ?thesis by auto
-    qed auto
-    hence "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont0, Normal ns3) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc l1)" using rest \<open>l = Suc l1\<close> by simp
-    then show ?thesis by blast
+    from this step1 have "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, cont0, Normal ns3)"
+      by (cases) auto
+    then show ?thesis using "1" assms(2) rest by blast
   qed
 qed
 
-lemma endblock_skip:
+lemma ending_after_skipping_endblock:
+  assumes "j = Suc j'" 
+      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+      and "bb = BigBlock None [] None None"
+      and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
+      and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
+      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False" 
+      and "\<And> j''. 
+            j' = Suc j'' \<Longrightarrow>
+            A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
+           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+           (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
+           (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+    shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
+proof -
+  from assms(2-3) have disj_a:
+    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
+       (\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc l2) )" 
+    by (simp add: endblock_skip)
+  thus ?thesis
+  proof cases
+    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
+  next 
+    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
+    hence "(\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc l2) )" 
+      using disj_a by blast
+    thus ?thesis
+    proof -
+      obtain l2_conc where conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^l2_conc (reached_bb, reached_cont, reached_state))" and 
+                           succ_rel: "(j' = Suc l2_conc)"
+        using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j' = Suc l2\<close> by blast
+      show ?thesis
+        apply (rule assms(7))
+           apply (rule succ_rel)
+          apply (rule conc_trace)
+         apply (rule assms(4))
+          apply (simp)
+         apply (rule assms(5))
+          apply assumption+
+        using assms(6) false_equals_not_true 
+        by blast
+    qed
+  qed
+qed
+
+text \<open>Pair 2: The starting configuration represents a point in the program after a loop and the continuation needs to be adjusted and subsequently entered.
+              (This could be replaced by a simpler lemma.)\<close>
+lemma endblock_skip2:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, KEndBlock (KSeq bb_next cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
       and "bb0 = BigBlock None [] None None" 
   shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
@@ -164,21 +438,55 @@ next
   qed
 qed
 
-lemma correctness_propagates_through_empty:
-  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
-      and "node_to_block G ! n0 = []"
-      and "List.member (out_edges G ! n0) n1"
-    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> s \<noteq> Failure"
+lemma ending_after_skipping_endblock2:
+  assumes "j = Suc j'" 
+      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, KEndBlock (KSeq bigblock_next cont0), Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+      and "bb = BigBlock None [] None None"
+      and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
+      and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
+      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False" 
+      and "\<And> j''. 
+            j' = Suc (Suc j'') \<Longrightarrow>
+            A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
+           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+           (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
+           (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not guard,ns1''\<rangle> \<Down> BoolV True) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+    shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
 proof -
-  fix m1 s1
-  have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (rule RedCmdListNil)
-  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> s1 \<noteq> Failure" 
-  proof -
-    assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
-    thus "s1 \<noteq> Failure" by (metis a1 assms(1-3) dag_verifies_propagate)
+  from assms(2-3) have disj_a:
+    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
+       (\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc l2)) )" 
+    by (simp add: endblock_skip2)
+  thus ?thesis
+  proof cases
+    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
+  next 
+    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
+    hence "(\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc l2)) )" 
+      using disj_a by blast
+    thus ?thesis
+    proof -
+      obtain l2_conc where conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2_conc (reached_bb, reached_cont, reached_state))" and 
+                           succ_rel: "(j' = Suc (Suc l2_conc))"
+        using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j' = Suc (Suc l2)\<close> by blast
+      show ?thesis
+        apply (rule assms(7))
+           apply (rule succ_rel)
+          apply (rule conc_trace)
+         apply (rule assms(4))
+          apply (simp)
+         apply (rule assms(5))
+        apply simp+
+        using assms(6) false_equals_not_true 
+        by blast
+    qed
   qed
 qed
 
+text \<open>Pair 3: The starting configuration represents a point in the program before a loop and, more specifically, before the loop has been 'unwrapped'.
+              The 'wrapper' construct exists to accomodate the handling of breaks, which this theory doesn't currently cover.\<close>
 lemma wrapper_to_endblock:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
       and "bb0 = BigBlock name [] (Some (WhileWrapper loop)) None"
@@ -207,14 +515,18 @@ next
   qed
 qed
 
-lemma ending3:
+lemma ending_after_unwrapping:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)" 
       and "bb = BigBlock name [] (Some (WhileWrapper loop)) None"
       and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
+      and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
       and "\<And> j''. 
             j = Suc j'' \<Longrightarrow>
             A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
            (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+           (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
            (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
 proof -
@@ -235,17 +547,20 @@ proof -
                            succ_rel: "(j = Suc l2_conc)"
         using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j = Suc l2\<close> by blast
       show ?thesis
-        apply (rule assms(4))
+        apply (rule assms(5))
           apply (rule succ_rel)
          apply (rule conc_trace)
         apply (rule assms(3))
-        apply (simp)
+         apply (simp)
+        apply (rule assms(4))
+        apply simp+
         done
     qed
   qed
 qed
 
-
+text \<open>Pair 4: The starting configuration represents a point in the program after a loop and before a consecutive 'unwrapped' loop.
+              (This is potentially redundant but I couldn't conclude one example proof without it)\<close>
 lemma endblock_skip_wrapper:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
       and "bb0 = BigBlock None [] None None"
@@ -317,8 +632,78 @@ next
   qed
 qed
 
+lemma ending_after_skipping_endblock_and_unwrapping:
+  assumes "j = Suc j'"
+      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb,
+                      KEndBlock (KSeq (BigBlock None [] (Some (WhileWrapper (ParsedWhile next_guard next_invs (next_body_bb#body_bbs)))) None) cont1),
+                      Normal ns1'') -n\<longrightarrow>^j'
+           (reached_bb, reached_cont, reached_state)"
+      and "bb = BigBlock None [] None None"
+      and corr: "\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
+      and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
+      and guard_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1''\<rangle> \<Down> BoolV False" 
+      and "node_to_block G ! n = [Assume c]" 
+      and "(UnOp Not guard) \<sim> c"
+      and "List.member (out_edges(G) ! n) n1"
+      and "\<And> j'''.
+          j' = Suc (Suc (Suc j''')) \<Longrightarrow>
+          node_to_block G ! n = [Assume c] \<Longrightarrow>
+          (UnOp Not guard) \<sim> c \<Longrightarrow>
+          List.member (out_edges(G) ! n) n1 \<Longrightarrow>
+          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') -n\<longrightarrow>^j''' 
+              (reached_bb, reached_cont, reached_state) \<Longrightarrow>
+          (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+          (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow> 
+          (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  using assms
+proof -
+  from assms(2-3) have disj_a:
+    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
+       (\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
+              -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc (Suc l3))) )"
+    by (simp add: endblock_skip_wrapper)
+  thus ?thesis
+  proof cases
+    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
+  next 
+    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
+    hence skipped_endblock: 
+                  "(\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
+                   -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc (Suc l3))) )" 
+      using disj_a by blast
+    thus ?thesis
+    proof -
+      obtain l3_conc where 
+           conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
+                        -n\<longrightarrow>^l3_conc (reached_bb, reached_cont, reached_state))" and 
+           succ_rel: "(j' = Suc (Suc (Suc l3_conc))) " 
+        using skipped_endblock by blast
+      show ?thesis
+        apply (rule assms(10))
+             apply (rule succ_rel)
+            apply (simp add: assms)
+           apply (rule assms(8))
+          apply (rule assms(9))
+         apply (rule conc_trace)
+        apply (rule correctness_propagates_through_assumption)
+             apply (rule corr)
+            apply (rule assms(7))
+           apply (rule assms(8))
+          apply (rule guard_false)
+         apply (rule assms(9))
+         apply simp
+        apply (rule assms(5))
+        apply simp+
+        done
+    qed
+  qed
+qed
 
-text \<open>Local lemmas: The following are lemmas proving local relations between various kinds of ast-bigblocks and cfg-blocks\<close>
+subsection \<open>Local block lemmas\<close>
+text \<open>The following are lemmas proving local relations between various kinds of ast-bigblocks and cfg-blocks\<close>
 
 text \<open>Local relation between an ast-bigblock starting with a non-empty set of simple commands and a cfg-block containing the same simple commands\<close>
 lemma block_local_rel_generic:
@@ -351,66 +736,7 @@ proof (induction arbitrary: ns1)
     
     then show ?thesis using Rel_Main_test by auto
   qed 
-qed auto
-
-text \<open>Local relation between (an ast-bigblock starting with a non-empty set of simple commands 
-               and (is the first ast-bigblock in the then-branch of an if-statement or is the first ast-bigblock in the body of a while-loop)) 
-       and a cfg-block containing the same simple commands\<close>
-lemma block_local_rel_guard_true:
-  assumes block_rel: "ast_cfg_rel None [] bb cs2"
-  and "c = Assume block_guard"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>block_guard, ns1\<rangle> \<Down> LitV (LBool True)"
-  and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs3) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and "bb = (BigBlock name cs1 any_str any_tr)"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
-  and "cs3 = (c#cs2)"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-  using assms 
-proof cases
-  case Rel_Main_test
-  have Red_impl_extended: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-    using trace_is_possible \<open>c = Assume block_guard\<close> Red_impl RedAssumeOk RedCmdListCons \<open>cs3 = c#cs2\<close> by blast
-  hence snd_step_to_end: "reached_state \<noteq> Failure  \<and> (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-    using Red_bb_to assms(6-8) block_local_rel_generic block_rel by metis
-  have push_one_cmd: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, Normal ns1\<rangle> \<rightarrow> Normal ns1" 
-    using \<open>c = Assume block_guard\<close> trace_is_possible 
-    by (simp only: RedAssumeOk)
-  then show ?thesis using snd_step_to_end by (simp add: RedCmdListCons \<open>cs3 = c#cs2\<close>)
-qed auto
-
-text \<open>Local relation between (an ast-bigblock starting with a non-empty set of simple commands 
-               and (is the first ast-bigblock in the else-branch of an if-statement or is the first ast-bigblock after a while-loop)) 
-       and a cfg-block containing the same simple commands\<close>
-lemma block_local_rel_guard_false:
-  assumes block_rel: "ast_cfg_rel None [] bb cs2"
-  and "(UnOp Not block_guard) \<sim> b "
-  and "c = Assume b"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(UnOp Not block_guard), ns1\<rangle> \<Down> LitV (LBool True)"
-  and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and "bb = (BigBlock name cs1 any_str any_tr)"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(c#cs2), Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-  using assms 
-proof cases
-  case Rel_Main_test
-  have Red_impl_extended: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-    using trace_is_possible \<open>c = Assume b\<close> \<open>(UnOp Not block_guard) \<sim> b\<close> equiv_preserves_value  Red_impl RedAssumeOk RedCmdListCons by metis
-  hence snd_step_to_end: "reached_state \<noteq> Failure  \<and> (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-    using Red_bb_to assms(7-9) block_local_rel_generic block_rel by metis
-  have equiv: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, ns1\<rangle> \<Down> BoolV True" 
-    using trace_is_possible equiv_preserves_value \<open>(UnOp Not block_guard) \<sim> b\<close>
-    by metis
-  hence push_one_cmd: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, Normal ns1\<rangle> \<rightarrow> Normal ns1" 
-    using \<open>c = Assume b\<close> trace_is_possible equiv_preserves_value
-    by (auto simp add: RedAssumeOk)
-  then show ?thesis using snd_step_to_end  by (simp add: RedCmdListCons)
-qed auto
+qed (auto)
 
 text \<open>Local relation between a loop-only(no simple commands) ast-bigblock and a corresponding cfg-block containing assertions of the loop invariants\<close>
 lemma block_local_rel_loop_head:
@@ -446,455 +772,91 @@ next
   qed (auto simp add: assms(2))
 qed
 
-text \<open>Global lemmas: The following are lemmas proving global relations between various kinds of ast-bigblocks and cfg-blocks\<close>
+subsection \<open>Global block lemmas\<close>
+text \<open>The following are lemmas proving global relations between various kinds of ast-bigblocks and cfg-blocks\<close>
 
-text \<open>'ending', 'ending2' and 'correctness_propagates_through_assumption' are helper lemmas 
-       used to complete the proofs of the global lemmas for ast-bigblocks, which are heads of loops. 
-       'ending2' and 'correctness_propagates_through_assumption' are used in the case where 
-       we're proving a global lemma for the head of a loop that is followed by another loop (not nested).\<close>
-lemma ending:
-  assumes "j = Suc j'" 
-      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, KEndBlock (KSeq bigblock_next cont0), Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
-      and "bb = BigBlock None [] None None"
-      and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
-      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False" 
-      and "\<And> j''. 
-            j' = Suc (Suc j'') \<Longrightarrow>
-            A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
-           (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not guard,ns1''\<rangle> \<Down> BoolV True) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-    shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
-proof -
-  from assms(2-3) have disj_a:
-    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
-       (\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc l2)) )" 
-    by (simp add: endblock_skip)
-  thus ?thesis
-  proof cases
-    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
-  next 
-    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
-    hence "(\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc l2)) )" 
-      using disj_a by blast
-    thus ?thesis
-    proof -
-      obtain l2_conc where conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2_conc (reached_bb, reached_cont, reached_state))" and 
-                           succ_rel: "(j' = Suc (Suc l2_conc))"
-        using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j' = Suc (Suc l2)\<close> by blast
-      show ?thesis
-        apply (rule assms(6))
-           apply (rule succ_rel)
-          apply (rule conc_trace)
-         apply (rule assms(4))
-         apply (simp)
-        using assms(5) false_equals_not_true 
-        by blast
-    qed
-  qed
-qed
-
-lemma correctness_propagates_through_assumption:
-  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
-      and "node_to_block G ! n0 = [Assume c]"
-      and "UnOp Not guard \<sim> c"
-      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV False"
-      and "List.member (out_edges G ! n0) n1"
-    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> s \<noteq> Failure"
-proof -
-  fix m1 s1
-  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, ns1\<rangle> \<Down> BoolV True" using assms(3-4) equiv_preserves_value false_equals_not_true by blast
-  then have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume c], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk RedCmdListCons RedCmdListNil)
-  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> s1 \<noteq> Failure" 
-  proof -
-    assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
-    thus "s1 \<noteq> Failure" using a1 assms(1-2) assms(5) dag_verifies_propagate by blast 
-  qed
-qed
-
-lemma correctness_propagates_through_assumption2:
-  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
-      and "node_to_block G ! n0 = [Assume guard]"
-      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV True"
-      and "List.member (out_edges G ! n0) n1"
-    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> s \<noteq> Failure"
-proof -
-  fix m1 s1
-  have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume guard], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk assms(3) red_cmd_list.simps)
-  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> s1 \<noteq> Failure" 
-  proof -
-    assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
-    thus "s1 \<noteq> Failure" using a1 assms(1-2) assms(4) dag_verifies_propagate by blast 
-  qed
-qed
-
-lemma ending2:
-  assumes "j = Suc j'"
-      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb,
-                      KEndBlock (KSeq (BigBlock None [] (Some (WhileWrapper (ParsedWhile next_guard next_invs (next_body_bb#body_bbs)))) None) cont1),
-                      Normal ns1'') -n\<longrightarrow>^j'
-           (reached_bb, reached_cont, reached_state)"
-      and "bb = BigBlock None [] None None"
-      and corr: "\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
-      and guard_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1''\<rangle> \<Down> BoolV False" 
-      and "node_to_block G ! n = [Assume c]" 
-      and "(UnOp Not guard) \<sim> c"
-      and "List.member (out_edges(G) ! n) n1"
-      and "\<And> j'''.
-          j' = Suc (Suc (Suc j''')) \<Longrightarrow>
-          node_to_block G ! n = [Assume c] \<Longrightarrow>
-          (UnOp Not guard) \<sim> c \<Longrightarrow>
-          List.member (out_edges(G) ! n) n1 \<Longrightarrow>
-          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') -n\<longrightarrow>^j''' 
-              (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-          (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow> 
-          (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  using assms
-proof -
-  from assms(2-3) have disj_a:
-    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
-       (\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
-              -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc (Suc l3))) )"
-    by (simp add: endblock_skip_wrapper)
-  thus ?thesis
-  proof cases
-    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
-  next 
-    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
-    hence skipped_endblock: 
-                  "(\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
-                   -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc (Suc l3))) )" 
-      using disj_a by blast
-    thus ?thesis
-    proof -
-      obtain l3_conc where 
-           conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
-                        -n\<longrightarrow>^l3_conc (reached_bb, reached_cont, reached_state))" and 
-           succ_rel: "(j' = Suc (Suc (Suc l3_conc))) " 
-        using skipped_endblock by blast
-      show ?thesis
-        apply (rule assms(9))
-             apply (rule succ_rel)
-            apply (simp add: assms)
-           apply (rule assms(7))
-          apply (rule assms(8))
-         apply (rule conc_trace)
-        apply (rule correctness_propagates_through_assumption)
-             apply (rule corr)
-            apply (rule assms(6))
-           apply (rule assms(7))
-          apply (rule guard_false)
-         apply (rule assms(8))
-        apply simp
-        done
-    qed
-  qed
-qed
-
-lemma ending_then:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, KSeq bb_next cont1, Normal ns1'') -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-      and "bb = BigBlock None [] None None"
-      and guard_true: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1''\<rangle> \<Down> BoolV True" 
-      and "node_to_block G ! n = cs2"
-      and "cs2 = [Assume guard]"
-      and "List.member (out_edges(G) ! n) n1"
-      and corr: "\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
-      and "\<And> j''.
-          j = (Suc j'') \<Longrightarrow>
-          node_to_block G ! n = cs2 \<Longrightarrow>
-          List.member (out_edges(G) ! n) n1 \<Longrightarrow>
-          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont1, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-          (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow> 
-          (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  using assms
-proof -
-  from assms(1-2) have disj_a:
-    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
-       (\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb_next, cont1, Normal ns1'') -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (j = Suc l1) )"
-    by (simp add: seq_skip)
-  thus ?thesis
-  proof cases
-    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
-  next 
-    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
-    hence skipped_endblock: 
-                  "(\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont1, Normal ns1'') 
-                   -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (j = Suc l1) )" 
-      using disj_a by blast
-    thus ?thesis
-    proof -
-      obtain l1_conc where 
-           conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont1, Normal ns1'') -n\<longrightarrow>^l1_conc (reached_bb, reached_cont, reached_state))" and 
-           succ_rel: "(j = Suc l1_conc) " 
-        using skipped_endblock by blast
-      show ?thesis
-        apply (rule assms(8))
-             apply (rule succ_rel)
-            apply (simp add: assms)
-           apply (rule assms(6))
-         apply (rule conc_trace)
-        apply (rule correctness_propagates_through_assumption2)
-            apply (rule corr)
-           apply (simp add: assms(4))
-           apply (rule assms(5))
-          apply (rule guard_true)
-         apply (rule assms(6))
-        apply simp
-        done
-    qed
-  qed
-qed
-
-lemma ending_else:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, KSeq bb_next cont1, Normal ns1'') -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-      and "bb = BigBlock None [] None None"
-      and corr: "\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
-      and guard_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1''\<rangle> \<Down> BoolV False" 
-      and "node_to_block G ! n = [Assume c]" 
-      and "(UnOp Not guard) \<sim> c"
-      and "List.member (out_edges(G) ! n) n1"
-      and "\<And> j''.
-          j = (Suc j'') \<Longrightarrow>
-          node_to_block G ! n = [Assume c] \<Longrightarrow>
-          (UnOp Not guard) \<sim> c \<Longrightarrow>
-          List.member (out_edges(G) ! n) n1 \<Longrightarrow>
-          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont1, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-          (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow> 
-          (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  using assms
-proof -
-  from assms(1-2) have disj_a:
-    "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
-       (\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb_next, cont1, Normal ns1'') -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (j = Suc l1) )"
-    by (simp add: seq_skip)
-  thus ?thesis
-  proof cases
-    assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
-  next 
-    assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
-    hence skipped_endblock: 
-                  "(\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont1, Normal ns1'') 
-                   -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (j = Suc l1) )" 
-      using disj_a by blast
-    thus ?thesis
-    proof -
-      obtain l1_conc where 
-           conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont1, Normal ns1'') -n\<longrightarrow>^l1_conc (reached_bb, reached_cont, reached_state))" and 
-           succ_rel: "(j = Suc l1_conc) " 
-        using skipped_endblock by blast
-      show ?thesis
-        apply (rule assms(8))
-             apply (rule succ_rel)
-            apply (simp add: assms)
-           apply (rule assms(6))
-          apply (rule assms(7))
-         apply (rule conc_trace)
-        apply (rule correctness_propagates_through_assumption)
-             apply (rule corr)
-            apply (rule assms(5))
-           apply (rule assms(6))
-          apply (rule guard_false)
-         apply (rule assms(7))
-        apply simp
-        done
-    qed
-  qed
-qed
-
-
-text \<open>Global lemma for an ast-bigblock with a non-empty set of simple commands which concludes the program and is immediately after a loop.\<close>
-lemma generic_ending_block_after_loop_global_rel:
-  assumes syn_rel: "ast_cfg_rel None [] bb cs2"
-  and "bb = (BigBlock name cs1 None any_tr)"
-  and "(any_tr = None) \<or> (any_tr = (Some (Return val1)))"
-  and "node_to_block G ! n = (cs3)"
-  and "cs3 = c#cs2"
-  and "c = Assume b"
-  and "(UnOp Not guard) \<sim> b"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not guard, ns1\<rangle> \<Down> BoolV True"
-  and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  using assms
-proof (cases cs2)
-  case Nil
-  hence "cs1 = []" using ast_cfg_rel.cases syn_rel assms(2) by blast 
-  thus ?thesis
-    proof (cases any_tr)
-      case None
-      then have "is_final ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" using \<open>cs1 = []\<close> by auto 
-      moreover have "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] (BigBlock name cs1 None any_tr) KStop (Normal ns1))" by (simp add: Ast.valid_configuration_def expr_all_sat_def)
-      ultimately show ?thesis by (metis None \<open>cs1 = []\<close> final_is_static_propagate j_step_ast_trace prod.sel(1) prod.sel(2) relpowp_imp_rtranclp assms(2))
-    next
-      case (Some a)
-      then show ?thesis
-      proof (cases j)
-        case 0
-        from this j_step_ast_trace assms(2) have "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
-        then show ?thesis by (simp add: valid_configuration_def expr_all_sat_def)
-      next
-        case (Suc j')
-        thus ?thesis 
-        proof (cases a)
-          case (Return x2) 
-          from Suc j_step_ast_trace assms(2) obtain inter_bb inter_cont inter_state where
-            step0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
-            rest0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-            by (metis prod_cases3 relpowp_Suc_D2) 
-          then have inter_conc: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KStop, Normal ns1)" 
-            using \<open>cs1 = []\<close> Return Some
-          proof cases
-            case RedReturn thus ?thesis by blast
-          qed auto
-          then have "is_final (inter_bb, inter_cont, inter_state)" by simp
-          then have "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" using inter_conc valid_configuration_def
-            by (metis expr_all_sat_def get_state.simps list.pred_inject(1) state.simps(3))
-          then show ?thesis
-            by (metis \<open>is_final (inter_bb, inter_cont, inter_state)\<close> final_is_static_propagate inter_conc prod.sel(1) prod.sel(2) relpowp_imp_rtranclp rest0)
-        next
-          case (Goto x3)
-          thus ?thesis using assms(3) Some by blast
-      qed
-    qed
-  qed
-next
-  case (Cons)
-  hence "cs1 \<noteq> []" using syn_rel assms(2) ast_cfg_rel.simps by blast
-  thus ?thesis 
-  proof (cases j)
-    case 0
-    from this j_step_ast_trace assms(2) have "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
-    then show ?thesis by (simp add: valid_configuration_def expr_all_sat_def)
-  next
-    case (Suc j')
-    from this j_step_ast_trace assms(2) obtain inter_bb inter_cont inter_state where
-      step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
-      rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-      by (metis prod_cases3 relpowp_Suc_D2) 
-    then show ?thesis 
-    proof (cases any_tr)
-      case None
-      from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, KStop, inter_state)"
-      proof cases
-        case RedSimpleCmds thus ?thesis using None by (auto simp add: RedSimpleCmds)
-      qed auto
-  
-      have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-        using dag_verifies_propagate_2 assms cfg_is_correct by blast 
-  
-      from step have "inter_state \<noteq> Failure"
-      proof cases
-        case RedSimpleCmds thus ?thesis using Red_impl trace_is_possible
-          by (metis assms(5-7) assms(2) block_local_rel_guard_false local.Cons local.step neq_Nil_conv syn_rel)
-      qed auto
-  
-      hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" 
-        unfolding valid_configuration_def expr_all_sat_def
-        using concrete_inter get_state.simps is_final.simps by simp
-  
-      have "is_final (inter_bb, inter_cont, inter_state)" using concrete_inter by simp 
-      then show ?thesis by (metis Pair_inject concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest valid_inter)
-    next
-      case (Some transfer)
-      then show ?thesis
-      proof (cases transfer)
-        case (Goto x1)
-        then show ?thesis using Some assms(3) by blast
-      next
-        case (Return ret)
-        from step this Some have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None (Some (Return ret)), KStop, inter_state)"
-        proof cases
-          case RedSimpleCmds thus ?thesis using Return Some by blast
-        qed (auto simp add: Cons \<open>cs1 \<noteq> []\<close>)
-    
-        have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-          using dag_verifies_propagate_2 assms cfg_is_correct by blast 
-    
-        from step have "inter_state \<noteq> Failure"
-        proof cases
-          case RedSimpleCmds thus ?thesis using Red_impl trace_is_possible
-            by (metis assms(1-2) assms(5-8) block_local_rel_guard_false local.Cons local.step neq_Nil_conv syn_rel)
-        qed auto
-        then show ?thesis 
-        proof (cases inter_state)
-          case (Normal x1)
-          then show ?thesis
-          proof (cases j')
-            case 0
-            then show ?thesis using concrete_inter by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps is_final.simps(4) relpowp_0_E rest)
-          next
-            case (Suc j'')
-            from this rest obtain inter_bb2 inter_cont2 inter_state2 where
-              snd_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(inter_bb, inter_cont, inter_state)\<rangle> \<longrightarrow> (inter_bb2, inter_cont2, inter_state2)" and
-              snd_rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb2, inter_cont2, inter_state2) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
-              by (metis get_state.cases relpowp_Suc_E2)
-            then have inter2_conc: "(inter_bb2, inter_cont2, inter_state2) = ((BigBlock name [] None None), KStop, inter_state)" 
-              using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal
-            proof cases
-              case RedReturn thus ?thesis using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal by blast
-            qed auto
-            hence "is_final (inter_bb2, inter_cont2, inter_state2)" by simp
-            then show ?thesis
-              by (metis Ast.valid_configuration_def inter2_conc \<open>inter_state \<noteq> Failure\<close> expr_all_sat_def final_is_static_propagate get_state.simps list.pred_inject(1) rtranclp_power snd_rest)
-          qed
-        next
-          case Failure
-          then show ?thesis using \<open>inter_state \<noteq> Failure\<close> by simp
-        next
-          case Magic
-          then show ?thesis by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps magic_propagates rest state.simps(5))
-        qed
-      qed
-    qed
-  qed
-qed
-
-
-text \<open>Global lemma for an ast-bigblock with a non-empty set of simple commands which concludes the program.\<close>
+text \<open>Global lemma for a big block, which concludes the program.\<close>
 lemma generic_ending_block_global_rel:
   assumes syn_rel: "ast_cfg_rel None [] bb cs2"
   and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and "bb = (BigBlock name cs1 None any_tr)"
-  and "(any_tr = None) \<or> (any_tr = (Some (Return val1)))"
-  and "node_to_block G ! n = cs2"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
-shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  and "((any_tr = None)) \<or> (any_tr = (Some Return))"
+  and block_id:
+      "(node_to_block(G) ! n = cs2) \<or> 
+       (node_to_block(G) ! n = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
+       (node_to_block(G) ! n = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
+  and "out_edges G ! n = []"
+  and cfg_reaches_not_failure: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
+                                      is_final_config (m',s') \<Longrightarrow> (\<forall> ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) post_invs)"
+  and local_rel: "\<And> step_bb step_cont step_state. 
+                    red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, KStop, (Normal ns1)) (step_bb, step_cont, step_state) \<Longrightarrow> 
+                    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>
+                    step_state \<noteq> Failure  \<and>
+                    (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs reached_bb reached_cont reached_state)"
   using assms
 proof (cases cs2)
   case Nil 
   hence "cs1 = []" using ast_cfg_rel.cases syn_rel assms(3) by blast 
   thus ?thesis
     proof (cases any_tr)
-      case None
-      then have "is_final ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" using \<open>cs1 = []\<close> by auto 
-      moreover have "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] (BigBlock name cs1 None any_tr) KStop (Normal ns1))" by (simp add: Ast.valid_configuration_def expr_all_sat_def)
-      ultimately show ?thesis by (metis assms(3) None \<open>cs1 = []\<close> final_is_static_propagate j_step_ast_trace prod.sel(1) prod.sel(2) relpowp_imp_rtranclp)
+      case None thus ?thesis
+      proof -
+        have "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" 
+          using block_id \<open>out_edges G ! n = []\<close> Nil 
+          by (metis RedCmdListNil RedNormalReturn push_through_assumption0 push_through_assumption1 r_into_rtranclp)
+        hence "list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" using cfg_satisfies_posts 
+          using is_final_config.simps(2) by blast
+        thus ?thesis 
+          by (metis Ast.valid_configuration_def None \<open>cs1 = []\<close> assms(3) expr_all_sat_def final_is_static_propagate 
+                    get_state.simps is_final.simps(1) j_step_ast_trace relpowp_imp_rtranclp state.inject state.simps(3))
+      qed
     next
       case (Some a)
       then show ?thesis
       proof (cases j)
         case 0
-        from this j_step_ast_trace assms(3) have "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
-        then show ?thesis by (simp add: valid_configuration_def expr_all_sat_def)
+        from this j_step_ast_trace assms(3) have "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] None (Some Return)), KStop, (Normal ns1))" 
+          using \<open>cs1 = []\<close> Some assms(4) by simp
+        then show ?thesis by (simp add: valid_configuration_def)
       next
         case (Suc j')
         thus ?thesis 
         proof (cases a)
-          case (Return x2) 
+          case (Return) 
           from Suc j_step_ast_trace assms(3) obtain inter_bb inter_cont inter_state where
             step0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
             rest0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
             by (metis prod_cases3 relpowp_Suc_D2) 
-          then have inter_conc: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KStop, Normal ns1)" 
+          from cfg_reaches_not_failure have 
+            cfg_local: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+            using assms(5) dag_verifies_propagate_2 by blast
+
+          from cfg_local step0 have 
+            "inter_state \<noteq> Failure  \<and>
+            (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+            using assms by blast
+
+          from step0 have inter_conc: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KStop, Normal ns1)" 
             using \<open>cs1 = []\<close> Return Some
-          proof cases
-            case RedReturn thus ?thesis by blast
-          qed auto
-          then have "is_final (inter_bb, inter_cont, inter_state)" by simp
-          then have "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" using inter_conc valid_configuration_def
-            by (metis expr_all_sat_def get_state.simps list.pred_inject(1) state.simps(3))
+            by (cases) auto
+
+          hence "(red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))"
+            by (simp add: RedNormalReturn 
+                          \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block G ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+                          assms(6))
+
+          hence "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" by simp
+          hence "list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" 
+            using cfg_satisfies_posts is_final_config.simps(2) by blast
+          then have "is_final (inter_bb, inter_cont, inter_state)"
+            using inter_conc is_final.simps(1) by blast
+          then have "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs inter_bb inter_cont inter_state)" 
+            unfolding valid_configuration_def
+            apply (simp only: get_state.simps)
+            apply (simp add: inter_conc)
+            using \<open>list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs\<close> expr_all_sat_def inter_conc by blast
           then show ?thesis
             by (metis \<open>is_final (inter_bb, inter_cont, inter_state)\<close> final_is_static_propagate inter_conc prod.sel(1) prod.sel(2) relpowp_imp_rtranclp rest0)
         next
@@ -909,8 +871,23 @@ next
   thus ?thesis
   proof (cases j)
     case 0
-    from this j_step_ast_trace assms(3) have "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
-    then show ?thesis by (simp add: valid_configuration_def expr_all_sat_def)
+    from this j_step_ast_trace assms(3) have eq: "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
+    then show ?thesis 
+    proof (cases any_tr)
+      case None
+      then show ?thesis using eq \<open>cs1 \<noteq> []\<close> Ast.valid_configuration_def get_state.simps
+        by (metis is_final.simps(2) list.collapse state.distinct(1))
+    next
+      case (Some a)
+      then show ?thesis 
+      proof (cases a)
+        case (Goto x1)
+        then show ?thesis using Some assms(4) by blast
+      next
+        case Return
+        then show ?thesis using eq Some by (simp add: Ast.valid_configuration_def) 
+      qed
+    qed
   next
     case (Suc j')
     from this j_step_ast_trace assms(3) obtain inter_bb inter_cont inter_state where
@@ -921,24 +898,30 @@ next
     proof (cases any_tr)
       case None
       from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, KStop, inter_state)"
-      proof cases
-        case RedSimpleCmds thus ?thesis using None by (auto simp add: RedSimpleCmds)
-      qed auto
-  
-      have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-        using assms(5) cfg_is_correct dag_verifies_propagate_2 by blast
-  
-      from step have "inter_state \<noteq> Failure"
-      proof cases
-        case RedSimpleCmds thus ?thesis using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms(3) by blast
-      qed auto
-  
-      hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" 
-        unfolding valid_configuration_def expr_all_sat_def
-        using concrete_inter get_state.simps is_final.simps by simp
+      by (cases) (auto simp add: RedSimpleCmds)
+ 
+      have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+        using assms(5) cfg_reaches_not_failure dag_verifies_propagate_2 by blast
   
+      from step have local_corr:
+            "inter_state \<noteq> Failure  \<and>
+            (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+        using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms by (cases) blast+
+
+      hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
+        by (simp add: RedCmdListNil RedNormalReturn assms(5-6) local.Cons)
+
+      hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
+      hence posts_sat: "\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns1') post_invs" 
+        using cfg_satisfies_posts is_final_config.simps(2) by blast
+
       have "is_final (inter_bb, inter_cont, inter_state)" using concrete_inter by simp 
-      then show ?thesis by (metis Pair_inject concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest valid_inter)
+
+      hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs inter_bb inter_cont inter_state)" 
+        unfolding valid_configuration_def expr_all_sat_def 
+        using posts_sat local_corr by auto
+ 
+      then show ?thesis by (metis Pair_inject \<open>is_final (inter_bb, inter_cont, inter_state)\<close> concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest)
     next
       case (Some transfer)
       then show ?thesis
@@ -946,19 +929,29 @@ next
         case (Goto x1)
         then show ?thesis using Some assms(4) by blast
       next
-        case (Return ret)
-        from step this Some have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None (Some (Return ret)), KStop, inter_state)"
+        case (Return)
+        from step this Some have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None (Some Return), KStop, inter_state)"
         proof cases
           case RedSimpleCmds thus ?thesis using Return Some by blast
         qed (auto simp add: \<open>cs1 \<noteq> []\<close>)
+
+        have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+          using dag_verifies_propagate_2  assms(5) cfg_reaches_not_failure by blast 
+
+        from step have local_corr:
+              "inter_state \<noteq> Failure  \<and>
+              (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+          using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms by (cases) blast+
+  
+        hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
+          by (simp add: RedCmdListNil RedNormalReturn assms(5-6) local.Cons)
+  
+        hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
+        hence posts_sat: "\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns1') post_invs" 
+          using cfg_satisfies_posts is_final_config.simps(2) by blast
     
-        have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-          using dag_verifies_propagate_2  assms(5) cfg_is_correct by blast 
-    
-        from step have "inter_state \<noteq> Failure"
-        proof cases
-          case RedSimpleCmds thus ?thesis using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms(3) by blast
-        qed auto
+        from step have "inter_state \<noteq> Failure" using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms
+        by (cases) blast+
   
         then show ?thesis
         proof (cases inter_state)
@@ -975,12 +968,12 @@ next
               by (metis get_state.cases relpowp_Suc_E2)
             then have inter2_conc: "(inter_bb2, inter_cont2, inter_state2) = ((BigBlock name [] None None), KStop, inter_state)" 
               using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal
-            proof cases
-              case RedReturn thus ?thesis using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal by blast
-            qed auto
+            by (cases) blast+
             hence "is_final (inter_bb2, inter_cont2, inter_state2)" by simp
+            hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs inter_bb2 inter_cont2 inter_state2)" 
+              by (simp add: Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> expr_all_sat_def inter2_conc posts_sat)
             then show ?thesis
-              by (metis Ast.valid_configuration_def inter2_conc \<open>inter_state \<noteq> Failure\<close> expr_all_sat_def final_is_static_propagate get_state.simps list.pred_inject(1) rtranclp_power snd_rest)
+              by (metis \<open>is_final (inter_bb2, inter_cont2, inter_state2)\<close> final_is_static_propagate inter2_conc prod.inject relpowp_imp_rtranclp snd_rest)
           qed
         next
           case Failure
@@ -994,47 +987,7 @@ next
   qed
 qed
 
-
-text \<open>Global lemma for an ast-bigblock with a non-empty set of simple commands that enters a loop after it executes its simple cmds.\<close>
-
-(*
-lemma inner_loop_head_global_rel_wrapped:
-  assumes j_step_ast_trace: 
-          "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (BigBlock None [] (Some (WhileWrapper loop)) None, cont0, Normal ns1) -n\<longrightarrow>^j 
-                                 (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and loop_ih:
-        "\<And>k ns1'. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
-  using assms
-proof (cases j)
-  case 0
-  from this j_step_ast_trace have 
-    "(reached_bb, reached_cont, reached_state) = (outer_body_bb1, (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1)" by auto
-  then show ?thesis by (simp add: Ast.valid_configuration_def)
-next
-  case (Suc j')
-  from assms this obtain inter_bb inter_cont inter_state where
-    step: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(outer_body_bb1, (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1)\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
-    rest: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
-    by (metis (no_types, opaque_lifting) get_state.cases relpowp_Suc_D2)
-  hence "(inter_bb, inter_cont, inter_state) = (outer_body_bb1_unwrapped, KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1)"
-    unfolding outer_body_bb1_unwrapped_def outer_body_bb1_def
-    by (cases) auto
-  hence rest_conc: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1_unwrapped, KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
-    using rest by simp
-  show ?thesis 
-    apply (rule inner_loop_head_global_rel)
-      apply (rule rest_conc)
-     apply (rule cfg_is_correct)
-     apply simp
-    using Suc less_SucI loop_ih by blast
-qed
-*)
-
+text \<open>Global lemma for a big block with a non-empty set of simple commands that enters a loop after it executes its simple cmds.\<close>
 lemma block_global_rel_while_successor:
   assumes j_step_ast_trace: 
       "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont1, Normal ns1) -n\<longrightarrow>^j 
@@ -1042,17 +995,25 @@ lemma block_global_rel_while_successor:
   and syn_rel: "ast_cfg_rel None [] bb cmds"
   and "bb = (BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None)"
   and "cmds \<noteq> []"
-  and "node_to_block G ! n = cmds"
+  and block_id:
+      "(node_to_block(G) ! n = cmds) \<or> 
+       (node_to_block(G) ! n = c#cmds) \<and> c = Assume entry_guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> entry_guard ns1 (BoolV True)) \<or> 
+       (node_to_block(G) ! n = c#cmds) \<and> c = Assume not_guard \<and> (UnOp Not entry_guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> entry_guard ns1 (BoolV False))"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
+                                      is_final_config (m',s') \<Longrightarrow> (\<forall> ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and block_local_rel:
     "\<And> reached_bb_inter reached_cont_inter reached_state_inter. 
     (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cmds (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block G ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
     (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and global_rel_succ:
         "\<And> ns2 k.
          k < j \<Longrightarrow>
          (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, Normal ns2) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+         (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns2) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                             is_final_config (m', s') \<longrightarrow> 
+                                                             (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) \<Longrightarrow>
          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] (Some (ParsedWhile guard invs (body_bb0#body_bbs))) None), KEndBlock cont1, Normal ns2) -n\<longrightarrow>^k 
                       (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
          (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
@@ -1074,13 +1035,14 @@ next
   proof cases
     case RedSimpleCmds thus ?thesis by blast
   qed (auto simp add: \<open>cmds \<noteq> []\<close>)
-  have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cmds (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" using dag_verifies_propagate_2 cfg_is_correct assms(5) by blast
-  have local_conclusion: "inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cmds, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-    using Red_impl first_step assms(3-4) block_local_rel_generic syn_rel by metis
+  have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block G ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" using dag_verifies_propagate_2 cfg_is_correct assms(5) 
+    by blast
+  have local_conclusion: "inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+    using Red_impl first_step assms(3-4) block_local_rel_generic syn_rel block_local_rel by blast
   show ?thesis 
   proof (cases inter_state)
     case (Normal x1)
-    hence "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cmds, Normal ns1\<rangle> [\<rightarrow>] inter_state)" using local_conclusion by blast
+    hence "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] inter_state)" using local_conclusion by blast
     then show ?thesis
     proof (cases j')
       case 0
@@ -1091,7 +1053,13 @@ next
 
       hence Red_cfg_conc: 
         "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))" 
-        using dag_verifies_propagate Normal \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cmds,Normal ns1\<rangle> [\<rightarrow>] inter_state\<close> assms(5) cfg_is_correct by blast
+        using dag_verifies_propagate Normal \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n),Normal ns1\<rangle> [\<rightarrow>] inter_state\<close> assms(5) cfg_is_correct by blast
+
+      hence Red_cfg_sat_conc: 
+        "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                             is_final_config (m', s') \<longrightarrow> 
+                                                             (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))" 
+        by (metis (no_types, lifting) Normal RedNormalSucc cfg_satisfies_posts converse_rtranclp_into_rtranclp local_conclusion)
 
       from 2 j_step_ast_trace assms(3) obtain inter_bb2 inter_cont2 inter_state2 where
         first_step_2: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(inter_bb, inter_cont, inter_state)\<rangle> \<longrightarrow> (inter_bb2, inter_cont2, inter_state2)" and 
@@ -1105,7 +1073,7 @@ next
       qed auto 
 
       have "j'' < j" by (simp add: "2" \<open>j = Suc j'\<close>)
-      then show ?thesis using a3 rest_2 Normal Red_cfg_conc assms(8) by blast 
+      then show ?thesis using a3 rest_2 Normal Red_cfg_conc assms(9) cfg_satisfies_posts Red_cfg_sat_conc by blast
     qed
   next
     case Failure
@@ -1116,36 +1084,16 @@ next
   qed
 qed
 
-lemma ending_directly_after_loop_exit:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, KEndBlock KStop, (Normal ns1'')) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-      and "bb = (BigBlock name [] None None)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
-  using assms
-proof (cases j)
-  case 0
-  hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] None None), KEndBlock KStop, (Normal ns1''))" using assms by auto
-  then show ?thesis by (simp add: Ast.valid_configuration_def)
-next
-  case (Suc j')
-  from assms(1-2) obtain inter_bb inter_cont inter_state where
-    step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name [] None None), KEndBlock KStop, (Normal ns1''))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
-    rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-    by (metis (full_types) Suc prod_cases3 relpowp_Suc_E2)
-  hence conc_inter: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KStop, (Normal ns1''))" 
-    by (cases) auto
-  hence "is_final (inter_bb, inter_cont, inter_state)" by simp 
-  moreover have "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] inter_bb inter_cont inter_state)" 
-    using valid_configuration_def conc_inter by (metis expr_all_sat_def get_state.simps list.pred_inject(1) state.simps(3))  
-  ultimately show ?thesis using rest by (metis conc_inter final_is_static_propagate prod.sel(1) prod.sel(2) relpowp_imp_rtranclp)
-qed
-
-text \<open>Global lemma for a loop-head ast-bigblock with non-empty invariants. The loop is also required to be non-empty.\<close>
+text \<open>Global lemma for a big block that's the head of a loop. 
+      This means that it is a big block with a while-loop as its structured command and its set of simple commands is empty. 
+      The body of the loop is required to be non-empty.\<close>
 lemma block_global_rel_loop_head:
   assumes block_rel: "ast_cfg_rel None assertions bb assertions"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, KEndBlock cont1, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
+                                        is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and "bb = (BigBlock name [] any_str any_tr)"
-  (* TODO: You're requiring that the loop isn't empty! What if it is? *)
   and bb_successor_while: "any_str = Some (ParsedWhile cont_guard invs (bb0#body_bbs))"
   and block_local_rel:
     "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, KEndBlock cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
@@ -1156,6 +1104,9 @@ lemma block_global_rel_loop_head:
    "\<And> ns1'' loop_guard j'. 
     j = Suc j' \<Longrightarrow>
     (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
+    (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                        is_final_config (m', s') \<longrightarrow> 
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
     ((cont_guard = Some loop_guard) \<and> 
       (red_expr A \<Lambda> \<Gamma> \<Omega> loop_guard ns1'' (BoolV True)) \<and> 
       A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (bb#(rev body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or> 
@@ -1167,19 +1118,18 @@ lemma block_global_rel_loop_head:
       (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (bb#(rev body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state))))  \<Longrightarrow>  
     (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
-  using assms
-proof cases
-    case Rel_Invs
-    thus ?thesis 
+  using assms cases
+proof -
+    show ?thesis 
     proof cases
       assume "j = 0"
-      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))" using ast_trace assms(4) by simp 
+      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))" using ast_trace assms(5) by simp 
       thus ?thesis by (simp add: Ast.valid_configuration_def)
     next
       assume "j \<noteq> 0" 
       from this obtain j' where "j = Suc j'" using not0_implies_Suc by blast
   
-      from ast_trace this assms(4) obtain inter_bb inter_cont inter_state where
+      from ast_trace this assms(5) obtain inter_bb inter_cont inter_state where
         first_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
         rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
         by (metis prod_cases3 relpowp_Suc_D2)
@@ -1195,112 +1145,38 @@ proof cases
   
           from first_step
           have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            by (metis Pair_inject assms(4) assms(7) block_local_rel cfg_correct concrete_inter1 dag_verifies_propagate dag_verifies_propagate_2)
-  
-          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct None rest concrete_inter1 succ_correct assms(4) by blast 
-        next 
-          case RedParsedWhileFalse
-          hence concrete_inter2: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1))" by simp
-  
-          from first_step
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            by (metis assms(4) assms(7) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
-  
-          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct None rest concrete_inter2 succ_correct by blast
-        next 
-          case RedParsedWhile_InvFail thus ?thesis using assms(7) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(4) by blast
-        qed auto
-      next
-        case (Some concrete_loop_guard)
-        then show ?thesis 
-        proof cases
-          assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV True))"
-          hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV False))" using expr_eval_determ by blast
-  
-          from first_step show ?thesis 
-          proof cases
-            case RedParsedWhileTrue
-            hence concrete_inter3: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont ((BigBlock name [] any_str any_tr)#(rev body_bbs)) (KEndBlock cont1), (Normal ns1))"
-              using bb_successor_while Some by blast
-  
-            from first_step
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              by (metis Pair_inject assms(4) assms(7) block_local_rel cfg_correct concrete_inter3 dag_verifies_propagate dag_verifies_propagate_2)
-  
-            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct Some guard_true rest concrete_inter3 succ_correct assms(4) by blast 
-        next 
-            case RedParsedWhile_InvFail thus ?thesis using assms(7) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(4) by blast
-        qed (auto simp add: bb_successor_while Some guard_not_false)
-      next
-        assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV True))"
-        thus ?thesis 
-        proof cases
-          assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV False))"
-  
-          from first_step show ?thesis 
-          proof cases
-            case RedParsedWhileFalse
-            hence concrete_inter4: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1))" by simp
+            by (metis Pair_inject assms(5) assms(8) block_local_rel cfg_correct concrete_inter1 dag_verifies_propagate dag_verifies_propagate_2)
 
           from first_step
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            by (metis assms(4) assms(7) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
-  
-            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct Some guard_false rest concrete_inter4 succ_correct by blast
-          next
-            case RedParsedWhile_InvFail thus ?thesis using Some bb_successor_while guard_not_true by blast
-          qed (auto simp add: bb_successor_while Some guard_not_true)
-        next
-          assume guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV False))"
-          from first_step show ?thesis
-          proof cases
-            case RedParsedWhile_InvFail thus ?thesis using Some bb_successor_while guard_not_true by blast
-          qed (auto simp add: bb_successor_while Some guard_not_true guard_not_false)
-        qed
-      qed
-    qed
-  qed
-next 
-  case Rel_Main_test 
-  thus ?thesis
-    proof cases
-      assume "j = 0"
-      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))" using ast_trace assms(4) by simp 
-      thus ?thesis by (simp add: Ast.valid_configuration_def)
-    next
-      assume "j \<noteq> 0" 
-      from this obtain j' where "j = Suc j'" using not0_implies_Suc by blast
-  
-      from ast_trace this assms(4) obtain inter_bb inter_cont inter_state where
-        first_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
-        rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-        by (metis prod_cases3 relpowp_Suc_D2)
-  
-      show ?thesis
-      proof (cases cont_guard)
-        case None
-        from first_step show ?thesis using bb_successor_while
-        proof cases
-          case RedParsedWhileTrue
-          hence concrete_inter1: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont ((BigBlock name [] any_str any_tr)#(rev body_bbs)) (KEndBlock cont1), (Normal ns1))"
-            using bb_successor_while None by blast
-  
-          from first_step
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            by (metis Pair_inject assms(4) assms(7) block_local_rel cfg_correct concrete_inter1 dag_verifies_propagate dag_verifies_propagate_2)
-  
-          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct None rest concrete_inter1 succ_correct assms(4) by blast 
+          have succ_cfg_satisfies_post: 
+              "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
+                                                        (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                        is_final_config (m', s') \<longrightarrow> 
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
+            using cfg_satisfies_post 
+            by (metis (no_types, lifting) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileTrue(4))
+  
+          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post None rest concrete_inter1 succ_correct assms(5) by blast 
         next 
           case RedParsedWhileFalse
           hence concrete_inter2: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1))" by simp
   
           from first_step
           have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            by (metis assms(4) assms(7) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
-  
-          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct None rest concrete_inter2 succ_correct by blast
+            by (metis assms(5) assms(8) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+
+          from first_step
+          have succ_cfg_satisfies_post: 
+              "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
+                                                        (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                        is_final_config (m', s') \<longrightarrow> 
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
+            using cfg_satisfies_post 
+            by (metis (no_types, lifting) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+  
+          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post None rest concrete_inter2 succ_correct by blast
         next 
-          case RedParsedWhile_InvFail thus ?thesis using assms(7) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(4) by blast
+          case RedParsedWhile_InvFail thus ?thesis using assms(8) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(5) by blast
         qed auto
       next
         case (Some concrete_loop_guard)
@@ -1317,11 +1193,20 @@ next
   
             from first_step
             have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              by (metis Pair_inject assms(4) assms(7) block_local_rel cfg_correct concrete_inter3 dag_verifies_propagate dag_verifies_propagate_2)
-  
-            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct Some guard_true rest concrete_inter3 succ_correct assms(4) by blast 
+              by (metis Pair_inject assms(5) assms(8) block_local_rel cfg_correct concrete_inter3 dag_verifies_propagate dag_verifies_propagate_2)
+
+            from first_step
+            have succ_cfg_satisfies_post: 
+                "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
+                                                          (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                          is_final_config (m', s') \<longrightarrow> 
+                                                          (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
+              using cfg_satisfies_post 
+            by (metis (no_types, lifting) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileTrue(4))
+  
+            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post Some guard_true rest concrete_inter3 succ_correct assms(5) by blast 
         next 
-            case RedParsedWhile_InvFail thus ?thesis using assms(7) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(4) by blast
+            case RedParsedWhile_InvFail thus ?thesis using assms(8) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(5) by blast
         qed (auto simp add: bb_successor_while Some guard_not_false)
       next
         assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV True))"
@@ -1336,9 +1221,18 @@ next
 
           from first_step
           have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            by (metis assms(4) assms(7) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
-  
-            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct Some guard_false rest concrete_inter4 succ_correct by blast
+            by (metis assms(5) assms(8) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+
+          from first_step
+          have succ_cfg_satisfies_post: 
+              "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
+                                                        (\<forall>m' s'. (((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s'))) \<longrightarrow>
+                                                        is_final_config (m', s') \<longrightarrow> 
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
+            using cfg_satisfies_post 
+            by (metis (no_types, lifting) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+  
+            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post Some guard_false rest concrete_inter4 succ_correct by blast
           next
             case RedParsedWhile_InvFail thus ?thesis using Some bb_successor_while guard_not_true by blast
           qed (auto simp add: bb_successor_while Some guard_not_true)
@@ -1354,23 +1248,31 @@ next
   qed
 qed 
 
-text \<open>Global lemma for an ast-bigblock with a non-empty set of simple cmds which enters an if-statement after executing its simple cmds.\<close>
+text \<open>Global lemma for a big block, which enters an if-statement after executing its simple cmds (if there are any).\<close>
 lemma block_global_rel_if_successor:
   assumes block_rel: "ast_cfg_rel None [] bb cs2"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and "bb = (BigBlock name cs1 any_str any_tr)"
-  and "node_to_block(G) ! n = cs2"
+  and block_id:
+      "(node_to_block(G) ! n = cs2) \<or> 
+       (node_to_block(G) ! n = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
+       (node_to_block(G) ! n = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
   and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
+                                        is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and bb_successor_if: "any_str = Some (ParsedIf cont_guard (then0#then_bbs) (else0#else_bbs))"
   and block_local_rel:
         "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> 
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> 
         cs1 \<noteq> [] \<Longrightarrow> cs2 \<noteq> [] \<Longrightarrow>  
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and succ_correct: 
        "\<And> ns1'' block_guard k.
          k < j \<Longrightarrow> 
         (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
+        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                            is_final_config (m', s') \<longrightarrow> 
+                                                            (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
         ((cont_guard = Some block_guard) \<and> 
           (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV True)) \<and> 
           A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or> 
@@ -1382,99 +1284,14 @@ lemma block_global_rel_if_successor:
           (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state))) ) \<Longrightarrow>  
         (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
-  using assms
+  using assms cases
 proof cases
   case Rel_Main_test
   have not_end: "(cont0 \<noteq> KStop) \<or> any_str \<noteq> None \<or> any_tr \<noteq> None" using bb_successor_if by simp
   show ?thesis
   proof (cases cs2)
-    case Nil 
-    thus ?thesis
-    proof (cases j)
-      case 0
-      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(3) by auto
-      then show ?thesis by (simp add: Ast.valid_configuration_def bb_successor_if) 
-    next
-      case 1: (Suc j')
-        from this assms(3) obtain snd_inter_bb snd_inter_cont snd_inter_state where
-          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, (Normal ns1))  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
-          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-          by (metis ast_trace bigblock.inject local.Nil local.Rel_Main_test relpowp_Suc_E2 surj_pair)
-  
-        thus ?thesis 
-        proof (cases cont_guard)
-          case None
-          from snd_step this show ?thesis
-          proof cases
-            case RedParsedIfTrue
-            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
-  
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast
-  
-            have "j' < j" using 1 using Suc_lessD by blast
-            
-            thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct by blast
-          next
-            case RedParsedIfFalse
-            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
-  
-            from snd_step 
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast
-  
-            have "j' < j" using 1 using Suc_lessD by blast
-  
-            thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct by blast
-          qed (auto simp add: bb_successor_if)
-        next
-          case (Some block_guard)
-          then show ?thesis 
-          proof cases
-            assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True))"
-            hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))" using expr_eval_determ by blast
-            from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, Normal ns1)" 
-            proof cases
-              case RedParsedIfTrue thus ?thesis using guard_true bb_successor_if by (simp add: RedParsedIfTrue)
-            qed (auto simp add: guard_not_false bb_successor_if Some)
-  
-            from snd_step 
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast
-  
-            have "j' < j" using 1 using Suc_lessD by blast
-            
-            thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct by blast
-          next
-            assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True))"
-            thus ?thesis 
-            proof cases
-              assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))"
-              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, Normal ns1)" 
-              proof cases
-                case RedParsedIfFalse thus ?thesis using guard_false bb_successor_if by (simp add: RedParsedIfFalse)
-              qed (auto simp add: guard_not_true bb_successor_if Some)
-  
-              from snd_step 
-              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-                using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast              
-  
-              have "j' < j" using 1 using Suc_lessD by blast
-        
-              thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some succ_cfg_correct by blast
-            next
-              assume guard_not_false2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False)))" and  
-                     guard_not_true2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True)))"
-              thus ?thesis
-              proof -
-                from snd_step have False using guard_not_false2 guard_not_true2 bb_successor_if Some 
-                  by (cases) auto
-                thus ?thesis by simp
-              qed
-            qed  
-          qed 
-        qed
-      qed
+    case Nil hence \<open>cs1 = []\<close> by (simp add: local.Rel_Main_test(2)) 
+    thus ?thesis using local.Nil local.Rel_Main_test(2) by auto
   next
     case (Cons) 
     hence "cs1 \<noteq> []" using assms(3) local.Rel_Main_test by auto
@@ -1490,13 +1307,15 @@ proof cases
         rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
         by (metis ast_trace get_state.cases relpowp_Suc_E2)
   
-      from cfg_correct Cons \<open>node_to_block(G) ! n = cs2\<close> 
+      from cfg_correct Cons block_id
       have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-        using dag_verifies_propagate_2 by blast
+        using dag_verifies_propagate_2 
+        by (metis push_through_assumption0 push_through_assumption1)
   
       from local_rel_corr first_step Cons
-      have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
-        using block_local_rel local.Rel_Main_test assms(3) by blast
+      have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
+        using block_local_rel local.Rel_Main_test assms(3) 
+        by (metis \<open>cs1 \<noteq> []\<close> assume_ml bigblock.inject block_id state.simps(7))
   
       from first_step Cons \<open>cs1 \<noteq> []\<close>
       have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
@@ -1530,12 +1349,18 @@ proof cases
               from first_step 
               have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               proof cases
-                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct by blast
+                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
               qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
+
+              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                        is_final_config (m', s') \<longrightarrow> 
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                using cfg_satisfies_post cfg_correct local.Cons
+                by (metis (no_types, lifting) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
               have "j'' < j" using 1 3 using Suc_lessD by blast
               
-              thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct by blast
+              thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct succ_cfg_sat by blast
             next
               case RedParsedIfFalse
               hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
@@ -1543,12 +1368,18 @@ proof cases
               from first_step 
               have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               proof cases
-                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct by blast
+                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
               qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
+
+              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                        is_final_config (m', s') \<longrightarrow> 
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                using cfg_satisfies_post cfg_correct local.Cons
+                by (metis (no_types, lifting) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
               have "j'' < j" using 1 3 using Suc_lessD by blast
   
-              thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct by blast
+              thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct succ_cfg_sat by blast
             qed (auto simp add: bb_successor_if 2)
           next
             case (Some block_guard)
@@ -1564,12 +1395,18 @@ proof cases
               from first_step 
               have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               proof cases
-                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct by blast
+                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
               qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
+
+              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                        is_final_config (m', s') \<longrightarrow> 
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                using cfg_satisfies_post cfg_correct local.Cons
+                by (metis (no_types, lifting) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
               have "j'' < j" using 1 3 using Suc_lessD by blast
               
-              thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct 2 by blast
+              thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct 2 succ_cfg_sat by blast
             next
               assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True))"
               thus ?thesis 
@@ -1583,12 +1420,18 @@ proof cases
                 from first_step 
                 have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
                 proof cases
-                  case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct by blast
-                qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)              
+                  case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
+                qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
+
+                have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                          is_final_config (m', s') \<longrightarrow> 
+                                                          (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                  using cfg_satisfies_post cfg_correct local.Cons
+                  by (metis (no_types, lifting) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
                 have "j'' < j" using 1 3 using Suc_lessD by blast
           
-                thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some 2 succ_cfg_correct by blast
+                thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some 2 succ_cfg_correct succ_cfg_sat by blast
               next
                 assume guard_not_false2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False)))" and  
                        guard_not_true2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True)))"
@@ -1605,7 +1448,7 @@ proof cases
       next
         case Failure
         then show ?thesis
-          using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+          using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n),Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
           by linarith
       next
         case Magic
@@ -1642,22 +1485,36 @@ next
             hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
   
             have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast
+              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil
+              by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
+
+            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                      is_final_config (m', s') \<longrightarrow> 
+                                                      (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
+              by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1)
   
             have "j' < j" using 1 using Suc_lessD by blast
             
-            thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct by blast
+            thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct succ_cfg_sat by blast
           next
             case RedParsedIfFalse
             hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
   
             from snd_step 
             have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast
+              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil
+              by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
+
+            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                      is_final_config (m', s') \<longrightarrow> 
+                                                      (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
+              by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1)
   
             have "j' < j" using 1 using Suc_lessD by blast
   
-            thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct by blast
+            thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct succ_cfg_sat by blast
           qed (auto simp add: bb_successor_if)
         next
           case (Some block_guard)
@@ -1672,11 +1529,18 @@ next
   
             from snd_step 
             have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast
+              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil
+              by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
+
+            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                      is_final_config (m', s') \<longrightarrow> 
+                                                      (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
+              by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1)
   
             have "j' < j" using 1 using Suc_lessD by blast
             
-            thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct by blast
+            thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct succ_cfg_sat by blast
           next
             assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True))"
             thus ?thesis 
@@ -1689,11 +1553,18 @@ next
   
               from snd_step 
               have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-                using assms(4) cfg_correct correctness_propagates_through_empty local.Nil by blast              
+                using assms(4) cfg_correct correctness_propagates_through_empty local.Nil
+                by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
+
+              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                        is_final_config (m', s') \<longrightarrow> 
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
+                by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1)
   
               have "j' < j" using 1 using Suc_lessD by blast
         
-              thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some succ_cfg_correct by blast
+              thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some succ_cfg_correct succ_cfg_sat by blast
             next
               assume guard_not_false2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False)))" and  
                      guard_not_true2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True)))"
@@ -1712,300 +1583,179 @@ next
   qed
 qed
 
-text \<open>Global lemma for an ast-bigblock with a non-empty set of simple cmds which is the first bigblock in the else-branch of an if-statement.\<close>
-lemma block_global_rel_if_false:
+text \<open>Global lemma for a generic big block. This means that neither a loop, nor an if-statement is entered after its simple commands are executed.\<close>
+lemma block_global_rel_generic:
   assumes block_rel: "ast_cfg_rel None [] bb cs2"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and "bb = (BigBlock name cs1 any_str any_tr)"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
-  and "node_to_block(G) ! n = cs3"
-  and "cs3 = (c#cs2)"
+  and block_id:
+      "(node_to_block(G) ! n = cs2) \<or> 
+       (node_to_block(G) ! n = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
+       (node_to_block(G) ! n = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
   and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
+                                        is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
-  and "c = Assume some_cmd"
-  and "(UnOp Not block_guard) \<sim> some_cmd"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(UnOp Not block_guard), ns1\<rangle> \<Down> LitV (LBool True)"
   and block_local_rel: 
         "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+        cs1 \<noteq> [] \<Longrightarrow> cs2 \<noteq> [] \<Longrightarrow>
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and succ_correct: 
        "\<And>  ns1'' k.
         k < j \<Longrightarrow> 
         \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+       (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                            is_final_config (m', s') \<longrightarrow> 
+                                                            (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
         A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
         (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-     shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
-  using assms
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
+  using assms cases
 proof cases
   case Rel_Main_test
   have not_end: "(cont0 \<noteq> KStop) \<or> any_str \<noteq> None \<or> any_tr \<noteq> None" using trivial_bb_successor by simp
   from ast_trace show ?thesis
-  proof (cases j)
-    case 0
-    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(3) by fastforce
-    then show ?thesis unfolding Ast.valid_configuration_def by (simp add: trivial_bb_successor)
+  proof (cases cs2)
+    case Nil hence \<open>cs1 = []\<close> by (simp add: local.Rel_Main_test(2))
+    thus ?thesis using local.Nil local.Rel_Main_test(2) by blast
   next
-    case succ_0: (Suc j')
-    from this assms(3) obtain inter_bb inter_cont inter_state where
-      first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
-      rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
-      by (metis ast_trace prod_cases3 relpowp_Suc_D2)
-
-    from cfg_correct \<open>cs2 \<noteq> Nil\<close> \<open>node_to_block(G) ! n = cs3\<close> 
-    have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-      using dag_verifies_propagate_2 by blast
-
-    from local_rel_corr first_step 
-    have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
-      using block_local_rel assms(3) by simp
-
-    from first_step \<open>cs1 \<noteq> Nil\<close> 
-    have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
-    proof cases
-      case RedSimpleCmds then show ?thesis by (auto simp add: RedSimpleCmds)
-    qed auto
+    case (Cons)
+    hence "cs1 \<noteq> Nil" using assms(3) local.Rel_Main_test by blast
+    from ast_trace this show ?thesis
+    proof (cases j)
+      case 0
+      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(3) by auto
+      then show ?thesis unfolding Ast.valid_configuration_def by (simp add: trivial_bb_successor)
+    next
+      case succ_0: (Suc j')
+      from this assms(3) obtain inter_bb inter_cont inter_state where
+        first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
+        rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+        by (metis ast_trace get_state.cases relpowp_Suc_D2)
+  
+      from cfg_correct Cons block_id 
+      have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+        apply (simp)
+        apply (rule disjE)
+          apply simp
+         apply (rule dag_verifies_propagate_2)
+           apply blast
+          apply assumption
+         apply assumption
+        apply (rule disjE)
+          apply simp
+        apply (metis dag_verifies_propagate_2 push_through_assumption0)
+        apply (metis dag_verifies_propagate_2 push_through_assumption1)
+        done
+  
+      from local_rel_corr first_step 
+      have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
+        using block_local_rel assms(3) \<open>cs1 \<noteq> []\<close> Cons 
+        by (metis bigblock.inject cfg_correct dag_verifies_propagate_2 local.Rel_Main_test(1))
+  
+      from first_step \<open>cs1 \<noteq> Nil\<close> 
+      have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
+      proof cases
+        case RedSimpleCmds then show ?thesis by (auto simp add: RedSimpleCmds)
+      qed auto
+  
+      show ?thesis 
+      proof (cases inter_state)
+        case 1: (Normal x1)
+        from rest_of_steps show ?thesis 
+        proof (cases j')
+          case 0
+          then show ?thesis 
+            by (metis valid_configuration_def a1 a2 get_state.simps is_final.simps(5) relpowp_0_E rest_of_steps trivial_bb_successor)
+        next
+          case 2: (Suc j'')
+          from this rest_of_steps obtain snd_inter_bb snd_inter_cont snd_inter_state where
+            snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, inter_state)  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
+            snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
+            by (metis a1 get_state.cases relpowp_Suc_D2)
+  
+          from snd_step have snd_step_equiv: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1, cont1, inter_state)"
+          proof cases
+            case RedSkip thus ?thesis using trivial_bb_successor by (simp add: RedSkip)
+          qed (auto simp add: trivial_bb_successor "1")
+  
+          from first_step 
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+          proof cases
+            case RedSimpleCmds show ?thesis 
+              using 1 snd_step_equiv  RedSimpleCmds(3) dag_verifies_propagate Rel_Main_test(1) cfg_correct assms(3-4) 
+              by (metis bigblock.inject push_through_assumption0 push_through_assumption1)
+          qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
 
-    show ?thesis 
-    proof (cases inter_state)
-      case 1: (Normal x1)
-      from rest_of_steps show ?thesis 
-      proof (cases j')
-        case 0
+          have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                    is_final_config (m', s') \<longrightarrow> 
+                                                    (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+            using cfg_satisfies_post cfg_correct local.Cons
+            by (metis (no_types, lifting) "1" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
+  
+          have "j'' < j" using succ_0 2 by simp
+  
+          then show ?thesis using snd_step_equiv succ_correct snd_rest_of_steps "1" succ_cfg_correct succ_cfg_sat by blast
+        qed
+      next
+        case Failure
         then show ?thesis
-          by (metis Ast.valid_configuration_def a1 a2 get_state.simps is_final.simps(5) relpowp_0_E rest_of_steps trivial_bb_successor)
+          using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+          by linarith
       next
-        case 2: (Suc j'')
-        from this rest_of_steps obtain snd_inter_bb snd_inter_cont snd_inter_state where
-          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, inter_state)  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
-          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
-          by (metis a1 get_state.cases relpowp_Suc_D2)
-        from snd_step have snd_step_equiv: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1, cont1, inter_state)"
-        proof cases
-          case RedSkip thus ?thesis using trivial_bb_successor by (simp add: RedSkip)
-        qed (auto simp add: trivial_bb_successor "1")
-
-        from first_step 
-        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-        proof cases
-          case RedSimpleCmds 
-          hence cmds_red: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c#cs2, Normal ns1\<rangle> [\<rightarrow>] inter_state" 
-            using  "1" a2 assms(7) 
-            by blast
-          show ?thesis by (metis (no_types, lifting) "1" RedNormalSucc assms(6-7) cfg_correct cmds_red converse_rtranclp_into_rtranclp)
-        qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
-
-        have "j'' < j" using succ_0 2 by simp
-
-        then show ?thesis using snd_step_equiv succ_correct snd_rest_of_steps "1" succ_cfg_correct by blast 
+        case Magic
+        then show ?thesis by (metis valid_configuration_def a2 get_state.simps magic_propagates rest_of_steps state.distinct(3))
       qed
-    next
-      case Failure
-      then show ?thesis
-        using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
-        by linarith
-    next
-      case Magic
-      then show ?thesis by (metis Ast.valid_configuration_def a2 get_state.simps magic_propagates rest_of_steps state.distinct(3))
-    qed
+    qed 
   qed
-qed auto
-
-text \<open>Global lemma for an ast-bigblock with a non-empty set of simple cmds which is the first bigblock in the then-branch of an if-statement.\<close>
-lemma block_global_rel_if_true:
-  assumes block_rel: "ast_cfg_rel None [] bb cs2"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and "bb = (BigBlock name cs1 any_str any_tr)"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
-  and "node_to_block(G) ! n = cs3"
-  and "cs3 = c#cs2"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
-  and "c = Assume block_guard"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>block_guard, ns1\<rangle> \<Down> LitV (LBool True)"
-  and block_local_rel: 
-        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  and succ_correct: 
-       "\<And>  ns1'' k.
-        k < j \<Longrightarrow> 
-        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
-        A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
-        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-     shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
-  using assms
-proof cases
-  case Rel_Main_test
+next
+  case Rel_Invs
   have not_end: "(cont0 \<noteq> KStop) \<or> any_str \<noteq> None \<or> any_tr \<noteq> None" using trivial_bb_successor by simp
   from ast_trace show ?thesis
-  proof (cases j)
-    case 0
-    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(3) by auto
-    then show ?thesis unfolding Ast.valid_configuration_def by (metis assms(4) get_state.simps is_final.simps(2) neq_Nil_conv state.distinct(1))
-  next
-    case succ_0: (Suc j')
-    from this assms(3) obtain inter_bb inter_cont inter_state where
-      first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
-      rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
-      by (metis ast_trace get_state.cases relpowp_Suc_D2)
-
-    from cfg_correct \<open>cs2 \<noteq> Nil\<close> \<open>node_to_block(G) ! n = cs3\<close> 
-    have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-      using dag_verifies_propagate_2 by blast
-
-    from local_rel_corr first_step 
-    have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
-      using block_local_rel assms(3) by simp
-
-    from first_step \<open>cs1 \<noteq> Nil\<close> 
-    have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
-    proof cases
-      case RedSimpleCmds then show ?thesis by (auto simp add: RedSimpleCmds)
-    qed auto
-
-    show ?thesis 
-    proof (cases inter_state)
-      case 1: (Normal x1)
-      from rest_of_steps show ?thesis 
-      proof (cases j')
-        case 0
-        then show ?thesis 
-          by (metis valid_configuration_def a1 a2 get_state.simps is_final.simps(5) relpowp_0_E rest_of_steps trivial_bb_successor)
-      next
-        case 2: (Suc j'')
-        from this rest_of_steps obtain snd_inter_bb snd_inter_cont snd_inter_state where
-          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, inter_state)  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
-          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
-          by (metis a1 get_state.cases relpowp_Suc_D2)
-
-        from snd_step have snd_step_equiv: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1, cont1, inter_state)"
-        proof cases
-          case RedSkip thus ?thesis using trivial_bb_successor by (simp add: RedSkip)
-        qed (auto simp add: trivial_bb_successor "1")
-
-        from first_step 
-        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-        proof cases
-          case RedSimpleCmds 
-          hence cmds_red: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c#cs2, Normal ns1\<rangle> [\<rightarrow>] inter_state" 
-            using Rel_Main_test(1) \<open>c = Assume block_guard\<close> trace_is_possible RedAssumeOk RedCmdListCons assms(3) by blast
-          show ?thesis using "1" assms(6-7) cfg_correct cmds_red dag_verifies_propagate by blast
-        qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
-
-        have "j'' < j" using succ_0 2 by simp
-
-        then show ?thesis using snd_step_equiv succ_correct snd_rest_of_steps "1" succ_cfg_correct by blast 
-      qed
-    next
-      case Failure
-      then show ?thesis
-        using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
-        by linarith
+  proof (cases cs2)
+    case Nil
+    thus ?thesis
+    proof (cases j)
+      case 0
+      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(3) by auto
+      then show ?thesis by (simp add: Ast.valid_configuration_def trivial_bb_successor) 
     next
-      case Magic
-      then show ?thesis by (metis valid_configuration_def a2 get_state.simps magic_propagates rest_of_steps state.simps(5))
-    qed
-  qed
-qed auto
-
-text \<open>Global lemma for a generic ast-bigblock with a non-empty set of simple cmds.\<close>
-lemma block_global_rel_generic:
-  assumes block_rel: "ast_cfg_rel None [] bb cs2"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and "bb = (BigBlock name cs1 any_str any_tr)"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
-  and "node_to_block(G) ! n = cs2"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
-  and block_local_rel: 
-        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  and succ_correct: 
-       "\<And>  ns1'' k.
-        k < j \<Longrightarrow> 
-        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
-        A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
-        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
-  using assms
-proof cases
-  case Rel_Main_test
-  have not_end: "(cont0 \<noteq> KStop) \<or> any_str \<noteq> None \<or> any_tr \<noteq> None" using trivial_bb_successor by simp
-  from ast_trace show ?thesis
-  proof (cases j)
-    case 0
-    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(3) by auto
-    then show ?thesis unfolding Ast.valid_configuration_def by (simp add: trivial_bb_successor)
-  next
-    case succ_0: (Suc j')
-    from this assms(3) obtain inter_bb inter_cont inter_state where
-      first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
-      rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-      by (metis ast_trace get_state.cases relpowp_Suc_D2)
-
-    from cfg_correct \<open>cs2 \<noteq> Nil\<close> \<open>node_to_block(G) ! n = cs2\<close> 
-    have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-      using dag_verifies_propagate_2 by blast
-
-    from local_rel_corr first_step 
-    have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
-      using block_local_rel assms(3) by simp
-
-    from first_step \<open>cs1 \<noteq> Nil\<close> 
-    have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
-    proof cases
-      case RedSimpleCmds then show ?thesis by (auto simp add: RedSimpleCmds)
-    qed auto
-
-    show ?thesis 
-    proof (cases inter_state)
-      case 1: (Normal x1)
-      from rest_of_steps show ?thesis 
-      proof (cases j')
-        case 0
-        then show ?thesis 
-          by (metis valid_configuration_def a1 a2 get_state.simps is_final.simps(5) relpowp_0_E rest_of_steps trivial_bb_successor)
-      next
-        case 2: (Suc j'')
-        from this rest_of_steps obtain snd_inter_bb snd_inter_cont snd_inter_state where
-          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, inter_state)  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
-          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
-          by (metis a1 get_state.cases relpowp_Suc_D2)
+      case 1: (Suc j')
+        from this assms(3) obtain snd_inter_bb snd_inter_cont snd_inter_state where
+          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, (Normal ns1))  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
+          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+          by (metis ast_trace bigblock.inject local.Nil local.Rel_Invs relpowp_Suc_E2 surj_pair)
 
-        from snd_step have snd_step_equiv: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1, cont1, inter_state)"
-        proof cases
-          case RedSkip thus ?thesis using trivial_bb_successor by (simp add: RedSkip)
-        qed (auto simp add: trivial_bb_successor "1")
+        hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1,  cont1, (Normal ns1))" using trivial_bb_successor 1 
+          by (cases) auto 
 
-        from first_step 
-        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-        proof cases
-          case RedSimpleCmds show ?thesis using 1 snd_step_equiv  RedSimpleCmds(3) dag_verifies_propagate Rel_Main_test(1) cfg_correct assms(6) assms(3) by blast
-        qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
+        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+          using assms(4) cfg_correct correctness_propagates_through_empty local.Nil
+          by (metis (no_types, lifting) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-        have "j'' < j" using succ_0 2 by simp
+        have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                  is_final_config (m', s') \<longrightarrow> 
+                                                  (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+          using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
+          by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1)
 
-        then show ?thesis using snd_step_equiv succ_correct snd_rest_of_steps "1" succ_cfg_correct by blast
-      qed
-    next
-      case Failure
-      then show ?thesis
-        using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
-        by linarith
-    next
-      case Magic
-      then show ?thesis by (metis valid_configuration_def a2 get_state.simps magic_propagates rest_of_steps state.distinct(3))
+        have "j' < j" using 1 using Suc_lessD by blast
+        
+        thus ?thesis using eq snd_rest_of_steps succ_correct succ_cfg_correct succ_cfg_sat by blast
     qed
+  next
+    case (Cons)
+    hence "cs1 \<noteq> Nil" using assms(3) local.Rel_Invs by blast
+    from ast_trace this show ?thesis
+      using local.Cons local.Rel_Invs(1) by fastforce
   qed
-qed auto
+qed
 
-text \<open>Helper lemmas used to complete the procedure correctness proof\<close>
 
+subsection \<open>Procedure correctness\<close>
+
+text \<open>The main lemma used to complete proof of the correctness of an \<^term>\<open>ast_procedure\<close>.\<close>
 lemma end_to_end_util2:
   assumes AExpanded: "\<And> \<Gamma> end_bb end_cont end_state ns M.
            rtranclp (red_bigblock B M \<Lambda> \<Gamma> [] ast) (init_ast ast ns) (end_bb, end_cont, end_state) \<Longrightarrow>
@@ -2082,9 +1832,4 @@ proof -
   qed
 qed
 
-lemma valid_config_implies_not_failure:
-  assumes "Semantics.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
-  shows "s' \<noteq> Failure"
-  using Semantics.valid_configuration_def assms by blast
-
 end
\ No newline at end of file
diff --git a/BoogieLang/Ast_to_Cfg_Validation.thy b/BoogieLang/Ast_to_Cfg_Validation.thy
new file mode 100644
index 0000000..e57d928
--- /dev/null
+++ b/BoogieLang/Ast_to_Cfg_Validation.thy
@@ -0,0 +1,207 @@
+theory Ast_to_Cfg_Validation
+   imports Main
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "Boogie_Lang.BackedgeElim"
+          "Boogie_Lang.Ast_Cfg_Transformation"
+          "Boogie_Lang.Lang"
+begin 
+
+fun local_validation :: "bigblock \<Rightarrow> block \<Rightarrow> expr option \<Rightarrow> expr option \<Rightarrow> 'a absval_ty_fun \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> 'a nstate \<Rightarrow> bool" where
+  "local_validation ast_block cfg_block guard_option transformed_guard_option A \<Lambda> \<Gamma> \<Omega> ns = 
+     (case guard_option of 
+        Some guard \<Rightarrow> 
+          (case transformed_guard_option of
+              Some transformed_guard \<Rightarrow>        
+                    (\<exists> cmd cmds. (cfg_block = cmd#cmds) \<and> 
+                    (ast_cfg_rel None [] ast_block cmds) \<and> 
+                    ((UnOp Not guard) \<sim> transformed_guard) \<and> 
+                    (cmd = Assume transformed_guard))
+          |   None \<Rightarrow> 
+                    (\<exists> cmd cmds. (cfg_block = cmd#cmds) \<and> 
+                    (ast_cfg_rel None [] ast_block cmds) \<and> 
+                    (cmd = Assume guard))) 
+     |  None \<Rightarrow>        
+              (\<exists> cmd cmds. (cfg_block = cmd#cmds) \<and> 
+              (ast_cfg_rel None [] ast_block cmds)))"
+
+(*
+lemma block_global_rel_if_false:
+  assumes block_rel: "ast_cfg_rel None [] bb cs2"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "bb = (BigBlock name cs1 any_str any_tr)"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "node_to_block(G) ! n = cs3"
+  and "cs3 = (c#cs2)"
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
+  and "c = Assume some_cmd"
+  and "(UnOp Not block_guard) \<sim> some_cmd"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(UnOp Not block_guard), ns1\<rangle> \<Down> LitV (LBool True)"
+  and block_local_rel: 
+        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+  and succ_correct: 
+       "\<And>  ns1'' k.
+        k < j \<Longrightarrow> 
+        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+        A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
+        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+     shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+*)
+
+(*
+lemma block_global_rel_if_true:
+  assumes block_rel: "ast_cfg_rel None [] bb cs2"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "bb = (BigBlock name cs1 any_str any_tr)"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "node_to_block(G) ! n = cs3"
+  and "cs3 = c#cs2"
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
+  and "c = Assume block_guard"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>block_guard, ns1\<rangle> \<Down> LitV (LBool True)"
+  and block_local_rel: 
+        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+  and succ_correct: 
+       "\<And>  ns1'' k.
+        k < j \<Longrightarrow> 
+        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+        A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
+        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+     shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+*)
+
+(*
+lemma block_global_rel_generic:
+  assumes block_rel: "ast_cfg_rel None [] bb cs2"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "bb = (BigBlock name cs1 any_str any_tr)"
+  and "cs1 \<noteq> Nil"
+  and "cs2 \<noteq> Nil"
+  and "node_to_block(G) ! n = cs2"
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
+  and block_local_rel: 
+        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+  and succ_correct: 
+       "\<And>  ns1'' k.
+        k < j \<Longrightarrow> 
+        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+        A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
+        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+*)
+
+(*
+lemma block_global_rel_while_successor:
+  assumes j_step_ast_trace: 
+      "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont1, Normal ns1) -n\<longrightarrow>^j 
+                      (reached_bb, reached_cont, reached_state)"
+  and syn_rel: "ast_cfg_rel None [] bb cmds"
+  and "bb = (BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None)"
+  and "cmds \<noteq> []"
+  and "node_to_block G ! n = cmds"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and block_local_rel:
+    "\<And> reached_bb_inter reached_cont_inter reached_state_inter. 
+    (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cmds (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+  and global_rel_succ:
+        "\<And> ns2 k.
+         k < j \<Longrightarrow>
+         (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, Normal ns2) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+         A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] (Some (ParsedWhile guard invs (body_bb0#body_bbs))) None), KEndBlock cont1, Normal ns2) -n\<longrightarrow>^k 
+                      (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
+         (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+      shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+*)
+
+(*
+lemma block_global_rel_loop_head:
+  assumes block_rel: "ast_cfg_rel None assertions bb assertions"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, KEndBlock cont1, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and "bb = (BigBlock name [] any_str any_tr)"
+  (* TODO: You're requiring that the loop isn't empty! What if it is? *)
+  and bb_successor_while: "any_str = Some (ParsedWhile cont_guard invs (bb0#body_bbs))"
+  and block_local_rel:
+    "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, KEndBlock cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+  and "node_to_block(G) ! n = assertions"
+  and succ_correct: 
+   "\<And> ns1'' loop_guard j'. 
+    j = Suc j' \<Longrightarrow>
+    (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
+    ((cont_guard = Some loop_guard) \<and> 
+      (red_expr A \<Lambda> \<Gamma> \<Omega> loop_guard ns1'' (BoolV True)) \<and> 
+      A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (bb#(rev body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or> 
+    ((cont_guard = Some loop_guard) \<and> 
+      (red_expr A \<Lambda> \<Gamma> \<Omega> loop_guard ns1'' (BoolV False)) \<and> 
+      A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or>
+    ((cont_guard = None) \<and> 
+     ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or>
+      (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (bb#(rev body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state))))  \<Longrightarrow>  
+    (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
+*)
+
+(*
+lemma block_global_rel_if_successor:
+  assumes block_rel: "ast_cfg_rel None [] bb cs2"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and "bb = (BigBlock name cs1 any_str any_tr)"
+  and "node_to_block(G) ! n = cs2"
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and bb_successor_if: "any_str = Some (ParsedIf cont_guard (then0#then_bbs) (else0#else_bbs))"
+  and block_local_rel:
+        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> 
+        cs1 \<noteq> [] \<Longrightarrow> cs2 \<noteq> [] \<Longrightarrow>  
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+  and succ_correct: 
+       "\<And> ns1'' block_guard k.
+         k < j \<Longrightarrow> 
+        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
+        ((cont_guard = Some block_guard) \<and> 
+          (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV True)) \<and> 
+          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or> 
+        ((cont_guard = Some block_guard) \<and> 
+          (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV False)) \<and> 
+          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or>
+        ( (cont_guard = None) \<and> 
+          ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or>
+          (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state))) ) \<Longrightarrow>  
+        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
+*)
+
+fun global_validation :: "ast_procedure \<Rightarrow> procedure \<Rightarrow> expr option \<Rightarrow> expr option \<Rightarrow> 'a absval_ty_fun \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> 'a nstate \<Rightarrow> bool" where
+  "global_validation ast_proc cfg_proc guard_option transformed_guard_option A \<Lambda> \<Gamma> \<Omega> ns = 
+    (case proc_body(ast_proc) of
+      None \<Rightarrow> 
+             (case Lang.proc_body(cfg_proc) of
+               None \<Rightarrow> True 
+             | Some (locals, mCFG) \<Rightarrow> False)
+    | Some (locals, (bb#bbs)) \<Rightarrow>
+             (case Lang.proc_body(cfg_proc) of
+               None \<Rightarrow> False
+             | Some (locals, mCFG) \<Rightarrow> 
+                                     (local_validation bb (node_to_block(mCFG) ! (entry(mCFG))) guard_option transformed_guard_option A \<Lambda> \<Gamma> \<Omega> ns) \<and> 
+                                      False)
+    | Some (locals, []) \<Rightarrow> False )"
+            
+
+
+
+end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
deleted file mode 100644
index 68bb528..0000000
--- a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
+++ /dev/null
@@ -1,183 +0,0 @@
-theory empty_branch_if_ast_cfg_proof
-  imports Main
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          empty_branch_if_before_cfg_to_dag_prog 
-          empty_branch_if_before_ast_cfg
-          empty_branch_if_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-
-begin
-declare Nat.One_nat_def[simp del]
-
-definition bigblock_then 
-  where "bigblock_then \<equiv> BigBlock None [] None None"
-
-definition bigblock_else
-  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 6)))] None None"
-
-lemma bigblock0_local_rel:
-  assumes Red_bb0_to: 
-      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>empty_branch_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock0 _ empty_branch_if_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl, simp)
-      apply (simp add: bigblock0_def)
-     apply simp
-    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-    done
-qed
-
-lemma bigblock_else_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>empty_branch_if_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis
-    unfolding empty_branch_if_before_cfg_to_dag_prog.block_1_def 
-    apply (rule block_local_rel_guard_false)
-            apply (rule Rel_Main_test[of bigblock_else])
-            apply (simp add: bigblock_else_def)
-           apply (rule neg_gt2)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_1_def)
-      apply (simp add: bigblock_else_def)
-    by simp_all
-qed
-
-lemma block2_global_rel:
-  assumes concrete_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  using assms
-proof -
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-         apply (rule Rel_Main_test[of bigblock1 _ empty_branch_if_before_cfg_to_dag_prog.block_2])
-         apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)
-        apply (rule concrete_trace)
-       apply (simp add: bigblock1_def)
-      apply simp
-     apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
-    apply (rule cfg_is_correct)
-    apply simp
-    done
-qed
-
-
-lemma block_then_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-proof -                    
-  show ?thesis 
-    apply (rule ending_then)
-           apply (rule assms(1))
-          apply (simp add: bigblock_then_def)
-         apply (rule trace_is_possible)
-        apply (rule empty_branch_if_before_cfg_to_dag_prog.node_3)
-       apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_3_def)
-      apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_3)
-      apply (simp add: member_rec)
-     apply (simp add: assms(2))
-     apply (simp add: block2_global_rel)
-    done
-qed
-
-
-lemma block_else_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis
-    apply (rule block_global_rel_if_false)
-                 apply (rule Rel_Main_test[of bigblock_else])
-                 apply (simp add: bigblock_else_def)
-               apply (rule assms(1))
-              apply (simp add: bigblock_else_def)
-              apply simp
-             apply simp
-            apply (rule empty_branch_if_before_cfg_to_dag_prog.node_1)
-           apply (rule empty_branch_if_before_cfg_to_dag_prog.block_1_def)
-          apply (rule assms(2))
-          apply simp
-         apply simp
-        apply simp
-       apply (rule neg_gt2)
-      apply (rule trace_is_possible)
-     apply (rule bigblock_else_local_rel)
-       apply assumption
-      apply assumption
-     apply (rule trace_is_possible)
-    apply (erule allE[where x=2])
-    apply (rule block2_global_rel)
-     apply assumption
-    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
-    apply (simp add: member_rec(1))
-    done
-qed
-
-
-lemma block0_global_rel:
-  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis 
-    apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Main_test[of bigblock0 _ empty_branch_if_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-          apply (rule ast_trace)
-         apply (simp add: bigblock0_def)
-        apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
-       apply (rule assms(1))
-       apply simp
-      apply simp
-     apply (rule bigblock0_local_rel)
-      apply (simp add: bigblock0_def)
-     apply assumption
-    apply simp
-    apply (rule disjE)
-      apply assumption
-
-     apply (erule allE[where x=3])
-     apply (simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
-     apply (simp add:member_rec(1))
-     apply (rule conjE)
-      apply assumption
-    unfolding empty_branch_if_before_cfg_to_dag_prog.post_def
-     apply (rule block_then_global_rel)
-       apply (simp add: bigblock_then_def)       
-      apply simp
-     apply assumption
-   
-    apply (erule allE[where x=1])
-    apply (simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp add:member_rec(1))
-    apply (rule conjE)
-     apply assumption
-    apply (rule block_else_global_rel)
-      apply (simp add: bigblock_else_def)
-     apply simp
-    apply (simp add: false_equals_not_true)
-    done
-qed
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy
deleted file mode 100644
index 3c29d5a..0000000
--- a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy
+++ /dev/null
@@ -1,89 +0,0 @@
-theory empty_branch_if_before_ast_cfg
-  imports Main
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "../global_data"
-
-begin
-
-definition bigblock0
-  where "bigblock0 \<equiv> 
-          (BigBlock None [(Havoc 0)] 
-            (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) 
-                  [BigBlock None [] None None] [BigBlock None [(Assign 0 (Lit (LInt 6)))] None None])) 
-             None)"
-
-definition bigblock1
-  where "bigblock1 \<equiv> 
-          (BigBlock None [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))] None None)"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 #  bigblock1  # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding empty_branch_if_before_ast_cfg.params_vdecls_def empty_branch_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_cfg.params_vdecls) )"
-unfolding empty_branch_if_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_cfg.locals_vdecls) )"
-unfolding empty_branch_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_ast_cfg.post),proc_body = (Some (empty_branch_if_before_ast_cfg.locals_vdecls,empty_branch_if_before_ast_cfg.proc_body))|)"
-
-end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 41c064e..0000000
--- a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,122 +0,0 @@
-theory empty_branch_if_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]"
-definition block_2
-  where
-    "block_2  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]"
-definition outEdges
-  where
-    "outEdges  = [[3,1],[2],[],[2]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [3,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_cfg_to_dag_prog.post),proc_body = (Some (empty_branch_if_before_cfg_to_dag_prog.locals_vdecls,empty_branch_if_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
deleted file mode 100644
index 2d6d7db..0000000
--- a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory empty_branch_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_cfg_to_dag_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
deleted file mode 100644
index a3919c0..0000000
--- a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
+++ /dev/null
@@ -1,292 +0,0 @@
-theory empty_branch_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_branch_if_before_cfg_to_dag_prog empty_branch_if_before_passive_prog empty_branch_if_passification_proof empty_branch_if_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_branch_if_before_cfg_to_dag_prog.block_2_def empty_branch_if_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
-apply (rule empty_branch_if_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding empty_branch_if_before_cfg_to_dag_prog.post_def
-apply (rule block_anon3)
-apply assumption+
-by (rule empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
-
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_branch_if_before_cfg_to_dag_prog.block_3_def empty_branch_if_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_3)
-apply (rule empty_branch_if_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon4_Then)
-apply (assumption+)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:empty_branch_if_before_passive_prog.outEdges_1))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_branch_if_before_cfg_to_dag_prog.block_1_def empty_branch_if_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_1)
-apply (rule empty_branch_if_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon4_Else)
-apply (assumption+)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:empty_branch_if_before_passive_prog.outEdges_2))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_branch_if_before_cfg_to_dag_prog.block_0_def empty_branch_if_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
-apply (rule empty_branch_if_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:empty_branch_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:empty_branch_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:empty_branch_if_before_passive_prog.outEdges_4))
-by ((simp add:empty_branch_if_before_passive_prog.node_4 empty_branch_if_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 empty_branch_if_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule empty_branch_if_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding empty_branch_if_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=empty_branch_if_before_cfg_to_dag_prog.pres])
-apply (rule assms(4))
-unfolding empty_branch_if_before_cfg_to_dag_prog.pres_def
-apply simp
-apply (rule empty_branch_if_before_passive_prog.outEdges_5)
-apply ((simp add:empty_branch_if_before_passive_prog.node_4 empty_branch_if_before_passive_prog.block_4_def))
-apply (rule empty_branch_if_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_branch_if_before_cfg_to_dag_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule empty_branch_if_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms empty_branch_if_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 empty_branch_if_before_cfg_to_dag_prog.proc_def empty_branch_if_before_cfg_to_dag_prog.proc_body_def)
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
deleted file mode 100644
index f80e262..0000000
--- a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
+++ /dev/null
@@ -1,262 +0,0 @@
-theory empty_branch_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_passive_prog empty_branch_if_passive_prog Boogie_Lang.PassificationML empty_branch_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_branch_if_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_branch_if_before_passive_prog.block_0_def empty_branch_if_passive_prog.block_0_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old empty_branch_if_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_branch_if_before_passive_prog.block_1_def empty_branch_if_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.l_x(2) empty_branch_if_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 6))),(0,(Inl 2))]) R_old empty_branch_if_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_branch_if_before_passive_prog.block_2_def empty_branch_if_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.l_x(2) empty_branch_if_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old empty_branch_if_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_branch_if_before_passive_prog.block_3_def empty_branch_if_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.l_x(2) empty_branch_if_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_branch_if_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_branch_if_before_passive_prog.block_4_def empty_branch_if_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_branch_if_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_branch_if_before_passive_prog.block_5_def empty_branch_if_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_branch_if_before_passive_prog.node_0},@{thm empty_branch_if_before_passive_prog.outEdges_0}) (@{thm empty_branch_if_passive_prog.node_0},@{thm empty_branch_if_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_branch_if_before_passive_prog.node_1},@{thm empty_branch_if_before_passive_prog.outEdges_1}) (@{thm empty_branch_if_passive_prog.node_1},@{thm empty_branch_if_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_branch_if_before_passive_prog.node_2},@{thm empty_branch_if_before_passive_prog.outEdges_2}) (@{thm empty_branch_if_passive_prog.node_2},@{thm empty_branch_if_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_branch_if_before_passive_prog.node_3},@{thm empty_branch_if_before_passive_prog.outEdges_3}) (@{thm empty_branch_if_passive_prog.node_3},@{thm empty_branch_if_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon4_Then}, 
-@{thm cfg_block_anon4_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_branch_if_before_passive_prog.node_4},@{thm empty_branch_if_before_passive_prog.outEdges_4}) (@{thm empty_branch_if_passive_prog.node_4},@{thm empty_branch_if_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_branch_if_before_passive_prog.node_5},@{thm empty_branch_if_before_passive_prog.outEdges_5}) (@{thm empty_branch_if_passive_prog.node_5},@{thm empty_branch_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv empty_branch_if_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-apply simp
-unfolding empty_branch_if_passive_prog.params_vdecls_def empty_branch_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using empty_branch_if_before_passive_prog.globals_locals_disj apply auto[1]
-using empty_branch_if_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from empty_branch_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
deleted file mode 100644
index 78928d4..0000000
--- a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
+++ /dev/null
@@ -1,128 +0,0 @@
-theory empty_branch_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_passive_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 2) Gt (Lit (LInt 5))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 5)))),(Assume (BinOp (Var 2) Eq (Var 1)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 1))),(Assume (BinOp (Var 2) Eq (Lit (LInt 6))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_branch_if_passive_prog.params_vdecls_def empty_branch_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy b/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
deleted file mode 100644
index 0958308..0000000
--- a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
+++ /dev/null
@@ -1,241 +0,0 @@
-theory empty_branch_if_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML empty_branch_if_passive_prog empty_branch_if_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon3
-  where
-    "vc_anon3 x_1 = (x_1 > (5::int))"
-definition vc_anon4_Then
-  where
-    "vc_anon4_Then x_0 x_1 = (((x_0 > (5::int)) \<and> (x_1 = x_0)) \<longrightarrow> (vc_anon3 x_1))"
-definition vc_anon4_Else
-  where
-    "vc_anon4_Else x_0 x_1 = ((((5::int) \<ge> x_0) \<and> (x_1 = (6::int))) \<longrightarrow> (vc_anon3 x_1))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 x_1 = ((vc_anon4_Then x_0 x_1) \<and> (vc_anon4_Else x_0 x_1))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3
-lemmas forall_poly_thm = forall_vc_type[OF G3]
-lemmas exists_poly_thm = exists_vc_type[OF G3]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon3_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon3AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding empty_branch_if_passive_prog.block_0_def vc.vc_anon3_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Then_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon4_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
-unfolding empty_branch_if_passive_prog.block_1_def vc.vc_anon4_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Else_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon4_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
-unfolding empty_branch_if_passive_prog.block_2_def vc.vc_anon4_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_3 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
-using assms
-unfolding empty_branch_if_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
-using assms
-unfolding empty_branch_if_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding empty_branch_if_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) empty_branch_if_passive_prog.node_0 empty_branch_if_passive_prog.outEdges_0])
-using block_anon3AA0[OF _ assms(2)] by blast
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Then vc_x_0 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_1])
-apply (erule block_anon4_ThenAA0[OF _ assms(2)])
-apply ((simp add:empty_branch_if_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Else vc_x_0 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_2])
-apply (erule block_anon4_ElseAA0[OF _ assms(2)])
-apply ((simp add:empty_branch_if_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_3])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:empty_branch_if_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_4])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:empty_branch_if_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:empty_branch_if_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x])
-apply (subst lookup_var_local[OF empty_branch_if_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF empty_branch_if_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF empty_branch_if_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/global_data.thy b/BoogieLang/completed_example_proofs/if_example_proofs/global_data.thy
deleted file mode 100644
index 51076b5..0000000
--- a/BoogieLang/completed_example_proofs/if_example_proofs/global_data.thy
+++ /dev/null
@@ -1,34 +0,0 @@
-theory global_data
-  imports "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics" 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/TypeSafety" 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Util" 
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
deleted file mode 100644
index b6aa719..0000000
--- a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
+++ /dev/null
@@ -1,287 +0,0 @@
-theory if_example_ast_cfg_proof
-  imports Main
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          p_before_cfg_to_dag_prog 
-          if_example_before_ast_cfg
-          p_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-          p_before_passive_prog 
-          p_passification_proof 
-          p_vcphase_proof
-
-begin
-declare Nat.One_nat_def[simp del]
-
-definition bigblock_then 
-  where "bigblock_then \<equiv> BigBlock None [(Assign 0 (Lit (LInt 10)))] None None"
-
-definition bigblock_else
-  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 1)))] None None"
-
-lemma bigblock0_local_rel:
-  assumes Red_bb0_to: 
-      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic) 
-           apply (rule Rel_Main_test[of bigblock0])
-           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl, simp)
-      apply (simp add: bigblock0_def)
-     apply simp
-    apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
-    done
-qed
-
-
-lemma bigblock_then_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis
-    apply (rule block_local_rel_guard_true)
-           apply (rule Rel_Main_test[of bigblock_then])
-           apply (simp add: bigblock_then_def)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl, simp)
-      apply (simp add: bigblock_then_def)
-      apply simp+
-    apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
-    done
-qed
-
-lemma bigblock_else_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis
-    unfolding p_before_cfg_to_dag_prog.block_1_def 
-    apply (rule block_local_rel_guard_false)
-            apply (rule Rel_Main_test[of bigblock_else])
-            apply (simp add: bigblock_else_def)
- (* FIXME how does one know what rule is to be used here? *)
-           apply (rule neg_gt2)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
-      apply (simp add: bigblock_else_def)
-    by simp_all
-qed
-
-lemma block2_global_rel:
-  assumes concrete_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  using assms
-proof -
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-         apply (rule Rel_Main_test[of bigblock1 _ p_before_cfg_to_dag_prog.block_2])
-         apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)
-        apply (rule concrete_trace)
-       apply (simp add: bigblock1_def)
-      apply simp
-     apply (rule p_before_cfg_to_dag_prog.node_2)
-    apply (rule cfg_is_correct)
-    apply simp
-    done
-qed
-
-
-lemma block_then_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis 
-    apply (rule block_global_rel_if_true)
-                apply (rule Rel_Main_test[of bigblock_then])
-                apply (simp add: bigblock_then_def)
-               apply (rule assms(1))
-              apply (simp add: bigblock_then_def)
-             apply simp
-            apply simp
-           apply (rule p_before_cfg_to_dag_prog.node_3)
-          apply (rule p_before_cfg_to_dag_prog.block_3_def)
-          apply (rule assms(2))
-          apply simp
-         apply simp
-        apply simp
-      apply (rule trace_is_possible)
-     apply (rule bigblock_then_local_rel)
-       apply assumption
-      apply assumption
-     apply (rule trace_is_possible)
-    apply (simp add:p_before_cfg_to_dag_prog.outEdges_3)
-    apply ((simp add:member_rec(1)))
-    apply (rule block2_global_rel)
-     apply assumption
-    apply simp
-    done
-qed
-
-
-lemma block_else_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis
-    apply (rule block_global_rel_if_false)
-                 apply (rule Rel_Main_test[of bigblock_else])
-                 apply (simp add: bigblock_else_def)
-               apply (rule assms(1))
-              apply (simp add: bigblock_else_def)
-              apply simp
-             apply simp
-            apply (rule p_before_cfg_to_dag_prog.node_1)
-           apply (rule p_before_cfg_to_dag_prog.block_1_def)
-          apply (rule assms(2))
-          apply simp
-         apply simp
-        apply simp
-       apply (rule neg_gt2)
-      apply (rule trace_is_possible)
-     apply (rule bigblock_else_local_rel)
-       apply assumption
-      apply assumption
-     apply (rule trace_is_possible)
-    apply (erule allE[where x=2])
-    apply (rule block2_global_rel)
-     apply assumption
-    apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
-    apply (simp add: member_rec(1))
-    done
-qed
-
-
-lemma block0_global_rel:
-  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis 
-    apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def) 
-          apply (rule ast_trace)
-         apply (simp add: bigblock0_def)
-        apply (rule p_before_cfg_to_dag_prog.node_0)
-       apply (rule assms(1))
-       apply simp
-      apply simp
-     apply (rule bigblock0_local_rel)
-      apply (simp add: bigblock0_def)
-     apply assumption
-    apply simp
-    apply (rule disjE)
-      apply assumption
-
-     apply (erule allE[where x=3])
-     apply (simp add:p_before_cfg_to_dag_prog.outEdges_0)
-     apply (simp add:member_rec(1))
-     apply (rule conjE)
-      apply assumption
-    unfolding if_example_before_ast_cfg.post_def
-     apply (rule block_then_global_rel)
-       apply (simp add: bigblock_then_def)
-      apply simp
-     apply assumption
-   
-    apply (erule allE[where x=1])
-    apply (simp add:p_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp add:member_rec(1))
-    apply (rule conjE)
-     apply assumption
-    apply (rule block_else_global_rel)
-      apply (simp add: bigblock_else_def)
-     apply simp
-    apply (simp add: false_equals_not_true)
-    done
-qed
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls))"
-lemma end_to_end_theorem_aux3:
-assumes 
-Red: "rtranclp (red_bigblock A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) \<Gamma> [] if_example_before_ast_cfg.proc_body) (bigblock0, (KSeq bigblock1 KStop), Normal ns) (end_bb, end_cont, end_state)" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_example_before_ast_cfg.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] if_example_before_ast_cfg.post end_bb end_cont end_state)"
-proof -
-from Red obtain j where Aux:"(A,M,((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)),\<Gamma>,[],if_example_before_ast_cfg.proc_body \<turnstile> (bigblock0, (KSeq bigblock1 KStop), Normal ns) -n\<longrightarrow>^j (end_bb, end_cont, end_state))"
-by (meson rtranclp_imp_relpowp)
-  show ?thesis
-apply (rule block0_global_rel)
-defer
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
-                 p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
-                                    p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
-                                    if_example_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
-                                    p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply simp
-using OldGlobal apply simp
-using BinderNs apply simp
-done
-qed
-
-lemma initialization:                              
-  assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock0, bigblock1] ns1) (reached_bb, reached_cont, reached_state)"
-  shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, KSeq bigblock1 KStop, Normal ns1) (reached_bb, reached_cont, reached_state)" 
-  using assms 
-  by simp
-
-
-lemma end_to_end_theorem3:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms if_example_before_ast_cfg.proc_ast))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux3])
-apply (rule initialization)
-unfolding if_example_before_ast_cfg.proc_body_def
-apply assumption using VC apply simp  apply assumption+
-apply (simp_all add: 
-      exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2
-      if_example_before_ast_cfg.proc_ast_def if_example_before_ast_cfg.proc_body_def)
-done
-end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~ b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~
deleted file mode 100644
index 3a3816b..0000000
--- a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~
+++ /dev/null
@@ -1,4 +0,0 @@
-theory if_example_ast_form
-
-begin
-end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
deleted file mode 100644
index 6c46a7a..0000000
--- a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
+++ /dev/null
@@ -1,90 +0,0 @@
-theory if_example_before_ast_cfg
-  imports Main 
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "../global_data"
-
-begin
-definition bigblock0
-  where "bigblock0 \<equiv> 
-          (BigBlock None [(Havoc 0)] 
-            (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) 
-                      [BigBlock None [(Assign 0 (Lit (LInt 10)))] None None] 
-                      [BigBlock None [(Assign 0 (Lit (LInt 1)))] None None])) 
-             None)"
-
-definition bigblock1 
-  where "bigblock1 \<equiv> (BigBlock None [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))] None None)"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 #  bigblock1 # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),None)]"
-
-lemma locals_min_aux:
-shows "(((map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_before_ast_cfg.params_vdecls) )"
-unfolding if_example_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_before_ast_cfg.locals_vdecls) )"
-unfolding if_example_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "ast_procedure"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = if_example_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_example_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec if_example_before_ast_cfg.post),proc_body = (Some (if_example_before_ast_cfg.locals_vdecls,if_example_before_ast_cfg.proc_body))|)"
-
-
-end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 3d7f1e9..0000000
--- a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,125 +0,0 @@
-theory p_before_cfg_to_dag_prog
-  imports "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics" 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/TypeSafety" 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Util" 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/generated_example_proofs/if_example_proofs/global_data" 
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]"
-definition block_2
-  where
-    "block_2  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
-definition outEdges
-  where
-    "outEdges  = [[3,1],[2],[],[2]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [3,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy
deleted file mode 100644
index 414667a..0000000
--- a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory p_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_cfg_to_dag_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy
deleted file mode 100644
index 3bf8e12..0000000
--- a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy
+++ /dev/null
@@ -1,292 +0,0 @@
-theory p_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_2_def p_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule p_before_cfg_to_dag_prog.node_2)
-apply (rule p_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding p_before_cfg_to_dag_prog.post_def
-apply (rule block_anon3)
-apply assumption+
-by (rule p_before_cfg_to_dag_prog.outEdges_2)
-
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_3_def p_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_3)
-apply (rule p_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon4_Then)
-apply (assumption+)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:p_before_passive_prog.outEdges_1))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_1_def p_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_1)
-apply (rule p_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon4_Else)
-apply (assumption+)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:p_before_passive_prog.outEdges_2))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_0)
-apply (rule p_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:p_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:p_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:p_before_passive_prog.outEdges_4))
-by ((simp add:p_before_passive_prog.node_4 p_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule p_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding p_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=p_before_cfg_to_dag_prog.pres])
-apply (rule assms(4))
-unfolding p_before_cfg_to_dag_prog.pres_def
-apply simp
-apply (rule p_before_passive_prog.outEdges_5)
-apply ((simp add:p_before_passive_prog.node_4 p_before_passive_prog.block_4_def))
-apply (rule p_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_cfg_to_dag_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule p_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms p_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy
deleted file mode 100644
index a455b9b..0000000
--- a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy
+++ /dev/null
@@ -1,262 +0,0 @@
-theory p_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_0_def p_passive_prog.block_0_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 10))),(0,(Inl 2))]) R_old p_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 1))),(0,(Inl 2))]) R_old p_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_2_def p_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old p_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_3_def p_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_4_def p_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_5_def p_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_3},@{thm p_before_passive_prog.outEdges_3}) (@{thm p_passive_prog.node_3},@{thm p_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon4_Then}, 
-@{thm cfg_block_anon4_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_4},@{thm p_before_passive_prog.outEdges_4}) (@{thm p_passive_prog.node_4},@{thm p_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_5},@{thm p_before_passive_prog.outEdges_5}) (@{thm p_passive_prog.node_5},@{thm p_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-apply simp
-unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using p_before_passive_prog.globals_locals_disj apply auto[1]
-using p_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from p_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy
deleted file mode 100644
index 4e1c3f9..0000000
--- a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy
+++ /dev/null
@@ -1,128 +0,0 @@
-theory p_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 2) Gt (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 5)))),(Assume (BinOp (Var 2) Eq (Lit (LInt 10))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 1))),(Assume (BinOp (Var 2) Eq (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy b/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy
deleted file mode 100644
index baa46e7..0000000
--- a/BoogieLang/completed_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy
+++ /dev/null
@@ -1,241 +0,0 @@
-theory p_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon3
-  where
-    "vc_anon3 x_1 = (x_1 > (0::int))"
-definition vc_anon4_Then
-  where
-    "vc_anon4_Then x_0 x_1 = (((x_0 > (5::int)) \<and> (x_1 = (10::int))) \<longrightarrow> (vc_anon3 x_1))"
-definition vc_anon4_Else
-  where
-    "vc_anon4_Else x_0 x_1 = ((((5::int) \<ge> x_0) \<and> (x_1 = (1::int))) \<longrightarrow> (vc_anon3 x_1))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 x_1 = ((vc_anon4_Then x_0 x_1) \<and> (vc_anon4_Else x_0 x_1))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3
-lemmas forall_poly_thm = forall_vc_type[OF G3]
-lemmas exists_poly_thm = exists_vc_type[OF G3]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon3_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon3AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding p_passive_prog.block_0_def vc.vc_anon3_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Then_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon4_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
-unfolding p_passive_prog.block_1_def vc.vc_anon4_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Else_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon4_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
-unfolding p_passive_prog.block_2_def vc.vc_anon4_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_3 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
-using assms
-unfolding p_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
-using assms
-unfolding p_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding p_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
-using block_anon3AA0[OF _ assms(2)] by blast
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Then vc_x_0 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_1])
-apply (erule block_anon4_ThenAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Else vc_x_0 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_2])
-apply (erule block_anon4_ElseAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_3])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_4])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
-apply (subst lookup_var_local[OF p_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy
deleted file mode 100644
index 9933ba9..0000000
--- a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy
+++ /dev/null
@@ -1,103 +0,0 @@
-theory nested_loop_before_ast_cfg
-  imports
-    Boogie_Lang.Ast
-    Boogie_Lang.Semantics 
-    Boogie_Lang.TypeSafety 
-    Boogie_Lang.Util 
-    "../global_data"
-begin
-
-definition bigblock0 
-  where "bigblock0 \<equiv> (BigBlock None [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]
-                      (Some (WhileWrapper 
-                            (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                            [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                            [(BigBlock None [] 
-                             (Some (WhileWrapper 
-                                   (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                                    [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                                    [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
-                             None),
-                             (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
-                       None)"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 # []"
-
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop_before_ast_cfg.params_vdecls_def nested_loop_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_cfg.params_vdecls) )"
-unfolding nested_loop_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_cfg.locals_vdecls) )"
-unfolding nested_loop_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = nested_loop_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec nested_loop_before_ast_cfg.post),proc_body = (Some (nested_loop_before_ast_cfg.locals_vdecls,nested_loop_before_ast_cfg.proc_body))|)"
-
-end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
deleted file mode 100644
index dd2e91f..0000000
--- a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,164 +0,0 @@
-theory nested_loop_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]"
-definition block_1
-  where
-    "block_1  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[6,2],[3],[5,4],[3],[1],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [6,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [5,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = nested_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop_before_cfg_to_dag_prog.post),proc_body = (Some (nested_loop_before_cfg_to_dag_prog.locals_vdecls,nested_loop_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
deleted file mode 100644
index bb20376..0000000
--- a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
+++ /dev/null
@@ -1,557 +0,0 @@
-theory nested_loop_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop_before_cfg_to_dag_prog nested_loop_before_passive_prog nested_loop_passification_proof nested_loop_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def nested_loop_before_cfg_to_dag_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule nested_loop_before_passive_prog.node_0)
-apply simp
-unfolding nested_loop_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon4_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_6_def nested_loop_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_6)
-apply (rule nested_loop_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon4_LoopDone)
-apply assumption+
-apply (rule nested_loop_before_cfg_to_dag_prog.outEdges_6)
-apply (rule nested_loop_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma Mods_anon5_LoopDone:
-shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_5)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_5_def nested_loop_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_5)
-apply (rule nested_loop_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon5_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon5_LoopDone)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon4_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5_LoopBody:
-shows "(mods_contained_in (set [1]) nested_loop_before_cfg_to_dag_prog.block_4)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_3 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_4_def nested_loop_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_y(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 3 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_4)
-apply (rule nested_loop_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon5_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon5_LoopBody)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon5_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5_LoopHead:
-shows "(mods_contained_in (set [1]) nested_loop_before_cfg_to_dag_prog.block_3)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_3_def nested_loop_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-  show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_3)
-apply (rule nested_loop_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon5_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon5_LoopHead)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon4_LoopBody:
-shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_2)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon4_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_2_def nested_loop_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_y(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon4_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_2)
-apply (rule nested_loop_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon4_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon4_LoopBody)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon4_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon4_LoopHead:
-shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_1)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon4_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_1_def nested_loop_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_x(1)))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon4_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_1)
-apply (rule nested_loop_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon4_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon4_LoopHead)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_0_def nested_loop_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
-apply (rule nested_loop_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:nested_loop_before_passive_prog.outEdges_8))
-by ((simp add:nested_loop_before_passive_prog.node_8 nested_loop_before_passive_prog.block_8_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule nested_loop_before_passive_prog.node_9)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding nested_loop_before_passive_prog.block_9_def
-apply (rule assume_pres_normal[where ?es=nested_loop_before_cfg_to_dag_prog.pres])
-apply (rule assms(4))
-unfolding nested_loop_before_cfg_to_dag_prog.pres_def
-apply simp
-apply (rule nested_loop_before_passive_prog.outEdges_9)
-apply ((simp add:nested_loop_before_passive_prog.node_8 nested_loop_before_passive_prog.block_8_def))
-apply (rule nested_loop_before_passive_prog.outEdges_8)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop_before_cfg_to_dag_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule nested_loop_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms nested_loop_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_loop_before_cfg_to_dag_prog.proc_def nested_loop_before_cfg_to_dag_prog.proc_body_def)
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
deleted file mode 100644
index f624a39..0000000
--- a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
+++ /dev/null
@@ -1,349 +0,0 @@
-theory nested_loop_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_passive_prog nested_loop_passive_prog Boogie_Lang.PassificationML nested_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_0_def nested_loop_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_1_def nested_loop_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old nested_loop_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_2_def nested_loop_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_x(2) nested_loop_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(1,(Inl 5))]) R_old nested_loop_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_3_def nested_loop_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(2) nested_loop_passive_prog.l_y_2(2)))
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(1,(Inl 4))]) R_old nested_loop_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_4_def nested_loop_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(2) nested_loop_passive_prog.l_y_1(2)))
-by simp
-
-lemma block_anon4_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 3)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_5_def nested_loop_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old nested_loop_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_6_def nested_loop_passive_prog.block_6_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_x(2) nested_loop_passive_prog.l_x_0(2)))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(2) nested_loop_passive_prog.l_y_0(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10))),(1,(Inr (LInt 10)))]) R_old nested_loop_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_7_def nested_loop_passive_prog.block_7_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_8_def nested_loop_passive_prog.block_8_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_9_def nested_loop_passive_prog.block_9_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_0},@{thm nested_loop_before_passive_prog.outEdges_0}) (@{thm nested_loop_passive_prog.node_0},@{thm nested_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon4_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_1},@{thm nested_loop_before_passive_prog.outEdges_1}) (@{thm nested_loop_passive_prog.node_1},@{thm nested_loop_passive_prog.outEdges_1}) @{thm block_anon4_LoopDone} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_2},@{thm nested_loop_before_passive_prog.outEdges_2}) (@{thm nested_loop_passive_prog.node_2},@{thm nested_loop_passive_prog.outEdges_2}) @{thm block_anon5_LoopDone} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_3},@{thm nested_loop_before_passive_prog.outEdges_3}) (@{thm nested_loop_passive_prog.node_3},@{thm nested_loop_passive_prog.outEdges_3}) @{thm block_anon5_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_4},@{thm nested_loop_before_passive_prog.outEdges_4}) (@{thm nested_loop_passive_prog.node_4},@{thm nested_loop_passive_prog.outEdges_4}) @{thm block_anon5_LoopHead} [
-@{thm cfg_block_anon5_LoopDone}, 
-@{thm cfg_block_anon5_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon4_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 3)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_5},@{thm nested_loop_before_passive_prog.outEdges_5}) (@{thm nested_loop_passive_prog.node_5},@{thm nested_loop_passive_prog.outEdges_5}) @{thm block_anon4_LoopBody} [
-@{thm cfg_block_anon5_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon4_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_6},@{thm nested_loop_before_passive_prog.outEdges_6}) (@{thm nested_loop_passive_prog.node_6},@{thm nested_loop_passive_prog.outEdges_6}) @{thm block_anon4_LoopHead} [
-@{thm cfg_block_anon4_LoopDone}, 
-@{thm cfg_block_anon4_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_7},@{thm nested_loop_before_passive_prog.outEdges_7}) (@{thm nested_loop_passive_prog.node_7},@{thm nested_loop_passive_prog.outEdges_7}) @{thm block_anon0} [
-@{thm cfg_block_anon4_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_8},@{thm nested_loop_before_passive_prog.outEdges_8}) (@{thm nested_loop_passive_prog.node_8},@{thm nested_loop_passive_prog.outEdges_8}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_9},@{thm nested_loop_before_passive_prog.outEdges_9}) (@{thm nested_loop_passive_prog.node_9},@{thm nested_loop_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv nested_loop_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-apply simp
-unfolding nested_loop_passive_prog.params_vdecls_def nested_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using nested_loop_before_passive_prog.globals_locals_disj apply auto[1]
-using nested_loop_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_loop_passive_prog.proc_body u (Inl 9)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_loop_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from nested_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
deleted file mode 100644
index 5eadc7c..0000000
--- a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
+++ /dev/null
@@ -1,208 +0,0 @@
-theory nested_loop_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_passive_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4))),(Assume (BinOp (Var 6) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 6) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 4) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 5) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 4) Ge (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 3) Ge (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 2) Ge (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Assert (BinOp (Lit (LInt 10)) Ge (Lit (LInt 0))))]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[2,3],[4],[1,5],[6],[7],[8]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [1,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(5,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop_passive_prog.params_vdecls_def nested_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy b/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
deleted file mode 100644
index 01eeeb3..0000000
--- a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
+++ /dev/null
@@ -1,370 +0,0 @@
-theory nested_loop_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML nested_loop_passive_prog nested_loop_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon4_LoopDone
-  where
-    "vc_anon4_LoopDone  = True"
-definition vc_anon5_LoopDone
-  where
-    "vc_anon5_LoopDone y_1 x_1 x_0 = ((((0::int) \<ge> y_1) \<and> (x_1 = (x_0 - (1::int)))) \<longrightarrow> (x_1 \<ge> (0::int)))"
-definition vc_anon5_LoopBody
-  where
-    "vc_anon5_LoopBody y_1 y_2 = (((y_1 > (0::int)) \<and> (y_2 = (y_1 - (1::int)))) \<longrightarrow> (y_2 \<ge> (0::int)))"
-definition vc_anon5_LoopHead
-  where
-    "vc_anon5_LoopHead y_1 x_1 x_0 y_2 = ((y_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon5_LoopDone y_1 x_1 x_0) \<and> (vc_anon5_LoopBody y_1 y_2)))"
-definition vc_anon4_LoopBody
-  where
-    "vc_anon4_LoopBody x_0 y_0 y_1 x_1 y_2 = ((x_0 > (0::int)) \<longrightarrow> ((y_0 \<ge> (0::int)) \<and> ((y_0 \<ge> (0::int)) \<longrightarrow> (vc_anon5_LoopHead y_1 x_1 x_0 y_2))))"
-definition vc_anon4_LoopHead
-  where
-    "vc_anon4_LoopHead x_0 y_0 y_1 x_1 y_2 = ((x_0 \<ge> (0::int)) \<longrightarrow> ((vc_anon4_LoopDone ) \<and> (vc_anon4_LoopBody x_0 y_0 y_1 x_1 y_2)))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 y_0 y_1 x_1 y_2 = (((10::int) \<ge> (0::int)) \<and> (((10::int) \<ge> (0::int)) \<longrightarrow> (vc_anon4_LoopHead x_0 y_0 y_1 x_1 y_2)))"
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry x_0 y_0 y_1 x_1 y_2 = (vc_anon0 x_0 y_0 y_1 x_1 y_2)"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_y_2 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_1)))" and 
-G5: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_1)))" and 
-G6: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_2)))" and 
-G7: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7
-lemmas forall_poly_thm = forall_vc_type[OF G7]
-lemmas exists_poly_thm = exists_vc_type[OF G7]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding nested_loop_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon4_LoopDone_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon4_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopDone ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding nested_loop_passive_prog.block_1_def vc.vc_anon4_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopDone_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon5_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop_passive_prog.block_2_def vc.vc_anon5_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon5_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_y_1 vc_y_2) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop_passive_prog.block_3_def vc.vc_anon5_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0) \<and> (vc.vc_anon5_LoopBody vc_y_1 vc_y_2))))))))"
-unfolding nested_loop_passive_prog.block_4_def vc.vc_anon5_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_LoopBody_hints = [
-(AssumeConjR 0,NONE), 
-(AssertSub,NONE)]
-\<close>
-lemma block_anon4_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2)))))))"
-unfolding nested_loop_passive_prog.block_5_def vc.vc_anon4_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon4_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_LoopDone ) \<and> (vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))))))))"
-unfolding nested_loop_passive_prog.block_6_def vc.vc_anon4_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon0_hints = [
-(AssertSub,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))))"
-unfolding nested_loop_passive_prog.block_7_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_8 (Normal n_s) s')" and 
-"(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))"
-using assms
-unfolding nested_loop_passive_prog.block_8_def
-apply cases
-by auto
-
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding nested_loop_passive_prog.block_9_def vc.vc_PreconditionGeneratedEntry_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) nested_loop_passive_prog.node_0 nested_loop_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon4_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_LoopDone )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_loop_passive_prog.node_1])
-apply (erule block_anon4_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop_passive_prog.node_2])
-by (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopBody vc_y_1 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop_passive_prog.node_3])
-by (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_4])
-apply (erule block_anon5_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon4_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_5])
-apply (erule block_anon4_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon4_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_6])
-apply (erule block_anon4_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_7])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_8])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_9])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) \<Gamma> [] nested_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
deleted file mode 100644
index caf8832..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,111 +0,0 @@
-theory no_guard_empty_branch_if_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assign 0 (Lit (LInt 6)))]"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[2,1],[],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [2,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_cfg_to_dag_prog.post),proc_body = (Some (no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls,no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
deleted file mode 100644
index 05f60ff..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory no_guard_empty_branch_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_cfg_to_dag_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assign 0 (Lit (LInt 6)))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
deleted file mode 100644
index 4c9441e..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
+++ /dev/null
@@ -1,250 +0,0 @@
-theory no_guard_empty_branch_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_empty_branch_if_before_cfg_to_dag_prog no_guard_empty_branch_if_before_passive_prog no_guard_empty_branch_if_passification_proof no_guard_empty_branch_if_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_empty_branch_if_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def no_guard_empty_branch_if_before_cfg_to_dag_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule no_guard_empty_branch_if_before_passive_prog.node_0)
-apply simp
-unfolding no_guard_empty_branch_if_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def no_guard_empty_branch_if_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
-apply (rule no_guard_empty_branch_if_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_Then)
-apply assumption+
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
-apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def no_guard_empty_branch_if_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
-apply (rule no_guard_empty_branch_if_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_Else)
-apply assumption+
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
-apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def no_guard_empty_branch_if_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
-apply (rule no_guard_empty_branch_if_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:no_guard_empty_branch_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:no_guard_empty_branch_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:no_guard_empty_branch_if_before_passive_prog.outEdges_4))
-by ((simp add:no_guard_empty_branch_if_before_passive_prog.node_4 no_guard_empty_branch_if_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_empty_branch_if_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule no_guard_empty_branch_if_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding no_guard_empty_branch_if_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=no_guard_empty_branch_if_before_cfg_to_dag_prog.pres])
-apply (rule assms(4))
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.pres_def
-apply simp
-apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_5)
-apply ((simp add:no_guard_empty_branch_if_before_passive_prog.node_4 no_guard_empty_branch_if_before_passive_prog.block_4_def))
-apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_empty_branch_if_before_cfg_to_dag_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule no_guard_empty_branch_if_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms no_guard_empty_branch_if_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_def no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body_def)
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
deleted file mode 100644
index 29765aa..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
+++ /dev/null
@@ -1,254 +0,0 @@
-theory no_guard_empty_branch_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_passive_prog no_guard_empty_branch_if_passive_prog Boogie_Lang.PassificationML no_guard_empty_branch_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_empty_branch_if_before_passive_prog.block_0_def no_guard_empty_branch_if_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_empty_branch_if_before_passive_prog.block_1_def no_guard_empty_branch_if_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 6)))]) R_old no_guard_empty_branch_if_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_empty_branch_if_before_passive_prog.block_2_def no_guard_empty_branch_if_passive_prog.block_2_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old no_guard_empty_branch_if_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_empty_branch_if_before_passive_prog.block_3_def no_guard_empty_branch_if_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.l_x(2) no_guard_empty_branch_if_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_empty_branch_if_before_passive_prog.block_4_def no_guard_empty_branch_if_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_empty_branch_if_before_passive_prog.block_5_def no_guard_empty_branch_if_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_0},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_0}) (@{thm no_guard_empty_branch_if_passive_prog.node_0},@{thm no_guard_empty_branch_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon3_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_1},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_1}) (@{thm no_guard_empty_branch_if_passive_prog.node_1},@{thm no_guard_empty_branch_if_passive_prog.outEdges_1}) @{thm block_anon3_Then} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_2},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_2}) (@{thm no_guard_empty_branch_if_passive_prog.node_2},@{thm no_guard_empty_branch_if_passive_prog.outEdges_2}) @{thm block_anon3_Else} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_3},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_3}) (@{thm no_guard_empty_branch_if_passive_prog.node_3},@{thm no_guard_empty_branch_if_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon3_Then}, 
-@{thm cfg_block_anon3_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_4},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_4}) (@{thm no_guard_empty_branch_if_passive_prog.node_4},@{thm no_guard_empty_branch_if_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_5},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_5}) (@{thm no_guard_empty_branch_if_passive_prog.node_5},@{thm no_guard_empty_branch_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv no_guard_empty_branch_if_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-apply simp
-unfolding no_guard_empty_branch_if_passive_prog.params_vdecls_def no_guard_empty_branch_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using no_guard_empty_branch_if_before_passive_prog.globals_locals_disj apply auto[1]
-using no_guard_empty_branch_if_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from no_guard_empty_branch_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
deleted file mode 100644
index 9e83877..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
+++ /dev/null
@@ -1,119 +0,0 @@
-theory no_guard_empty_branch_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_passive_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_empty_branch_if_passive_prog.params_vdecls_def no_guard_empty_branch_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy b/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
deleted file mode 100644
index f961fcc..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
+++ /dev/null
@@ -1,213 +0,0 @@
-theory no_guard_empty_branch_if_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML no_guard_empty_branch_if_passive_prog no_guard_empty_branch_if_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2
-lemmas forall_poly_thm = forall_vc_type[OF G2]
-lemmas exists_poly_thm = exists_vc_type[OF G2]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_empty_branch_if_passive_prog.block_0_def
-apply cases
-by auto
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_1 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_empty_branch_if_passive_prog.block_1_def
-apply cases
-by auto
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_2 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_empty_branch_if_passive_prog.block_2_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_3 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_empty_branch_if_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_4 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_empty_branch_if_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding no_guard_empty_branch_if_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) no_guard_empty_branch_if_passive_prog.node_0 no_guard_empty_branch_if_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon3_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_1])
-apply (erule block_anon3_Then)
-apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_2])
-apply (erule block_anon3_Else)
-apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_3])
-apply (erule block_anon0)
-apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_4])
-apply (erule block_0)
-apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_empty_branch_if_passive_prog.m_x])
-apply (subst lookup_var_local[OF no_guard_empty_branch_if_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_empty_branch_if_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF no_guard_empty_branch_if_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/global_data.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_if_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
deleted file mode 100644
index f58c89d..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
+++ /dev/null
@@ -1,158 +0,0 @@
-theory no_guard_if_ast_cfg_proof
-  imports Main
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          no_guard_if_before_cfg_to_dag_prog 
-          no_guard_if_before_ast_cfg
-          no_guard_if_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-
-begin
-
-definition bigblock_then 
-  where "bigblock_then \<equiv> BigBlock None [(Assign 0 (Lit (LInt 0)))] None None"
-
-definition bigblock_else
-  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 1)))] None None"
-
-lemma bigblock0_local_rel:
-  assumes Red_bb0_to: 
-      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock0])
-           apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl, simp)
-      apply (simp add: bigblock0_def)
-     apply (simp)
-    apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)
-    done
-qed
-
-
-lemma bigblock_then_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis
-    unfolding no_guard_if_before_cfg_to_dag_prog.block_2_def 
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock_then])
-           apply (simp add: bigblock_then_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_2_def)
-      apply (simp add: bigblock_then_def)
-    by simp_all
-qed
-
-lemma bigblock_else_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis
-    unfolding no_guard_if_before_cfg_to_dag_prog.block_1_def 
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock_else])
-           apply (simp add: bigblock_else_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_1_def)
-      apply (simp add: bigblock_else_def)
-    by simp_all
-qed
-
-
-lemma block_then_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis 
-    apply (rule generic_ending_block_global_rel)
-         apply (rule Rel_Main_test[of bigblock_then _ no_guard_if_before_cfg_to_dag_prog.block_2])
-         apply (simp add: bigblock_then_def no_guard_if_before_cfg_to_dag_prog.block_2_def)
-        apply (rule assms(1))
-       apply (simp add: bigblock_then_def)
-      apply simp
-     apply (rule no_guard_if_before_cfg_to_dag_prog.node_2)
-    apply (rule assms(2))
-    apply simp
-    done
-qed
-
-
-lemma block_else_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-           apply (rule Rel_Main_test[of bigblock_else _ no_guard_if_before_cfg_to_dag_prog.block_1])
-         apply (simp add: bigblock_else_def no_guard_if_before_cfg_to_dag_prog.block_1_def)
-        apply (rule assms(1))
-       apply (simp add: bigblock_else_def)
-      apply simp
-     apply (rule no_guard_if_before_cfg_to_dag_prog.node_1)
-    apply (rule assms(2))
-    apply simp
-    done
-qed
-
-
-lemma block0_global_rel:
-  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis 
-    apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Main_test[of bigblock0 _ no_guard_if_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
-          apply (rule ast_trace)
-         apply (simp add: bigblock0_def)
-        apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
-       apply (rule assms(1))
-       apply simp
-      apply simp
-     apply (rule bigblock0_local_rel)
-      apply (simp add: bigblock0_def)
-     apply assumption
-    apply simp
-    apply (rule disjE)
-      apply assumption
-
-     apply (erule allE[where x=2])
-     apply (simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0)
-     apply (simp add:member_rec(1))
-    unfolding no_guard_if_before_cfg_to_dag_prog.post_def
-     apply (rule block_then_global_rel)
-      apply (simp add: bigblock_then_def)
-    apply simp
-   
-    apply (erule allE[where x=1])
-    apply (simp del: Nat.One_nat_def add:no_guard_if_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp del: Nat.One_nat_def add:member_rec(1))
-    apply (rule block_else_global_rel)
-      apply (simp add: bigblock_else_def)
-    apply simp
-    done
-qed
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy
deleted file mode 100644
index 324a21d..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy
+++ /dev/null
@@ -1,85 +0,0 @@
-theory no_guard_if_before_ast_cfg
-  imports Main
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "../global_data"
-
-begin
-
-definition bigblock0
-  where "bigblock0 \<equiv> 
-          (BigBlock None [(Havoc 0)] 
-            (Some (ParsedIf None 
-                  [BigBlock None [(Assign 0 (Lit (LInt 0)))] None None] [BigBlock None [(Assign 0 (Lit (LInt 1)))] None None])) 
-             None)"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_if_before_ast_cfg.params_vdecls_def no_guard_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_cfg.params_vdecls) )"
-unfolding no_guard_if_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_cfg.locals_vdecls) )"
-unfolding no_guard_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = no_guard_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec no_guard_if_before_ast_cfg.post),proc_body = (Some (no_guard_if_before_ast_cfg.locals_vdecls,no_guard_if_before_ast_cfg.proc_body))|)"
-
-end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
deleted file mode 100644
index a616969..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,111 +0,0 @@
-theory no_guard_if_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assign 0 (Lit (LInt 1)))]"
-definition block_2
-  where
-    "block_2  = [(Assign 0 (Lit (LInt 0)))]"
-definition outEdges
-  where
-    "outEdges  = [[2,1],[],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [2,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = no_guard_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_if_before_cfg_to_dag_prog.post),proc_body = (Some (no_guard_if_before_cfg_to_dag_prog.locals_vdecls,no_guard_if_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
deleted file mode 100644
index 63101c3..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory no_guard_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_cfg_to_dag_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assign 0 (Lit (LInt 0)))]"
-definition block_2
-  where
-    "block_2  = [(Assign 0 (Lit (LInt 1)))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
deleted file mode 100644
index f4a541d..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
+++ /dev/null
@@ -1,250 +0,0 @@
-theory no_guard_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_if_before_cfg_to_dag_prog no_guard_if_before_passive_prog no_guard_if_passification_proof no_guard_if_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_if_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def no_guard_if_before_cfg_to_dag_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule no_guard_if_before_passive_prog.node_0)
-apply simp
-unfolding no_guard_if_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_if_before_cfg_to_dag_prog.block_2_def no_guard_if_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_guard_if_before_cfg_to_dag_prog.node_2)
-apply (rule no_guard_if_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_Then)
-apply assumption+
-apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_2)
-apply (rule no_guard_if_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_if_before_cfg_to_dag_prog.block_1_def no_guard_if_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_guard_if_before_cfg_to_dag_prog.node_1)
-apply (rule no_guard_if_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_Else)
-apply assumption+
-apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_1)
-apply (rule no_guard_if_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_if_before_cfg_to_dag_prog.block_0_def no_guard_if_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
-apply (rule no_guard_if_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:no_guard_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:no_guard_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:no_guard_if_before_passive_prog.outEdges_4))
-by ((simp add:no_guard_if_before_passive_prog.node_4 no_guard_if_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_if_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule no_guard_if_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding no_guard_if_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=no_guard_if_before_cfg_to_dag_prog.pres])
-apply (rule assms(4))
-unfolding no_guard_if_before_cfg_to_dag_prog.pres_def
-apply simp
-apply (rule no_guard_if_before_passive_prog.outEdges_5)
-apply ((simp add:no_guard_if_before_passive_prog.node_4 no_guard_if_before_passive_prog.block_4_def))
-apply (rule no_guard_if_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_if_before_cfg_to_dag_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule no_guard_if_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms no_guard_if_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_guard_if_before_cfg_to_dag_prog.proc_def no_guard_if_before_cfg_to_dag_prog.proc_body_def)
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
deleted file mode 100644
index a115244..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
+++ /dev/null
@@ -1,254 +0,0 @@
-theory no_guard_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_passive_prog no_guard_if_passive_prog Boogie_Lang.PassificationML no_guard_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_if_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_if_before_passive_prog.block_0_def no_guard_if_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old no_guard_if_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_if_before_passive_prog.block_1_def no_guard_if_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 1)))]) R_old no_guard_if_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_if_before_passive_prog.block_2_def no_guard_if_passive_prog.block_2_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old no_guard_if_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_if_before_passive_prog.block_3_def no_guard_if_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:no_guard_if_before_cfg_to_dag_prog.l_x(2) no_guard_if_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_if_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_if_before_passive_prog.block_4_def no_guard_if_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_if_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_if_before_passive_prog.block_5_def no_guard_if_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_0},@{thm no_guard_if_before_passive_prog.outEdges_0}) (@{thm no_guard_if_passive_prog.node_0},@{thm no_guard_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon3_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_1},@{thm no_guard_if_before_passive_prog.outEdges_1}) (@{thm no_guard_if_passive_prog.node_1},@{thm no_guard_if_passive_prog.outEdges_1}) @{thm block_anon3_Then} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_2},@{thm no_guard_if_before_passive_prog.outEdges_2}) (@{thm no_guard_if_passive_prog.node_2},@{thm no_guard_if_passive_prog.outEdges_2}) @{thm block_anon3_Else} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_3},@{thm no_guard_if_before_passive_prog.outEdges_3}) (@{thm no_guard_if_passive_prog.node_3},@{thm no_guard_if_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon3_Then}, 
-@{thm cfg_block_anon3_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_4},@{thm no_guard_if_before_passive_prog.outEdges_4}) (@{thm no_guard_if_passive_prog.node_4},@{thm no_guard_if_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_5},@{thm no_guard_if_before_passive_prog.outEdges_5}) (@{thm no_guard_if_passive_prog.node_5},@{thm no_guard_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv no_guard_if_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-apply simp
-unfolding no_guard_if_passive_prog.params_vdecls_def no_guard_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using no_guard_if_before_passive_prog.globals_locals_disj apply auto[1]
-using no_guard_if_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] no_guard_if_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] no_guard_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from no_guard_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
deleted file mode 100644
index 31ce339..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
+++ /dev/null
@@ -1,119 +0,0 @@
-theory no_guard_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_passive_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_if_passive_prog.params_vdecls_def no_guard_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy b/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
deleted file mode 100644
index cf00163..0000000
--- a/BoogieLang/completed_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
+++ /dev/null
@@ -1,213 +0,0 @@
-theory no_guard_if_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML no_guard_if_passive_prog no_guard_if_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2
-lemmas forall_poly_thm = forall_vc_type[OF G2]
-lemmas exists_poly_thm = exists_vc_type[OF G2]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_if_passive_prog.block_0_def
-apply cases
-by auto
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_1 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_if_passive_prog.block_1_def
-apply cases
-by auto
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_2 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_if_passive_prog.block_2_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_3 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_if_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_4 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_if_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding no_guard_if_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) no_guard_if_passive_prog.node_0 no_guard_if_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon3_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_1])
-apply (erule block_anon3_Then)
-apply ((simp add:no_guard_if_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_2])
-apply (erule block_anon3_Else)
-apply ((simp add:no_guard_if_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_3])
-apply (erule block_anon0)
-apply ((simp add:no_guard_if_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_4])
-apply (erule block_0)
-apply ((simp add:no_guard_if_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:no_guard_if_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) \<Gamma> [] no_guard_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_if_passive_prog.m_x])
-apply (subst lookup_var_local[OF no_guard_if_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_if_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF no_guard_if_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/global_data.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/BoogieLang/completed_example_proofs/while_example2_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 1af34bd..0000000
--- a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,155 +0,0 @@
-theory p_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_4
-  where
-    "block_4  = [(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[3,2],[1],[4],[6,5],[4],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [6,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
deleted file mode 100644
index 88dd662..0000000
--- a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
+++ /dev/null
@@ -1,534 +0,0 @@
-theory p_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def p_before_cfg_to_dag_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule p_before_passive_prog.node_0)
-apply simp
-unfolding p_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma Mods_anon5_LoopBody:
-shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_2)"
-unfolding p_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_passive_prog.block_1 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_2_def p_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_2)
-apply (rule p_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon5_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon5_LoopBody)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon5_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_6_def p_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule p_before_cfg_to_dag_prog.node_6)
-apply (rule p_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon6_LoopDone)
-apply assumption+
-apply (rule p_before_cfg_to_dag_prog.outEdges_6)
-apply (rule p_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma Mods_anon6_LoopBody:
-shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_5)"
-unfolding p_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 0)))] p_before_passive_prog.block_3 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_5_def p_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] p_before_cfg_to_dag_prog.post ns1 s' 4 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_5)
-apply (rule p_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon6_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon6_LoopBody)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopHead:
-shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_4)"
-unfolding p_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_4_def p_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule p_before_cfg_to_dag_prog.node_4)
-apply (rule p_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon6_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon6_LoopHead)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:p_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:p_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-thm member_elim
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 0)))] p_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_3_def p_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_3)
-apply (rule p_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon5_LoopDone)
-apply (assumption+)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:p_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5_LoopHead:
-shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_1)"
-unfolding p_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_1_def p_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule p_before_cfg_to_dag_prog.node_1)
-apply (rule p_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon5_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon5_LoopHead)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:p_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:p_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_0)
-apply (rule p_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:p_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:p_before_passive_prog.outEdges_8))
-by ((simp add:p_before_passive_prog.node_8 p_before_passive_prog.block_8_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule p_before_passive_prog.node_9)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding p_before_passive_prog.block_9_def
-apply (rule assume_pres_normal[where ?es=p_before_cfg_to_dag_prog.pres])
-apply (rule assms(4))
-unfolding p_before_cfg_to_dag_prog.pres_def
-apply simp
-apply (rule p_before_passive_prog.outEdges_9)
-apply ((simp add:p_before_passive_prog.node_8 p_before_passive_prog.block_8_def))
-apply (rule p_before_passive_prog.outEdges_8)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_cfg_to_dag_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule p_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms p_before_cfg_to_dag_prog.proc))"
-  apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
-
-end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy
deleted file mode 100644
index fef6ee3..0000000
--- a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy
+++ /dev/null
@@ -1,199 +0,0 @@
-theory p_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 4) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 4) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 3))),(Assert (BinOp (Var 3) Eq (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 3) Lt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 3) Add (Lit (LInt 1))))),(Assert (BinOp (Var 5) Le (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 3) Le (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2))),(Assert (BinOp (Var 2) Le (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 2) Ge (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[2,3],[4],[5,1],[6],[7],[8]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(5,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_3:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_4:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_3:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_4:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_4
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy
deleted file mode 100644
index 98ae579..0000000
--- a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy
+++ /dev/null
@@ -1,364 +0,0 @@
-theory p_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon5_LoopBody
-  where
-    "vc_anon5_LoopBody x_1 x_2 = (((x_1 > (0::int)) \<and> (x_2 = (x_1 - (1::int)))) \<longrightarrow> (x_2 \<ge> (0::int)))"
-definition vc_anon6_LoopDone
-  where
-    "vc_anon6_LoopDone x_3 = (((0::int) \<le> x_3) \<longrightarrow> (x_3 = (0::int)))"
-definition vc_anon6_LoopBody
-  where
-    "vc_anon6_LoopBody x_3 x_4 = (((x_3 < (0::int)) \<and> (x_4 = (x_3 + (1::int)))) \<longrightarrow> (x_4 \<le> (0::int)))"
-definition vc_anon6_LoopHead
-  where
-    "vc_anon6_LoopHead x_3 x_4 = ((x_3 \<le> (0::int)) \<longrightarrow> ((vc_anon6_LoopDone x_3) \<and> (vc_anon6_LoopBody x_3 x_4)))"
-definition vc_anon5_LoopDone
-  where
-    "vc_anon5_LoopDone x_1 x_3 x_4 = (((0::int) \<ge> x_1) \<longrightarrow> ((x_1 \<le> (0::int)) \<and> ((x_1 \<le> (0::int)) \<longrightarrow> (vc_anon6_LoopHead x_3 x_4))))"
-definition vc_anon5_LoopHead
-  where
-    "vc_anon5_LoopHead x_1 x_3 x_4 x_2 = ((x_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon5_LoopDone x_1 x_3 x_4) \<and> (vc_anon5_LoopBody x_1 x_2)))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 x_1 x_3 x_4 x_2 = ((x_0 \<ge> (0::int)) \<and> ((x_0 \<ge> (0::int)) \<longrightarrow> (vc_anon5_LoopHead x_1 x_3 x_4 x_2)))"
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry x_0 x_1 x_3 x_4 x_2 = (vc_anon0 x_0 x_1 x_3 x_4 x_2)"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_2)))" and 
-G4: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_3)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_4)))" and 
-G6: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6
-lemmas forall_poly_thm = forall_vc_type[OF G6]
-lemmas exists_poly_thm = exists_vc_type[OF G6]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding p_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon5_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon5_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_x_1 vc_x_2) \<Longrightarrow> (s' = Magic)))"
-unfolding p_passive_prog.block_1_def vc.vc_anon5_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopDone_hints = [
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon6_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_x_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding p_passive_prog.block_2_def vc.vc_anon6_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_x_3 vc_x_4) \<Longrightarrow> (s' = Magic)))"
-unfolding p_passive_prog.block_3_def vc.vc_anon6_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon6_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopHead vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_3) \<and> (vc.vc_anon6_LoopBody vc_x_3 vc_x_4))))))))"
-unfolding p_passive_prog.block_4_def vc.vc_anon6_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopDone_hints = [
-(AssumeConjR 0,NONE), 
-(AssertSub,NONE)]
-\<close>
-lemma block_anon5_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6_LoopHead vc_x_3 vc_x_4)))))))"
-unfolding p_passive_prog.block_5_def vc.vc_anon5_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopHead vc_x_1 vc_x_3 vc_x_4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))))))))"
-unfolding p_passive_prog.block_6_def vc.vc_anon5_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon0_hints = [
-(AssertSub,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5_LoopHead vc_x_1 vc_x_3 vc_x_4 vc_x_2)))))))"
-unfolding p_passive_prog.block_7_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_8 (Normal n_s) s')" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)))))"
-using assms
-unfolding p_passive_prog.block_8_def
-apply cases
-by auto
-
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding p_passive_prog.block_9_def vc.vc_PreconditionGeneratedEntry_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopBody vc_x_1 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) p_passive_prog.node_1])
-by (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopDone vc_x_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) p_passive_prog.node_2])
-apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopBody vc_x_3 vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) p_passive_prog.node_3])
-by (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopHead vc_x_3 vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_4])
-apply (erule block_anon6_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_5])
-apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopHead vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_6])
-apply (erule block_anon5_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_7])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_8])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_9])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
-apply (subst lookup_var_local[OF p_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_3])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_4])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_4])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (rule HOL.conjunct1[OF sc_x_3])
-apply (rule HOL.conjunct1[OF sc_x_4])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
deleted file mode 100644
index cf279de..0000000
--- a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
+++ /dev/null
@@ -1,472 +0,0 @@
-theory while_example2_ast_cfg_proof
-  imports Main 
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          p_before_cfg_to_dag_prog 
-          while_example2_before_ast_cfg
-          p_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-          p_before_passive_prog 
-          p_passification_proof 
-          p_vcphase_proof
-
-begin
-declare Nat.One_nat_def[simp del]
-
-abbreviation \<Lambda>1_local
-  where
-    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
-
-definition body_bb1 
-  where "body_bb1 \<equiv> BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None"
-
-definition body_bb2 
-  where "body_bb2 \<equiv> BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None"
-
-definition unwrapped_bigblock1 where
-  "unwrapped_bigblock1 \<equiv> 
-            (BigBlock None [] 
-            (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) 
-                      [(BinOp (Var 0) Le (Lit (LInt 0)))]
-                      [BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None]))
-             None)"
-
-definition loop_only_bigblock0 where
-  "loop_only_bigblock0 \<equiv> 
-            (BigBlock None [] 
-            (Some (WhileWrapper
-                  (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                  [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                  [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None]))) 
-             None)"
-
-definition unwrapped_bigblock0 where
-  "unwrapped_bigblock0 \<equiv> 
-            (BigBlock None [] 
-            (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                      [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                      [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None])) 
-             None)"
-
-lemma bb0_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
-          apply simp+
-        apply (rule Red_bb)
-       apply (rule Red_impl, simp)
-      apply (simp add: bigblock0_def)
-     apply simp
-    apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
-    done
-qed
-
-lemma first_loop_body_bb_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    unfolding p_before_cfg_to_dag_prog.block_2_def 
-    apply (rule block_local_rel_guard_true)
-           apply (rule Rel_Main_test[of body_bb1])
-           apply (simp add: body_bb1_def)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb)
-       apply (rule Red_impl)
-       apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
-      apply (simp add: body_bb1_def)
-     apply simp+
-    done
-qed 
-
-lemma second_loop_body_bb_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (body_bb2, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Lt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    unfolding p_before_cfg_to_dag_prog.block_5_def
-    apply (rule block_local_rel_guard_true)
-           apply (rule Rel_Main_test[of body_bb2])
-           apply (simp add: body_bb2_def)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb)
-       apply (rule Red_impl)
-       apply (simp add: p_before_cfg_to_dag_prog.block_5_def)
-      apply (simp add: body_bb2_def)
-     apply simp+
-    done
-qed
-
-lemma bb2_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock2 , KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_6, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    unfolding p_before_cfg_to_dag_prog.block_6_def
-    apply (rule block_local_rel_guard_false)
-            apply (rule Rel_Main_test[of bigblock2])
-            apply (simp add: bigblock2_def)
-           apply (rule neg_lt2)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb)
-       apply (rule Red_impl)
-       apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
-      apply (simp add: bigblock2_def)
-     apply simp+
-    done
-qed
-
-lemma bb2_global_rel:
-  assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock2, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  using assms
-proof -
-  show ?thesis
-    apply (rule generic_ending_block_after_loop_global_rel)
-            apply (rule Rel_Main_test[of bigblock2])
-            apply (simp add: bigblock2_def)
-           apply (simp add: bigblock2_def)
-           apply simp
-          apply (rule p_before_cfg_to_dag_prog.node_6)
-         apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
-        apply simp
-       apply (rule neg_lt2)
-        apply(rule trace_is_possible)
-       apply (rule concrete_trace)
-      apply (rule cfg_is_correct)
-    apply simp
-    done
-qed
-
-
-
-lemma second_loop_body_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb2, (KSeq unwrapped_bigblock1 (KEndBlock (KSeq bigblock2 KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Lt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
-  and loop_ih:
-        "\<And>k ns1''. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock1, (KEndBlock (KSeq bigblock2 KStop)), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
-proof -
-  show ?thesis
-    apply (rule block_global_rel_if_true)
-                apply (rule Rel_Main_test[of body_bb2])
-                apply (simp add: body_bb2_def)
-              apply (rule j_step_ast_trace)
-             apply (simp add: body_bb2_def)
-             apply simp
-            apply simp
-           apply (rule p_before_cfg_to_dag_prog.node_5)
-          apply (rule p_before_cfg_to_dag_prog.block_5_def)
-         apply (rule cfg_is_correct)
-         apply simp+
-      apply (rule trace_is_possible)
-     apply (rule second_loop_body_bb_local_rel)
-       apply assumption+
-     apply (rule trace_is_possible)
-    apply (simp add: p_before_cfg_to_dag_prog.outEdges_5)
-    apply (simp add: member_rec)
-    apply (rule loop_ih)
-      apply auto
-    done
-qed
-
-lemma second_loop_head_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock1, (KEndBlock (KSeq bigblock2 KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
-  using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-  case (less j)
-  then show ?case 
-  proof (cases j)
-    case 0
-    then show ?thesis
-      using Ast.valid_configuration_def less.prems(1) by fastforce
-  next
-    case (Suc j')
-    show ?thesis
-      apply (rule block_global_rel_loop_head)
-              apply (rule Rel_Invs[of unwrapped_bigblock1 _ _ _ p_before_cfg_to_dag_prog.block_4])
-              apply (simp add: unwrapped_bigblock1_def p_before_cfg_to_dag_prog.block_4_def)
-             apply (rule less(2))
-            apply (rule less(3), simp)
-           apply (simp add: unwrapped_bigblock1_def)
-          apply simp                 
-         apply (rule block_local_rel_loop_head)
-              apply (rule Rel_Invs[of unwrapped_bigblock1])
-              apply (simp add: unwrapped_bigblock1_def)
-           apply (simp add: unwrapped_bigblock1_def)
-           apply simp
-           apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
-          apply simp
-         apply simp
-        apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
-       apply (simp add: p_before_cfg_to_dag_prog.node_4)
-      apply(rule disjE)
-        apply assumption
-
-       apply (erule allE[where x = 5])
-       apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)
-       apply (simp add:member_rec(1))
-       apply (rule conjE)
-        apply assumption
-       apply simp
-       apply (rule second_loop_body_global_rel)
-          apply (simp add: body_bb2_def)
-         apply simp
-        apply assumption
-       apply (rule less.IH)
-         apply (erule strictly_smaller_helper2)
-         apply assumption+
-
-      apply (erule allE[where x = 6])
-      apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)
-      apply (simp add:member_rec(1))
-      apply (rule conjE)
-       apply assumption
-      apply simp
-      apply (rule ending)
-           apply assumption
-          apply assumption 
-         apply simp
-        apply blast
-       apply assumption
-      apply (rule bb2_global_rel)
-        apply assumption+
-      done
-  qed
-qed
-
-lemma first_loop_body_global_rel:
-  assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb1, (KSeq unwrapped_bigblock0 (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop)))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0), ns1\<rangle> \<Down> BoolV True"
-  and loop_ih:
-        "\<And>k ns1''. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock0, (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
-proof -
-  show ?thesis
-    apply (rule block_global_rel_if_true)
-              apply (rule Rel_Main_test[of body_bb1])
-              apply (simp add: body_bb1_def)
-              apply (rule j_step_ast_trace)
-             apply (simp add: body_bb1_def)
-             apply simp
-            apply simp
-           apply (rule p_before_cfg_to_dag_prog.node_2)
-          apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
-         apply (rule cfg_is_correct)
-         apply simp+
-      apply (rule trace_is_possible)
-     apply (rule first_loop_body_bb_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    apply (simp add: p_before_cfg_to_dag_prog.outEdges_2)
-    apply (simp add: member_rec)
-    apply (rule loop_ih)
-      apply auto
-    done
-qed
-
-lemma first_loop_head_global_rel:
-  assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock0, (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
-  using assms 
-proof (induction j arbitrary: ns1 rule: less_induct)
-  case (less j)
-  then show ?case 
-  proof (cases j)
-    case 0
-    then show ?thesis
-      using valid_configuration_def less.prems(1) by fastforce
-  next
-    case (Suc j')
-    show ?thesis
-      apply (rule block_global_rel_loop_head) 
-               apply (rule Rel_Invs[of unwrapped_bigblock0 _ _ _ p_before_cfg_to_dag_prog.block_1])
-              apply (simp add: unwrapped_bigblock0_def p_before_cfg_to_dag_prog.block_1_def)
-             apply (rule less(2))
-            apply (rule less(3), simp)
-            apply (simp add: unwrapped_bigblock0_def)
-          apply simp                 
-         apply (rule block_local_rel_loop_head)
-             apply (rule Rel_Invs[of unwrapped_bigblock0])
-             apply (simp add: unwrapped_bigblock0_def)
-           apply (simp add: unwrapped_bigblock0_def)
-           apply (simp)
-           apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
-          apply simp
-         apply simp
-        apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
-       apply (simp add: p_before_cfg_to_dag_prog.node_1)
-       apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
-      apply(rule disjE)
-        apply assumption
-    
-       apply (erule allE[where x = 2])
-       apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
-       apply (simp add:member_rec(1))
-       apply (rule conjE)
-        apply assumption
-       apply simp
-       apply (rule first_loop_body_global_rel)
-          apply (simp add: body_bb1_def)
-         apply simp
-        apply assumption
-       apply (rule less.IH)
-         apply (erule strictly_smaller_helper2)
-         apply assumption+
-
-      apply (erule allE[where x = 3])
-      apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
-      apply (simp add:member_rec(1))
-      apply (rule conjE)
-       apply assumption
-      apply simp
-      apply (rule ending2)
-              apply assumption
-             apply (simp add: bigblock1_def bigblock2_def)
-            apply simp
-           apply assumption
-          apply assumption
-         apply (simp add: p_before_cfg_to_dag_prog.node_3)
-         apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
-        apply (rule neg_gt2)
-       apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
-       apply (simp add: member_rec)
-      apply (rule second_loop_head_global_rel)
-       apply (simp add: unwrapped_bigblock1_def bigblock2_def)
-      apply auto
-      done
-  qed
-qed
-
-lemma entry_block_global_rel:
-  assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms
-proof -
-  show ?thesis
-    unfolding while_example2_before_ast_cfg.post_def
-    apply (rule block_global_rel_while_successor)
-          apply (rule j_step_ast_trace)
-          apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
-          apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
-         apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
-        apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
-       apply (rule p_before_cfg_to_dag_prog.node_0)
-      apply (rule cfg_is_correct, simp)
-     apply (simp add: p_before_cfg_to_dag_prog.node_0)
-     apply (rule bb0_local_rel)
-      apply assumption
-     apply simp
-    apply (rule first_loop_head_global_rel)
-     apply (simp add: unwrapped_bigblock0_def)
-    apply (simp add: p_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp add: member_rec(1))
-    done
-qed
-
-abbreviation \<Lambda>0_local
-  where
-    "\<Lambda>0_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
-lemma end_to_end_theorem_aux2:
-assumes 
-Red: "rtranclp (red_bigblock 
-      A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<Gamma> [] 
-            while_example2_before_ast_cfg.proc_body) 
-      (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) (end_bb, end_cont, end_state)" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0_local \<Gamma> [] ns while_example2_before_ast_cfg.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0_local))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0_local))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0_local \<Gamma> [] while_example2_before_ast_cfg.post end_bb end_cont end_state)"
-proof -
-  from Red obtain j where 
-    Aux:"(A,M,((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)),\<Gamma>,[],while_example2_before_ast_cfg.proc_body \<turnstile> (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) -n\<longrightarrow>^j (end_bb, end_cont, end_state))"
-by (meson rtranclp_imp_relpowp)
-  show ?thesis
-apply (rule entry_block_global_rel)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
-                 p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
-                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def
-                                   while_example2_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
-                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
-                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-done
-qed
-
-lemma initialization:                              
-  assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock0, bigblock1, bigblock2] ns1) (reached_bb, reached_cont, reached_state)"
-  shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, KSeq bigblock1 (KSeq bigblock2 KStop), Normal ns1) (reached_bb, reached_cont, reached_state)" 
-  using assms
-  by simp
- 
-
-lemma end_to_end_theorem2:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))"
-shows "(\<And> A. (Ast.proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms while_example2_before_ast_cfg.proc_ast))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux2])
-apply (rule initialization)
-unfolding while_example2_before_ast_cfg.proc_body_def
-apply assumption using VC apply simp  apply assumption+
-apply (simp_all add: 
-      exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2
-      while_example2_before_ast_cfg.proc_ast_def while_example2_before_ast_cfg.proc_body_def)
-done
-
-end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
deleted file mode 100644
index ac8ef55..0000000
--- a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
+++ /dev/null
@@ -1,102 +0,0 @@
-theory while_example2_before_ast_cfg
-  imports Main 
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "../global_data"
-
-begin
-
-definition bigblock0
-  where "bigblock0 \<equiv> 
-          (BigBlock None [(Havoc 0)] 
-            (Some (WhileWrapper 
-                  (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                  [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                  [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None]))) 
-             None)"
-
-definition bigblock1
-  where "bigblock1 \<equiv> 
-          (BigBlock None [] 
-            (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) 
-                      [(BinOp (Var 0) Le (Lit (LInt 0)))]
-                      [BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None]))) 
-             None)"
-
-definition bigblock2
-  where "bigblock2 \<equiv> 
-          (BigBlock None [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] None None)"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 #  bigblock1 # bigblock2 # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),None)]"
-
-lemma locals_min_aux:
-shows "(((map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_example2_before_ast_cfg.params_vdecls) )"
-unfolding while_example2_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_example2_before_ast_cfg.locals_vdecls) )"
-unfolding while_example2_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "ast_procedure"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = while_example2_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_example2_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec while_example2_before_ast_cfg.post),proc_body = (Some (while_example2_before_ast_cfg.locals_vdecls,while_example2_before_ast_cfg.proc_body))|)"
-
-
-
-end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~ b/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~
deleted file mode 100644
index 2a65996..0000000
--- a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~
+++ /dev/null
@@ -1,9 +0,0 @@
-theory while_example_2_before_ast_cfg
-  imports Main 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Ast"
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics"
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/generated_example_proofs/while_example2_proofs/global_data"
-
-begin
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy
index e068b52..8c058da 100644
--- a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy
@@ -10,33 +10,37 @@ theory consecutive_ifs_ast_cfg_proof
           "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
 
 begin
+declare Nat.One_nat_def[simp del]
 
-abbreviation bigblock_then0 
+definition bigblock_then0 
   where "bigblock_then0 \<equiv> BigBlock None [(Assign 0 (Lit (LInt 5)))] None None"
 
-abbreviation bigblock_else0
+definition bigblock_else0
   where "bigblock_else0 \<equiv> BigBlock None [] None None"
 
-abbreviation bigblock_then1 
+definition bigblock_then1 
   where "bigblock_then1 \<equiv> BigBlock None [(Assign 0 (Lit (LInt 1)))] None None"
 
-abbreviation bigblock_else1
+definition bigblock_else1
   where "bigblock_else1 \<equiv> BigBlock None [(Assign 0 (UnOp UMinus (Lit (LInt 1))))] None None"
 
 lemma bigblock0_local_rel:
   assumes Red_bb0_to: 
       "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> [Havoc 0] (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
   shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Havoc 0], Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>consecutive_ifs_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
 proof -
-  have "ast_cfg_rel None [] bigblock0 consecutive_ifs_before_cfg_to_dag_prog.block_0" 
-    unfolding consecutive_ifs_before_cfg_to_dag_prog.block_0_def
-    by (rule Rel_Main_test)
-  then show ?thesis 
-    using assms
-    unfolding consecutive_ifs_before_cfg_to_dag_prog.block_0_def
-    by (auto simp: block_local_rel_generic) 
+  show ?thesis 
+    apply (rule block_local_rel_generic) 
+           apply (rule Rel_Main_test[of bigblock0])
+           apply (simp add: bigblock0_def consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl)
+       apply (simp add: bigblock0_def consecutive_ifs_before_cfg_to_dag_prog.block_0_def)+
+    done
 qed
 
 
@@ -47,14 +51,20 @@ lemma bigblock_then0_local_rel:
   shows "reached_state \<noteq> Failure \<and> 
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>consecutive_ifs_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] bigblock_then0 [(Assign 0 (Lit (LInt 5)))]" 
-    by (rule Rel_Main_test)
   show ?thesis
-    unfolding consecutive_ifs_before_cfg_to_dag_prog.block_5_def 
-    apply (rule block_local_rel_guard_true[OF syntactic_rel _ _ _  trace_is_possible Red_bb0_to Red0_impl])
-    unfolding consecutive_ifs_before_cfg_to_dag_prog.block_5_def 
-    by simp_all
-qed
+    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_5_def)
+    apply (rule guard_holds_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of bigblock_then0])
+             apply (simp add: bigblock_then0_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb0_to)
+         apply (rule push_through_assumption_test1, rule Red0_impl)
+         apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_5_def)
+           apply (simp add: trace_is_possible bigblock_then0_def)+
+    done
+qed                                                                                 
 
 lemma bigblock_then1_local_rel:
   assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then1, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
@@ -62,19 +72,17 @@ lemma bigblock_then1_local_rel:
   shows "reached_state \<noteq> Failure \<and> 
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>consecutive_ifs_before_cfg_to_dag_prog.block_4, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] bigblock_then1 [(Assign 0 (Lit (LInt 1)))]" 
-    by (rule Rel_Main_test)
   show ?thesis
-    unfolding consecutive_ifs_before_cfg_to_dag_prog.block_4_def 
-    apply (rule block_local_rel_generic)
-          apply (rule syntactic_rel)
-         apply simp
-        apply simp
-       apply simp
-      apply simp
-     apply (rule Red_bb0_to)
-    by (simp add: Red0_impl consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
-qed
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of bigblock_then1])
+             apply (simp add: bigblock_then1_def consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb0_to)
+         apply (rule Red0_impl)
+         apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def bigblock_then1_def)+
+    done
+qed 
 
 lemma bigblock_else1_local_rel:
   assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else1, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
@@ -82,19 +90,17 @@ lemma bigblock_else1_local_rel:
   shows "reached_state \<noteq> Failure \<and> 
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>consecutive_ifs_before_cfg_to_dag_prog.block_3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] bigblock_else1 [(Assign 0 (UnOp UMinus (Lit (LInt 1))))]" 
-    by (rule Rel_Main_test)
   show ?thesis
-    unfolding consecutive_ifs_before_cfg_to_dag_prog.block_3_def 
-    apply (rule block_local_rel_generic)
-          apply (rule syntactic_rel)
-         apply simp
-        apply simp
-       apply simp
-      apply simp
-     apply (rule Red_bb0_to)
-    by (simp add: Red0_impl consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
-qed
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of bigblock_else1])
+             apply (simp add: bigblock_else1_def consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb0_to)
+         apply (rule Red0_impl)
+         apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def bigblock_else1_def)+
+    done
+qed 
 
 
 lemma block_then1_global_rel:
@@ -102,21 +108,21 @@ lemma block_then1_global_rel:
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] bigblock_then1 [(Assign 0 (Lit (LInt 1)))]"
-    by (simp add: Rel_Main_test)
-  have succ: "(out_edges(consecutive_ifs_before_cfg_to_dag_prog.proc_body) ! 4) = []" 
-    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_4) 
-  have node_4_local: "node_to_block(consecutive_ifs_before_cfg_to_dag_prog.proc_body) ! 4 = [Assign 0 (Lit (LInt 1))]"
-    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def consecutive_ifs_before_cfg_to_dag_prog.node_4)
-
-  show ?thesis 
+  show ?thesis
     apply (rule generic_ending_block_global_rel)
-        apply (rule syntactic_rel)
-       apply (rule assms(1))
-      apply simp
-     apply (rule node_4_local)
-    apply (rule assms(2))
-    apply simp
+         apply (rule Rel_Main_test[of bigblock_then1 _ consecutive_ifs_before_cfg_to_dag_prog.block_4])
+         apply (simp add: bigblock_then1_def consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
+        apply (rule assms(1))
+          apply (simp add: bigblock_then1_def)
+         apply simp
+        apply (rule disjI1)
+        apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_4)
+       apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_4)
+      apply (rule assms(2))
+      apply simp+
+    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_4)
+    apply (rule bigblock_then1_local_rel)
+     apply assumption+
     done
 qed
 
@@ -125,21 +131,21 @@ lemma block_else1_global_rel:
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
 proof -
-  have syntactic_rel: "ast_cfg_rel None [] bigblock_else1  [(Assign 0 (UnOp UMinus (Lit (LInt 1))))]"
-    by (simp add: Rel_Main_test)
-  have succ: "(out_edges(consecutive_ifs_before_cfg_to_dag_prog.proc_body) ! 3) = []" 
-    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_3) 
-  have node_3_local: "node_to_block(consecutive_ifs_before_cfg_to_dag_prog.proc_body) ! 3 = [(Assign 0 (UnOp UMinus (Lit (LInt 1))))]"
-    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def consecutive_ifs_before_cfg_to_dag_prog.node_3)
-
-  show ?thesis 
+  show ?thesis
     apply (rule generic_ending_block_global_rel)
-        apply (rule syntactic_rel)
-       apply (rule assms(1))
-      apply simp
-     apply (rule node_3_local)
-    apply (rule assms(2))
-    apply simp
+         apply (rule Rel_Main_test[of bigblock_else1 _ consecutive_ifs_before_cfg_to_dag_prog.block_3])
+         apply (simp add: bigblock_else1_def consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
+        apply (rule assms(1))
+          apply (simp add: bigblock_else1_def)
+         apply simp
+        apply (rule disjI1)
+        apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_3)
+       apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_3)
+      apply (rule assms(2))
+      apply simp+
+    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_3)
+    apply (rule bigblock_else1_local_rel)
+     apply assumption+
     done
 qed
 
@@ -147,42 +153,159 @@ qed
 lemma block1_global_rel:
   assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
 proof -
-  have cmds: "node_to_block(consecutive_ifs_before_cfg_to_dag_prog.proc_body) ! 2 = []" 
-    using consecutive_ifs_before_cfg_to_dag_prog.block_2_def consecutive_ifs_before_cfg_to_dag_prog.node_2 by auto
-  have syntactic_rel: "ast_cfg_rel None [] bigblock1 []"  
-    by (simp add: Rel_Main_test)
-  have succ: "(out_edges(consecutive_ifs_before_cfg_to_dag_prog.proc_body) ! 2) = [4, 3]" 
-    using consecutive_ifs_before_cfg_to_dag_prog.outEdges_2 by auto 
+  have node2_loc: "node_to_block consecutive_ifs_before_cfg_to_dag_prog.proc_body ! 2 = []" 
+    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_2_def consecutive_ifs_before_cfg_to_dag_prog.node_2)
   show ?thesis 
     apply (rule block_global_rel_if_successor)
-          apply (rule syntactic_rel)
-         apply (rule ast_trace)
-        apply (rule cmds)
-       apply (rule assms(1))
+           apply (rule Rel_Main_test[of bigblock1])
+           apply (simp add: bigblock1_def) 
+          apply (rule ast_trace)
+          apply (simp add: bigblock1_def)
+         apply (rule disjI1)
+          apply (rule node2_loc)
+        apply (rule assms(1))
+        apply simp
+    unfolding consecutive_ifs_before_cfg_to_dag_prog.post_def
+       apply simp
        apply simp
       apply simp
-     apply simp
-    apply simp
+    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_2)
     apply (rule disjE)
       apply assumption
 
      apply (erule allE[where x=4])
-     apply (simp add:succ)
+     apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2)
      apply (simp add:member_rec(1))
-    unfolding consecutive_ifs_before_cfg_to_dag_prog.post_def
      apply (rule block_then1_global_rel)
-      apply assumption
-     apply simp
+       apply (simp add: bigblock_then1_def)
+      apply simp
    
     apply (erule allE[where x=3])
-    apply (simp del: Nat.One_nat_def add:succ)
-    apply (simp del: Nat.One_nat_def add:member_rec(1))
+    apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2)
+    apply (simp add:member_rec(1))
     apply (rule block_else1_global_rel)
-     apply assumption
+      apply (simp add: bigblock_else1_def)
+     apply simp+
+    done
+qed
+
+lemma block_then0_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  have node5_loc: "node_to_block consecutive_ifs_before_cfg_to_dag_prog.proc_body ! 5 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (Lit (LInt 5)))]" 
+    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_5_def consecutive_ifs_before_cfg_to_dag_prog.node_5)
+  show ?thesis 
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of bigblock_then0])
+           apply (simp add: bigblock_then0_def)
+          apply (rule assms(1))
+         apply (simp add: bigblock_then0_def)
+        apply (rule disjI2)
+        apply (rule disjI1)
+        apply (rule conjI)
+         apply (rule node5_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+        apply simp+
+     apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_5)
+     apply (rule bigblock_then0_local_rel)
+       apply assumption
+      apply simp
+     apply (rule trace_is_possible)
+    apply (erule allE[where x=2])
+    apply (rule block1_global_rel)
+    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_5)
+     apply (simp add: member_rec(1))
+     apply auto[1]
+    apply simp
+    done
+qed
+
+lemma block_else0_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool False)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  have node1_loc: "node_to_block consecutive_ifs_before_cfg_to_dag_prog.proc_body ! 1 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
+    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_1_def consecutive_ifs_before_cfg_to_dag_prog.node_1)
+  show ?thesis
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of bigblock_else0])
+           apply (simp add: bigblock_else0_def)
+          apply (rule assms(1))
+         apply (simp add: bigblock_else0_def)
+        apply (rule disjI2)
+        apply (rule disjI2)
+        apply (rule conjI)
+         apply (rule node1_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule conjI)
+         apply (rule neg_gt2)
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+        apply simp+
+    apply (erule allE[where x=2])
+    apply (rule block1_global_rel)
+    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_1)
+     apply (simp add: member_rec(1))
+     apply auto[1]
     apply simp
     done
 qed
 
+lemma block0_global_rel:
+  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+proof -
+  have node0_loc: "node_to_block consecutive_ifs_before_cfg_to_dag_prog.proc_body ! 0 = [(Havoc 0)]" 
+    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def consecutive_ifs_before_cfg_to_dag_prog.node_0)
+  show ?thesis 
+    apply (rule block_global_rel_if_successor)
+           apply (rule Rel_Main_test[of bigblock0])
+           apply (simp add: bigblock0_def) 
+          apply (rule ast_trace)
+          apply (simp add: bigblock0_def)
+         apply (rule disjI1)
+          apply (rule node0_loc)
+        apply (rule assms(1))
+        apply simp
+    unfolding consecutive_ifs_before_cfg_to_dag_prog.post_def
+       apply simp
+       apply simp
+     apply simp
+     apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_0)
+     apply (rule bigblock0_local_rel)
+      apply (simp add: bigblock0_def)
+     apply simp
+    apply (rule disjE)
+      apply assumption
+
+     apply (erule allE[where x=5])
+     apply (erule allE[where x=5])
+     apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_0)
+     apply (simp add:member_rec(1))
+     apply (rule block_then0_global_rel)
+       apply (simp add: bigblock_then0_def)
+      apply blast+
+   
+    apply (erule allE[where x=1])
+    apply (erule allE[where x=1])
+    apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add:member_rec(1))
+    apply (rule block_else0_global_rel)
+      apply (simp add: bigblock_else0_def)
+     apply blast+
+    done
+qed
+
 end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_cfg.thy
index 5a76cfd..287791a 100644
--- a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_cfg.thy
+++ b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_cfg.thy
@@ -6,14 +6,14 @@ theory consecutive_ifs_before_ast_cfg
 
 begin
 
-abbreviation bigblock0
+definition bigblock0
   where "bigblock0 \<equiv> 
           (BigBlock None [(Havoc 0)] 
             (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
                   [BigBlock None [(Assign 0 (Lit (LInt 5)))] None None] [BigBlock None [] None None])) 
              None)"
 
-abbreviation bigblock1
+definition bigblock1
   where "bigblock1 \<equiv> 
           (BigBlock None [] 
             (Some (ParsedIf None 
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
index 68bb528..881c238 100644
--- a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
@@ -25,40 +25,65 @@ lemma bigblock0_local_rel:
   shows "reached_state \<noteq> Failure \<and> 
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>empty_branch_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
 proof -
-  show ?thesis
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock0 _ empty_branch_if_before_cfg_to_dag_prog.block_0])
+  show ?thesis 
+    apply (rule block_local_rel_generic) 
+           apply (rule Rel_Main_test[of bigblock0])
            apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
           apply simp
          apply simp
         apply (rule Red_bb0_to)
-       apply (rule Red0_impl, simp)
-      apply (simp add: bigblock0_def)
-     apply simp
-    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+       apply (rule Red0_impl)
+       apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)+
     done
 qed
 
 lemma bigblock_else_local_rel:
   assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
   and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool False)"
   shows "reached_state \<noteq> Failure \<and> 
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>empty_branch_if_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
 proof -
   show ?thesis
-    unfolding empty_branch_if_before_cfg_to_dag_prog.block_1_def 
-    apply (rule block_local_rel_guard_false)
-            apply (rule Rel_Main_test[of bigblock_else])
-            apply (simp add: bigblock_else_def)
-           apply (rule neg_gt2)
+    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_1_def)
+    apply (rule guard_fails_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of bigblock_else])
+             apply (simp add: bigblock_else_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb0_to)
+         apply (rule Red0_impl)
+         apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_1_def)
+         apply (rule push_through_assumption1)
+             apply simp
+            apply (rule neg_gt2)
+          apply (rule trace_is_possible)
+         apply simp
+        apply (simp add: bigblock_else_def)
+        apply simp+
+     apply (rule neg_gt2)
+    apply (rule trace_is_possible)
+    done
+qed
+
+lemma bigblock1_local_rel:
+  assumes Red_bb0_to: 
+      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock1, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>empty_branch_if_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis 
+    apply (rule block_local_rel_generic) 
+           apply (rule Rel_Main_test[of bigblock1])
+           apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)
           apply simp
-         apply (rule trace_is_possible)
+         apply simp
         apply (rule Red_bb0_to)
        apply (rule Red0_impl)
-       apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_1_def)
-      apply (simp add: bigblock_else_def)
-    by simp_all
+       apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)+
+    done
 qed
 
 lemma block2_global_rel:
@@ -73,10 +98,15 @@ proof -
          apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)
         apply (rule concrete_trace)
        apply (simp add: bigblock1_def)
-      apply simp
-     apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
+         apply simp
+        apply (rule disjI1)
+        apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
+       apply (rule empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
     apply (rule cfg_is_correct)
-    apply simp
+      apply simp+
+    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_2)
+    apply (rule bigblock1_local_rel)
+     apply assumption+
     done
 qed
 
@@ -87,17 +117,31 @@ lemma block_then_global_rel:
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
 proof -                    
+  have node3_loc: "node_to_block empty_branch_if_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]" 
+    by (simp add: empty_branch_if_before_cfg_to_dag_prog.block_3_def empty_branch_if_before_cfg_to_dag_prog.node_3)
   show ?thesis 
-    apply (rule ending_then)
-           apply (rule assms(1))
-          apply (simp add: bigblock_then_def)
-         apply (rule trace_is_possible)
-        apply (rule empty_branch_if_before_cfg_to_dag_prog.node_3)
-       apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_3_def)
-      apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_3)
-      apply (simp add: member_rec)
-     apply (simp add: assms(2))
-     apply (simp add: block2_global_rel)
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of bigblock_then])
+           apply (simp add: bigblock_then_def)
+          apply (rule assms(1))
+         apply (simp add: bigblock_then_def)
+        apply (rule disjI2)
+        apply (rule disjI1)
+        apply (rule conjI)
+         apply (rule node3_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+        apply simp
+       apply simp
+      apply simp
+     apply simp
+    apply (erule allE[where x=2])
+    apply (rule block2_global_rel)
+     apply assumption
+    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_3)
+    apply (simp add: member_rec(1))
     done
 qed
 
@@ -105,28 +149,32 @@ qed
 lemma block_else_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool False)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
 proof -
+  have node1_loc: "node_to_block empty_branch_if_before_cfg_to_dag_prog.proc_body ! 1 = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]" 
+    by (simp add: empty_branch_if_before_cfg_to_dag_prog.block_1_def empty_branch_if_before_cfg_to_dag_prog.node_1)
   show ?thesis
-    apply (rule block_global_rel_if_false)
-                 apply (rule Rel_Main_test[of bigblock_else])
-                 apply (simp add: bigblock_else_def)
-               apply (rule assms(1))
-              apply (simp add: bigblock_else_def)
-              apply simp
-             apply simp
-            apply (rule empty_branch_if_before_cfg_to_dag_prog.node_1)
-           apply (rule empty_branch_if_before_cfg_to_dag_prog.block_1_def)
-          apply (rule assms(2))
-          apply simp
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of bigblock_else])
+           apply (simp add: bigblock_else_def)
+          apply (rule assms(1))
+         apply (simp add: bigblock_else_def)
+        apply (rule disjI2)
+        apply (rule disjI2)
+        apply (rule conjI)
+         apply (rule node1_loc)
+        apply (rule conjI)
          apply simp
-        apply simp
-       apply (rule neg_gt2)
-      apply (rule trace_is_possible)
+        apply (rule conjI)
+         apply (rule neg_gt2)
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_1)
      apply (rule bigblock_else_local_rel)
        apply assumption
-      apply assumption
+      apply simp
      apply (rule trace_is_possible)
     apply (erule allE[where x=2])
     apply (rule block2_global_rel)
@@ -147,11 +195,14 @@ proof -
            apply (rule Rel_Main_test[of bigblock0 _ empty_branch_if_before_cfg_to_dag_prog.block_0])
            apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
           apply (rule ast_trace)
-         apply (simp add: bigblock0_def)
+          apply (simp add: bigblock0_def)
+         apply (rule disjI1)
         apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
-       apply (rule assms(1))
-       apply simp
-      apply simp
+        apply (rule assms(1))
+        apply simp
+    unfolding empty_branch_if_before_cfg_to_dag_prog.post_def
+       apply simp+
+     apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_0)
      apply (rule bigblock0_local_rel)
       apply (simp add: bigblock0_def)
      apply assumption
@@ -177,7 +228,6 @@ proof -
      apply assumption
     apply (rule block_else_global_rel)
       apply (simp add: bigblock_else_def)
-     apply simp
-    apply (simp add: false_equals_not_true)
+     apply simp+
     done
 qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
index b6aa719..44bd277 100644
--- a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
@@ -35,10 +35,8 @@ proof -
           apply simp
          apply simp
         apply (rule Red_bb0_to)
-       apply (rule Red0_impl, simp)
-      apply (simp add: bigblock0_def)
-     apply simp
-    apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
+       apply (rule Red0_impl)
+       apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)+
     done
 qed
 
@@ -51,40 +49,67 @@ lemma bigblock_then_local_rel:
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
   show ?thesis
-    apply (rule block_local_rel_guard_true)
-           apply (rule Rel_Main_test[of bigblock_then])
-           apply (simp add: bigblock_then_def)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl, simp)
-      apply (simp add: bigblock_then_def)
-      apply simp+
     apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
+    apply (rule guard_holds_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of bigblock_then])
+             apply (simp add: bigblock_then_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb0_to)
+         apply (rule push_through_assumption_test1, rule Red0_impl)
+         apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
+           apply (simp add: trace_is_possible bigblock_then_def)+
     done
 qed
 
 lemma bigblock_else_local_rel:
   assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
   and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool False)"
   shows "reached_state \<noteq> Failure \<and> 
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
 proof -
   show ?thesis
-    unfolding p_before_cfg_to_dag_prog.block_1_def 
-    apply (rule block_local_rel_guard_false)
-            apply (rule Rel_Main_test[of bigblock_else])
-            apply (simp add: bigblock_else_def)
- (* FIXME how does one know what rule is to be used here? *)
-           apply (rule neg_gt2)
+    apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
+    apply (rule guard_fails_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of bigblock_else])
+             apply (simp add: bigblock_else_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb0_to)
+         apply (rule Red0_impl)
+         apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
+         apply (rule push_through_assumption1)
+             apply simp
+            apply (rule neg_gt2)
+          apply (rule trace_is_possible)
+         apply simp
+        apply (simp add: bigblock_else_def)
+        apply simp+
+     apply (rule neg_gt2)
+    apply (rule trace_is_possible)
+    done
+qed
+
+lemma bigblock1_local_rel:
+  assumes Red_bb0_to: 
+      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock1, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis 
+    apply (rule block_local_rel_generic) 
+           apply (rule Rel_Main_test[of bigblock1])
+           apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)
           apply simp
-         apply (rule trace_is_possible)
+         apply simp
         apply (rule Red_bb0_to)
        apply (rule Red0_impl)
-       apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
-      apply (simp add: bigblock_else_def)
-    by simp_all
+       apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)+
+    done
 qed
 
 lemma block2_global_rel:
@@ -99,10 +124,16 @@ proof -
          apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)
         apply (rule concrete_trace)
        apply (simp add: bigblock1_def)
-      apply simp
-     apply (rule p_before_cfg_to_dag_prog.node_2)
+         apply simp
+        apply (rule disjI1)
+        apply (rule p_before_cfg_to_dag_prog.node_2)
+       apply (rule p_before_cfg_to_dag_prog.outEdges_2)
     apply (rule cfg_is_correct)
-    apply simp
+      apply simp
+     apply simp
+    apply (simp add: p_before_cfg_to_dag_prog.node_2)
+    apply (rule bigblock1_local_rel)
+     apply assumption+
     done
 qed
 
@@ -113,30 +144,33 @@ lemma block_then_global_rel:
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
 proof -
+  have node3_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]" 
+    by (simp add: p_before_cfg_to_dag_prog.block_3_def p_before_cfg_to_dag_prog.node_3)
   show ?thesis 
-    apply (rule block_global_rel_if_true)
-                apply (rule Rel_Main_test[of bigblock_then])
-                apply (simp add: bigblock_then_def)
-               apply (rule assms(1))
-              apply (simp add: bigblock_then_def)
-             apply simp
-            apply simp
-           apply (rule p_before_cfg_to_dag_prog.node_3)
-          apply (rule p_before_cfg_to_dag_prog.block_3_def)
-          apply (rule assms(2))
-          apply simp
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of bigblock_then])
+           apply (simp add: bigblock_then_def)
+          apply (rule assms(1))
+         apply (simp add: bigblock_then_def)
+        apply (rule disjI2)
+        apply (rule disjI1)
+        apply (rule conjI)
+         apply (rule node3_loc)
+        apply (rule conjI)
          apply simp
-        apply simp
-      apply (rule trace_is_possible)
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: p_before_cfg_to_dag_prog.node_3)
      apply (rule bigblock_then_local_rel)
        apply assumption
-      apply assumption
+      apply simp
      apply (rule trace_is_possible)
-    apply (simp add:p_before_cfg_to_dag_prog.outEdges_3)
-    apply ((simp add:member_rec(1)))
+    apply (erule allE[where x=2])
     apply (rule block2_global_rel)
      apply assumption
-    apply simp
+    apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
+    apply (simp add: member_rec(1))
     done
 qed
 
@@ -144,28 +178,32 @@ qed
 lemma block_else_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool False)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
 proof -
+  have node1_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 1 = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]" 
+    by (simp add: p_before_cfg_to_dag_prog.block_1_def p_before_cfg_to_dag_prog.node_1)
   show ?thesis
-    apply (rule block_global_rel_if_false)
-                 apply (rule Rel_Main_test[of bigblock_else])
-                 apply (simp add: bigblock_else_def)
-               apply (rule assms(1))
-              apply (simp add: bigblock_else_def)
-              apply simp
-             apply simp
-            apply (rule p_before_cfg_to_dag_prog.node_1)
-           apply (rule p_before_cfg_to_dag_prog.block_1_def)
-          apply (rule assms(2))
-          apply simp
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of bigblock_else])
+           apply (simp add: bigblock_else_def)
+          apply (rule assms(1))
+         apply (simp add: bigblock_else_def)
+        apply (rule disjI2)
+        apply (rule disjI2)
+        apply (rule conjI)
+         apply (rule node1_loc)
+        apply (rule conjI)
          apply simp
-        apply simp
-       apply (rule neg_gt2)
-      apply (rule trace_is_possible)
+        apply (rule conjI)
+         apply (rule neg_gt2)
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: p_before_cfg_to_dag_prog.node_1)
      apply (rule bigblock_else_local_rel)
        apply assumption
-      apply assumption
+      apply simp
      apply (rule trace_is_possible)
     apply (erule allE[where x=2])
     apply (rule block2_global_rel)
@@ -186,11 +224,14 @@ proof -
            apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
            apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def) 
           apply (rule ast_trace)
-         apply (simp add: bigblock0_def)
+          apply (simp add: bigblock0_def)
+         apply (rule disjI1)
         apply (rule p_before_cfg_to_dag_prog.node_0)
        apply (rule assms(1))
-       apply simp
-      apply simp
+        apply simp
+    unfolding if_example_before_ast_cfg.post_def
+       apply simp+
+     apply (simp add: p_before_cfg_to_dag_prog.node_0)
      apply (rule bigblock0_local_rel)
       apply (simp add: bigblock0_def)
      apply assumption
@@ -203,6 +244,7 @@ proof -
      apply (simp add:member_rec(1))
      apply (rule conjE)
       apply assumption
+     apply simp
     unfolding if_example_before_ast_cfg.post_def
      apply (rule block_then_global_rel)
        apply (simp add: bigblock_then_def)
diff --git a/BoogieLang/completed_example_proofs/empty_branch_if_proofs/global_data.thy b/BoogieLang/generated_example_proofs/nested_if_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/completed_example_proofs/empty_branch_if_proofs/global_data.thy
rename to BoogieLang/generated_example_proofs/nested_if_proofs/global_data.thy
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_ast_cfg_proof.thy
new file mode 100644
index 0000000..90db32e
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_ast_cfg_proof.thy
@@ -0,0 +1,311 @@
+theory nested_if_ast_cfg_proof
+  imports Main
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          nested_if_before_cfg_to_dag_prog 
+          nested_if_before_ast_cfg
+          nested_if_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+
+begin
+declare Nat.One_nat_def[simp del]
+
+definition outer_then where
+  "outer_then = (BigBlock None [] 
+                      (Some (ParsedIf 
+                            (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) 
+                            [(BigBlock None [(Assign 1 (BinOp (Var 1) Add (Var 0)))] None None)]
+                            [(BigBlock None [(Assign 1 (Var 0))] None None)] ) )
+                       None )"
+
+definition outer_else where
+  "outer_else = (BigBlock None [] None None)"
+
+definition inner_then where
+  "inner_then = (BigBlock None [(Assign 1 (BinOp (Var 1) Add (Var 0)))] None None)"
+
+definition inner_else where
+  "inner_else = (BigBlock None [(Assign 1 (Var 0))] None None)"
+
+lemma bigblock0_local_rel:
+  assumes Red_bb0_to: 
+      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis 
+    apply (rule block_local_rel_generic) 
+           apply (rule Rel_Main_test[of bigblock0])
+           apply (simp add: bigblock0_def nested_if_before_cfg_to_dag_prog.block_0_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl, simp)
+      apply (simp add: bigblock0_def)
+     apply simp
+    apply (simp add: nested_if_before_cfg_to_dag_prog.block_0_def)
+    done
+qed
+
+lemma inner_then_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inner_then, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_if_before_cfg_to_dag_prog.block_4, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis
+    apply (simp add: nested_if_before_cfg_to_dag_prog.block_4_def)
+    apply (rule guard_holds_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of inner_then])
+             apply (simp add: inner_then_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb0_to)
+         apply (rule push_through_assumption_test1, rule Red0_impl)
+         apply (simp add: nested_if_before_cfg_to_dag_prog.block_4_def)
+           apply (simp add: trace_is_possible inner_then_def)+
+    done
+qed
+
+lemma inner_else_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inner_else, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool False)"
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_if_before_cfg_to_dag_prog.block_3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis
+    apply (simp add: nested_if_before_cfg_to_dag_prog.block_3_def)
+    apply (rule guard_fails_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of inner_else])
+             apply (simp add: inner_else_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb0_to)
+         apply (rule Red0_impl)
+         apply (simp add: nested_if_before_cfg_to_dag_prog.block_3_def)
+         apply (rule push_through_assumption1)
+             apply simp
+            apply (rule neg_gt2)
+          apply (rule trace_is_possible)
+         apply simp
+        apply (simp add: inner_else_def)
+        apply simp+
+     apply (rule neg_gt2)
+    apply (rule trace_is_possible)
+    done
+qed
+
+lemma outer_else_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (outer_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool False)"
+shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -                                                            
+  have node1_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 1 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
+    by (simp add: nested_if_before_cfg_to_dag_prog.block_1_def nested_if_before_cfg_to_dag_prog.node_1)
+  show ?thesis
+  apply (rule generic_ending_block_global_rel)
+           apply (rule Rel_Main_test[of outer_else])
+           apply (simp add: outer_else_def)
+          apply (rule assms(1))
+          apply (simp add: outer_else_def)
+         apply simp
+        apply (rule disjI2)
+        apply (rule disjI2)
+        apply (rule conjI)
+         apply (rule node1_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule conjI)
+         apply (rule neg_gt2)
+        apply (rule trace_is_possible)
+       apply (simp add: nested_if_before_cfg_to_dag_prog.outEdges_1)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: nested_if_before_cfg_to_dag_prog.node_1)
+     apply (rule end_static)
+      apply (simp add: outer_else_def)
+    done
+qed
+
+lemma inner_else_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inner_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool False)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  have node3_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 1 (Var 0))]" 
+    by (simp add: nested_if_before_cfg_to_dag_prog.block_3_def nested_if_before_cfg_to_dag_prog.node_3)
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+           apply (rule Rel_Main_test[of inner_else])
+           apply (simp add: inner_else_def)
+          apply (rule assms(1))
+          apply (simp add: inner_else_def)
+         apply simp
+        apply (rule disjI2)
+        apply (rule disjI2)
+        apply (rule conjI)
+         apply (rule node3_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule conjI)
+         apply (rule neg_gt2)
+        apply (rule trace_is_possible)
+       apply (simp add: nested_if_before_cfg_to_dag_prog.outEdges_3)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: nested_if_before_cfg_to_dag_prog.node_3)
+     apply (rule inner_else_local_rel)
+       apply assumption
+      apply simp
+     apply (rule trace_is_possible)
+    done
+qed
+
+lemma inner_then_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inner_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  have node4_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 4 = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Add (Var 0)))]" 
+    by (simp add: nested_if_before_cfg_to_dag_prog.block_4_def nested_if_before_cfg_to_dag_prog.node_4)
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+           apply (rule Rel_Main_test[of inner_then])
+           apply (simp add: inner_then_def)
+          apply (rule assms(1))
+          apply (simp add: inner_then_def)
+         apply simp
+        apply (rule disjI2)
+        apply (rule disjI1)
+        apply (rule conjI)
+         apply (rule node4_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule trace_is_possible)
+       apply (simp add: nested_if_before_cfg_to_dag_prog.outEdges_4)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: nested_if_before_cfg_to_dag_prog.node_4)
+     apply (rule inner_then_local_rel)
+       apply assumption
+      apply simp
+     apply (rule trace_is_possible)
+    done
+qed
+
+lemma outer_then_global_rel:
+  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (outer_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  have node2_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]" 
+    by (simp add: nested_if_before_cfg_to_dag_prog.block_2_def nested_if_before_cfg_to_dag_prog.node_2)
+  show ?thesis 
+    apply (rule block_global_rel_if_successor)
+           apply (rule Rel_Main_test[of outer_then])
+           apply (simp add: outer_then_def) 
+          apply (rule ast_trace)
+          apply (simp add: outer_then_def)
+         apply (rule disjI2)
+         apply (rule disjI1)
+         apply (rule conjI)
+          apply (rule node2_loc)
+         apply (rule conjI)
+          apply simp
+         apply (rule trace_is_possible)
+        apply (rule assms(1))
+        apply simp
+    unfolding nested_if_before_cfg_to_dag_prog.post_def
+       apply simp
+      apply simp
+     apply simp
+    apply simp
+    apply (rule disjE)
+      apply assumption
+
+     apply (erule allE[where x=4])
+     apply (simp add:nested_if_before_cfg_to_dag_prog.outEdges_2)
+     apply (simp add:member_rec(1))
+     apply (rule conjE)
+      apply assumption
+     apply simp
+    unfolding nested_if_before_cfg_to_dag_prog.post_def
+     apply (rule inner_then_global_rel)
+       apply (simp add: inner_then_def)
+      apply simp
+     apply assumption
+   
+    apply (erule allE[where x=3])
+    apply (simp add:nested_if_before_cfg_to_dag_prog.outEdges_2)
+    apply (simp add:member_rec(1))
+    apply (rule conjE)
+     apply assumption
+    apply (rule inner_else_global_rel)
+      apply (simp add: inner_else_def)
+     apply simp+
+    done
+qed
+
+lemma entry_block_global_rel:
+  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+proof -
+  have node0_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 0 = [(Havoc 0),(Havoc 1)]" 
+    by (simp add: nested_if_before_cfg_to_dag_prog.block_0_def nested_if_before_cfg_to_dag_prog.node_0)
+  show ?thesis 
+    apply (rule block_global_rel_if_successor)
+           apply (rule Rel_Main_test[of bigblock0])
+           apply (simp add: bigblock0_def) 
+          apply (rule ast_trace)
+          apply (simp add: bigblock0_def)
+         apply (rule disjI1)
+          apply (rule node0_loc)
+        apply (rule assms(1))
+        apply simp
+    unfolding nested_if_before_cfg_to_dag_prog.post_def
+       apply simp
+       apply simp
+      apply simp
+    apply (simp add: nested_if_before_cfg_to_dag_prog.node_0)
+     apply (rule bigblock0_local_rel)
+      apply (simp add: bigblock0_def)
+     apply simp+
+    apply (rule disjE)
+      apply assumption
+
+     apply (erule allE[where x=2])
+     apply (simp add:nested_if_before_cfg_to_dag_prog.outEdges_0)
+     apply (simp add:member_rec(1))
+     apply (rule conjE)
+      apply assumption
+     apply simp
+     apply (rule outer_then_global_rel)
+       apply auto[1]
+       apply (simp add: outer_then_def)
+      apply simp
+   
+    apply (erule allE[where x=1])
+    apply (simp add:nested_if_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add:member_rec(1))
+    apply (rule conjE)
+     apply assumption
+    unfolding nested_if_before_cfg_to_dag_prog.post_def
+    apply (rule outer_else_global_rel)
+      apply (simp add: outer_else_def)
+     apply simp+
+    done
+qed
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_cfg.thy
new file mode 100644
index 0000000..ba2916e
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_cfg.thy
@@ -0,0 +1,99 @@
+theory nested_if_before_ast_cfg
+  imports Main
+          "Boogie_Lang.Ast"
+          "Boogie_Lang.Semantics"
+          "../global_data"
+begin
+
+definition bigblock0 where
+  "bigblock0 = BigBlock None [(Havoc 0),(Havoc 1)] 
+               (Some (ParsedIf 
+                     (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                     [(BigBlock None [] 
+                      (Some (ParsedIf 
+                            (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) 
+                            [(BigBlock None [(Assign 1 (BinOp (Var 1) Add (Var 0)))] None None)]
+                            [(BigBlock None [(Assign 1 (Var 0))] None None)] ) )
+                       None )]
+                     [(BigBlock None [] None None)] ) )
+                None"
+
+definition proc_body
+  where
+    "proc_body  = bigblock0 # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding nested_if_before_ast_cfg.params_vdecls_def nested_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_ast_cfg.params_vdecls) )"
+unfolding nested_if_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_ast_cfg.locals_vdecls) )"
+unfolding nested_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_n:
+shows "((map_of (append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_m:
+shows "((map_of (append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_n:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_m:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = nested_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec nested_if_before_ast_cfg.post),proc_body = (Some (nested_if_before_ast_cfg.locals_vdecls,nested_if_before_ast_cfg.proc_body))|)"
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..c1812a8
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy
@@ -0,0 +1,142 @@
+theory nested_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0),(Havoc 1)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 1 (Var 0))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Add (Var 0)))]"
+definition outEdges
+  where
+    "outEdges  = [[2,1],[],[4,3],[],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [2,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [4,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding nested_if_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding nested_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_n:
+shows "((map_of (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_m:
+shows "((map_of (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_n:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_m:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = nested_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_if_before_cfg_to_dag_prog.post),proc_body = (Some (nested_if_before_cfg_to_dag_prog.locals_vdecls,nested_if_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy
similarity index 50%
rename from BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy
rename to BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy
index fae5e63..89d8146 100644
--- a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy
+++ b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy
@@ -1,45 +1,39 @@
-theory p_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_cfg_to_dag_prog
+theory nested_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_if_before_cfg_to_dag_prog
 begin
 definition block_0
   where
     "block_0  = []"
 definition block_1
   where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
 definition block_2
   where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Add (Var 0)))]"
 definition block_3
   where
-    "block_3  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 1 (Var 0))]"
 definition block_4
   where
-    "block_4  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Lit (LInt 0))))]"
+    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
 definition block_5
   where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0))),(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
+    "block_5  = [(Havoc 0),(Havoc 1)]"
 definition block_6
   where
-    "block_6  = [(Havoc 0),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+    "block_6  = []"
 definition block_7
   where
-    "block_7  = [(Havoc 0),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
+    "block_7  = []"
 definition outEdges
   where
-    "outEdges  = [[],[0],[0],[0],[2,3],[4],[5,1],[6],[7],[8]]"
+    "outEdges  = [[],[0],[0],[0],[2,3],[4,1],[5],[6]]"
 definition node_to_blocks
   where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
 definition proc_body
   where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
 lemma node_0:
 shows "((nth (node_to_block proc_body) 0) = block_0)"
 by (simp add:proc_body_def node_to_blocks_def)
@@ -72,14 +66,6 @@ lemma node_7:
 shows "((nth (node_to_block proc_body) 7) = block_7)"
 by (simp add:proc_body_def node_to_blocks_def)
 
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
 lemma outEdges_0:
 shows "((nth (out_edges proc_body) 0) = [])"
 by (simp add:proc_body_def outEdges_def)
@@ -101,37 +87,29 @@ shows "((nth (out_edges proc_body) 4) = [2,3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
+shows "((nth (out_edges proc_body) 5) = [4,1])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5,1])"
+shows "((nth (out_edges proc_body) 6) = [5])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_7:
 shows "((nth (out_edges proc_body) 7) = [6])"
 by (simp add:proc_body_def outEdges_def)
 
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
 lemma locals_min_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
 unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
 by simp
 
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy
new file mode 100644
index 0000000..505cb25
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy
@@ -0,0 +1,342 @@
+theory nested_if_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_if_before_cfg_to_dag_prog nested_if_before_passive_prog nested_if_passification_proof nested_if_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_if_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def nested_if_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule nested_if_before_passive_prog.node_0)
+apply simp
+unfolding nested_if_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon5_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_if_before_cfg_to_dag_prog.block_1_def nested_if_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule nested_if_before_cfg_to_dag_prog.node_1)
+apply (rule nested_if_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon5_Else)
+apply assumption+
+apply (rule nested_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule nested_if_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon6_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_if_before_cfg_to_dag_prog.block_4_def nested_if_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule nested_if_before_cfg_to_dag_prog.node_4)
+apply (rule nested_if_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon6_Then)
+apply assumption+
+apply (rule nested_if_before_cfg_to_dag_prog.outEdges_4)
+apply (rule nested_if_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon6_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_if_before_cfg_to_dag_prog.block_3_def nested_if_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule nested_if_before_cfg_to_dag_prog.node_3)
+apply (rule nested_if_before_passive_prog.node_3)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon6_Else)
+apply assumption+
+apply (rule nested_if_before_cfg_to_dag_prog.outEdges_3)
+apply (rule nested_if_before_passive_prog.outEdges_3)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon5_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_if_before_cfg_to_dag_prog.block_2_def nested_if_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_if_before_cfg_to_dag_prog.node_2)
+apply (rule nested_if_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon5_Then)
+apply (assumption+)
+apply ((simp add:nested_if_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:nested_if_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:nested_if_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:nested_if_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_if_before_cfg_to_dag_prog.block_0_def nested_if_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_if_before_cfg_to_dag_prog.node_0)
+apply (rule nested_if_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:nested_if_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:nested_if_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:nested_if_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:nested_if_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:nested_if_before_passive_prog.outEdges_6))
+by ((simp add:nested_if_before_passive_prog.node_6 nested_if_before_passive_prog.block_6_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_if_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule nested_if_before_passive_prog.node_7)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding nested_if_before_passive_prog.block_7_def
+apply (rule assume_pres_normal[where ?es=nested_if_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding nested_if_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule nested_if_before_passive_prog.outEdges_7)
+apply ((simp add:nested_if_before_passive_prog.node_6 nested_if_before_passive_prog.block_6_def))
+apply (rule nested_if_before_passive_prog.outEdges_6)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_n_0::int) (vc_m_0::int) (vc_m_1::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_if_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule nested_if_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_n_0::int) (vc_m_0::int) (vc_m_1::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms nested_if_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_if_before_cfg_to_dag_prog.proc_def nested_if_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy
similarity index 50%
rename from BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
rename to BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy
index d23b383..9d4a7c2 100644
--- a/BoogieLang/completed_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
+++ b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy
@@ -1,5 +1,5 @@
-theory p_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
+theory nested_if_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_if_before_passive_prog nested_if_passive_prog Boogie_Lang.PassificationML nested_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,221 +9,188 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_GeneratedUnifiedExit:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_0 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_0 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_0 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_0_def p_passive_prog.block_0_def
+unfolding nested_if_before_passive_prog.block_0_def nested_if_passive_prog.block_0_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_anon5_LoopBody:
+lemma block_anon5_Else:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
 "((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(0,(Inl 4))]) R_old p_passive_prog.block_1 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_1 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
+unfolding nested_if_before_passive_prog.block_1_def nested_if_passive_prog.block_1_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_2(2)))
 by simp
 
-lemma block_anon6_LoopDone:
+lemma block_anon6_Then:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_2 s')"
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 3)))" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(1,(Inl 4))]) R_old nested_if_passive_prog.block_2 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_2_def p_passive_prog.block_2_def
+unfolding nested_if_before_passive_prog.block_2_def nested_if_passive_prog.block_2_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_if_before_cfg_to_dag_prog.l_m(2) nested_if_passive_prog.l_m_1(2)))
 by simp
 
-lemma block_anon6_LoopBody:
+lemma block_anon6_Else:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(0,(Inl 5))]) R_old p_passive_prog.block_3 s')"
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 3)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(1,(Inl 2))]) R_old nested_if_passive_prog.block_3 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_3_def p_passive_prog.block_3_def
+unfolding nested_if_before_passive_prog.block_3_def nested_if_passive_prog.block_3_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_4(2)))
+apply ((simp add:nested_if_before_cfg_to_dag_prog.l_m(2) nested_if_passive_prog.l_n_0(2)))
 by simp
 
-lemma block_anon6_LoopHead:
+lemma block_anon5_Then:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old p_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_4_def p_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_3(2)))
-by simp
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_4 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 3)))" and 
 "((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_5 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_4 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_5_def p_passive_prog.block_5_def
+unfolding nested_if_before_passive_prog.block_4_def nested_if_passive_prog.block_4_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old p_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_6_def p_passive_prog.block_6_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_1(2)))
-by simp
-
 lemma block_anon0:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old p_passive_prog.block_7 s')"
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old nested_if_passive_prog.block_5 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_7_def p_passive_prog.block_7_def
+unfolding nested_if_before_passive_prog.block_5_def nested_if_passive_prog.block_5_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_0(2)))
+apply ((simp add:nested_if_before_cfg_to_dag_prog.l_n(2) nested_if_passive_prog.l_n_0(2)))
+apply ((simp add:nested_if_before_cfg_to_dag_prog.l_m(2) nested_if_passive_prog.l_m_0(2)))
 by simp
 
 lemma block_0:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_6 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_8 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_6 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_8_def p_passive_prog.block_8_def
+unfolding nested_if_before_passive_prog.block_6_def nested_if_passive_prog.block_6_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
 lemma block_PreconditionGeneratedEntry:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_7 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_9 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_7 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_9_def p_passive_prog.block_9_def
+unfolding nested_if_before_passive_prog.block_7_def nested_if_passive_prog.block_7_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
 lemma cfg_block_GeneratedUnifiedExit:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_if_before_passive_prog.node_0},@{thm nested_if_before_passive_prog.outEdges_0}) (@{thm nested_if_passive_prog.node_0},@{thm nested_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
 
-lemma cfg_block_anon5_LoopBody:
+lemma cfg_block_anon5_Else:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
 "((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_anon5_LoopBody} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_1},@{thm nested_if_before_passive_prog.outEdges_1}) (@{thm nested_if_passive_prog.node_1},@{thm nested_if_passive_prog.outEdges_1}) @{thm block_anon5_Else} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon6_LoopDone:
+lemma cfg_block_anon6_Then:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_anon6_LoopDone} [
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 3)))" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_2},@{thm nested_if_before_passive_prog.outEdges_2}) (@{thm nested_if_passive_prog.node_2},@{thm nested_if_passive_prog.outEdges_2}) @{thm block_anon6_Then} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon6_LoopBody:
+lemma cfg_block_anon6_Else:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_3},@{thm p_before_passive_prog.outEdges_3}) (@{thm p_passive_prog.node_3},@{thm p_passive_prog.outEdges_3}) @{thm block_anon6_LoopBody} [
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 3)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_3},@{thm nested_if_before_passive_prog.outEdges_3}) (@{thm nested_if_passive_prog.node_3},@{thm nested_if_passive_prog.outEdges_3}) @{thm block_anon6_Else} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_4},@{thm p_before_passive_prog.outEdges_4}) (@{thm p_passive_prog.node_4},@{thm p_passive_prog.outEdges_4}) @{thm block_anon6_LoopHead} [
-@{thm cfg_block_anon6_LoopDone}, 
-@{thm cfg_block_anon6_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon5_LoopDone:
+lemma cfg_block_anon5_Then:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 3)))" and 
 "((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_5},@{thm p_before_passive_prog.outEdges_5}) (@{thm p_passive_prog.node_5},@{thm p_passive_prog.outEdges_5}) @{thm block_anon5_LoopDone} [
-@{thm cfg_block_anon6_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_6},@{thm p_before_passive_prog.outEdges_6}) (@{thm p_passive_prog.node_6},@{thm p_passive_prog.outEdges_6}) @{thm block_anon5_LoopHead} [
-@{thm cfg_block_anon5_LoopDone}, 
-@{thm cfg_block_anon5_LoopBody}] 1\<close>))
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_4},@{thm nested_if_before_passive_prog.outEdges_4}) (@{thm nested_if_passive_prog.node_4},@{thm nested_if_passive_prog.outEdges_4}) @{thm block_anon5_Then} [
+@{thm cfg_block_anon6_Then}, 
+@{thm cfg_block_anon6_Else}] 1\<close>))
 
 lemma cfg_block_anon0:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_7},@{thm p_before_passive_prog.outEdges_7}) (@{thm p_passive_prog.node_7},@{thm p_passive_prog.outEdges_7}) @{thm block_anon0} [
-@{thm cfg_block_anon5_LoopHead}] 1\<close>))
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_if_before_passive_prog.node_5},@{thm nested_if_before_passive_prog.outEdges_5}) (@{thm nested_if_passive_prog.node_5},@{thm nested_if_passive_prog.outEdges_5}) @{thm block_anon0} [
+@{thm cfg_block_anon5_Then}, 
+@{thm cfg_block_anon5_Else}] 1\<close>))
 
 lemma cfg_block_0:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_8},@{thm p_before_passive_prog.outEdges_8}) (@{thm p_passive_prog.node_8},@{thm p_passive_prog.outEdges_8}) @{thm block_0} [
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_if_before_passive_prog.node_6},@{thm nested_if_before_passive_prog.outEdges_6}) (@{thm nested_if_passive_prog.node_6},@{thm nested_if_passive_prog.outEdges_6}) @{thm block_0} [
 @{thm cfg_block_anon0}] 1\<close>))
 
 lemma cfg_block_PreconditionGeneratedEntry:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_9},@{thm p_before_passive_prog.outEdges_9}) (@{thm p_passive_prog.node_9},@{thm p_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_if_before_passive_prog.node_7},@{thm nested_if_before_passive_prog.outEdges_7}) (@{thm nested_if_passive_prog.node_7},@{thm nested_if_passive_prog.outEdges_7}) @{thm block_PreconditionGeneratedEntry} [
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
 fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 7),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_n_0::int) (vc_m_0::int) (vc_m_1::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
 FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
@@ -268,7 +235,7 @@ by ((simp add:BinderNs))
 lemma U0_ns_old_rel:
 shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
 apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
+apply (simp only: fst_conv snd_conv nested_if_before_passive_prog.globals_locals_disj)
 apply (rule convert_fun_to_list[OF R_old_def])
 unfolding R_old_list_def 
 apply simp
@@ -283,7 +250,7 @@ shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
 unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
 apply simp
-unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
+unfolding nested_if_passive_prog.params_vdecls_def nested_if_passive_prog.locals_vdecls_def
 by simp
 
 lemma U0_non_empty:
@@ -297,8 +264,8 @@ apply (rule inj_R_rel)
 apply simp
 apply (rule ConstsGlobal)
 using R_well_formed apply fastforce
-using p_before_passive_prog.globals_locals_disj apply auto[1]
-using p_passive_prog.globals_locals_disj apply auto[1]
+using nested_if_before_passive_prog.globals_locals_disj apply auto[1]
+using nested_if_passive_prog.globals_locals_disj apply auto[1]
 done
 
 lemma max_rel_range:
@@ -311,7 +278,7 @@ lemma end_to_end:
 shows "(s' \<noteq> Failure)"
 proof
 assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 9)))))"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_if_passive_prog.proc_body u (Inl 7)))))"
 apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
 unfolding passive_lemma_assms_2_def
 apply (intro conjI)?
@@ -323,9 +290,9 @@ using helper_init_disj[OF max_rel_range global_data.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_if_passive_prog.proc_body ((Inl 7),(Normal u)) (mp',Failure))"
 by (auto simp add: passive_sim_cfg_fail_def)
-from p_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+from nested_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
  apply rule
 using VC apply assumption
 apply (rule Closed)
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy
new file mode 100644
index 0000000..5f237e5
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy
@@ -0,0 +1,168 @@
+theory nested_if_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_if_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 3) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 4) Eq (BinOp (Var 3) Add (Var 2))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 3)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[2,3],[4,1],[5],[6]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_if_passive_prog.params_vdecls_def nested_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_n:
+shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_m:
+shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_n_0:
+shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_m_0:
+shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_m_1:
+shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_n:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_m:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_n_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_m_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_m_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy
new file mode 100644
index 0000000..d220be7
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy
@@ -0,0 +1,291 @@
+theory nested_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML nested_if_passive_prog nested_if_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_n :: "int" and vc_m :: "int" and vc_n_0 :: "int" and vc_m_0 :: "int" and vc_m_1 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_n)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_m)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_n_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_m_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_m_1)))" and 
+G5: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5
+lemmas forall_poly_thm = forall_vc_type[OF G5]
+lemmas exists_poly_thm = exists_vc_type[OF G5]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding nested_if_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon5_Else_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon5_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding nested_if_passive_prog.block_1_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_Else_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_Then_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon6_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding nested_if_passive_prog.block_2_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_Else_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon6_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding nested_if_passive_prog.block_3_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_Else_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_Then_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon5_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+unfolding nested_if_passive_prog.block_4_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_Then_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_5 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding nested_if_passive_prog.block_5_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_6 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding nested_if_passive_prog.block_6_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding nested_if_passive_prog.block_7_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) nested_if_passive_prog.node_0 nested_if_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon5_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_if_passive_prog.node_1])
+apply (erule block_anon5_ElseAA0[OF _ assms(2)])
+apply ((simp add:nested_if_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_if_passive_prog.node_2])
+apply (erule block_anon6_ThenAA0[OF _ assms(2)])
+apply ((simp add:nested_if_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_if_passive_prog.node_3])
+apply (erule block_anon6_ElseAA0[OF _ assms(2)])
+apply ((simp add:nested_if_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_if_passive_prog.node_4])
+apply (erule block_anon5_ThenAA0[OF _ assms(2)])
+apply ((simp add:nested_if_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_if_passive_prog.node_5])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:nested_if_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_if_passive_prog.node_6])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:nested_if_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_if_passive_prog.node_7])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:nested_if_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) \<Gamma> [] nested_if_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_n_0::int) (vc_m_0::int) (vc_m_1::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_n:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_n])
+apply (subst lookup_var_local[OF nested_if_passive_prog.m_n])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_m:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_m])
+apply (subst lookup_var_local[OF nested_if_passive_prog.m_m])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_n_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_n_0])
+apply (subst lookup_var_local[OF nested_if_passive_prog.m_n_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_m_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_m_0])
+apply (subst lookup_var_local[OF nested_if_passive_prog.m_m_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_m_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_m_1])
+apply (subst lookup_var_local[OF nested_if_passive_prog.m_m_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_n])
+apply (rule HOL.conjunct1[OF sc_m])
+apply (rule HOL.conjunct1[OF sc_n_0])
+apply (rule HOL.conjunct1[OF sc_m_0])
+apply (rule HOL.conjunct1[OF sc_m_1])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/global_data.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/completed_example_proofs/nested_loop_proofs/global_data.thy
rename to BoogieLang/generated_example_proofs/nested_loop2_proofs/global_data.thy
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy
similarity index 57%
rename from BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
rename to BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy
index 2df320d..cf77418 100644
--- a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy
@@ -1,21 +1,20 @@
-theory nested_loop_ast_cfg_proof
+theory nested_loop2_ast_cfg_proof
   imports Main 
           Boogie_Lang.Ast
           Boogie_Lang.Semantics
           Boogie_Lang.Ast_Cfg_Transformation
           "../global_data" 
-          nested_loop_before_cfg_to_dag_prog 
-          nested_loop_before_ast_cfg
-          nested_loop_cfgtodag_proof
+          nested_loop2_before_cfg_to_dag_prog 
+          nested_loop2_before_ast_cfg
+          nested_loop2_cfgtodag_proof
           "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
 
 begin
 declare Nat.One_nat_def[simp del]
 
-
 abbreviation \<Lambda>1_local
   where
-    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls))"
 
 definition outer_body_bb1 
   where "outer_body_bb1 \<equiv> 
@@ -68,153 +67,215 @@ definition bb0_unwrapped where
                            (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)])) 
                      None)"
 
+definition empty_bb where
+  "empty_bb \<equiv> (BigBlock None [] None None)"
+
 lemma bb0_local_rel:
   assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
   shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop2_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
   show ?thesis 
     apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock0 _ nested_loop_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-          apply simp+
+           apply (rule Rel_Main_test[of bigblock0 _ nested_loop2_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
+          apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)+
         apply (rule Red_bb)
        apply (rule Red_impl, simp)
-      apply (simp add: nested_loop_before_ast_cfg.bigblock0_def)
+      apply (simp add: nested_loop2_before_ast_cfg.bigblock0_def)
      apply simp
-    apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
+    apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)
     done
 qed
 
 lemma inner_body_bb1_local_rel:
   assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (inner_body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
   shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_4, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop2_before_cfg_to_dag_prog.block_6, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
   show ?thesis 
-    unfolding nested_loop_before_cfg_to_dag_prog.block_4_def 
-    apply (rule block_local_rel_guard_true)
-            apply (rule Rel_Main_test[of inner_body_bb1])
-           apply (simp add: inner_body_bb1_def)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb)
-       apply (rule Red_impl)
-       apply (simp add: nested_loop_before_cfg_to_dag_prog.block_4_def)
-      apply (simp add: inner_body_bb1_def)
-     apply simp+
+    unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def
+    apply (rule guard_holds_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of inner_body_bb1])
+             apply (simp add: inner_body_bb1_def)
+            apply simp
+           apply simp+
+          apply (rule Red_bb)
+         apply (rule push_through_assumption_test1, rule Red_impl)
+            apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_6_def)
+           apply (simp add: trace_is_possible inner_body_bb1_def)+
     done
 qed
 
 lemma outer_body_bb2_local_rel:
   assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (outer_body_bb2 , KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.block_7 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
   shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop2_before_cfg_to_dag_prog.block_7, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
   show ?thesis 
-    unfolding nested_loop_before_cfg_to_dag_prog.block_5_def
-    apply (rule block_local_rel_guard_false)
-           apply (rule Rel_Main_test[of outer_body_bb2])
-           apply (simp add: outer_body_bb2_def)
-           apply (rule neg_gt2)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb)
-       apply (rule Red_impl)
-       apply (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def) 
-      apply (simp add: outer_body_bb2_def)
-     apply simp+
-    done 
+    unfolding nested_loop2_before_cfg_to_dag_prog.block_7_def 
+    apply (rule guard_fails_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of outer_body_bb2])
+             apply (simp add: outer_body_bb2_def)
+            apply simp
+           apply simp+
+          apply (rule Red_bb)
+         apply (rule Red_impl)
+         apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_7_def)
+         apply (rule push_through_assumption1)
+             apply simp
+            apply (rule neg_gt2)
+          apply (rule trace_is_possible)
+         apply simp
+        apply (simp add: outer_body_bb2_def)
+        apply simp+
+     apply (rule neg_gt2)
+    apply (rule trace_is_possible)
+    done
 qed
 
+
+lemma end_global_rel: 
+  assumes Red_bb: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (empty_bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(Lit (LBool True)), ns1\<rangle> \<Down> BoolV False"
+shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+proof -
+  have node3_loc: "node_to_block nested_loop2_before_cfg_to_dag_prog.proc_body ! 9 = [(Assume (UnOp Not (Lit (LBool True))))]" 
+    by (simp add: nested_loop2_before_cfg_to_dag_prog.block_9_def nested_loop2_before_cfg_to_dag_prog.node_9)
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+            apply (rule Rel_Invs[of empty_bb])
+            apply (simp add: empty_bb_def)
+           apply (rule Red_bb)
+          apply (simp add: empty_bb_def)
+         apply simp
+        apply (rule disjI2)
+        apply (rule disjI2)
+        apply (rule conjI)
+         apply (rule node3_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule conjI)
+         defer
+        apply (rule trace_is_possible)
+       apply (rule nested_loop2_before_cfg_to_dag_prog.outEdges_9)
+      apply (rule cfg_is_correct, simp)
+     apply simp
+    apply (simp add: empty_bb_def)
+     apply (simp add: end_static)
+    apply simp
+    done
+qed
+
+
 lemma outer_body_bb2_global_rel:
   assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb2, KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, (KEndBlock KStop), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   using assms
 proof -
-  show ?thesis
-    apply (rule block_global_rel_if_false)
-                 apply (rule Rel_Main_test[of outer_body_bb2])
-                 apply (simp add: outer_body_bb2_def)
-                apply (rule concrete_trace)
-               apply (simp add: outer_body_bb2_def)
-              apply simp
-             apply simp
-            apply (rule nested_loop_before_cfg_to_dag_prog.node_5)
-           apply (rule nested_loop_before_cfg_to_dag_prog.block_5_def)
-          apply (rule cfg_is_correct)
-          apply simp+
-       apply (rule neg_gt2[of "(Var 1)" "(Lit (LInt 0))"])
-      apply (rule trace_is_possible)
+  have node5_loc: "node_to_block nested_loop2_before_cfg_to_dag_prog.proc_body ! 7 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
+    by (simp add: nested_loop2_before_cfg_to_dag_prog.block_7_def nested_loop2_before_cfg_to_dag_prog.node_7)
+  show ?thesis 
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of outer_body_bb2])
+             apply (simp add: outer_body_bb2_def)
+            defer
+          apply (rule assms(1))
+         apply (simp add: outer_body_bb2_def)
+        apply (rule disjI2)
+        apply (rule disjI2)
+        apply (rule conjI)
+         apply (rule node5_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule conjI)
+         apply (rule neg_gt2)
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_7)
      apply (rule outer_body_bb2_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
-    apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_5)
-    apply (simp add: member_rec)
+    apply (erule allE[where x=3])
+    apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_7)
+    apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply auto
+      apply simp+
     done
 qed
 
 
-
 lemma inner_loop_body_global_rel:
   assumes j_step_ast_trace: 
           "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (inner_body_bb1, (KSeq outer_body_bb1_unwrapped (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))))), Normal ns1) -n\<longrightarrow>^j 
                                  (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
   and loop_ih:
         "\<And>k ns1''. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(outer_body_bb1_unwrapped, (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop)))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
 proof -
-  show ?thesis
-    apply (rule block_global_rel_if_true)
-                 apply (rule Rel_Main_test[of inner_body_bb1])
-                 apply (simp add: inner_body_bb1_def)
-               apply (rule j_step_ast_trace)
-              apply (simp add: inner_body_bb1_def)
-             apply simp
-            apply simp
-           apply (rule nested_loop_before_cfg_to_dag_prog.node_4)
-          apply (rule nested_loop_before_cfg_to_dag_prog.block_4_def)
-         apply (rule cfg_is_correct)
-         apply simp+
-      apply (rule trace_is_possible)
+  have node5_loc: "node_to_block nested_loop2_before_cfg_to_dag_prog.proc_body ! 6 = 
+                   [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]" 
+    by (simp add: nested_loop2_before_cfg_to_dag_prog.block_6_def nested_loop2_before_cfg_to_dag_prog.node_6)
+  show ?thesis 
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of inner_body_bb1])
+             apply (simp add: inner_body_bb1_def)
+            defer
+          apply (rule assms(1))
+         apply (simp add: inner_body_bb1_def)
+        apply (rule disjI2)
+        apply (rule disjI1)
+        apply (rule conjI)
+         apply (rule node5_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_6)
      apply (rule inner_body_bb1_local_rel)
-       apply assumption+
+       apply assumption
+      apply simp
      apply (rule trace_is_possible)
-    apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_4)
-    apply (simp add: member_rec)
+
+    apply (erule allE[where x=5])
+    apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_6)
+    apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply auto
+      apply simp+
     done
 qed
 
 
 lemma inner_loop_head_global_rel:
   assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1_unwrapped, (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop)))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
   using assms
@@ -229,10 +290,11 @@ proof (induction j arbitrary: ns1 rule: less_induct)
     case (Suc j')
     show ?thesis
       apply (rule block_global_rel_loop_head)
-              apply (rule Rel_Invs[of outer_body_bb1_unwrapped _ _ _ nested_loop_before_cfg_to_dag_prog.block_3])
-              apply (simp add: outer_body_bb1_unwrapped_def nested_loop_before_cfg_to_dag_prog.block_3_def)
+              apply (rule Rel_Invs[of outer_body_bb1_unwrapped _ _ _ nested_loop2_before_cfg_to_dag_prog.block_5])
+              apply (simp add: outer_body_bb1_unwrapped_def nested_loop2_before_cfg_to_dag_prog.block_5_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply simp
            apply (simp add: outer_body_bb1_unwrapped_def)
           apply simp
          apply (rule block_local_rel_loop_head)
@@ -240,14 +302,14 @@ proof (induction j arbitrary: ns1 rule: less_induct)
              apply (simp add: outer_body_bb1_unwrapped_def)
             apply (simp add: outer_body_bb1_unwrapped_def)
            apply (simp)
-          apply (rule nested_loop_before_cfg_to_dag_prog.block_3_def)
+          apply (rule nested_loop2_before_cfg_to_dag_prog.block_5_def)
          apply (simp, simp)
-       apply (simp add: nested_loop_before_cfg_to_dag_prog.node_3)
+       apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_5)
       apply(rule disjE)
         apply assumption
 
-       apply (erule allE[where x = 4])
-       apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)
+       apply (erule allE[where x = 6])
+       apply (simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5)
        apply (simp add:member_rec(1))
        apply (rule conjE)
         apply assumption
@@ -258,22 +320,26 @@ proof (induction j arbitrary: ns1 rule: less_induct)
         apply assumption
        apply (rule less.IH)
          apply (rule strictly_smaller_helper2)
-           apply assumption+
+           apply assumption
+          apply assumption
+         apply assumption
+        apply assumption
        apply (rule less.prems(3))
          apply (rule strictly_smaller_helper3)
            apply assumption+
 
-      apply (erule allE[where x = 5])
-      apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)
+      apply (erule allE[where x = 7])
+      apply (simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5)
       apply (simp add:member_rec(1))
       apply (rule conjE)
        apply assumption
       apply simp
-      apply (rule ending)
+      apply (rule ending_after_skipping_endblock2)
            apply assumption
           apply assumption
          apply simp
-        apply blast
+         apply blast
+        apply simp
        apply assumption
       apply (rule outer_body_bb2_global_rel)
          apply assumption+
@@ -286,17 +352,18 @@ qed
 
 lemma inner_loop_head_global_rel_wrapped:
   assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1, (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
   apply (rule ending3)
      apply (rule j_step_ast_trace)
     apply (simp add: outer_body_bb1_def)
-   apply (rule cfg_is_correct, simp)
+    apply (rule cfg_is_correct, simp)
+   apply simp
   apply (rule inner_loop_head_global_rel)
     apply (simp add: outer_body_bb1_unwrapped_def)
    apply assumption
@@ -308,7 +375,7 @@ lemma inner_loop_head_global_rel_wrapped:
 lemma outer_loop_head_global_rel:
   assumes j_step_ast_trace: 
     "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bb0_unwrapped, KEndBlock KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
   using assms 
 proof (induction j arbitrary: ns1 rule: less_induct)
@@ -326,6 +393,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
               apply (simp add: bb0_unwrapped_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply simp
            apply (simp add: bb0_unwrapped_def)
           apply simp
          apply (rule block_local_rel_loop_head)
@@ -333,13 +401,13 @@ proof (induction j arbitrary: ns1 rule: less_induct)
               apply (simp add: bb0_unwrapped_def)
             apply (simp add: bb0_unwrapped_def)
            apply (simp, simp, simp)
-       apply (simp add: nested_loop_before_cfg_to_dag_prog.node_1)
-       apply (simp add: nested_loop_before_cfg_to_dag_prog.block_1_def)
+       apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_3)
+       apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_3_def)
       apply(rule disjE)
         apply assumption
     
-       apply (erule allE[where x = 2])
-       apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_1)
+       apply (erule allE[where x = 4])
+       apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_3)
        apply (simp add:member_rec(1))
        apply (rule conjE)
         apply assumption
@@ -348,52 +416,60 @@ proof (induction j arbitrary: ns1 rule: less_induct)
          apply (simp add: outer_body_bb1_def outer_body_bb2_def)
         apply (rule correctness_propagates_through_assumption2)
             apply assumption
-           apply (simp add: nested_loop_before_cfg_to_dag_prog.node_2)
-           apply (simp add: nested_loop_before_cfg_to_dag_prog.block_2_def)
+           apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_4)
+           apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_4_def)
           apply assumption
-         apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_2)
+         apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_4)
          apply (simp add: member_rec)
         apply assumption
        apply (rule less.IH)
          apply (rule strictly_smaller_helper2)
           apply assumption+
 
-      apply (erule allE[where x = 6])
-      apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1)
+      apply (erule allE[where x = 8])
+      apply (simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3)
       apply (simp add:member_rec(1))
       apply (rule conjE)
        apply assumption
       apply simp
-      apply (rule ending_directly_after_loop_exit)
-       apply assumption
-      apply simp
+      apply (rule ending_after_skipping_endblock)
+           apply assumption
+          apply simp
+         apply simp
+         apply blast
+        apply simp
+       apply simp
+      apply (rule end_global_rel)
+        apply (simp add: empty_bb_def)+
       done
   qed
 qed
 
 lemma entry_block_global_rel:
   assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)"
   using assms
 proof -
   show ?thesis
-    unfolding nested_loop_before_cfg_to_dag_prog.post_def
+    unfolding nested_loop2_before_cfg_to_dag_prog.post_def
     apply (rule block_global_rel_while_successor)
            apply (rule j_step_ast_trace)
-          apply (rule Rel_Main_test[of bigblock0 _ nested_loop_before_cfg_to_dag_prog.block_0])
-          apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-         apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-        apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
-       apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
-      apply (rule cfg_is_correct, simp)
-     apply (simp add: nested_loop_before_cfg_to_dag_prog.node_0)
+          apply (rule Rel_Main_test[of bigblock0 _ nested_loop2_before_cfg_to_dag_prog.block_0])
+          apply (simp add: bigblock0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
+         apply (simp add: bigblock0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
+        apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)
+       apply (rule disjI1)
+       apply (rule nested_loop2_before_cfg_to_dag_prog.node_0)
+       apply (rule cfg_is_correct, simp)
+      apply simp
+     apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_0)
      apply (rule bb0_local_rel)
       apply assumption
      apply simp
     apply (rule outer_loop_head_global_rel)
      apply (simp add: bb0_unwrapped_def)
-    apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_0)
     apply (simp add: member_rec(1))
     done
 qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_ast_cfg.thy
new file mode 100644
index 0000000..e1a7c7d
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_ast_cfg.thy
@@ -0,0 +1,108 @@
+theory nested_loop2_before_ast_cfg
+  imports
+    Boogie_Lang.Ast
+    Boogie_Lang.Semantics 
+    Boogie_Lang.TypeSafety 
+    Boogie_Lang.Util 
+    "../global_data"
+begin
+
+definition bigblock0 
+  where "bigblock0 \<equiv> BigBlock None [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]
+                     (Some (WhileWrapper 
+                           (ParsedWhile (Some ((Lit (LBool True))))
+                            []
+                            [(BigBlock None []
+                             (Some (WhileWrapper 
+                                   (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                                   [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                                   [(BigBlock None [] 
+                                    (Some (WhileWrapper 
+                                         (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                                          [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                                          [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
+                                     None),
+                                   (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
+                              None)])))
+                       None"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 # []"
+
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop2_before_ast_cfg.params_vdecls_def nested_loop2_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_ast_cfg.params_vdecls) )"
+unfolding nested_loop2_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_ast_cfg.locals_vdecls) )"
+unfolding nested_loop2_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = nested_loop2_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop2_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec nested_loop2_before_ast_cfg.post),proc_body = (Some (nested_loop2_before_ast_cfg.locals_vdecls,nested_loop2_before_ast_cfg.proc_body))|)"
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..d69bcb8
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy
@@ -0,0 +1,197 @@
+theory nested_loop2_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (Lit (LBool True)))]"
+definition block_3
+  where
+    "block_3  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_8
+  where
+    "block_8  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_9
+  where
+    "block_9  = [(Assume (UnOp Not (Lit (LBool True))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[9,2],[3],[8,4],[5],[7,6],[5],[3],[1],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [9,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [8,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [7,6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding nested_loop2_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = nested_loop2_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop2_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop2_before_cfg_to_dag_prog.post),proc_body = (Some (nested_loop2_before_cfg_to_dag_prog.locals_vdecls,nested_loop2_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy
similarity index 53%
rename from BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
rename to BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy
index 4d9e13e..92b57e1 100644
--- a/BoogieLang/completed_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
+++ b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy
@@ -1,45 +1,54 @@
-theory nested_loop_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_cfg_to_dag_prog
+theory nested_loop2_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop2_before_cfg_to_dag_prog
 begin
 definition block_0
   where
     "block_0  = []"
 definition block_1
   where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+    "block_1  = [(Assume (UnOp Not (Lit (LBool True))))]"
 definition block_2
   where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0))),(Assume (Lit (LBool False)))]"
 definition block_3
   where
-    "block_3  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
 definition block_4
   where
-    "block_4  = [(Havoc 1),(Assume (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
 definition block_5
   where
-    "block_5  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+    "block_5  = [(Havoc 1),(Assume (BinOp (Var 1) Ge (Lit (LInt 0))))]"
 definition block_6
   where
-    "block_6  = [(Havoc 0),(Havoc 1),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+    "block_6  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
 definition block_7
   where
-    "block_7  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+    "block_7  = [(Havoc 0),(Havoc 1),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
 definition block_8
   where
-    "block_8  = []"
+    "block_8  = [(Assume (Lit (LBool True))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
 definition block_9
   where
-    "block_9  = []"
+    "block_9  = [(Havoc 0),(Havoc 1)]"
+definition block_10
+  where
+    "block_10  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]"
+definition block_11
+  where
+    "block_11  = []"
+definition block_12
+  where
+    "block_12  = []"
 definition outEdges
   where
-    "outEdges  = [[],[0],[0],[0],[2,3],[4],[1,5],[6],[7],[8]]"
+    "outEdges  = [[],[0],[0],[0],[0],[3,4],[5],[2,6],[7],[1,8],[9],[10],[11]]"
 definition node_to_blocks
   where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
 definition proc_body
   where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+    "proc_body  = (|entry = 12,out_edges = outEdges,node_to_block = node_to_blocks|)"
 lemma node_0:
 shows "((nth (node_to_block proc_body) 0) = block_0)"
 by (simp add:proc_body_def node_to_blocks_def)
@@ -80,6 +89,18 @@ lemma node_9:
 shows "((nth (node_to_block proc_body) 9) = block_9)"
 by (simp add:proc_body_def node_to_blocks_def)
 
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
 lemma outEdges_0:
 shows "((nth (out_edges proc_body) 0) = [])"
 by (simp add:proc_body_def outEdges_def)
@@ -97,19 +118,19 @@ shows "((nth (out_edges proc_body) 3) = [0])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2,3])"
+shows "((nth (out_edges proc_body) 4) = [0])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
+shows "((nth (out_edges proc_body) 5) = [3,4])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [1,5])"
+shows "((nth (out_edges proc_body) 6) = [5])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
+shows "((nth (out_edges proc_body) 7) = [2,6])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_8:
@@ -117,21 +138,33 @@ shows "((nth (out_edges proc_body) 8) = [7])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
+shows "((nth (out_edges proc_body) 9) = [1,8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
 unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
 by simp
 
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy
new file mode 100644
index 0000000..548fd95
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy
@@ -0,0 +1,760 @@
+theory nested_loop2_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop2_before_cfg_to_dag_prog nested_loop2_before_passive_prog nested_loop2_passification_proof nested_loop2_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop2_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def nested_loop2_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule nested_loop2_before_passive_prog.node_0)
+apply simp
+unfolding nested_loop2_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop2_before_cfg_to_dag_prog.block_9_def nested_loop2_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_9)
+apply (rule nested_loop2_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon6_LoopDone)
+apply assumption+
+apply (rule nested_loop2_before_cfg_to_dag_prog.outEdges_9)
+apply (rule nested_loop2_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon7_LoopDone:
+shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_8)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_8_def
+by simp
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop2_before_cfg_to_dag_prog.block_8_def nested_loop2_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_8)
+apply (rule nested_loop2_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon7_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon7_LoopDone)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_8))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_8))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_LoopDone:
+shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_7)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_7_def
+by simp
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_3 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop2_before_cfg_to_dag_prog.block_7_def nested_loop2_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop2_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 3 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_7)
+apply (rule nested_loop2_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon8_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon8_LoopDone)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_7))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_7))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon7_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_LoopBody:
+shows "(mods_contained_in (set [1]) nested_loop2_before_cfg_to_dag_prog.block_6)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def
+by simp
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_4 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def nested_loop2_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop2_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_cfg_to_dag_prog.l_y(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 5 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_6)
+apply (rule nested_loop2_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon8_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon8_LoopBody)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_6))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon8_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_LoopHead:
+shows "(mods_contained_in (set [1]) nested_loop2_before_cfg_to_dag_prog.block_5)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop2_before_cfg_to_dag_prog.block_5_def nested_loop2_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 3 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_5)
+apply (rule nested_loop2_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon8_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon8_LoopHead)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon7_LoopBody:
+shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_4)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop2_before_cfg_to_dag_prog.block_4_def nested_loop2_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop2_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_cfg_to_dag_prog.l_y(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 3 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_4)
+apply (rule nested_loop2_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon7_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon7_LoopBody)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_LoopHead:
+shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_3)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop2_before_cfg_to_dag_prog.block_3_def nested_loop2_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_x(1)))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_3)
+apply (rule nested_loop2_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon7_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon7_LoopHead)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon6_LoopBody:
+shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_2)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop2_before_cfg_to_dag_prog.block_2_def nested_loop2_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop2_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_2)
+apply (rule nested_loop2_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon6_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon6_LoopBody)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon6_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopHead:
+shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_1)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_9 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop2_before_cfg_to_dag_prog.block_1_def nested_loop2_before_passive_prog.block_9_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_x(1)))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_1)
+apply (rule nested_loop2_before_passive_prog.node_9)
+apply (assumption+)
+apply (rule block_anon6_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon6_LoopHead)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=8])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_10 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop2_before_cfg_to_dag_prog.block_0_def nested_loop2_before_passive_prog.block_10_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_0)
+apply (rule nested_loop2_before_passive_prog.node_10)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=9])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_10))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_11))
+by ((simp add:nested_loop2_before_passive_prog.node_11 nested_loop2_before_passive_prog.block_11_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop2_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule nested_loop2_before_passive_prog.node_12)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding nested_loop2_before_passive_prog.block_12_def
+apply (rule assume_pres_normal[where ?es=nested_loop2_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding nested_loop2_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule nested_loop2_before_passive_prog.outEdges_12)
+apply ((simp add:nested_loop2_before_passive_prog.node_11 nested_loop2_before_passive_prog.block_11_def))
+apply (rule nested_loop2_before_passive_prog.outEdges_11)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop2_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule nested_loop2_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms nested_loop2_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_loop2_before_cfg_to_dag_prog.proc_def nested_loop2_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy
new file mode 100644
index 0000000..5fc38ee
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy
@@ -0,0 +1,411 @@
+theory nested_loop2_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop2_before_passive_prog nested_loop2_passive_prog Boogie_Lang.PassificationML nested_loop2_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_0_def nested_loop2_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_1_def nested_loop2_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_2_def nested_loop2_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))" and 
+"((R 1) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old nested_loop2_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_3_def nested_loop2_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_x(2) nested_loop2_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(1,(Inl 7))]) R_old nested_loop2_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_4_def nested_loop2_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(2) nested_loop2_passive_prog.l_y_3(2)))
+by simp
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(1,(Inl 6))]) R_old nested_loop2_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_5_def nested_loop2_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(2) nested_loop2_passive_prog.l_y_2(2)))
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))" and 
+"((R 1) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_6_def nested_loop2_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4,5] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4,5])) (update_nstate_rel R [(0,(Inl 4)),(1,(Inl 5))]) R_old nested_loop2_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_7_def nested_loop2_passive_prog.block_7_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_x(2) nested_loop2_passive_prog.l_x_1(2)))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(2) nested_loop2_passive_prog.l_y_1(2)))
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_8_def nested_loop2_passive_prog.block_8_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old nested_loop2_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_9_def nested_loop2_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_x(2) nested_loop2_passive_prog.l_x_0(2)))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(2) nested_loop2_passive_prog.l_y_0(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_10 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10))),(1,(Inr (LInt 10)))]) R_old nested_loop2_passive_prog.block_10 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_10_def nested_loop2_passive_prog.block_10_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_11 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_11 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_11_def nested_loop2_passive_prog.block_11_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_12 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_12 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_12_def nested_loop2_passive_prog.block_12_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_0},@{thm nested_loop2_before_passive_prog.outEdges_0}) (@{thm nested_loop2_passive_prog.node_0},@{thm nested_loop2_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_1},@{thm nested_loop2_before_passive_prog.outEdges_1}) (@{thm nested_loop2_passive_prog.node_1},@{thm nested_loop2_passive_prog.outEdges_1}) @{thm block_anon6_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_2},@{thm nested_loop2_before_passive_prog.outEdges_2}) (@{thm nested_loop2_passive_prog.node_2},@{thm nested_loop2_passive_prog.outEdges_2}) @{thm block_anon7_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))" and 
+"((R 1) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_3},@{thm nested_loop2_before_passive_prog.outEdges_3}) (@{thm nested_loop2_passive_prog.node_3},@{thm nested_loop2_passive_prog.outEdges_3}) @{thm block_anon8_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_4},@{thm nested_loop2_before_passive_prog.outEdges_4}) (@{thm nested_loop2_passive_prog.node_4},@{thm nested_loop2_passive_prog.outEdges_4}) @{thm block_anon8_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_5},@{thm nested_loop2_before_passive_prog.outEdges_5}) (@{thm nested_loop2_passive_prog.node_5},@{thm nested_loop2_passive_prog.outEdges_5}) @{thm block_anon8_LoopHead} [
+@{thm cfg_block_anon8_LoopDone}, 
+@{thm cfg_block_anon8_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))" and 
+"((R 1) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_6},@{thm nested_loop2_before_passive_prog.outEdges_6}) (@{thm nested_loop2_passive_prog.node_6},@{thm nested_loop2_passive_prog.outEdges_6}) @{thm block_anon7_LoopBody} [
+@{thm cfg_block_anon8_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_7},@{thm nested_loop2_before_passive_prog.outEdges_7}) (@{thm nested_loop2_passive_prog.node_7},@{thm nested_loop2_passive_prog.outEdges_7}) @{thm block_anon7_LoopHead} [
+@{thm cfg_block_anon7_LoopDone}, 
+@{thm cfg_block_anon7_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_8},@{thm nested_loop2_before_passive_prog.outEdges_8}) (@{thm nested_loop2_passive_prog.node_8},@{thm nested_loop2_passive_prog.outEdges_8}) @{thm block_anon6_LoopBody} [
+@{thm cfg_block_anon7_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_9},@{thm nested_loop2_before_passive_prog.outEdges_9}) (@{thm nested_loop2_passive_prog.node_9},@{thm nested_loop2_passive_prog.outEdges_9}) @{thm block_anon6_LoopHead} [
+@{thm cfg_block_anon6_LoopDone}, 
+@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_10},@{thm nested_loop2_before_passive_prog.outEdges_10}) (@{thm nested_loop2_passive_prog.node_10},@{thm nested_loop2_passive_prog.outEdges_10}) @{thm block_anon0} [
+@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 11)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_11},@{thm nested_loop2_before_passive_prog.outEdges_11}) (@{thm nested_loop2_passive_prog.node_11},@{thm nested_loop2_passive_prog.outEdges_11}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 12)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_12},@{thm nested_loop2_before_passive_prog.outEdges_12}) (@{thm nested_loop2_passive_prog.node_12},@{thm nested_loop2_passive_prog.outEdges_12}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 12),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv nested_loop2_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding nested_loop2_passive_prog.params_vdecls_def nested_loop2_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using nested_loop2_before_passive_prog.globals_locals_disj apply auto[1]
+using nested_loop2_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_loop2_passive_prog.proc_body u (Inl 12)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_loop2_passive_prog.proc_body ((Inl 12),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from nested_loop2_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy
new file mode 100644
index 0000000..5189398
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy
@@ -0,0 +1,259 @@
+theory nested_loop2_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop2_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (UnOp Not (Lit (LBool True))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 6))),(Assume (BinOp (Var 8) Eq (BinOp (Var 4) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 8) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 6) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 7) Eq (BinOp (Var 6) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 7) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 6) Ge (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 5) Ge (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Var 4) Ge (Lit (LInt 0))))]"
+definition block_8
+  where
+    "block_8  = [(Assume (Lit (LBool True))),(Assert (BinOp (Var 2) Ge (Lit (LInt 0))))]"
+definition block_9
+  where
+    "block_9  = []"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = []"
+definition block_12
+  where
+    "block_12  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[0],[3,4],[5],[2,6],[7],[1,8],[9],[10],[11]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 12,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [2,6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [1,8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(7,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop2_passive_prog.params_vdecls_def nested_loop2_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_3:
+shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_3:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy
new file mode 100644
index 0000000..d8bb5a0
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy
@@ -0,0 +1,456 @@
+theory nested_loop2_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML nested_loop2_passive_prog nested_loop2_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon6_LoopDone
+  where
+    "vc_anon6_LoopDone  = True"
+definition vc_anon7_LoopDone
+  where
+    "vc_anon7_LoopDone  = True"
+definition vc_anon8_LoopDone
+  where
+    "vc_anon8_LoopDone y_2 x_2 x_1 = ((((0::int) \<ge> y_2) \<and> (x_2 = (x_1 - (1::int)))) \<longrightarrow> (x_2 \<ge> (0::int)))"
+definition vc_anon8_LoopBody
+  where
+    "vc_anon8_LoopBody y_2 y_3 = (((y_2 > (0::int)) \<and> (y_3 = (y_2 - (1::int)))) \<longrightarrow> (y_3 \<ge> (0::int)))"
+definition vc_anon8_LoopHead
+  where
+    "vc_anon8_LoopHead y_2 x_2 x_1 y_3 = ((y_2 \<ge> (0::int)) \<longrightarrow> ((vc_anon8_LoopDone y_2 x_2 x_1) \<and> (vc_anon8_LoopBody y_2 y_3)))"
+definition vc_anon7_LoopBody
+  where
+    "vc_anon7_LoopBody x_1 y_1 y_2 x_2 y_3 = ((x_1 > (0::int)) \<longrightarrow> ((y_1 \<ge> (0::int)) \<and> ((y_1 \<ge> (0::int)) \<longrightarrow> (vc_anon8_LoopHead y_2 x_2 x_1 y_3))))"
+definition vc_anon7_LoopHead
+  where
+    "vc_anon7_LoopHead x_1 y_1 y_2 x_2 y_3 = ((x_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon7_LoopDone ) \<and> (vc_anon7_LoopBody x_1 y_1 y_2 x_2 y_3)))"
+definition vc_anon6_LoopBody
+  where
+    "vc_anon6_LoopBody x_0 x_1 y_1 y_2 x_2 y_3 = ((x_0 \<ge> (0::int)) \<and> ((x_0 \<ge> (0::int)) \<longrightarrow> (vc_anon7_LoopHead x_1 y_1 y_2 x_2 y_3)))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 x_1 y_1 y_2 x_2 y_3 = ((vc_anon6_LoopDone ) \<and> (vc_anon6_LoopBody x_0 x_1 y_1 y_2 x_2 y_3))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_x_1 :: "int" and vc_y_1 :: "int" and vc_y_2 :: "int" and vc_x_2 :: "int" and vc_y_3 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_1)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_1)))" and 
+G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_y_2)))" and 
+G7: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_2)))" and 
+G8: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_3)))" and 
+G9: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9
+lemmas forall_poly_thm = forall_vc_type[OF G9]
+lemmas exists_poly_thm = exists_vc_type[OF G9]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding nested_loop2_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon6_LoopDone_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon6_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding nested_loop2_passive_prog.block_1_def vc.vc_anon6_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon7_LoopDone_hints = [
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon7_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopDone ) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop2_passive_prog.block_2_def vc.vc_anon7_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_LoopDone_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon8_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop2_passive_prog.block_3_def vc.vc_anon8_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon8_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopBody vc_y_2 vc_y_3) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop2_passive_prog.block_4_def vc.vc_anon8_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon8_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopHead vc_y_2 vc_x_2 vc_x_1 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1) \<and> (vc.vc_anon8_LoopBody vc_y_2 vc_y_3))))))))"
+unfolding nested_loop2_passive_prog.block_5_def vc.vc_anon8_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon7_LoopBody_hints = [
+(AssumeConjR 0,NONE), 
+(AssertSub,NONE)]
+\<close>
+lemma block_anon7_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon8_LoopHead vc_y_2 vc_x_2 vc_x_1 vc_y_3)))))))"
+unfolding nested_loop2_passive_prog.block_6_def vc.vc_anon7_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon7_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon7_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone ) \<and> (vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))))"
+unfolding nested_loop2_passive_prog.block_7_def vc.vc_anon7_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssertSub,NONE)]
+\<close>
+lemma block_anon6_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)))))))"
+unfolding nested_loop2_passive_prog.block_8_def vc.vc_anon6_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
+by (auto?)
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_9 (Normal n_s) s')" and 
+"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))"
+using assms
+unfolding nested_loop2_passive_prog.block_9_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_10 (Normal n_s) s')" and 
+"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))"
+using assms
+unfolding nested_loop2_passive_prog.block_10_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_11 (Normal n_s) s')" and 
+"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))"
+using assms
+unfolding nested_loop2_passive_prog.block_11_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_12 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding nested_loop2_passive_prog.block_12_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) nested_loop2_passive_prog.node_0 nested_loop2_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopDone )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_loop2_passive_prog.node_1])
+apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:nested_loop2_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_LoopDone )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop2_passive_prog.node_2])
+by (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop2_passive_prog.node_3])
+by (erule block_anon8_LoopDoneAA0[OF _ assms(2)])
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon8_LoopBody vc_y_2 vc_y_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop2_passive_prog.node_4])
+by (erule block_anon8_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon8_LoopHead vc_y_2 vc_x_2 vc_x_1 vc_y_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_5])
+apply (erule block_anon8_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:nested_loop2_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_6])
+apply (erule block_anon7_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:nested_loop2_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_7])
+apply (erule block_anon7_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:nested_loop2_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_8])
+apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:nested_loop2_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_9])
+apply (erule block_anon6_LoopHead[OF _ assms(2)])
+apply ((simp add:nested_loop2_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_10])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:nested_loop2_passive_prog.outEdges_10))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_11])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:nested_loop2_passive_prog.outEdges_11))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_12])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:nested_loop2_passive_prog.outEdges_12))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) \<Gamma> [] nested_loop2_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_x])
+apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_y])
+apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_3:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_y_3])
+apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_y_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (rule HOL.conjunct1[OF sc_y_3])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
index 2df320d..8189bc8 100644
--- a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
@@ -12,7 +12,6 @@ theory nested_loop_ast_cfg_proof
 begin
 declare Nat.One_nat_def[simp del]
 
-
 abbreviation \<Lambda>1_local
   where
     "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
@@ -68,6 +67,9 @@ definition bb0_unwrapped where
                            (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)])) 
                      None)"
 
+definition empty_bb where
+  "empty_bb \<equiv> (BigBlock None [] None None)"
+
 lemma bb0_local_rel:
   assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
   and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
@@ -78,7 +80,7 @@ proof -
     apply (rule block_local_rel_generic)
            apply (rule Rel_Main_test[of bigblock0 _ nested_loop_before_cfg_to_dag_prog.block_0])
            apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-          apply simp+
+          apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)+
         apply (rule Red_bb)
        apply (rule Red_impl, simp)
       apply (simp add: nested_loop_before_ast_cfg.bigblock0_def)
@@ -96,46 +98,87 @@ lemma inner_body_bb1_local_rel:
 proof -
   show ?thesis 
     unfolding nested_loop_before_cfg_to_dag_prog.block_4_def 
-    apply (rule block_local_rel_guard_true)
-            apply (rule Rel_Main_test[of inner_body_bb1])
-           apply (simp add: inner_body_bb1_def)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb)
-       apply (rule Red_impl)
-       apply (simp add: nested_loop_before_cfg_to_dag_prog.block_4_def)
-      apply (simp add: inner_body_bb1_def)
-     apply simp+
+    apply (rule guard_holds_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of inner_body_bb1])
+             apply (simp add: inner_body_bb1_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb)
+         apply (rule push_through_assumption_test1, rule Red_impl)
+            apply (simp add: nested_loop_before_cfg_to_dag_prog.block_4_def)
+           apply (simp add: trace_is_possible inner_body_bb1_def)+
     done
 qed
 
 lemma outer_body_bb2_local_rel:
   assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (outer_body_bb2 , KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
   and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
   shows "reached_state \<noteq> Failure  \<and>
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
   show ?thesis 
-    unfolding nested_loop_before_cfg_to_dag_prog.block_5_def
-    apply (rule block_local_rel_guard_false)
-           apply (rule Rel_Main_test[of outer_body_bb2])
-           apply (simp add: outer_body_bb2_def)
-           apply (rule neg_gt2)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb)
-       apply (rule Red_impl)
-       apply (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def) 
-      apply (simp add: outer_body_bb2_def)
-     apply simp+
-    done 
+    unfolding nested_loop_before_cfg_to_dag_prog.block_5_def 
+    apply (rule guard_fails_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of outer_body_bb2])
+             apply (simp add: outer_body_bb2_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb)
+         apply (rule Red_impl)
+         apply (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def)
+         apply (rule push_through_assumption1)
+             apply simp
+            apply (rule neg_gt2)
+          apply (rule trace_is_possible)
+         apply simp
+        apply (simp add: outer_body_bb2_def)
+        apply simp+
+     apply (rule neg_gt2)
+    apply (rule trace_is_possible)
+    done
 qed
 
+
+lemma end_global_rel: 
+  assumes Red_bb: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (empty_bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
+shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+proof -
+  have node3_loc: "node_to_block nested_loop_before_cfg_to_dag_prog.proc_body ! 6 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
+    by (simp add: nested_loop_before_cfg_to_dag_prog.block_6_def nested_loop_before_cfg_to_dag_prog.node_6)
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+            apply (rule Rel_Main_test[of empty_bb])
+            apply (simp add: empty_bb_def)
+           apply (rule Red_bb)
+          apply (simp add: empty_bb_def)
+         apply simp
+        apply (rule disjI2)
+        apply (rule disjI2)
+        apply (rule conjI)
+         apply (rule node3_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule conjI)
+         apply (rule neg_gt2)
+        apply (rule trace_is_possible)
+       apply (rule nested_loop_before_cfg_to_dag_prog.outEdges_6)
+      apply (rule cfg_is_correct, simp)
+     apply simp
+    apply (simp add: empty_bb_def)
+    apply (simp add: end_static)
+    done
+qed
+
+
 lemma outer_body_bb2_global_rel:
   assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb2, KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, (KEndBlock KStop), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
@@ -144,33 +187,39 @@ lemma outer_body_bb2_global_rel:
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   using assms
 proof -
-  show ?thesis
-    apply (rule block_global_rel_if_false)
-                 apply (rule Rel_Main_test[of outer_body_bb2])
-                 apply (simp add: outer_body_bb2_def)
-                apply (rule concrete_trace)
-               apply (simp add: outer_body_bb2_def)
-              apply simp
-             apply simp
-            apply (rule nested_loop_before_cfg_to_dag_prog.node_5)
-           apply (rule nested_loop_before_cfg_to_dag_prog.block_5_def)
-          apply (rule cfg_is_correct)
-          apply simp+
-       apply (rule neg_gt2[of "(Var 1)" "(Lit (LInt 0))"])
-      apply (rule trace_is_possible)
+  have node5_loc: "node_to_block nested_loop_before_cfg_to_dag_prog.proc_body ! 5 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
+    by (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def nested_loop_before_cfg_to_dag_prog.node_5)
+  show ?thesis 
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of outer_body_bb2])
+           apply (simp add: outer_body_bb2_def)
+          apply (rule assms(1))
+         apply (simp add: outer_body_bb2_def)
+        apply (rule disjI2)
+        apply (rule disjI2)
+        apply (rule conjI)
+         apply (rule node5_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule conjI)
+         apply (rule neg_gt2)
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: nested_loop_before_cfg_to_dag_prog.node_5)
      apply (rule outer_body_bb2_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
+    apply (erule allE[where x=1])
     apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_5)
-    apply (simp add: member_rec)
+    apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply auto
+      apply simp+
     done
 qed
 
 
-
 lemma inner_loop_body_global_rel:
   assumes j_step_ast_trace: 
           "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (inner_body_bb1, (KSeq outer_body_bb1_unwrapped (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))))), Normal ns1) -n\<longrightarrow>^j 
@@ -184,26 +233,35 @@ lemma inner_loop_body_global_rel:
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
 proof -
-  show ?thesis
-    apply (rule block_global_rel_if_true)
-                 apply (rule Rel_Main_test[of inner_body_bb1])
-                 apply (simp add: inner_body_bb1_def)
-               apply (rule j_step_ast_trace)
-              apply (simp add: inner_body_bb1_def)
-             apply simp
-            apply simp
-           apply (rule nested_loop_before_cfg_to_dag_prog.node_4)
-          apply (rule nested_loop_before_cfg_to_dag_prog.block_4_def)
-         apply (rule cfg_is_correct)
-         apply simp+
-      apply (rule trace_is_possible)
+  have node5_loc: "node_to_block nested_loop_before_cfg_to_dag_prog.proc_body ! 4 = 
+                   [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]" 
+    by (simp add: nested_loop_before_cfg_to_dag_prog.block_4_def nested_loop_before_cfg_to_dag_prog.node_4)
+  show ?thesis 
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of inner_body_bb1])
+           apply (simp add: inner_body_bb1_def)
+          apply (rule assms(1))
+         apply (simp add: inner_body_bb1_def)
+        apply (rule disjI2)
+        apply (rule disjI1)
+        apply (rule conjI)
+         apply (rule node5_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: nested_loop_before_cfg_to_dag_prog.node_4)
      apply (rule inner_body_bb1_local_rel)
-       apply assumption+
+       apply assumption
+      apply simp
      apply (rule trace_is_possible)
+
+    apply (erule allE[where x=3])
     apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_4)
-    apply (simp add: member_rec)
+    apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply auto
+      apply simp+
     done
 qed
 
@@ -233,6 +291,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
               apply (simp add: outer_body_bb1_unwrapped_def nested_loop_before_cfg_to_dag_prog.block_3_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply simp
            apply (simp add: outer_body_bb1_unwrapped_def)
           apply simp
          apply (rule block_local_rel_loop_head)
@@ -258,7 +317,10 @@ proof (induction j arbitrary: ns1 rule: less_induct)
         apply assumption
        apply (rule less.IH)
          apply (rule strictly_smaller_helper2)
-           apply assumption+
+           apply assumption
+          apply assumption
+         apply assumption
+        apply assumption
        apply (rule less.prems(3))
          apply (rule strictly_smaller_helper3)
            apply assumption+
@@ -269,11 +331,12 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       apply (rule conjE)
        apply assumption
       apply simp
-      apply (rule ending)
+      apply (rule ending_after_skipping_endblock2)
            apply assumption
           apply assumption
          apply simp
-        apply blast
+         apply blast
+        apply simp
        apply assumption
       apply (rule outer_body_bb2_global_rel)
          apply assumption+
@@ -296,7 +359,8 @@ lemma inner_loop_head_global_rel_wrapped:
   apply (rule ending3)
      apply (rule j_step_ast_trace)
     apply (simp add: outer_body_bb1_def)
-   apply (rule cfg_is_correct, simp)
+    apply (rule cfg_is_correct, simp)
+   apply simp
   apply (rule inner_loop_head_global_rel)
     apply (simp add: outer_body_bb1_unwrapped_def)
    apply assumption
@@ -326,6 +390,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
               apply (simp add: bb0_unwrapped_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply simp
            apply (simp add: bb0_unwrapped_def)
           apply simp
          apply (rule block_local_rel_loop_head)
@@ -364,9 +429,15 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       apply (rule conjE)
        apply assumption
       apply simp
-      apply (rule ending_directly_after_loop_exit)
-       apply assumption
-      apply simp
+      apply (rule ending_after_skipping_endblock)
+           apply assumption
+          apply simp
+         apply simp
+         apply blast
+        apply simp
+       apply simp
+      apply (rule end_global_rel)
+        apply (simp add: empty_bb_def)+
       done
   qed
 qed
@@ -385,8 +456,10 @@ proof -
           apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
          apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
         apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
+       apply (rule disjI1)
        apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
-      apply (rule cfg_is_correct, simp)
+       apply (rule cfg_is_correct, simp)
+      apply simp
      apply (simp add: nested_loop_before_cfg_to_dag_prog.node_0)
      apply (rule bb0_local_rel)
       apply assumption
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_ast_cfg_proof.thy
new file mode 100644
index 0000000..9ed088f
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_ast_cfg_proof.thy
@@ -0,0 +1,148 @@
+theory no_guard_empty_branch_if_ast_cfg_proof
+  imports Main
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          no_guard_empty_branch_if_before_cfg_to_dag_prog 
+          no_guard_empty_branch_if_before_ast_cfg
+          no_guard_empty_branch_if_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+
+begin
+declare Nat.One_nat_def[simp del]
+
+definition bigblock_then 
+  where "bigblock_then \<equiv> BigBlock None [] None None"
+
+definition bigblock_else
+  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 6)))] None None"
+
+lemma bigblock0_local_rel:
+  assumes Red_bb0_to: 
+      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis 
+    apply (rule block_local_rel_generic) 
+           apply (rule Rel_Main_test[of bigblock0])
+           apply (simp add: bigblock0_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl)
+       apply (simp add: bigblock0_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)+
+    done
+qed
+
+lemma bigblock_else_local_rel:
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
+  shows "reached_state \<noteq> Failure \<and> 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+proof -
+  show ?thesis
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of bigblock_else])
+             apply (simp add: bigblock_else_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb0_to)
+         apply (rule Red0_impl)
+       apply (simp add: bigblock_else_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def)+
+    done
+qed
+
+lemma block_then_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"                
+proof -
+  have node2_loc: "node_to_block no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ! 2 = []" 
+    by (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+            apply (rule Rel_Main_test[of bigblock_then])
+            apply (simp add: bigblock_then_def)
+           apply (rule assms(1))
+          apply (simp add: bigblock_then_def)
+         apply simp
+        apply (rule disjI1)
+         apply (rule node2_loc)
+       apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
+      apply (rule assms(2), simp)
+     apply simp
+    apply (simp add: bigblock_then_def)
+    apply (simp add: end_static)
+    done
+qed
+
+
+lemma block_else_global_rel:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  have node1_loc: "node_to_block no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ! 1 = [(Assign 0 (Lit (LInt 6)))]" 
+    by (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+           apply (rule Rel_Main_test[of bigblock_else])
+           apply (simp add: bigblock_else_def)
+          apply (rule assms(1))
+          apply (simp add: bigblock_else_def)
+         apply simp
+        apply (rule disjI1)
+        apply (rule node1_loc)
+       apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
+     apply (rule bigblock_else_local_rel)
+       apply assumption
+      apply simp
+    done
+qed
+
+
+lemma block0_global_rel:
+  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+proof -
+  show ?thesis 
+    apply (rule block_global_rel_if_successor)
+           apply (rule Rel_Main_test[of bigblock0 _ no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+          apply (rule ast_trace)
+          apply (simp add: bigblock0_def)
+         apply (rule disjI1)
+        apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
+       apply (rule assms(1))
+        apply simp+
+     apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
+     apply (rule bigblock0_local_rel)
+      apply (simp add: bigblock0_def)
+     apply assumption
+    apply simp
+    apply (rule disjE)
+      apply assumption
+
+     apply (erule allE[where x=2])
+     apply (simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
+     apply (simp add:member_rec(1))
+    unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.post_def
+     apply (rule block_then_global_rel)
+       apply (simp add: bigblock_then_def)       
+      apply simp
+   
+    apply (erule allE[where x=1])
+    apply (simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add:member_rec(1))
+    apply (rule block_else_global_rel)
+      apply (simp add: bigblock_else_def)
+     apply simp
+    done
+qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_cfg.thy
new file mode 100644
index 0000000..b6202a8
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_cfg.thy
@@ -0,0 +1,87 @@
+theory no_guard_empty_branch_if_before_ast_cfg
+  imports
+    Boogie_Lang.Ast
+    Boogie_Lang.Semantics 
+    Boogie_Lang.TypeSafety 
+    Boogie_Lang.Util 
+    "../global_data"
+begin
+
+definition bigblock0 
+  where
+    "bigblock0 = BigBlock None [Havoc 0] 
+                  (Some (ParsedIf None 
+                            [(BigBlock None [] None None)]
+                            [(BigBlock None [(Assign 0 (Lit (LInt 6)))] None None )]))
+                   None"
+
+definition proc_body
+  where
+    "proc_body  = bigblock0 # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_empty_branch_if_before_ast_cfg.params_vdecls_def no_guard_empty_branch_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_ast_cfg.params_vdecls) )"
+unfolding no_guard_empty_branch_if_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_ast_cfg.locals_vdecls) )"
+unfolding no_guard_empty_branch_if_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = no_guard_empty_branch_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_ast_cfg.post),proc_body = (Some (no_guard_empty_branch_if_before_ast_cfg.locals_vdecls,no_guard_empty_branch_if_before_ast_cfg.proc_body))|)"
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
index f58c89d..5e8952b 100644
--- a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
@@ -10,6 +10,7 @@ theory no_guard_if_ast_cfg_proof
           "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
 
 begin
+declare Nat.One_nat_def[simp del]
 
 definition bigblock_then 
   where "bigblock_then \<equiv> BigBlock None [(Assign 0 (Lit (LInt 0)))] None None"
@@ -40,7 +41,7 @@ qed
 
 
 lemma bigblock_then_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
   and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
   shows "reached_state \<noteq> Failure \<and> 
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
@@ -60,7 +61,7 @@ proof -
 qed
 
 lemma bigblock_else_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
   and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
   shows "reached_state \<noteq> Failure \<and> 
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
@@ -85,16 +86,24 @@ lemma block_then_global_rel:
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
 proof -
+  have node2_loc: "node_to_block no_guard_if_before_cfg_to_dag_prog.proc_body ! 2 = [(Assign 0 (Lit (LInt 0)))]" 
+    by (simp add: no_guard_if_before_cfg_to_dag_prog.block_2_def no_guard_if_before_cfg_to_dag_prog.node_2)
   show ?thesis 
     apply (rule generic_ending_block_global_rel)
-         apply (rule Rel_Main_test[of bigblock_then _ no_guard_if_before_cfg_to_dag_prog.block_2])
-         apply (simp add: bigblock_then_def no_guard_if_before_cfg_to_dag_prog.block_2_def)
+         apply (rule Rel_Main_test[of bigblock_then])
+         apply (simp add: bigblock_then_def)
         apply (rule assms(1))
        apply (simp add: bigblock_then_def)
+         apply simp
+        apply (rule disjI1)
+        apply (rule node2_loc)
+       apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_2)
+      apply (rule assms(2))
       apply simp
-     apply (rule no_guard_if_before_cfg_to_dag_prog.node_2)
-    apply (rule assms(2))
-    apply simp
+     apply simp
+    apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_2)
+    apply (rule bigblock_then_local_rel)
+     apply simp+
     done
 qed
 
@@ -104,16 +113,24 @@ lemma block_else_global_rel:
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
 proof -
-  show ?thesis
+  have node1_loc: "node_to_block no_guard_if_before_cfg_to_dag_prog.proc_body ! 1 = [(Assign 0 (Lit (LInt 1)))]" 
+    by (simp add: no_guard_if_before_cfg_to_dag_prog.block_1_def no_guard_if_before_cfg_to_dag_prog.node_1)
+  show ?thesis 
     apply (rule generic_ending_block_global_rel)
-           apply (rule Rel_Main_test[of bigblock_else _ no_guard_if_before_cfg_to_dag_prog.block_1])
-         apply (simp add: bigblock_else_def no_guard_if_before_cfg_to_dag_prog.block_1_def)
+         apply (rule Rel_Main_test[of bigblock_else])
+         apply (simp add: bigblock_else_def)
         apply (rule assms(1))
        apply (simp add: bigblock_else_def)
+         apply simp
+        apply (rule disjI1)
+        apply (rule node1_loc)
+       apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_1)
+      apply (rule assms(2))
       apply simp
-     apply (rule no_guard_if_before_cfg_to_dag_prog.node_1)
-    apply (rule assms(2))
-    apply simp
+     apply simp
+    apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_1)
+    apply (rule bigblock_else_local_rel)
+     apply simp+
     done
 qed
 
@@ -121,18 +138,20 @@ qed
 lemma block0_global_rel:
   assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
 proof -
   show ?thesis 
     apply (rule block_global_rel_if_successor)
            apply (rule Rel_Main_test[of bigblock0 _ no_guard_if_before_cfg_to_dag_prog.block_0])
            apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
           apply (rule ast_trace)
-         apply (simp add: bigblock0_def)
+          apply (simp add: bigblock0_def)
+         apply (rule disjI1)
         apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
        apply (rule assms(1))
        apply simp
-      apply simp
+       apply simp+
+     apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_0)
      apply (rule bigblock0_local_rel)
       apply (simp add: bigblock0_def)
      apply assumption
@@ -149,8 +168,8 @@ proof -
     apply simp
    
     apply (erule allE[where x=1])
-    apply (simp del: Nat.One_nat_def add:no_guard_if_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp del: Nat.One_nat_def add:member_rec(1))
+    apply (simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add:member_rec(1))
     apply (rule block_else_global_rel)
       apply (simp add: bigblock_else_def)
     apply simp
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_ast_cfg_proof.thy
new file mode 100644
index 0000000..fdff641
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_ast_cfg_proof.thy
@@ -0,0 +1,256 @@
+theory no_inv_loop_ast_cfg_proof
+  imports Main 
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          no_inv_loop_before_cfg_to_dag_prog 
+          no_inv_loop_before_ast_cfg
+          no_inv_loop_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+
+begin
+declare Nat.One_nat_def[simp del]
+
+abbreviation \<Lambda>1_local
+  where
+    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls))"
+
+definition body_bb1 
+  where "body_bb1 \<equiv> BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None"
+
+definition loop_only_bigblock0 
+  where
+    "loop_only_bigblock0 = BigBlock None []
+                    (Some (WhileWrapper 
+                          (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None])))
+                     None"
+
+definition unwrapped_bigblock0 
+  where
+    "unwrapped_bigblock0 = BigBlock None []
+                    (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None]))
+                     None"
+
+definition empty_bb 
+  where
+    "empty_bb = BigBlock None [] None None"
+
+lemma bb0_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>no_inv_loop_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock0 _ no_inv_loop_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+          apply simp+
+        apply (rule Red_bb)
+       apply (rule Red_impl, simp)
+      apply (simp add: bigblock0_def)
+     apply simp
+    apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+    done
+qed
+
+lemma loop_body_bb_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>no_inv_loop_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    unfolding no_inv_loop_before_cfg_to_dag_prog.block_2_def 
+    apply (rule guard_holds_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of body_bb1])
+             apply (simp add: body_bb1_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb)
+         apply (rule push_through_assumption_test1, rule Red_impl)
+            apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_2_def)
+           apply (simp add: trace_is_possible body_bb1_def)+
+    done
+qed
+
+lemma end_global_rel: 
+  assumes Red_bb: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (empty_bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
+shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+proof -
+  have node3_loc: "node_to_block no_inv_loop_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
+    by (simp add: no_inv_loop_before_cfg_to_dag_prog.block_3_def no_inv_loop_before_cfg_to_dag_prog.node_3)
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+            apply (rule Rel_Main_test[of empty_bb])
+            apply (simp add: empty_bb_def)
+           apply (rule Red_bb)
+          apply (simp add: empty_bb_def)
+         apply simp
+        apply (rule disjI2)
+        apply (rule disjI2)
+        apply (rule conjI)
+         apply (rule node3_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule conjI)
+         apply (rule neg_gt2)
+        apply (rule trace_is_possible)
+       apply (rule no_inv_loop_before_cfg_to_dag_prog.outEdges_3)
+      apply (rule cfg_is_correct, simp)
+     apply simp
+    apply (simp add: empty_bb_def)
+    apply (simp add: end_static)
+    done
+qed
+
+
+
+lemma second_loop_body_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb1, (KSeq unwrapped_bigblock0 (KEndBlock KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
+  and loop_ih:
+        "\<And>k ns1''. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock0, (KEndBlock KStop), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+proof -
+  have node2_loc: "node_to_block no_inv_loop_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
+    by (simp add: no_inv_loop_before_cfg_to_dag_prog.block_2_def no_inv_loop_before_cfg_to_dag_prog.node_2)
+  show ?thesis 
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of body_bb1])
+           apply (simp add: body_bb1_def)
+          apply (rule assms(1))
+         apply (simp add: body_bb1_def)
+        apply (rule disjI2)
+        apply (rule disjI1)
+        apply (rule conjI)
+         apply (rule node2_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_2)
+     apply (rule loop_body_bb_local_rel)
+       apply assumption
+      apply simp
+     apply (rule trace_is_possible)
+    apply (erule allE[where x=1])
+    apply (simp add: no_inv_loop_before_cfg_to_dag_prog.outEdges_2)
+    apply (simp add: member_rec(1))
+    apply (rule loop_ih)
+      apply simp+
+    done
+qed
+
+lemma second_loop_head_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock0, (KEndBlock KStop), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+  case (less j)
+  then show ?case 
+  proof (cases j)
+    case 0
+    then show ?thesis
+      using Ast.valid_configuration_def less.prems(1) by fastforce
+  next
+    case (Suc j')
+    show ?thesis
+      apply (rule block_global_rel_loop_head)
+              apply (rule Rel_Invs[of unwrapped_bigblock0 _ _ _ no_inv_loop_before_cfg_to_dag_prog.block_1])
+              apply (simp add: unwrapped_bigblock0_def)
+             apply (rule less(2))
+            apply (rule less(3), simp)
+           apply simp
+           apply (simp add: unwrapped_bigblock0_def)
+          apply simp                 
+         apply (rule block_local_rel_loop_head)
+              apply (rule Rel_Invs[of unwrapped_bigblock0])
+              apply (simp add: unwrapped_bigblock0_def)
+           apply (simp add: unwrapped_bigblock0_def)
+           apply simp
+           apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_1_def)
+          apply simp
+         apply simp
+        apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_1_def)
+       apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_1)
+       apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_1_def)
+      apply(rule disjE)
+        apply assumption
+
+       apply (erule allE[where x = 2])
+       apply (simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1)
+       apply (simp add:member_rec(1))
+       apply (rule conjE)
+        apply assumption
+       apply simp
+       apply (rule second_loop_body_global_rel)
+          apply (simp add: body_bb1_def)
+         apply simp
+        apply assumption
+       apply (rule less.IH)
+         apply (erule strictly_smaller_helper2)
+         apply assumption+
+
+      apply (erule allE[where x = 3])
+      apply (simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1)
+      apply (simp add:member_rec(1))
+      apply (rule conjE)
+       apply assumption
+      apply simp
+      apply (rule ending_after_skipping_endblock)
+          apply assumption
+          apply simp
+         apply simp
+         apply blast
+        apply simp
+       apply assumption
+      apply (rule end_global_rel)
+        apply (simp add: empty_bb_def)+
+      done
+   qed
+ qed
+
+lemma entry_block_global_rel:
+  assumes j_step_ast_trace: 
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
+  using assms
+proof -
+  show ?thesis
+    unfolding no_inv_loop_before_ast_cfg.post_def
+    apply (rule block_global_rel_while_successor)
+          apply (rule j_step_ast_trace)
+          apply (rule Rel_Main_test[of bigblock0 _ no_inv_loop_before_cfg_to_dag_prog.block_0])
+          apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+         apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+        apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+       apply (rule disjI1)
+       apply (rule no_inv_loop_before_cfg_to_dag_prog.node_0)
+       apply (rule cfg_is_correct, simp)
+      apply simp
+     apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_0)
+     apply (rule bb0_local_rel)
+      apply assumption
+     apply simp
+    apply (rule second_loop_head_global_rel)
+     apply (simp add: unwrapped_bigblock0_def)
+    apply (simp add: no_inv_loop_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add: member_rec(1))
+    done
+qed
+
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_cfg.thy
new file mode 100644
index 0000000..5cb2dca
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_cfg.thy
@@ -0,0 +1,86 @@
+theory no_inv_loop_before_ast_cfg
+  imports
+    Boogie_Lang.Ast
+    Boogie_Lang.Semantics 
+    Boogie_Lang.TypeSafety 
+    Boogie_Lang.Util 
+    "../global_data"
+begin
+
+definition bigblock0 
+  where
+    "bigblock0 = BigBlock None [Havoc 0]
+                    (Some (WhileWrapper 
+                          (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None])))
+                     None"
+
+definition proc_body
+  where
+    "proc_body  = bigblock0 # []"
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding no_inv_loop_before_ast_cfg.params_vdecls_def no_inv_loop_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_ast_cfg.params_vdecls) )"
+unfolding no_inv_loop_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_ast_cfg.locals_vdecls) )"
+unfolding no_inv_loop_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = no_inv_loop_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_inv_loop_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec no_inv_loop_before_ast_cfg.post),proc_body = (Some (no_inv_loop_before_ast_cfg.locals_vdecls,no_inv_loop_before_ast_cfg.proc_body))|)"
+
+end
\ No newline at end of file
diff --git a/BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/global_data.thy b/BoogieLang/generated_example_proofs/triangle_example_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/completed_example_proofs/no_guard_empty_branch_if_proofs/global_data.thy
rename to BoogieLang/generated_example_proofs/triangle_example_proofs/global_data.thy
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_ast_cfg_proof.thy
new file mode 100644
index 0000000..b26c126
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_ast_cfg_proof.thy
@@ -0,0 +1,296 @@
+theory triangle_ast_cfg_proof
+  imports Main 
+          Boogie_Lang.Ast
+          Boogie_Lang.Semantics
+          Boogie_Lang.Ast_Cfg_Transformation
+          "../global_data" 
+          triangle_before_cfg_to_dag_prog 
+          triangle_before_ast_cfg
+          triangle_cfgtodag_proof
+          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
+
+begin
+declare Nat.One_nat_def[simp del]
+
+abbreviation \<Lambda>1_local
+  where
+    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls))"
+
+definition body_bb1 
+  where "body_bb1 \<equiv> BigBlock None [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] None None"
+
+definition loop_only_bigblock0 
+  where
+    "loop_only_bigblock0 = BigBlock None []
+                               (Some (WhileWrapper 
+                                     (ParsedWhile 
+                                        (Some (BinOp (Var 1) Lt (Var 0))) 
+                                        [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),
+                                         (BinOp (Var 1) Le (Var 0))] 
+                                        [BigBlock None [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] None None]))) 
+                                None"
+
+definition unwrapped_bigblock0 
+  where
+    "unwrapped_bigblock0 = BigBlock None []
+                               (Some  (ParsedWhile 
+                                        (Some (BinOp (Var 1) Lt (Var 0))) 
+                                        [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),
+                                         (BinOp (Var 1) Le (Var 0))] 
+                                        [BigBlock None [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] None None])) 
+                                None"
+
+definition empty_bb 
+  where
+    "empty_bb = BigBlock None [] None None"
+
+lemma bb0_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>triangle_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    apply (rule block_local_rel_generic)
+           apply (rule Rel_Main_test[of bigblock0 _ triangle_before_cfg_to_dag_prog.block_0])
+           apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
+          apply simp+
+        apply (rule Red_bb)
+       apply (rule Red_impl, simp)
+      apply (simp add: bigblock0_def)
+     apply simp
+    apply (simp add: triangle_before_cfg_to_dag_prog.block_0_def)
+    done
+qed
+
+lemma loop_body_bb_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 1 \<guillemotleft>Lt\<guillemotright> Var 0,ns1\<rangle> \<Down> BoolV True"
+  shows "reached_state \<noteq> Failure  \<and>
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>triangle_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+proof -
+  show ?thesis 
+    unfolding triangle_before_cfg_to_dag_prog.block_2_def 
+    apply (rule guard_holds_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of body_bb1])
+             apply (simp add: body_bb1_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb)
+         apply (rule push_through_assumption_test1, rule Red_impl)
+            apply (simp add: triangle_before_cfg_to_dag_prog.block_2_def)
+           apply (simp add: trace_is_possible body_bb1_def)+
+    done
+qed
+
+lemma end_global_rel: 
+  assumes Red_bb: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (empty_bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,triangle_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                             is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) triangle_before_ast_cfg.post"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 1 \<guillemotleft>Lt\<guillemotright> Var 0,ns1\<rangle> \<Down> BoolV False"
+shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> triangle_before_ast_cfg.post reached_bb reached_cont reached_state)"
+proof -
+  have node3_loc: "node_to_block triangle_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Var 0) Le (Var 1)))]" 
+    by (simp add: triangle_before_cfg_to_dag_prog.block_3_def triangle_before_cfg_to_dag_prog.node_3)
+  show ?thesis
+    apply (rule generic_ending_block_global_rel)
+            apply (rule Rel_Main_test[of empty_bb])
+            apply (simp add: empty_bb_def)
+           apply (rule Red_bb)
+          apply (simp add: empty_bb_def)
+         apply simp
+        apply (rule disjI2)
+        apply (rule disjI2)
+        apply (rule conjI)
+         apply (rule node3_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule conjI)
+         apply (rule neg_lt2)
+        apply (rule trace_is_possible)
+       apply (rule triangle_before_cfg_to_dag_prog.outEdges_3)
+      apply (rule cfg_is_correct, simp)
+     apply (rule cfg_satisfies_post)
+      apply assumption+
+    apply (simp add: empty_bb_def)
+    apply (simp add: end_static)
+    done
+qed
+
+
+
+lemma second_loop_body_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb1, (KSeq unwrapped_bigblock0 (KEndBlock KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,triangle_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) triangle_before_ast_cfg.post)"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 1 \<guillemotleft>Lt\<guillemotright> Var 0,ns1\<rangle> \<Down> BoolV True"
+  and loop_ih:
+        "\<And>k ns1''. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock0, (KEndBlock KStop), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (\<And>m2 s2.
+             ((A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,triangle_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1'') -n\<rightarrow>* (m2, s2)) \<Longrightarrow>
+             is_final_config (m2, s2) \<Longrightarrow> (\<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) triangle_before_ast_cfg.post))) \<Longrightarrow> 
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> triangle_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> triangle_before_ast_cfg.post reached_bb reached_cont reached_state)"
+proof -
+  have node2_loc: "node_to_block triangle_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 1) Lt (Var 0))),(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))]" 
+    by (simp add: triangle_before_cfg_to_dag_prog.block_2_def triangle_before_cfg_to_dag_prog.node_2)
+  show ?thesis 
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of body_bb1])
+           apply (simp add: body_bb1_def)
+          apply (rule assms(1))
+         apply (simp add: body_bb1_def)
+        apply (rule disjI2)
+        apply (rule disjI1)
+        apply (rule conjI)
+         apply (rule node2_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+        apply simp
+       apply (rule cfg_satisfies_post)
+        apply simp+
+     apply (simp add: triangle_before_cfg_to_dag_prog.node_2)
+     apply (rule loop_body_bb_local_rel)
+       apply assumption
+      apply simp
+     apply (rule trace_is_possible)
+    apply (erule allE[where x=1])
+    apply (erule allE[where x=1])
+    apply (simp add: triangle_before_cfg_to_dag_prog.outEdges_2)
+    apply (simp add: member_rec(1))
+    apply (rule loop_ih)
+       apply simp+
+    apply auto
+    done
+qed
+
+lemma second_loop_head_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock0, (KEndBlock KStop), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m2 s2.
+                               ((A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,triangle_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m2, s2)) \<Longrightarrow>
+                               is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) triangle_before_ast_cfg.post)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> triangle_before_ast_cfg.post reached_bb reached_cont reached_state)"
+  using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+  case (less j)
+  then show ?case 
+  proof (cases j)
+    case 0
+    then show ?thesis
+      using Ast.valid_configuration_def less.prems(1) by fastforce
+  next
+    case (Suc j')
+    show ?thesis
+      apply (rule block_global_rel_loop_head)
+              apply (rule Rel_Invs[of unwrapped_bigblock0 _ _ _ triangle_before_cfg_to_dag_prog.block_1])
+              apply (simp add: unwrapped_bigblock0_def)
+             apply (rule less(2))
+            apply (rule less(3), simp)
+           apply (rule less(4))
+            apply assumption+
+           apply (simp add: unwrapped_bigblock0_def)
+          apply simp                 
+         apply (rule block_local_rel_loop_head)
+              apply (rule Rel_Invs[of unwrapped_bigblock0])
+              apply (simp add: unwrapped_bigblock0_def)
+           apply (simp add: unwrapped_bigblock0_def)
+           apply simp
+           apply (simp add: triangle_before_cfg_to_dag_prog.block_1_def)
+          apply simp
+         apply simp
+        apply (simp add: triangle_before_cfg_to_dag_prog.block_1_def)
+       apply (simp add: triangle_before_cfg_to_dag_prog.node_1)
+       apply (simp add: triangle_before_cfg_to_dag_prog.block_1_def)
+      apply(rule disjE)
+        apply assumption
+
+       apply (erule allE[where x = 2])
+       apply (erule allE[where x = 2])
+       apply (simp add:triangle_before_cfg_to_dag_prog.outEdges_1)
+       apply (simp add:member_rec(1))
+       apply (rule conjE)
+        apply assumption
+       apply simp
+       apply (rule second_loop_body_global_rel)
+          apply (simp add: body_bb1_def)
+          apply simp
+         apply blast
+        apply assumption
+       apply (rule less.IH)
+         apply (erule strictly_smaller_helper2)
+          apply assumption
+         apply assumption
+        apply assumption
+       apply blast
+       apply simp
+
+      apply (erule allE[where x = 3])
+      apply (erule allE[where x = 3])
+      apply (simp add:triangle_before_cfg_to_dag_prog.outEdges_1)
+      apply (simp add:member_rec(1))
+      apply (rule conjE)
+       apply assumption
+      apply simp
+      apply (rule ending_after_skipping_endblock)
+            apply assumption               
+           apply simp
+          apply simp
+         apply blast
+        apply blast
+       apply (simp add: empty_bb_def)
+      apply (rule end_global_rel)
+         apply (simp add: empty_bb_def)+
+       apply blast
+      apply simp
+      done
+   qed
+ qed
+
+lemma entry_block_global_rel:
+  assumes j_step_ast_trace: 
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m2 s2.
+                               ((A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,triangle_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m2, s2)) \<Longrightarrow>
+                               is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) triangle_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> triangle_before_ast_cfg.post reached_bb reached_cont reached_state)"
+  using assms
+proof -
+  show ?thesis
+    apply (rule block_global_rel_while_successor)
+          apply (rule j_step_ast_trace)
+          apply (rule Rel_Main_test[of bigblock0 _ triangle_before_cfg_to_dag_prog.block_0])
+          apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
+         apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
+        apply (simp add: triangle_before_cfg_to_dag_prog.block_0_def)
+       apply (rule disjI1)
+       apply (rule triangle_before_cfg_to_dag_prog.node_0)
+       apply (rule cfg_is_correct, simp)
+      apply (rule cfg_satisfies_post)
+       apply assumption+
+     apply (simp add: triangle_before_cfg_to_dag_prog.node_0)
+     apply (rule bb0_local_rel)
+      apply assumption
+     apply simp
+    apply (rule second_loop_head_global_rel)
+     apply (simp add: unwrapped_bigblock0_def)
+     apply (simp only: triangle_before_cfg_to_dag_prog.outEdges_0)
+     apply (simp add: member_rec(1))
+    apply (simp only: triangle_before_cfg_to_dag_prog.outEdges_0)
+    apply (erule allE[where x = 1])
+    apply (erule allE[where x = 1])
+    apply (simp add: member_rec(1))
+    apply blast
+    done
+qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_cfg.thy
new file mode 100644
index 0000000..6302092
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_cfg.thy
@@ -0,0 +1,109 @@
+theory triangle_before_ast_cfg
+  imports
+    Boogie_Lang.Ast
+    Boogie_Lang.Semantics 
+    Boogie_Lang.TypeSafety 
+    Boogie_Lang.Util 
+    "../global_data"
+begin
+
+definition bigblock0 
+  where
+    "bigblock0 = BigBlock None [(Assign 1 (Lit (LInt 0))),(Assign 2 (Lit (LInt 0)))]
+                               (Some (WhileWrapper 
+                                     (ParsedWhile 
+                                        (Some (BinOp (Var 1) Lt (Var 0))) 
+                                        [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),
+                                         (BinOp (Var 1) Le (Var 0))] 
+                                        [BigBlock None [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] None None]))) 
+                                None"
+
+definition proc_body
+  where
+    "proc_body = bigblock0 # []"
+
+
+definition pres
+  where
+    "pres  = [(BinOp (Var 0) Ge (Lit (LInt 0)))]"
+definition post
+  where
+    "post  = [(BinOp (Var 2) Eq (BinOp (BinOp (Var 0) Mul (BinOp (Var 0) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))]"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
+unfolding triangle_before_ast_cfg.params_vdecls_def triangle_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_ast_cfg.params_vdecls) )"
+unfolding triangle_before_ast_cfg.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_ast_cfg.locals_vdecls) )"
+unfolding triangle_before_ast_cfg.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_n:
+shows "((map_of (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_m:
+shows "((map_of (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_t:
+shows "((map_of (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_n:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_m:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_t:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_t
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc_ast :: "(ast_procedure)"
+  where
+    "proc_ast  = (|proc_ty_args = 0,proc_args = triangle_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec triangle_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec triangle_before_ast_cfg.post),proc_body = (Some (triangle_before_ast_cfg.locals_vdecls,triangle_before_ast_cfg.proc_body))|)"
+
+end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..7881e0b
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy
@@ -0,0 +1,140 @@
+theory triangle_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 1 (Lit (LInt 0))),(Assign 2 (Lit (LInt 0)))]"
+definition block_1
+  where
+    "block_1  = [(Assert (BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assert (BinOp (Var 1) Le (Var 0)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 1) Lt (Var 0))),(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 0) Le (Var 1)))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[3,2],[1],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = [(BinOp (Var 0) Ge (Lit (LInt 0)))]"
+definition post
+  where
+    "post  = [(BinOp (Var 2) Eq (BinOp (BinOp (Var 0) Mul (BinOp (Var 0) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))]"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
+unfolding global_data.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
+unfolding global_data.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding triangle_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding triangle_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_n:
+shows "((map_of (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_m:
+shows "((map_of (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_t:
+shows "((map_of (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_n:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_m:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_t:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_t
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = triangle_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec triangle_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec triangle_before_cfg_to_dag_prog.post),proc_body = (Some (triangle_before_cfg_to_dag_prog.locals_vdecls,triangle_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy
new file mode 100644
index 0000000..1c5560b
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy
@@ -0,0 +1,106 @@
+theory triangle_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util triangle_before_cfg_to_dag_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 2) Eq (BinOp (BinOp (Var 0) Mul (BinOp (Var 0) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Le (Var 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 1) Lt (Var 0))),(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1)))),(Assert (BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assert (BinOp (Var 1) Le (Var 0))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 2),(Havoc 1),(Assume (BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assume (BinOp (Var 1) Le (Var 0)))]"
+definition block_4
+  where
+    "block_4  = [(Assign 1 (Lit (LInt 0))),(Assign 2 (Lit (LInt 0))),(Assert (BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assert (BinOp (Var 1) Le (Var 0)))]"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy
new file mode 100644
index 0000000..7f4641a
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy
@@ -0,0 +1,372 @@
+theory triangle_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML triangle_before_cfg_to_dag_prog triangle_before_passive_prog triangle_passification_proof triangle_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma ty_hint_1:
+shows "(hint_ty_subst [])"
+by (simp add: hint_ty_subst_def)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 triangle_before_cfg_to_dag_prog.post)"
+unfolding expr_all_sat_def triangle_before_cfg_to_dag_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule triangle_before_passive_prog.node_0)
+apply simp
+apply (rule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf triangle_before_cfg_to_dag_prog.var_context_wf])
+apply (rule assms(2))
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} @{thms ty_hint_1} @{thms triangle_before_cfg_to_dag_prog.l_t(2) triangle_before_cfg_to_dag_prog.l_n(2)} [] 1\<close>))
+
+unfolding triangle_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon2_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] triangle_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding triangle_before_cfg_to_dag_prog.block_3_def triangle_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon2_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule triangle_before_cfg_to_dag_prog.node_3)
+apply (rule triangle_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon2_LoopDone)
+apply assumption+
+apply (rule triangle_before_cfg_to_dag_prog.outEdges_3)
+apply (rule triangle_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma ty_hint_2:
+shows "(hint_ty_subst [])"
+by (simp add: hint_ty_subst_def)
+
+lemma Mods_anon2_LoopBody:
+shows "(mods_contained_in (set [2,1]) triangle_before_cfg_to_dag_prog.block_2)"
+unfolding triangle_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon2_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] triangle_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding triangle_before_cfg_to_dag_prog.block_2_def triangle_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (intro conjI)
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf triangle_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} @{thms ty_hint_2} @{thms triangle_before_cfg_to_dag_prog.l_t(2) triangle_before_cfg_to_dag_prog.l_m(2)} [] 1\<close>))
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf triangle_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms triangle_before_cfg_to_dag_prog.l_m(2) triangle_before_cfg_to_dag_prog.l_n(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon2_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon2_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body [2,1] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] triangle_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule triangle_before_cfg_to_dag_prog.node_2)
+apply (rule triangle_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon2_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon2_LoopBody)
+apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon2_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon2_LoopHead:
+shows "(mods_contained_in (set [2,1]) triangle_before_cfg_to_dag_prog.block_1)"
+unfolding triangle_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon2_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [2,1] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] triangle_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding triangle_before_cfg_to_dag_prog.block_1_def triangle_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:triangle_before_cfg_to_dag_prog.l_t(1)))
+apply ((simp add:triangle_before_cfg_to_dag_prog.l_m(1)))
+apply simp
+done
+
+lemma cfg_block_anon2_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [2,1] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [2,1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule triangle_before_cfg_to_dag_prog.node_1)
+apply (rule triangle_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon2_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon2_LoopHead)
+apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:triangle_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:triangle_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma ty_hint_3:
+shows "(hint_ty_subst [])"
+by (simp add: hint_ty_subst_def)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] triangle_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding triangle_before_cfg_to_dag_prog.block_0_def triangle_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (intro conjI)
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf triangle_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} @{thms ty_hint_3} @{thms triangle_before_cfg_to_dag_prog.l_t(2) triangle_before_cfg_to_dag_prog.l_m(2)} [] 1\<close>))
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf triangle_before_cfg_to_dag_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms triangle_before_cfg_to_dag_prog.l_m(2) triangle_before_cfg_to_dag_prog.l_n(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule triangle_before_cfg_to_dag_prog.node_0)
+apply (rule triangle_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:triangle_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:triangle_before_passive_prog.outEdges_5))
+by ((simp add:triangle_before_passive_prog.node_5 triangle_before_passive_prog.block_5_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 triangle_before_cfg_to_dag_prog.pres)"
+shows "(valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule triangle_before_passive_prog.node_6)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding triangle_before_passive_prog.block_6_def
+apply (rule assume_pres_normal[where ?es=triangle_before_cfg_to_dag_prog.pres])
+apply (rule assms(4))
+unfolding triangle_before_cfg_to_dag_prog.pres_def
+apply simp
+apply (rule triangle_before_passive_prog.outEdges_6)
+apply ((simp add:triangle_before_passive_prog.node_5 triangle_before_passive_prog.block_5_def))
+apply (rule triangle_before_passive_prog.outEdges_5)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns triangle_before_cfg_to_dag_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(valid_configuration A \<Lambda>0 \<Gamma> [] triangle_before_cfg_to_dag_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule triangle_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+lemma end_to_end_theorem:
+assumes 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms triangle_before_cfg_to_dag_prog.proc))"
+apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 triangle_before_cfg_to_dag_prog.proc_def triangle_before_cfg_to_dag_prog.proc_body_def)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy
new file mode 100644
index 0000000..d6c447b
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy
@@ -0,0 +1,303 @@
+theory triangle_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util triangle_before_passive_prog triangle_passive_prog Boogie_Lang.PassificationML triangle_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 7)))" and 
+"((R 0) = (Some (Inl 0)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old triangle_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding triangle_before_passive_prog.block_0_def triangle_passive_prog.block_0_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon2_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 3)))" and 
+"((R 0) = (Some (Inl 0)))" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(2,(Inl 7))]) R_old triangle_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding triangle_before_passive_prog.block_1_def triangle_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:triangle_before_cfg_to_dag_prog.l_t(2) triangle_passive_prog.l_t_2(2)))
+by simp
+
+lemma block_anon2_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5,6,7] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 3)))" and 
+"((R 0) = (Some (Inl 0)))" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5,6,7])) (update_nstate_rel R [(2,(Inl 5)),(1,(Inl 6)),(2,(Inl 7))]) R_old triangle_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding triangle_before_passive_prog.block_2_def triangle_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:triangle_before_cfg_to_dag_prog.l_t(2) triangle_passive_prog.l_t_1(2)))
+apply ((simp add:triangle_before_cfg_to_dag_prog.l_m(2) triangle_passive_prog.l_m_1(2)))
+apply ((simp add:triangle_before_cfg_to_dag_prog.l_t(2) triangle_passive_prog.l_t_2(2)))
+by simp
+
+lemma block_anon2_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 0)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4])) (update_nstate_rel R [(2,(Inl 3)),(1,(Inl 4))]) R_old triangle_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding triangle_before_passive_prog.block_3_def triangle_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:triangle_before_cfg_to_dag_prog.l_t(2) triangle_passive_prog.l_t_0(2)))
+apply ((simp add:triangle_before_cfg_to_dag_prog.l_m(2) triangle_passive_prog.l_m_0(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 0)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(1,(Inr (LInt 0))),(2,(Inr (LInt 0)))]) R_old triangle_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding triangle_before_passive_prog.block_4_def triangle_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 0)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old triangle_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding triangle_before_passive_prog.block_5_def triangle_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 0)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old triangle_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding triangle_before_passive_prog.block_6_def triangle_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 7)))" and 
+"((R 0) = (Some (Inl 0)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_0},@{thm triangle_before_passive_prog.outEdges_0}) (@{thm triangle_passive_prog.node_0},@{thm triangle_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon2_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 3)))" and 
+"((R 0) = (Some (Inl 0)))" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_1},@{thm triangle_before_passive_prog.outEdges_1}) (@{thm triangle_passive_prog.node_1},@{thm triangle_passive_prog.outEdges_1}) @{thm block_anon2_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon2_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 3)))" and 
+"((R 0) = (Some (Inl 0)))" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_2},@{thm triangle_before_passive_prog.outEdges_2}) (@{thm triangle_passive_prog.node_2},@{thm triangle_passive_prog.outEdges_2}) @{thm block_anon2_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon2_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 0)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_3},@{thm triangle_before_passive_prog.outEdges_3}) (@{thm triangle_passive_prog.node_3},@{thm triangle_passive_prog.outEdges_3}) @{thm block_anon2_LoopHead} [
+@{thm cfg_block_anon2_LoopDone}, 
+@{thm cfg_block_anon2_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 0)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_4},@{thm triangle_before_passive_prog.outEdges_4}) (@{thm triangle_passive_prog.node_4},@{thm triangle_passive_prog.outEdges_4}) @{thm block_anon0} [
+@{thm cfg_block_anon2_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 0)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_5},@{thm triangle_before_passive_prog.outEdges_5}) (@{thm triangle_passive_prog.node_5},@{thm triangle_passive_prog.outEdges_5}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 0)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_6},@{thm triangle_before_passive_prog.outEdges_6}) (@{thm triangle_passive_prog.node_6},@{thm triangle_passive_prog.outEdges_6}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 6),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = [(0,(Inl 0))]"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+apply ((simp add:triangle_before_cfg_to_dag_prog.l_n(2) triangle_passive_prog.l_n(2)))
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv triangle_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+apply simp
+unfolding triangle_passive_prog.params_vdecls_def triangle_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using triangle_before_passive_prog.globals_locals_disj apply auto[1]
+using triangle_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] triangle_passive_prog.proc_body u (Inl 6)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range global_data.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] triangle_passive_prog.proc_body ((Inl 6),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from triangle_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy
new file mode 100644
index 0000000..1866d4e
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy
@@ -0,0 +1,184 @@
+theory triangle_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util triangle_before_passive_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 7) Eq (BinOp (BinOp (Var 0) Mul (BinOp (Var 0) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Le (Var 4))),(Assume (BinOp (Var 7) Eq (Var 3)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 4) Lt (Var 0))),(Assume (BinOp (Var 5) Eq (BinOp (Var 3) Add (Var 4)))),(Assume (BinOp (Var 6) Eq (BinOp (Var 4) Add (Lit (LInt 1))))),(Assert (BinOp (Var 5) Eq (BinOp (BinOp (Var 6) Mul (BinOp (Var 6) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assert (BinOp (Var 6) Le (Var 0))),(Assume (Lit (LBool False))),(Assume (BinOp (Var 7) Eq (Var 5)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 3) Eq (BinOp (BinOp (Var 4) Mul (BinOp (Var 4) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assume (BinOp (Var 4) Le (Var 0)))]"
+definition block_4
+  where
+    "block_4  = [(Assert (BinOp (Lit (LInt 0)) Eq (BinOp (BinOp (Lit (LInt 0)) Mul (BinOp (Lit (LInt 0)) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assert (BinOp (Lit (LInt 0)) Le (Var 0)))]"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(1,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding triangle_passive_prog.params_vdecls_def triangle_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)))) = {})"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma m_n:
+shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_m:
+shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_t_0:
+shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_m_0:
+shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_t_1:
+shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_m_1:
+shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_t_2:
+shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_t:
+shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_n:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_m:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_t_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_t_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_m_0:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_t_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_t_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_m_1:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_t_2:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+using globals_locals_disj m_t_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_t:
+shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_t
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy
new file mode 100644
index 0000000..5efa15b
--- /dev/null
+++ b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy
@@ -0,0 +1,309 @@
+theory triangle_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML triangle_passive_prog triangle_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon2_LoopBody
+  where
+    "vc_anon2_LoopBody m_0 n t_1 t_0 m_1 = ((m_0 < n) \<longrightarrow> (((t_1 = (t_0 + m_0)) \<and> (m_1 = (m_0 + (1::int)))) \<longrightarrow> ((t_1 = (smt_div (m_1 * (m_1 - (1::int))) (2::int))) \<and> ((t_1 = (smt_div (m_1 * (m_1 - (1::int))) (2::int))) \<longrightarrow> (m_1 \<le> n)))))"
+definition vc_GeneratedUnifiedExit
+  where
+    "vc_GeneratedUnifiedExit t_2 n = (t_2 = (smt_div (n * (n - (1::int))) (2::int)))"
+definition vc_anon2_LoopDone
+  where
+    "vc_anon2_LoopDone n m_0 t_2 t_0 = (((n \<le> m_0) \<and> (t_2 = t_0)) \<longrightarrow> (vc_GeneratedUnifiedExit t_2 n))"
+definition vc_anon2_LoopHead
+  where
+    "vc_anon2_LoopHead t_0 m_0 n t_2 t_1 m_1 = (((t_0 = (smt_div (m_0 * (m_0 - (1::int))) (2::int))) \<and> (m_0 \<le> n)) \<longrightarrow> ((vc_anon2_LoopDone n m_0 t_2 t_0) \<and> (vc_anon2_LoopBody m_0 n t_1 t_0 m_1)))"
+definition vc_anon0
+  where
+    "vc_anon0 n t_0 m_0 t_2 t_1 m_1 = (((0::int) = (smt_div ((0::int) * ((0::int) - (1::int))) (2::int))) \<and> (((0::int) = (smt_div ((0::int) * ((0::int) - (1::int))) (2::int))) \<longrightarrow> (((0::int) \<le> n) \<and> (((0::int) \<le> n) \<longrightarrow> (vc_anon2_LoopHead t_0 m_0 n t_2 t_1 m_1)))))"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry n t_0 m_0 t_2 t_1 m_1 = ((n \<ge> (0::int)) \<longrightarrow> (vc_anon0 n t_0 m_0 t_2 t_1 m_1))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_n :: "int" and vc_m :: "int" and vc_t_0 :: "int" and vc_m_0 :: "int" and vc_t_1 :: "int" and vc_m_1 :: "int" and vc_t_2 :: "int" and vc_t :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_n)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_m)))" and 
+G2: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_t_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_m_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_t_1)))" and 
+G5: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_m_1)))" and 
+G6: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_t_2)))" and 
+G7: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_t)))" and 
+G8: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8
+lemmas forall_poly_thm = forall_vc_type[OF G8]
+lemmas exists_poly_thm = exists_vc_type[OF G8]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_GeneratedUnifiedExit_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_GeneratedUnifiedExitAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_GeneratedUnifiedExit vc_t_2 vc_n) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding triangle_passive_prog.block_0_def vc.vc_GeneratedUnifiedExit_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_GeneratedUnifiedExit_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon2_LoopDone_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon2_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2_LoopDone vc_n vc_m_0 vc_t_2 vc_t_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_GeneratedUnifiedExit vc_t_2 vc_n)))))))"
+unfolding triangle_passive_prog.block_1_def vc.vc_anon2_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon2_LoopBody_hints = [
+(AssumeConjR 0,NONE), 
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertSub,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon2_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2_LoopBody vc_m_0 vc_n vc_t_1 vc_t_0 vc_m_1) \<Longrightarrow> (s' = Magic)))"
+unfolding triangle_passive_prog.block_2_def vc.vc_anon2_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon2_LoopHead_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon2_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2_LoopHead vc_t_0 vc_m_0 vc_n vc_t_2 vc_t_1 vc_m_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon2_LoopDone vc_n vc_m_0 vc_t_2 vc_t_0) \<and> (vc.vc_anon2_LoopBody vc_m_0 vc_n vc_t_1 vc_t_0 vc_m_1))))))))"
+unfolding triangle_passive_prog.block_3_def vc.vc_anon2_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon0_hints = [
+(AssertSub,NONE), 
+(AssertSub,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon2_LoopHead vc_t_0 vc_m_0 vc_n vc_t_2 vc_t_1 vc_m_1)))))))"
+unfolding triangle_passive_prog.block_4_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_5 (Normal n_s) s')" and 
+"(vc.vc_anon0 vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1)"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1)))))"
+using assms
+unfolding triangle_passive_prog.block_5_def
+apply cases
+by auto
+
+ML\<open>
+val block_PreconditionGeneratedEntry_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_PreconditionGeneratedEntryAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1)))))))"
+unfolding triangle_passive_prog.block_6_def vc.vc_PreconditionGeneratedEntry_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_PreconditionGeneratedEntry_hints \<close>)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_GeneratedUnifiedExit vc_t_2 vc_n)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) triangle_passive_prog.node_0 triangle_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExitAA0[OF _ assms(2)] by blast
+
+lemma cfg_block_anon2_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon2_LoopDone vc_n vc_m_0 vc_t_2 vc_t_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) triangle_passive_prog.node_1])
+apply (erule block_anon2_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:triangle_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon2_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon2_LoopBody vc_m_0 vc_n vc_t_1 vc_t_0 vc_m_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) triangle_passive_prog.node_2])
+by (erule block_anon2_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon2_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon2_LoopHead vc_t_0 vc_m_0 vc_n vc_t_2 vc_t_1 vc_m_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) triangle_passive_prog.node_3])
+apply (erule block_anon2_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:triangle_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) triangle_passive_prog.node_4])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:triangle_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) triangle_passive_prog.node_5])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:triangle_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) triangle_passive_prog.node_6])
+apply (erule block_PreconditionGeneratedEntryAA0[OF _ assms(2)])
+apply ((simp add:triangle_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) \<Gamma> [] triangle_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
+let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_n:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_n])
+apply (subst lookup_var_local[OF triangle_passive_prog.m_n])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_m:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_m])
+apply (subst lookup_var_local[OF triangle_passive_prog.m_m])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_t_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_t_0])
+apply (subst lookup_var_local[OF triangle_passive_prog.m_t_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_m_0:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_m_0])
+apply (subst lookup_var_local[OF triangle_passive_prog.m_m_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_t_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_t_1])
+apply (subst lookup_var_local[OF triangle_passive_prog.m_t_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_m_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_m_1])
+apply (subst lookup_var_local[OF triangle_passive_prog.m_m_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_t_2:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_t_2])
+apply (subst lookup_var_local[OF triangle_passive_prog.m_t_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_t:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_t])
+apply (subst lookup_var_local[OF triangle_passive_prog.m_t])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_block_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_n])
+apply (rule HOL.conjunct1[OF sc_m])
+apply (rule HOL.conjunct1[OF sc_t_0])
+apply (rule HOL.conjunct1[OF sc_m_0])
+apply (rule HOL.conjunct1[OF sc_t_1])
+apply (rule HOL.conjunct1[OF sc_m_1])
+apply (rule HOL.conjunct1[OF sc_t_2])
+apply (rule HOL.conjunct1[OF sc_t])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
index cf279de..8c19aab 100644
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
@@ -78,16 +78,16 @@ lemma first_loop_body_bb_local_rel:
 proof -
   show ?thesis 
     unfolding p_before_cfg_to_dag_prog.block_2_def 
-    apply (rule block_local_rel_guard_true)
-           apply (rule Rel_Main_test[of body_bb1])
-           apply (simp add: body_bb1_def)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb)
-       apply (rule Red_impl)
-       apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
-      apply (simp add: body_bb1_def)
-     apply simp+
+    apply (rule guard_holds_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of body_bb1])
+             apply (simp add: body_bb1_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb)
+         apply (rule push_through_assumption_test1, rule Red_impl)
+            apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
+           apply (simp add: trace_is_possible body_bb1_def)+
     done
 qed 
 
@@ -99,64 +99,83 @@ lemma second_loop_body_bb_local_rel:
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
   show ?thesis 
-    unfolding p_before_cfg_to_dag_prog.block_5_def
-    apply (rule block_local_rel_guard_true)
-           apply (rule Rel_Main_test[of body_bb2])
-           apply (simp add: body_bb2_def)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb)
-       apply (rule Red_impl)
-       apply (simp add: p_before_cfg_to_dag_prog.block_5_def)
-      apply (simp add: body_bb2_def)
-     apply simp+
+    unfolding p_before_cfg_to_dag_prog.block_5_def 
+    apply (rule guard_holds_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of body_bb2])
+             apply (simp add: body_bb2_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb)
+         apply (rule push_through_assumption_test1, rule Red_impl)
+            apply (simp add: p_before_cfg_to_dag_prog.block_5_def)
+           apply (simp add: trace_is_possible body_bb2_def)+
     done
 qed
 
 lemma bb2_local_rel:
   assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock2 , KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
   and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
   shows "reached_state \<noteq> Failure  \<and>
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_6, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
 proof -
-  show ?thesis 
-    unfolding p_before_cfg_to_dag_prog.block_6_def
-    apply (rule block_local_rel_guard_false)
-            apply (rule Rel_Main_test[of bigblock2])
-            apply (simp add: bigblock2_def)
-           apply (rule neg_lt2)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule Red_bb)
-       apply (rule Red_impl)
-       apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
-      apply (simp add: bigblock2_def)
-     apply simp+
+  show ?thesis
+    apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
+    apply (rule guard_fails_push_through_assumption)
+      apply (rule block_local_rel_generic)
+             apply (rule Rel_Main_test[of bigblock2])
+             apply (simp add: bigblock2_def)
+            apply simp
+           apply simp
+          apply (rule Red_bb)
+         apply (rule Red_impl)
+         apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
+         apply (rule push_through_assumption1)
+             apply simp
+            apply (rule neg_lt2)
+          apply (rule trace_is_possible)
+         apply simp
+        apply (simp add: bigblock2_def)
+        apply simp+
+     apply (rule neg_lt2)
+    apply (rule trace_is_possible)
     done
 qed
 
 lemma bb2_global_rel:
   assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock2, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not (BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV True"
+  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   using assms
 proof -
+  have node6_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 6 = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]" 
+    by (simp add: p_before_cfg_to_dag_prog.block_6_def p_before_cfg_to_dag_prog.node_6)
   show ?thesis
-    apply (rule generic_ending_block_after_loop_global_rel)
-            apply (rule Rel_Main_test[of bigblock2])
-            apply (simp add: bigblock2_def)
-           apply (simp add: bigblock2_def)
-           apply simp
-          apply (rule p_before_cfg_to_dag_prog.node_6)
-         apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
-        apply simp
-       apply (rule neg_lt2)
-        apply(rule trace_is_possible)
-       apply (rule concrete_trace)
-      apply (rule cfg_is_correct)
-    apply simp
+    apply (rule generic_ending_block_global_rel)
+         apply (rule Rel_Main_test[of bigblock2])
+         apply (simp add: bigblock2_def)
+           apply (rule concrete_trace)
+          apply (simp add: bigblock2_def)
+         apply simp
+        apply (rule disjI2)
+        apply (rule disjI2)
+        apply (rule conjI)
+         apply (rule node6_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule conjI)
+         apply (rule neg_lt2)
+        apply (rule trace_is_possible)
+       apply (rule p_before_cfg_to_dag_prog.outEdges_6)
+    apply (rule cfg_is_correct)
+      apply simp
+     apply simp
+    apply (simp add: p_before_cfg_to_dag_prog.node_6)
+    apply (rule bb2_local_rel)
+      apply assumption+
+    apply (rule trace_is_possible)
     done
 qed
 
@@ -173,32 +192,42 @@ lemma second_loop_body_global_rel:
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
 proof -
-  show ?thesis
-    apply (rule block_global_rel_if_true)
-                apply (rule Rel_Main_test[of body_bb2])
-                apply (simp add: body_bb2_def)
-              apply (rule j_step_ast_trace)
-             apply (simp add: body_bb2_def)
-             apply simp
-            apply simp
-           apply (rule p_before_cfg_to_dag_prog.node_5)
-          apply (rule p_before_cfg_to_dag_prog.block_5_def)
-         apply (rule cfg_is_correct)
-         apply simp+
-      apply (rule trace_is_possible)
+  have node5_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 5 = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]" 
+    by (simp add: p_before_cfg_to_dag_prog.block_5_def p_before_cfg_to_dag_prog.node_5)
+  show ?thesis 
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of body_bb2])
+           apply (simp add: body_bb2_def)
+          apply (rule assms(1))
+         apply (simp add: body_bb2_def)
+        apply (rule disjI2)
+        apply (rule disjI1)
+        apply (rule conjI)
+         apply (rule node5_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: p_before_cfg_to_dag_prog.node_5)
      apply (rule second_loop_body_bb_local_rel)
-       apply assumption+
+       apply assumption
+      apply simp
      apply (rule trace_is_possible)
+    apply (erule allE[where x=4])
     apply (simp add: p_before_cfg_to_dag_prog.outEdges_5)
-    apply (simp add: member_rec)
+    apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply auto
+      apply simp+
     done
 qed
 
 lemma second_loop_head_global_rel:
   assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock1, (KEndBlock (KSeq bigblock2 KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_sat_post: "\<And>m2 s2.
+       A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1) -n\<rightarrow>* (m2, s2) \<Longrightarrow>
+       is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) []"
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
   using assms
 proof (induction j arbitrary: ns1 rule: less_induct)
@@ -213,9 +242,10 @@ proof (induction j arbitrary: ns1 rule: less_induct)
     show ?thesis
       apply (rule block_global_rel_loop_head)
               apply (rule Rel_Invs[of unwrapped_bigblock1 _ _ _ p_before_cfg_to_dag_prog.block_4])
-              apply (simp add: unwrapped_bigblock1_def p_before_cfg_to_dag_prog.block_4_def)
+              apply (simp add: unwrapped_bigblock1_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply simp
            apply (simp add: unwrapped_bigblock1_def)
           apply simp                 
          apply (rule block_local_rel_loop_head)
@@ -228,6 +258,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
          apply simp
         apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
        apply (simp add: p_before_cfg_to_dag_prog.node_4)
+       apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
       apply(rule disjE)
         apply assumption
 
@@ -243,7 +274,8 @@ proof (induction j arbitrary: ns1 rule: less_induct)
         apply assumption
        apply (rule less.IH)
          apply (erule strictly_smaller_helper2)
-         apply assumption+
+          apply assumption+
+       apply simp
 
       apply (erule allE[where x = 6])
       apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)
@@ -251,16 +283,17 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       apply (rule conjE)
        apply assumption
       apply simp
-      apply (rule ending)
-           apply assumption
-          apply assumption 
+      apply (rule ending_after_skipping_endblock2)
+          apply assumption
+          apply simp
          apply simp
-        apply blast
+         apply blast
+        apply simp
        apply assumption
       apply (rule bb2_global_rel)
-        apply assumption+
+        apply simp+
       done
-  qed
+   qed
 qed
 
 lemma first_loop_body_global_rel:
@@ -274,27 +307,33 @@ lemma first_loop_body_global_rel:
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
 proof -
-  show ?thesis
-    apply (rule block_global_rel_if_true)
-              apply (rule Rel_Main_test[of body_bb1])
-              apply (simp add: body_bb1_def)
-              apply (rule j_step_ast_trace)
-             apply (simp add: body_bb1_def)
-             apply simp
-            apply simp
-           apply (rule p_before_cfg_to_dag_prog.node_2)
-          apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
-         apply (rule cfg_is_correct)
-         apply simp+
-      apply (rule trace_is_possible)
+  have node2_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
+    by (simp add: p_before_cfg_to_dag_prog.block_2_def p_before_cfg_to_dag_prog.node_2)
+  show ?thesis 
+    apply (rule block_global_rel_generic)
+           apply (rule Rel_Main_test[of body_bb1])
+           apply (simp add: body_bb1_def)
+          apply (rule assms(1))
+         apply (simp add: body_bb1_def)
+        apply (rule disjI2)
+        apply (rule disjI1)
+        apply (rule conjI)
+         apply (rule node2_loc)
+        apply (rule conjI)
+         apply simp
+        apply (rule trace_is_possible)
+       apply (rule assms(2))
+       apply simp+
+     apply (simp add: p_before_cfg_to_dag_prog.node_2)
      apply (rule first_loop_body_bb_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
+    apply (erule allE[where x=1])
     apply (simp add: p_before_cfg_to_dag_prog.outEdges_2)
-    apply (simp add: member_rec)
+    apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply auto
+      apply simp+
     done
 qed
 
@@ -319,6 +358,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
               apply (simp add: unwrapped_bigblock0_def p_before_cfg_to_dag_prog.block_1_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply simp
             apply (simp add: unwrapped_bigblock0_def)
           apply simp                 
          apply (rule block_local_rel_loop_head)
@@ -355,11 +395,12 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       apply (rule conjE)
        apply assumption
       apply simp
-      apply (rule ending2)
+      apply (rule ending_after_skipping_endblock_and_wrapper)
               apply assumption
              apply (simp add: bigblock1_def bigblock2_def)
             apply simp
-           apply assumption
+            apply assumption
+           apply simp
           apply assumption
          apply (simp add: p_before_cfg_to_dag_prog.node_3)
          apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
@@ -388,8 +429,10 @@ proof -
           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
          apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
         apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
+       apply (rule disjI1)
        apply (rule p_before_cfg_to_dag_prog.node_0)
-      apply (rule cfg_is_correct, simp)
+       apply (rule cfg_is_correct, simp)
+      apply simp
      apply (simp add: p_before_cfg_to_dag_prog.node_0)
      apply (rule bb0_local_rel)
       apply assumption

From 2d30c0142dd1053f0e7d2bfcf73d973e52d7f313 Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Thu, 2 Jun 2022 20:29:12 +0200
Subject: [PATCH 16/74] fixed most of the concrete proofs + minor changes

---
 BoogieLang/Ast_Cfg_Transformation.thy         |  55 ++++--
 .../consecutive_ifs_ast_cfg_proof.thy         | 126 +++++++++-----
 .../empty_branch_if_ast_cfg_proof.thy         |  81 +++++----
 .../p_proofs/if_example_ast_cfg_proof.thy     |  72 +++++---
 .../nested_if_ast_cfg_proof.thy               |  84 ++++++----
 .../nested_loop_ast_cfg_proof.thy             | 140 +++++++++++-----
 ...no_guard_empty_branch_if_ast_cfg_proof.thy |  44 +++--
 .../no_guard_if_ast_cfg_proof.thy             |  46 +++--
 .../no_inv_loop_ast_cfg_proof.thy             |  65 ++++---
 .../triangle_ast_cfg_proof.thy                |  15 +-
 .../p_proofs/p_cfgtodag_proof.thy             |  88 ++++++----
 .../p_proofs/p_passification_proof.thy        |  23 +--
 .../p_proofs/while_example2_ast_cfg_proof.thy | 158 +++++++++++++-----
 13 files changed, 674 insertions(+), 323 deletions(-)

diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index abf9c00..9dbc8f0 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -121,6 +121,11 @@ lemma valid_config_implies_not_failure:
   shows "s' \<noteq> Failure"
   using Semantics.valid_configuration_def assms by blast
 
+lemma valid_config_implies_satisfied_posts:
+  assumes "Semantics.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
+  shows "is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
+  using Semantics.valid_configuration_def assms by (metis expr_all_sat_def)
+
 text \<open>If an \<^term>\<open>ast_config\<close> (bigblock, cont, state) is an ending configuration, then any correspoding cfg block is locally correct.\<close>
 lemma end_static:
   assumes "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock None [] None None, KStop, Normal ns1)\<rangle> \<longrightarrow> (step_bb, step_cont, step_state)"
@@ -296,6 +301,42 @@ proof -
   qed
 qed
 
+lemma correctness_propagates_through_assumption3:
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> (is_final_config (m, s) \<longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+      and "node_to_block G ! n0 = [Assume c]"
+      and "UnOp Not guard \<sim> c"
+      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV False"
+      and "List.member (out_edges G ! n0) n1"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> (is_final_config (m, s) \<Longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+proof -
+  fix m1 s1
+  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, ns1\<rangle> \<Down> BoolV True" using assms(3-4) equiv_preserves_value false_equals_not_true by blast
+  then have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume c], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk RedCmdListCons RedCmdListNil)
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> (is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+  proof -
+    assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
+    thus "(is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+      using a1 assms by (metis RedNormalSucc converse_rtranclp_into_rtranclp)
+  qed
+qed
+
+lemma correctness_propagates_through_assumption4:
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> (is_final_config (m, s) \<longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+      and "node_to_block G ! n0 = [Assume guard]"
+      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV True"
+      and "List.member (out_edges G ! n0) n1"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> (is_final_config (m, s) \<Longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+proof -
+  fix m1 s1
+  have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume guard], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk assms(3) red_cmd_list.simps)
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> (is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+  proof -
+    assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
+    thus "(is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+      using a1 assms by (metis RedNormalSucc converse_rtranclp_into_rtranclp)
+  qed
+qed
+
 lemma correctness_propagates_through_empty:
   assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
       and "node_to_block G ! n0 = []"
@@ -653,7 +694,7 @@ lemma ending_after_skipping_endblock_and_unwrapping:
           List.member (out_edges(G) ! n) n1 \<Longrightarrow>
           A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') -n\<longrightarrow>^j''' 
               (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-          (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+          (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
           (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow> 
           (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
@@ -687,16 +728,10 @@ proof -
             apply (simp add: assms)
            apply (rule assms(8))
           apply (rule assms(9))
-         apply (rule conc_trace)
-        apply (rule correctness_propagates_through_assumption)
-             apply (rule corr)
-            apply (rule assms(7))
-           apply (rule assms(8))
-          apply (rule guard_false)
-         apply (rule assms(9))
-         apply simp
+          apply (rule conc_trace)
+         apply (simp add: corr)
         apply (rule assms(5))
-        apply simp+
+        apply blast+
         done
     qed
   qed
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy
index 8c058da..98adb03 100644
--- a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy
@@ -34,7 +34,8 @@ proof -
   show ?thesis 
     apply (rule block_local_rel_generic) 
            apply (rule Rel_Main_test[of bigblock0])
-           apply (simp add: bigblock0_def consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
+            apply (simp add: bigblock0_def consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
           apply simp
          apply simp
         apply (rule Red_bb0_to)
@@ -58,7 +59,7 @@ proof -
              apply (rule Rel_Main_test[of bigblock_then0])
              apply (simp add: bigblock_then0_def)
             apply simp
-           apply simp
+           apply simp+
           apply (rule Red_bb0_to)
          apply (rule push_through_assumption_test1, rule Red0_impl)
          apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_5_def)
@@ -75,12 +76,13 @@ proof -
   show ?thesis
       apply (rule block_local_rel_generic)
              apply (rule Rel_Main_test[of bigblock_then1])
-             apply (simp add: bigblock_then1_def consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
-            apply simp
-           apply simp
-          apply (rule Red_bb0_to)
-         apply (rule Red0_impl)
-         apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def bigblock_then1_def)+
+            apply (simp add: bigblock_then1_def consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
+           apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl)
+       apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def bigblock_then1_def)+
     done
 qed 
 
@@ -93,12 +95,13 @@ proof -
   show ?thesis
       apply (rule block_local_rel_generic)
              apply (rule Rel_Main_test[of bigblock_else1])
-             apply (simp add: bigblock_else1_def consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
-            apply simp
-           apply simp
-          apply (rule Red_bb0_to)
-         apply (rule Red0_impl)
-         apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def bigblock_else1_def)+
+            apply (simp add: bigblock_else1_def consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
+           apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
+          apply simp
+         apply simp
+        apply (rule Red_bb0_to)
+       apply (rule Red0_impl)
+       apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def bigblock_else1_def)+
     done
 qed 
 
@@ -106,13 +109,17 @@ qed
 lemma block_then1_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  and cfg_satisfies_post: "\<And>m' s'.
+                             (A,M,\<Lambda>,\<Gamma>,\<Omega>,consecutive_ifs_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) consecutive_ifs_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   show ?thesis
     apply (rule generic_ending_block_global_rel)
          apply (rule Rel_Main_test[of bigblock_then1 _ consecutive_ifs_before_cfg_to_dag_prog.block_4])
-         apply (simp add: bigblock_then1_def consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
-        apply (rule assms(1))
+             apply (simp add: bigblock_then1_def consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
+            apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
+           apply (rule assms(1))
           apply (simp add: bigblock_then1_def)
          apply simp
         apply (rule disjI1)
@@ -120,7 +127,8 @@ proof -
        apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_4)
       apply (rule assms(2))
       apply simp+
-    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_4)
+     apply (rule cfg_satisfies_post, blast)
+     apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_4)+
     apply (rule bigblock_then1_local_rel)
      apply assumption+
     done
@@ -129,12 +137,16 @@ qed
 lemma block_else1_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  and cfg_satisfies_post: "\<And>m' s'.
+                             (A,M,\<Lambda>,\<Gamma>,\<Omega>,consecutive_ifs_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) consecutive_ifs_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   show ?thesis
     apply (rule generic_ending_block_global_rel)
          apply (rule Rel_Main_test[of bigblock_else1 _ consecutive_ifs_before_cfg_to_dag_prog.block_3])
-         apply (simp add: bigblock_else1_def consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
+             apply (simp add: bigblock_else1_def consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
+            apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
         apply (rule assms(1))
           apply (simp add: bigblock_else1_def)
          apply simp
@@ -143,7 +155,8 @@ proof -
        apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_3)
       apply (rule assms(2))
       apply simp+
-    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_3)
+    apply (rule cfg_satisfies_post, blast)
+    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_3)+
     apply (rule bigblock_else1_local_rel)
      apply assumption+
     done
@@ -152,14 +165,17 @@ qed
 
 lemma block1_global_rel:
   assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,consecutive_ifs_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) consecutive_ifs_before_ast_cfg.post)"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node2_loc: "node_to_block consecutive_ifs_before_cfg_to_dag_prog.proc_body ! 2 = []" 
     by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_2_def consecutive_ifs_before_cfg_to_dag_prog.node_2)
   show ?thesis 
     apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Main_test[of bigblock1])
+           apply (rule Rel_Invs[of bigblock1])
            apply (simp add: bigblock1_def) 
           apply (rule ast_trace)
           apply (simp add: bigblock1_def)
@@ -167,7 +183,7 @@ proof -
           apply (rule node2_loc)
         apply (rule assms(1))
         apply simp
-    unfolding consecutive_ifs_before_cfg_to_dag_prog.post_def
+       apply (rule cfg_satisfies_post,blast)
        apply simp
        apply simp
       apply simp
@@ -175,34 +191,40 @@ proof -
     apply (rule disjE)
       apply assumption
 
-     apply (erule allE[where x=4])
-     apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2)
+     apply (erule allE[where x=4])+
+     apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2)+
      apply (simp add:member_rec(1))
      apply (rule block_then1_global_rel)
        apply (simp add: bigblock_then1_def)
       apply simp
+    apply (blast)
    
-    apply (erule allE[where x=3])
-    apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2)
+    apply (erule allE[where x=3])+
+    apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2)+
     apply (simp add:member_rec(1))
     apply (rule block_else1_global_rel)
       apply (simp add: bigblock_else1_def)
      apply simp+
+    apply blast
     done
 qed
 
 lemma block_then0_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,consecutive_ifs_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) consecutive_ifs_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node5_loc: "node_to_block consecutive_ifs_before_cfg_to_dag_prog.proc_body ! 5 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (Lit (LInt 5)))]" 
     by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_5_def consecutive_ifs_before_cfg_to_dag_prog.node_5)
   show ?thesis 
     apply (rule block_global_rel_generic)
            apply (rule Rel_Main_test[of bigblock_then0])
-           apply (simp add: bigblock_then0_def)
+             apply (simp add: bigblock_then0_def)
+            apply simp
           apply (rule assms(1))
          apply (simp add: bigblock_then0_def)
         apply (rule disjI2)
@@ -214,16 +236,18 @@ proof -
         apply (rule trace_is_possible)
        apply (rule assms(2))
         apply simp+
-     apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_5)
+       apply (rule cfg_satisfies_post, blast)
+       apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_5)+
      apply (rule bigblock_then0_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
-    apply (erule allE[where x=2])
-    apply (rule block1_global_rel)
-    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_5)
+    apply (erule allE[where x=2])+
+    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_5)+
      apply (simp add: member_rec(1))
-     apply auto[1]
+    apply (rule block1_global_rel)
+      apply auto[1]
+     apply blast
     apply simp
     done
 qed
@@ -231,14 +255,17 @@ qed
 lemma block_else0_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,consecutive_ifs_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) consecutive_ifs_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool False)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node1_loc: "node_to_block consecutive_ifs_before_cfg_to_dag_prog.proc_body ! 1 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
     by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_1_def consecutive_ifs_before_cfg_to_dag_prog.node_1)
   show ?thesis
     apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of bigblock_else0])
+           apply (rule Rel_Invs[of bigblock_else0])
            apply (simp add: bigblock_else0_def)
           apply (rule assms(1))
          apply (simp add: bigblock_else0_def)
@@ -253,11 +280,14 @@ proof -
         apply (rule trace_is_possible)
        apply (rule assms(2))
         apply simp+
-    apply (erule allE[where x=2])
-    apply (rule block1_global_rel)
-    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_1)
+       apply (rule cfg_satisfies_post, blast)
+    apply simp+
+    apply (erule allE[where x=2])+
+    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_1)+
      apply (simp add: member_rec(1))
-     apply auto[1]
+    apply (rule block1_global_rel)
+      apply auto[1]
+     apply blast
     apply simp
     done
 qed
@@ -265,21 +295,25 @@ qed
 lemma block0_global_rel:
   assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,consecutive_ifs_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) consecutive_ifs_before_ast_cfg.post)"
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node0_loc: "node_to_block consecutive_ifs_before_cfg_to_dag_prog.proc_body ! 0 = [(Havoc 0)]" 
     by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def consecutive_ifs_before_cfg_to_dag_prog.node_0)
   show ?thesis 
     apply (rule block_global_rel_if_successor)
            apply (rule Rel_Main_test[of bigblock0])
-           apply (simp add: bigblock0_def) 
+             apply (simp add: bigblock0_def)
+            apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
           apply (rule ast_trace)
           apply (simp add: bigblock0_def)
          apply (rule disjI1)
           apply (rule node0_loc)
         apply (rule assms(1))
         apply simp
-    unfolding consecutive_ifs_before_cfg_to_dag_prog.post_def
+       apply (rule cfg_satisfies_post, blast)
        apply simp
        apply simp
      apply simp
@@ -292,7 +326,7 @@ proof -
 
      apply (erule allE[where x=5])
      apply (erule allE[where x=5])
-     apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_0)
+     apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_0)+
      apply (simp add:member_rec(1))
      apply (rule block_then0_global_rel)
        apply (simp add: bigblock_then0_def)
@@ -300,7 +334,7 @@ proof -
    
     apply (erule allE[where x=1])
     apply (erule allE[where x=1])
-    apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_0)
+    apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_0)+
     apply (simp add:member_rec(1))
     apply (rule block_else0_global_rel)
       apply (simp add: bigblock_else0_def)
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
index 881c238..b403bee 100644
--- a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
@@ -28,7 +28,8 @@ proof -
   show ?thesis 
     apply (rule block_local_rel_generic) 
            apply (rule Rel_Main_test[of bigblock0])
-           apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+            apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add:  empty_branch_if_before_cfg_to_dag_prog.block_0_def)
           apply simp
          apply simp
         apply (rule Red_bb0_to)
@@ -49,9 +50,9 @@ proof -
     apply (rule guard_fails_push_through_assumption)
       apply (rule block_local_rel_generic)
              apply (rule Rel_Main_test[of bigblock_else])
-             apply (simp add: bigblock_else_def)
+               apply (simp add: bigblock_else_def)
             apply simp
-           apply simp
+           apply simp+
           apply (rule Red_bb0_to)
          apply (rule Red0_impl)
          apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_1_def)
@@ -77,7 +78,8 @@ proof -
   show ?thesis 
     apply (rule block_local_rel_generic) 
            apply (rule Rel_Main_test[of bigblock1])
-           apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)
+            apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)
+           apply (simp add:  empty_branch_if_before_cfg_to_dag_prog.block_2_def)
           apply simp
          apply simp
         apply (rule Red_bb0_to)
@@ -89,13 +91,17 @@ qed
 lemma block2_global_rel:
   assumes concrete_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) empty_branch_if_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   using assms
 proof -
   show ?thesis
     apply (rule generic_ending_block_global_rel)
          apply (rule Rel_Main_test[of bigblock1 _ empty_branch_if_before_cfg_to_dag_prog.block_2])
-         apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)
+             apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)
+           apply (simp add:  empty_branch_if_before_cfg_to_dag_prog.block_2_def)
         apply (rule concrete_trace)
        apply (simp add: bigblock1_def)
          apply simp
@@ -104,7 +110,8 @@ proof -
        apply (rule empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
     apply (rule cfg_is_correct)
       apply simp+
-    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_2)
+    apply (rule cfg_satisfies_post, blast)
+    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_2)+
     apply (rule bigblock1_local_rel)
      apply assumption+
     done
@@ -114,14 +121,17 @@ qed
 lemma block_then_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) empty_branch_if_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -                    
   have node3_loc: "node_to_block empty_branch_if_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]" 
     by (simp add: empty_branch_if_before_cfg_to_dag_prog.block_3_def empty_branch_if_before_cfg_to_dag_prog.node_3)
   show ?thesis 
     apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of bigblock_then])
+           apply (rule Rel_Invs[of bigblock_then])
            apply (simp add: bigblock_then_def)
           apply (rule assms(1))
          apply (simp add: bigblock_then_def)
@@ -134,14 +144,16 @@ proof -
         apply (rule trace_is_possible)
        apply (rule assms(2))
         apply simp
+       apply (rule cfg_satisfies_post, blast)
        apply simp
       apply simp
      apply simp
-    apply (erule allE[where x=2])
-    apply (rule block2_global_rel)
-     apply assumption
-    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_3)
+    apply (erule allE[where x=2])+
+    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_3)+
     apply (simp add: member_rec(1))
+    apply (rule block2_global_rel)
+      apply simp+
+    apply (blast)
     done
 qed
 
@@ -149,15 +161,19 @@ qed
 lemma block_else_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) empty_branch_if_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool False)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node1_loc: "node_to_block empty_branch_if_before_cfg_to_dag_prog.proc_body ! 1 = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]" 
     by (simp add: empty_branch_if_before_cfg_to_dag_prog.block_1_def empty_branch_if_before_cfg_to_dag_prog.node_1)
   show ?thesis
     apply (rule block_global_rel_generic)
            apply (rule Rel_Main_test[of bigblock_else])
-           apply (simp add: bigblock_else_def)
+             apply (simp add: bigblock_else_def)
+            apply simp
           apply (rule assms(1))
          apply (simp add: bigblock_else_def)
         apply (rule disjI2)
@@ -170,37 +186,43 @@ proof -
          apply (rule neg_gt2)
         apply (rule trace_is_possible)
        apply (rule assms(2))
-       apply simp+
-     apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_1)
+        apply simp+
+       apply (rule cfg_satisfies_post, blast)
+     apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_1)+
      apply (rule bigblock_else_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
-    apply (erule allE[where x=2])
-    apply (rule block2_global_rel)
-     apply assumption
-    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
+    apply (erule allE[where x=2])+
+    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_1)+
     apply (simp add: member_rec(1))
+    apply (rule block2_global_rel)
+      apply assumption
+     apply blast+
     done
 qed
 
 
 lemma block0_global_rel:
   assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) empty_branch_if_before_ast_cfg.post)"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   show ?thesis 
     apply (rule block_global_rel_if_successor)
            apply (rule Rel_Main_test[of bigblock0 _ empty_branch_if_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+             apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+    apply (simp add:  empty_branch_if_before_cfg_to_dag_prog.block_0_def)
           apply (rule ast_trace)
           apply (simp add: bigblock0_def)
          apply (rule disjI1)
         apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
         apply (rule assms(1))
         apply simp
-    unfolding empty_branch_if_before_cfg_to_dag_prog.post_def
+       apply (rule cfg_satisfies_post, blast)
        apply simp+
      apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_0)
      apply (rule bigblock0_local_rel)
@@ -210,24 +232,25 @@ proof -
     apply (rule disjE)
       apply assumption
 
-     apply (erule allE[where x=3])
+     apply (erule allE[where x=3])+
      apply (simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
      apply (simp add:member_rec(1))
      apply (rule conjE)
       apply assumption
-    unfolding empty_branch_if_before_cfg_to_dag_prog.post_def
      apply (rule block_then_global_rel)
        apply (simp add: bigblock_then_def)       
-      apply simp
+       apply simp
+      apply blast
      apply assumption
    
-    apply (erule allE[where x=1])
+    apply (erule allE[where x=1])+
     apply (simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
     apply (simp add:member_rec(1))
     apply (rule conjE)
      apply assumption
     apply (rule block_else_global_rel)
       apply (simp add: bigblock_else_def)
-     apply simp+
+      apply simp+
+     apply blast+
     done
 qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
index 44bd277..4c24499 100644
--- a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
@@ -31,7 +31,8 @@ proof -
   show ?thesis 
     apply (rule block_local_rel_generic) 
            apply (rule Rel_Main_test[of bigblock0])
-           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+            apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
           apply simp
          apply simp
         apply (rule Red_bb0_to)
@@ -55,7 +56,7 @@ proof -
              apply (rule Rel_Main_test[of bigblock_then])
              apply (simp add: bigblock_then_def)
             apply simp
-           apply simp
+           apply simp+
           apply (rule Red_bb0_to)
          apply (rule push_through_assumption_test1, rule Red0_impl)
          apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
@@ -77,7 +78,7 @@ proof -
              apply (rule Rel_Main_test[of bigblock_else])
              apply (simp add: bigblock_else_def)
             apply simp
-           apply simp
+           apply simp+
           apply (rule Red_bb0_to)
          apply (rule Red0_impl)
          apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
@@ -103,7 +104,8 @@ proof -
   show ?thesis 
     apply (rule block_local_rel_generic) 
            apply (rule Rel_Main_test[of bigblock1])
-           apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)
+            apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)
+           apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
           apply simp
          apply simp
         apply (rule Red_bb0_to)
@@ -115,13 +117,17 @@ qed
 lemma block2_global_rel:
   assumes concrete_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   using assms
 proof -
   show ?thesis
     apply (rule generic_ending_block_global_rel)
          apply (rule Rel_Main_test[of bigblock1 _ p_before_cfg_to_dag_prog.block_2])
-         apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)
+             apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)
+            apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
         apply (rule concrete_trace)
        apply (simp add: bigblock1_def)
          apply simp
@@ -130,6 +136,7 @@ proof -
        apply (rule p_before_cfg_to_dag_prog.outEdges_2)
     apply (rule cfg_is_correct)
       apply simp
+     apply (rule cfg_satisfies_post, blast)
      apply simp
     apply (simp add: p_before_cfg_to_dag_prog.node_2)
     apply (rule bigblock1_local_rel)
@@ -141,15 +148,19 @@ qed
 lemma block_then_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node3_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]" 
     by (simp add: p_before_cfg_to_dag_prog.block_3_def p_before_cfg_to_dag_prog.node_3)
   show ?thesis 
     apply (rule block_global_rel_generic)
            apply (rule Rel_Main_test[of bigblock_then])
-           apply (simp add: bigblock_then_def)
+             apply (simp add: bigblock_then_def)
+            apply simp
           apply (rule assms(1))
          apply (simp add: bigblock_then_def)
         apply (rule disjI2)
@@ -160,17 +171,20 @@ proof -
          apply simp
         apply (rule trace_is_possible)
        apply (rule assms(2))
+        apply simp+
+       apply (rule cfg_satisfies_post, blast)
        apply simp+
      apply (simp add: p_before_cfg_to_dag_prog.node_3)
      apply (rule bigblock_then_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
-    apply (erule allE[where x=2])
-    apply (rule block2_global_rel)
-     apply assumption
+    apply (erule allE[where x=2])+
     apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
     apply (simp add: member_rec(1))
+    apply (rule block2_global_rel)
+      apply assumption
+     apply blast+
     done
 qed
 
@@ -178,15 +192,19 @@ qed
 lemma block_else_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool False)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node1_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 1 = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]" 
     by (simp add: p_before_cfg_to_dag_prog.block_1_def p_before_cfg_to_dag_prog.node_1)
   show ?thesis
     apply (rule block_global_rel_generic)
            apply (rule Rel_Main_test[of bigblock_else])
-           apply (simp add: bigblock_else_def)
+             apply (simp add: bigblock_else_def)
+            apply simp
           apply (rule assms(1))
          apply (simp add: bigblock_else_def)
         apply (rule disjI2)
@@ -199,17 +217,20 @@ proof -
          apply (rule neg_gt2)
         apply (rule trace_is_possible)
        apply (rule assms(2))
+        apply simp+
+       apply (rule cfg_satisfies_post, blast)
        apply simp+
      apply (simp add: p_before_cfg_to_dag_prog.node_1)
      apply (rule bigblock_else_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
-    apply (erule allE[where x=2])
-    apply (rule block2_global_rel)
-     apply assumption
+    apply (erule allE[where x=2])+
     apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
     apply (simp add: member_rec(1))
+    apply (rule block2_global_rel)
+      apply assumption
+    apply blast+
     done
 qed
 
@@ -217,19 +238,23 @@ qed
 lemma block0_global_rel:
   assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
   shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   show ?thesis 
     apply (rule block_global_rel_if_successor)
            apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def) 
+             apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def) 
+    apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
           apply (rule ast_trace)
           apply (simp add: bigblock0_def)
          apply (rule disjI1)
         apply (rule p_before_cfg_to_dag_prog.node_0)
        apply (rule assms(1))
         apply simp
-    unfolding if_example_before_ast_cfg.post_def
+       apply (rule cfg_satisfies_post, blast)
        apply simp+
      apply (simp add: p_before_cfg_to_dag_prog.node_0)
      apply (rule bigblock0_local_rel)
@@ -239,26 +264,27 @@ proof -
     apply (rule disjE)
       apply assumption
 
-     apply (erule allE[where x=3])
+     apply (erule allE[where x=3])+
      apply (simp add:p_before_cfg_to_dag_prog.outEdges_0)
      apply (simp add:member_rec(1))
      apply (rule conjE)
       apply assumption
      apply simp
-    unfolding if_example_before_ast_cfg.post_def
      apply (rule block_then_global_rel)
        apply (simp add: bigblock_then_def)
-      apply simp
+       apply simp
+      apply blast
      apply assumption
    
-    apply (erule allE[where x=1])
+    apply (erule allE[where x=1])+
     apply (simp add:p_before_cfg_to_dag_prog.outEdges_0)
     apply (simp add:member_rec(1))
     apply (rule conjE)
      apply assumption
     apply (rule block_else_global_rel)
       apply (simp add: bigblock_else_def)
-     apply simp
+      apply simp
+     apply blast
     apply (simp add: false_equals_not_true)
     done
 qed
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_ast_cfg_proof.thy
index 90db32e..893fa46 100644
--- a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_ast_cfg_proof.thy
@@ -39,7 +39,8 @@ proof -
   show ?thesis 
     apply (rule block_local_rel_generic) 
            apply (rule Rel_Main_test[of bigblock0])
-           apply (simp add: bigblock0_def nested_if_before_cfg_to_dag_prog.block_0_def)
+            apply (simp add: bigblock0_def nested_if_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: nested_if_before_cfg_to_dag_prog.block_0_def)
           apply simp
          apply simp
         apply (rule Red_bb0_to)
@@ -64,7 +65,7 @@ proof -
              apply (rule Rel_Main_test[of inner_then])
              apply (simp add: inner_then_def)
             apply simp
-           apply simp
+           apply simp+
           apply (rule Red_bb0_to)
          apply (rule push_through_assumption_test1, rule Red0_impl)
          apply (simp add: nested_if_before_cfg_to_dag_prog.block_4_def)
@@ -86,7 +87,7 @@ proof -
              apply (rule Rel_Main_test[of inner_else])
              apply (simp add: inner_else_def)
             apply simp
-           apply simp
+           apply simp+
           apply (rule Red_bb0_to)
          apply (rule Red0_impl)
          apply (simp add: nested_if_before_cfg_to_dag_prog.block_3_def)
@@ -105,14 +106,17 @@ qed
 lemma outer_else_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (outer_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,nested_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) nested_if_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool False)"
-shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> nested_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -                                                            
   have node1_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 1 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
     by (simp add: nested_if_before_cfg_to_dag_prog.block_1_def nested_if_before_cfg_to_dag_prog.node_1)
   show ?thesis
   apply (rule generic_ending_block_global_rel)
-           apply (rule Rel_Main_test[of outer_else])
+           apply (rule Rel_Invs[of outer_else])
            apply (simp add: outer_else_def)
           apply (rule assms(1))
           apply (simp add: outer_else_def)
@@ -128,7 +132,8 @@ proof -
         apply (rule trace_is_possible)
        apply (simp add: nested_if_before_cfg_to_dag_prog.outEdges_1)
        apply (rule assms(2))
-       apply simp+
+      apply simp+
+     apply (rule cfg_satisfies_post, blast)
      apply (simp add: nested_if_before_cfg_to_dag_prog.node_1)
      apply (rule end_static)
       apply (simp add: outer_else_def)
@@ -138,15 +143,19 @@ qed
 lemma inner_else_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inner_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,nested_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) nested_if_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool False)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> nested_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node3_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 1 (Var 0))]" 
     by (simp add: nested_if_before_cfg_to_dag_prog.block_3_def nested_if_before_cfg_to_dag_prog.node_3)
   show ?thesis
     apply (rule generic_ending_block_global_rel)
            apply (rule Rel_Main_test[of inner_else])
-           apply (simp add: inner_else_def)
+             apply (simp add: inner_else_def)
+            apply simp
           apply (rule assms(1))
           apply (simp add: inner_else_def)
          apply simp
@@ -161,8 +170,9 @@ proof -
         apply (rule trace_is_possible)
        apply (simp add: nested_if_before_cfg_to_dag_prog.outEdges_3)
        apply (rule assms(2))
-       apply simp+
-     apply (simp add: nested_if_before_cfg_to_dag_prog.node_3)
+      apply simp+
+     apply (rule cfg_satisfies_post, blast)
+     apply (simp add: nested_if_before_cfg_to_dag_prog.node_3)+
      apply (rule inner_else_local_rel)
        apply assumption
       apply simp
@@ -173,15 +183,19 @@ qed
 lemma inner_then_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inner_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,nested_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) nested_if_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> nested_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node4_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 4 = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Add (Var 0)))]" 
     by (simp add: nested_if_before_cfg_to_dag_prog.block_4_def nested_if_before_cfg_to_dag_prog.node_4)
   show ?thesis
     apply (rule generic_ending_block_global_rel)
            apply (rule Rel_Main_test[of inner_then])
-           apply (simp add: inner_then_def)
+             apply (simp add: inner_then_def)
+            apply simp
           apply (rule assms(1))
           apply (simp add: inner_then_def)
          apply simp
@@ -194,8 +208,9 @@ proof -
         apply (rule trace_is_possible)
        apply (simp add: nested_if_before_cfg_to_dag_prog.outEdges_4)
        apply (rule assms(2))
-       apply simp+
-     apply (simp add: nested_if_before_cfg_to_dag_prog.node_4)
+      apply simp+
+     apply (rule cfg_satisfies_post, blast)
+     apply (simp add: nested_if_before_cfg_to_dag_prog.node_4)+
      apply (rule inner_then_local_rel)
        apply assumption
       apply simp
@@ -205,15 +220,18 @@ qed
 
 lemma outer_then_global_rel:
   assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,nested_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) nested_if_before_ast_cfg.post)"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (outer_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> nested_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node2_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]" 
     by (simp add: nested_if_before_cfg_to_dag_prog.block_2_def nested_if_before_cfg_to_dag_prog.node_2)
   show ?thesis 
     apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Main_test[of outer_then])
+           apply (rule Rel_Invs[of outer_then])
            apply (simp add: outer_then_def) 
           apply (rule ast_trace)
           apply (simp add: outer_then_def)
@@ -226,7 +244,7 @@ proof -
          apply (rule trace_is_possible)
         apply (rule assms(1))
         apply simp
-    unfolding nested_if_before_cfg_to_dag_prog.post_def
+       apply (rule cfg_satisfies_post, blast)
        apply simp
       apply simp
      apply simp
@@ -234,47 +252,52 @@ proof -
     apply (rule disjE)
       apply assumption
 
-     apply (erule allE[where x=4])
+     apply (erule allE[where x=4])+
      apply (simp add:nested_if_before_cfg_to_dag_prog.outEdges_2)
      apply (simp add:member_rec(1))
      apply (rule conjE)
       apply assumption
      apply simp
-    unfolding nested_if_before_cfg_to_dag_prog.post_def
      apply (rule inner_then_global_rel)
        apply (simp add: inner_then_def)
-      apply simp
+       apply simp
+      apply blast
      apply assumption
    
-    apply (erule allE[where x=3])
+    apply (erule allE[where x=3])+
     apply (simp add:nested_if_before_cfg_to_dag_prog.outEdges_2)
     apply (simp add:member_rec(1))
     apply (rule conjE)
      apply assumption
     apply (rule inner_else_global_rel)
       apply (simp add: inner_else_def)
-     apply simp+
+      apply simp+
+     apply blast+
     done
 qed
 
 lemma entry_block_global_rel:
   assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,nested_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) nested_if_before_ast_cfg.post)"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)" 
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> nested_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node0_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 0 = [(Havoc 0),(Havoc 1)]" 
     by (simp add: nested_if_before_cfg_to_dag_prog.block_0_def nested_if_before_cfg_to_dag_prog.node_0)
   show ?thesis 
     apply (rule block_global_rel_if_successor)
            apply (rule Rel_Main_test[of bigblock0])
-           apply (simp add: bigblock0_def) 
+             apply (simp add: bigblock0_def)
+            apply simp
           apply (rule ast_trace)
           apply (simp add: bigblock0_def)
          apply (rule disjI1)
           apply (rule node0_loc)
         apply (rule assms(1))
         apply simp
-    unfolding nested_if_before_cfg_to_dag_prog.post_def
+       apply (rule cfg_satisfies_post, blast)
        apply simp
        apply simp
       apply simp
@@ -285,26 +308,27 @@ proof -
     apply (rule disjE)
       apply assumption
 
-     apply (erule allE[where x=2])
+     apply (erule allE[where x=2])+
      apply (simp add:nested_if_before_cfg_to_dag_prog.outEdges_0)
      apply (simp add:member_rec(1))
      apply (rule conjE)
       apply assumption
      apply simp
      apply (rule outer_then_global_rel)
-       apply auto[1]
+        apply auto[1]
+       apply blast
        apply (simp add: outer_then_def)
       apply simp
    
-    apply (erule allE[where x=1])
+    apply (erule allE[where x=1])+
     apply (simp add:nested_if_before_cfg_to_dag_prog.outEdges_0)
     apply (simp add:member_rec(1))
     apply (rule conjE)
      apply assumption
-    unfolding nested_if_before_cfg_to_dag_prog.post_def
     apply (rule outer_else_global_rel)
       apply (simp add: outer_else_def)
-     apply simp+
+      apply simp+
+     apply blast+
     done
 qed
 
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
index 8189bc8..8c3290e 100644
--- a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
@@ -103,7 +103,7 @@ proof -
              apply (rule Rel_Main_test[of inner_body_bb1])
              apply (simp add: inner_body_bb1_def)
             apply simp
-           apply simp
+           apply simp+
           apply (rule Red_bb)
          apply (rule push_through_assumption_test1, rule Red_impl)
             apply (simp add: nested_loop_before_cfg_to_dag_prog.block_4_def)
@@ -125,7 +125,7 @@ proof -
              apply (rule Rel_Main_test[of outer_body_bb2])
              apply (simp add: outer_body_bb2_def)
             apply simp
-           apply simp
+           apply simp+
           apply (rule Red_bb)
          apply (rule Red_impl)
          apply (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def)
@@ -145,14 +145,17 @@ qed
 lemma end_global_rel: 
   assumes Red_bb: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (empty_bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 6, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
-shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
 proof -
   have node3_loc: "node_to_block nested_loop_before_cfg_to_dag_prog.proc_body ! 6 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
     by (simp add: nested_loop_before_cfg_to_dag_prog.block_6_def nested_loop_before_cfg_to_dag_prog.node_6)
   show ?thesis
     apply (rule generic_ending_block_global_rel)
-            apply (rule Rel_Main_test[of empty_bb])
+            apply (rule Rel_Invs[of empty_bb])
             apply (simp add: empty_bb_def)
            apply (rule Red_bb)
           apply (simp add: empty_bb_def)
@@ -168,6 +171,7 @@ proof -
         apply (rule trace_is_possible)
        apply (rule nested_loop_before_cfg_to_dag_prog.outEdges_6)
       apply (rule cfg_is_correct, simp)
+     apply (rule cfg_satisfies_post, blast)
      apply simp
     apply (simp add: empty_bb_def)
     apply (simp add: end_static)
@@ -178,13 +182,19 @@ qed
 lemma outer_body_bb2_global_rel:
   assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb2, KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, (KEndBlock KStop), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+        (\<And>m' s'.
+                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                  is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   using assms
 proof -
   have node5_loc: "node_to_block nested_loop_before_cfg_to_dag_prog.proc_body ! 5 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
@@ -192,7 +202,8 @@ proof -
   show ?thesis 
     apply (rule block_global_rel_generic)
            apply (rule Rel_Main_test[of outer_body_bb2])
-           apply (simp add: outer_body_bb2_def)
+             apply (simp add: outer_body_bb2_def)
+            apply simp
           apply (rule assms(1))
          apply (simp add: outer_body_bb2_def)
         apply (rule disjI2)
@@ -205,17 +216,20 @@ proof -
          apply (rule neg_gt2)
         apply (rule trace_is_possible)
        apply (rule assms(2))
+        apply simp+
+       apply (rule cfg_satisfies_post, blast)
        apply simp+
      apply (simp add: nested_loop_before_cfg_to_dag_prog.node_5)
      apply (rule outer_body_bb2_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
-    apply (erule allE[where x=1])
+    apply (erule allE[where x=1])+
     apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_5)
     apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply simp+
+       apply simp+
+    apply (blast)
     done
 qed
 
@@ -225,13 +239,19 @@ lemma inner_loop_body_global_rel:
           "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (inner_body_bb1, (KSeq outer_body_bb1_unwrapped (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))))), Normal ns1) -n\<longrightarrow>^j 
                                  (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
   and loop_ih:
         "\<And>k ns1''. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(outer_body_bb1_unwrapped, (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop)))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+        (\<And>m' s'.
+                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega>  nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega>  nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
 proof -
   have node5_loc: "node_to_block nested_loop_before_cfg_to_dag_prog.proc_body ! 4 = 
                    [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]" 
@@ -239,7 +259,8 @@ proof -
   show ?thesis 
     apply (rule block_global_rel_generic)
            apply (rule Rel_Main_test[of inner_body_bb1])
-           apply (simp add: inner_body_bb1_def)
+             apply (simp add: inner_body_bb1_def)
+            apply simp
           apply (rule assms(1))
          apply (simp add: inner_body_bb1_def)
         apply (rule disjI2)
@@ -250,6 +271,8 @@ proof -
          apply simp
         apply (rule trace_is_possible)
        apply (rule assms(2))
+        apply simp+
+       apply (rule cfg_satisfies_post, blast)
        apply simp+
      apply (simp add: nested_loop_before_cfg_to_dag_prog.node_4)
      apply (rule inner_body_bb1_local_rel)
@@ -257,11 +280,12 @@ proof -
       apply simp
      apply (rule trace_is_possible)
 
-    apply (erule allE[where x=3])
+    apply (erule allE[where x=3])+
     apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_4)
     apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply simp+
+       apply simp+
+    apply blast
     done
 qed
 
@@ -269,12 +293,18 @@ qed
 lemma inner_loop_head_global_rel:
   assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1_unwrapped, (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop)))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+        (\<And>m' s'.
+                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
 proof (induction j arbitrary: ns1 rule: less_induct)
   case (less j)
@@ -291,6 +321,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
               apply (simp add: outer_body_bb1_unwrapped_def nested_loop_before_cfg_to_dag_prog.block_3_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply (rule less(4), blast)
            apply simp
            apply (simp add: outer_body_bb1_unwrapped_def)
           apply simp
@@ -305,7 +336,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       apply(rule disjE)
         apply assumption
 
-       apply (erule allE[where x = 4])
+       apply (erule allE[where x = 4])+
        apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)
        apply (simp add:member_rec(1))
        apply (rule conjE)
@@ -313,19 +344,21 @@ proof (induction j arbitrary: ns1 rule: less_induct)
        apply simp
        apply (rule inner_loop_body_global_rel) 
           apply (simp add: inner_body_bb1_def)
-         apply simp
+          apply simp
+         apply (blast)
         apply assumption
        apply (rule less.IH)
          apply (rule strictly_smaller_helper2)
            apply assumption
           apply assumption
          apply assumption
-        apply assumption
-       apply (rule less.prems(3))
+         apply assumption
+        apply blast
+       apply (rule less.prems(4))
          apply (rule strictly_smaller_helper3)
            apply assumption+
 
-      apply (erule allE[where x = 5])
+      apply (erule allE[where x = 5])+
       apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)
       apply (simp add:member_rec(1))
       apply (rule conjE)
@@ -336,13 +369,13 @@ proof (induction j arbitrary: ns1 rule: less_induct)
           apply assumption
          apply simp
          apply blast
+        apply blast
         apply simp
-       apply assumption
       apply (rule outer_body_bb2_global_rel)
          apply assumption+
-      apply (rule less.prems(3))
+      apply (rule less.prems(4))
         apply (rule strictly_smaller_helper4)
-          apply assumption+
+           apply assumption+
       done
   qed
 qed
@@ -350,20 +383,28 @@ qed
 lemma inner_loop_head_global_rel_wrapped:
   assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1, (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
-  apply (rule ending3)
+        (\<And>m' s'.
+                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
+  apply (rule ending_after_unwrapping)
      apply (rule j_step_ast_trace)
     apply (simp add: outer_body_bb1_def)
     apply (rule cfg_is_correct, simp)
+   apply (rule cfg_satisfies_post, blast)
    apply simp
   apply (rule inner_loop_head_global_rel)
     apply (simp add: outer_body_bb1_unwrapped_def)
-   apply assumption
+    apply assumption
+   apply blast
   apply (rule loop_ih)
     apply (rule strictly_smaller_helper2)
      apply assumption+
@@ -373,7 +414,10 @@ lemma outer_loop_head_global_rel:
   assumes j_step_ast_trace: 
     "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bb0_unwrapped, KEndBlock KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms 
 proof (induction j arbitrary: ns1 rule: less_induct)
   case (less j)
@@ -390,6 +434,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
               apply (simp add: bb0_unwrapped_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply (rule less(4), blast)
            apply simp
            apply (simp add: bb0_unwrapped_def)
           apply simp
@@ -403,7 +448,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       apply(rule disjE)
         apply assumption
     
-       apply (erule allE[where x = 2])
+       apply (erule allE[where x = 2])+
        apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_1)
        apply (simp add:member_rec(1))
        apply (rule conjE)
@@ -418,12 +463,20 @@ proof (induction j arbitrary: ns1 rule: less_induct)
           apply assumption
          apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_2)
          apply (simp add: member_rec)
-        apply assumption
+         apply assumption
+        apply (rule correctness_propagates_through_assumption4)
+             apply blast
+            apply (simp add: nested_loop_before_cfg_to_dag_prog.node_2)
+            apply (simp add: nested_loop_before_cfg_to_dag_prog.block_2_def)
+           apply simp
+          apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_2)
+          apply (simp add: member_rec)
+         apply simp+
        apply (rule less.IH)
          apply (rule strictly_smaller_helper2)
           apply assumption+
 
-      apply (erule allE[where x = 6])
+      apply (erule allE[where x = 6])+
       apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1)
       apply (simp add:member_rec(1))
       apply (rule conjE)
@@ -432,12 +485,12 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       apply (rule ending_after_skipping_endblock)
            apply assumption
           apply simp
-         apply simp
-         apply blast
+         apply simp+
+         apply blast+
         apply simp
-       apply simp
       apply (rule end_global_rel)
-        apply (simp add: empty_bb_def)+
+         apply (simp add: empty_bb_def)+
+       apply blast+
       done
   qed
 qed
@@ -445,7 +498,10 @@ qed
 lemma entry_block_global_rel:
   assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
 proof -
   show ?thesis
@@ -454,19 +510,23 @@ proof -
            apply (rule j_step_ast_trace)
           apply (rule Rel_Main_test[of bigblock0 _ nested_loop_before_cfg_to_dag_prog.block_0])
           apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-         apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
+          apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
         apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
        apply (rule disjI1)
        apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
        apply (rule cfg_is_correct, simp)
+      apply (rule cfg_satisfies_post, blast)
       apply simp
      apply (simp add: nested_loop_before_cfg_to_dag_prog.node_0)
      apply (rule bb0_local_rel)
       apply assumption
      apply simp
-    apply (rule outer_loop_head_global_rel)
-     apply (simp add: bb0_unwrapped_def)
+    apply (erule allE[where x = 1])+
     apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_0)
     apply (simp add: member_rec(1))
+    apply (rule outer_loop_head_global_rel)
+      apply (simp add: bb0_unwrapped_def)
+     apply blast+
     done
 qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_ast_cfg_proof.thy
index 9ed088f..74057e6 100644
--- a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_ast_cfg_proof.thy
@@ -28,7 +28,8 @@ proof -
   show ?thesis 
     apply (rule block_local_rel_generic) 
            apply (rule Rel_Main_test[of bigblock0])
-           apply (simp add: bigblock0_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+            apply (simp add: bigblock0_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
           apply simp
          apply simp
         apply (rule Red_bb0_to)
@@ -46,7 +47,8 @@ proof -
   show ?thesis
       apply (rule block_local_rel_generic)
              apply (rule Rel_Main_test[of bigblock_else])
-             apply (simp add: bigblock_else_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def)
+            apply (simp add: bigblock_else_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def)
+           apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def)
             apply simp
            apply simp
           apply (rule Red_bb0_to)
@@ -58,13 +60,16 @@ qed
 lemma block_then_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"                
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) no_guard_empty_branch_if_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)"                
 proof -
   have node2_loc: "node_to_block no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ! 2 = []" 
     by (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
   show ?thesis
     apply (rule generic_ending_block_global_rel)
-            apply (rule Rel_Main_test[of bigblock_then])
+            apply (rule Rel_Invs[of bigblock_then])
             apply (simp add: bigblock_then_def)
            apply (rule assms(1))
           apply (simp add: bigblock_then_def)
@@ -73,6 +78,7 @@ proof -
          apply (rule node2_loc)
        apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
       apply (rule assms(2), simp)
+     apply (rule cfg_satisfies_post, blast)
      apply simp
     apply (simp add: bigblock_then_def)
     apply (simp add: end_static)
@@ -83,14 +89,18 @@ qed
 lemma block_else_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) no_guard_empty_branch_if_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node1_loc: "node_to_block no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ! 1 = [(Assign 0 (Lit (LInt 6)))]" 
     by (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
   show ?thesis
     apply (rule generic_ending_block_global_rel)
            apply (rule Rel_Main_test[of bigblock_else])
-           apply (simp add: bigblock_else_def)
+             apply (simp add: bigblock_else_def)
+            apply simp
           apply (rule assms(1))
           apply (simp add: bigblock_else_def)
          apply simp
@@ -98,8 +108,9 @@ proof -
         apply (rule node1_loc)
        apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
        apply (rule assms(2))
-       apply simp+
-     apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
+      apply simp+
+     apply (rule cfg_satisfies_post, blast)
+     apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)+
      apply (rule bigblock_else_local_rel)
        apply assumption
       apply simp
@@ -109,19 +120,25 @@ qed
 
 lemma block0_global_rel:
   assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) no_guard_empty_branch_if_before_ast_cfg.post)"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   show ?thesis 
     apply (rule block_global_rel_if_successor)
            apply (rule Rel_Main_test[of bigblock0 _ no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+             apply (simp add: bigblock0_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+            apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
           apply (rule ast_trace)
           apply (simp add: bigblock0_def)
          apply (rule disjI1)
         apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
        apply (rule assms(1))
         apply simp+
+       apply (rule cfg_satisfies_post, blast)
+       apply simp+
      apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
      apply (rule bigblock0_local_rel)
       apply (simp add: bigblock0_def)
@@ -130,19 +147,20 @@ proof -
     apply (rule disjE)
       apply assumption
 
-     apply (erule allE[where x=2])
+     apply (erule allE[where x=2])+
      apply (simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
      apply (simp add:member_rec(1))
-    unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.post_def
      apply (rule block_then_global_rel)
        apply (simp add: bigblock_then_def)       
       apply simp
+     apply blast
    
-    apply (erule allE[where x=1])
+    apply (erule allE[where x=1])+
     apply (simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
     apply (simp add:member_rec(1))
     apply (rule block_else_global_rel)
       apply (simp add: bigblock_else_def)
      apply simp
+    apply blast
     done
 qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
index 5e8952b..8f0601e 100644
--- a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
@@ -28,7 +28,8 @@ proof -
   show ?thesis
     apply (rule block_local_rel_generic)
            apply (rule Rel_Main_test[of bigblock0])
-           apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
+            apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)
           apply simp
          apply simp
         apply (rule Red_bb0_to)
@@ -52,7 +53,7 @@ proof -
            apply (rule Rel_Main_test[of bigblock_then])
            apply (simp add: bigblock_then_def)
           apply simp
-         apply simp
+         apply simp+
         apply (rule Red_bb0_to)
        apply (rule Red0_impl)
        apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_2_def)
@@ -72,7 +73,7 @@ proof -
            apply (rule Rel_Main_test[of bigblock_else])
            apply (simp add: bigblock_else_def)
           apply simp
-         apply simp
+         apply simp+
         apply (rule Red_bb0_to)
        apply (rule Red0_impl)
        apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_1_def)
@@ -84,14 +85,18 @@ qed
 lemma block_then_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,no_guard_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) no_guard_if_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node2_loc: "node_to_block no_guard_if_before_cfg_to_dag_prog.proc_body ! 2 = [(Assign 0 (Lit (LInt 0)))]" 
     by (simp add: no_guard_if_before_cfg_to_dag_prog.block_2_def no_guard_if_before_cfg_to_dag_prog.node_2)
   show ?thesis 
     apply (rule generic_ending_block_global_rel)
          apply (rule Rel_Main_test[of bigblock_then])
-         apply (simp add: bigblock_then_def)
+             apply (simp add: bigblock_then_def)
+            apply simp
         apply (rule assms(1))
        apply (simp add: bigblock_then_def)
          apply simp
@@ -100,6 +105,7 @@ proof -
        apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_2)
       apply (rule assms(2))
       apply simp
+     apply (rule cfg_satisfies_post, blast)
      apply simp
     apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_2)
     apply (rule bigblock_then_local_rel)
@@ -111,14 +117,18 @@ qed
 lemma block_else_global_rel:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,no_guard_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) no_guard_if_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   have node1_loc: "node_to_block no_guard_if_before_cfg_to_dag_prog.proc_body ! 1 = [(Assign 0 (Lit (LInt 1)))]" 
     by (simp add: no_guard_if_before_cfg_to_dag_prog.block_1_def no_guard_if_before_cfg_to_dag_prog.node_1)
   show ?thesis 
     apply (rule generic_ending_block_global_rel)
          apply (rule Rel_Main_test[of bigblock_else])
-         apply (simp add: bigblock_else_def)
+             apply (simp add: bigblock_else_def)
+            apply simp
         apply (rule assms(1))
        apply (simp add: bigblock_else_def)
          apply simp
@@ -127,6 +137,7 @@ proof -
        apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_1)
       apply (rule assms(2))
       apply simp
+     apply (rule cfg_satisfies_post, blast)
      apply simp
     apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_1)
     apply (rule bigblock_else_local_rel)
@@ -137,19 +148,24 @@ qed
 
 lemma block0_global_rel:
   assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,no_guard_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) no_guard_if_before_ast_cfg.post)"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   show ?thesis 
     apply (rule block_global_rel_if_successor)
            apply (rule Rel_Main_test[of bigblock0 _ no_guard_if_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
+             apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
+            apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)
           apply (rule ast_trace)
           apply (simp add: bigblock0_def)
          apply (rule disjI1)
         apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
        apply (rule assms(1))
-       apply simp
+        apply simp
+       apply (rule cfg_satisfies_post, blast)
        apply simp+
      apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_0)
      apply (rule bigblock0_local_rel)
@@ -159,19 +175,21 @@ proof -
     apply (rule disjE)
       apply assumption
 
-     apply (erule allE[where x=2])
+     apply (erule allE[where x=2])+
      apply (simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0)
      apply (simp add:member_rec(1))
     unfolding no_guard_if_before_cfg_to_dag_prog.post_def
      apply (rule block_then_global_rel)
       apply (simp add: bigblock_then_def)
-    apply simp
+      apply simp
+     apply blast
    
-    apply (erule allE[where x=1])
+    apply (erule allE[where x=1])+
     apply (simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0)
     apply (simp add:member_rec(1))
     apply (rule block_else_global_rel)
       apply (simp add: bigblock_else_def)
-    apply simp
+     apply simp
+    apply blast
     done
 qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_ast_cfg_proof.thy
index fdff641..2a3c107 100644
--- a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_ast_cfg_proof.thy
@@ -45,7 +45,8 @@ proof -
   show ?thesis 
     apply (rule block_local_rel_generic)
            apply (rule Rel_Main_test[of bigblock0 _ no_inv_loop_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+            apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)
           apply simp+
         apply (rule Red_bb)
        apply (rule Red_impl, simp)
@@ -69,7 +70,7 @@ proof -
              apply (rule Rel_Main_test[of body_bb1])
              apply (simp add: body_bb1_def)
             apply simp
-           apply simp
+           apply simp+
           apply (rule Red_bb)
          apply (rule push_through_assumption_test1, rule Red_impl)
             apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_2_def)
@@ -80,14 +81,17 @@ qed
 lemma end_global_rel: 
   assumes Red_bb: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (empty_bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,no_inv_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) no_inv_loop_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
-shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
 proof -
   have node3_loc: "node_to_block no_inv_loop_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
     by (simp add: no_inv_loop_before_cfg_to_dag_prog.block_3_def no_inv_loop_before_cfg_to_dag_prog.node_3)
   show ?thesis
     apply (rule generic_ending_block_global_rel)
-            apply (rule Rel_Main_test[of empty_bb])
+            apply (rule Rel_Invs[of empty_bb])
             apply (simp add: empty_bb_def)
            apply (rule Red_bb)
           apply (simp add: empty_bb_def)
@@ -103,6 +107,7 @@ proof -
         apply (rule trace_is_possible)
        apply (rule no_inv_loop_before_cfg_to_dag_prog.outEdges_3)
       apply (rule cfg_is_correct, simp)
+     apply (rule cfg_satisfies_post, blast)
      apply simp
     apply (simp add: empty_bb_def)
     apply (simp add: end_static)
@@ -114,20 +119,27 @@ qed
 lemma second_loop_body_global_rel:
   assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb1, (KSeq unwrapped_bigblock0 (KEndBlock KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,no_inv_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) no_inv_loop_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
   and loop_ih:
         "\<And>k ns1''. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock0, (KEndBlock KStop), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+        (\<And>m' s'.
+                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,no_inv_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) no_inv_loop_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
 proof -
   have node2_loc: "node_to_block no_inv_loop_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
     by (simp add: no_inv_loop_before_cfg_to_dag_prog.block_2_def no_inv_loop_before_cfg_to_dag_prog.node_2)
   show ?thesis 
     apply (rule block_global_rel_generic)
            apply (rule Rel_Main_test[of body_bb1])
-           apply (simp add: body_bb1_def)
+             apply (simp only: body_bb1_def)
+            apply simp
           apply (rule assms(1))
          apply (simp add: body_bb1_def)
         apply (rule disjI2)
@@ -138,24 +150,30 @@ proof -
          apply simp
         apply (rule trace_is_possible)
        apply (rule assms(2))
+        apply simp+
+       apply (rule cfg_satisfies_post, blast)
        apply simp+
      apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_2)
      apply (rule loop_body_bb_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
-    apply (erule allE[where x=1])
+    apply (erule allE[where x=1])+
     apply (simp add: no_inv_loop_before_cfg_to_dag_prog.outEdges_2)
     apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply simp+
+       apply simp+
+    apply blast
     done
 qed
 
 lemma second_loop_head_global_rel:
   assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock0, (KEndBlock KStop), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,no_inv_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) no_inv_loop_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
 proof (induction j arbitrary: ns1 rule: less_induct)
   case (less j)
@@ -172,6 +190,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
               apply (simp add: unwrapped_bigblock0_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply (rule less(4), blast)
            apply simp
            apply (simp add: unwrapped_bigblock0_def)
           apply simp                 
@@ -189,7 +208,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       apply(rule disjE)
         apply assumption
 
-       apply (erule allE[where x = 2])
+       apply (erule allE[where x = 2])+
        apply (simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1)
        apply (simp add:member_rec(1))
        apply (rule conjE)
@@ -197,13 +216,14 @@ proof (induction j arbitrary: ns1 rule: less_induct)
        apply simp
        apply (rule second_loop_body_global_rel)
           apply (simp add: body_bb1_def)
-         apply simp
+          apply simp
+         apply blast
         apply assumption
        apply (rule less.IH)
          apply (erule strictly_smaller_helper2)
          apply assumption+
 
-      apply (erule allE[where x = 3])
+      apply (erule allE[where x = 3])+
       apply (simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1)
       apply (simp add:member_rec(1))
       apply (rule conjE)
@@ -214,10 +234,11 @@ proof (induction j arbitrary: ns1 rule: less_induct)
           apply simp
          apply simp
          apply blast
+        apply blast
         apply simp
-       apply assumption
       apply (rule end_global_rel)
-        apply (simp add: empty_bb_def)+
+         apply (simp add: empty_bb_def)+
+       apply blast+
       done
    qed
  qed
@@ -226,29 +247,35 @@ lemma entry_block_global_rel:
   assumes j_step_ast_trace: 
     "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,no_inv_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) no_inv_loop_before_ast_cfg.post)"
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
 proof -
   show ?thesis
-    unfolding no_inv_loop_before_ast_cfg.post_def
     apply (rule block_global_rel_while_successor)
           apply (rule j_step_ast_trace)
           apply (rule Rel_Main_test[of bigblock0 _ no_inv_loop_before_cfg_to_dag_prog.block_0])
           apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-         apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+          apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
         apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)
        apply (rule disjI1)
        apply (rule no_inv_loop_before_cfg_to_dag_prog.node_0)
        apply (rule cfg_is_correct, simp)
+      apply (rule cfg_satisfies_post, blast)
       apply simp
      apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_0)
      apply (rule bb0_local_rel)
       apply assumption
      apply simp
-    apply (rule second_loop_head_global_rel)
-     apply (simp add: unwrapped_bigblock0_def)
+      apply (erule allE[where x = 1])+
     apply (simp add: no_inv_loop_before_cfg_to_dag_prog.outEdges_0)
     apply (simp add: member_rec(1))
+    apply (rule second_loop_head_global_rel)
+     apply (simp add: unwrapped_bigblock0_def)
+     apply blast+
     done
 qed
 
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_ast_cfg_proof.thy
index b26c126..bdf9a28 100644
--- a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_ast_cfg_proof.thy
@@ -53,8 +53,8 @@ proof -
   show ?thesis 
     apply (rule block_local_rel_generic)
            apply (rule Rel_Main_test[of bigblock0 _ triangle_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
-          apply simp+
+            apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: triangle_before_cfg_to_dag_prog.block_0_def)+
         apply (rule Red_bb)
        apply (rule Red_impl, simp)
       apply (simp add: bigblock0_def)
@@ -76,8 +76,7 @@ proof -
       apply (rule block_local_rel_generic)
              apply (rule Rel_Main_test[of body_bb1])
              apply (simp add: body_bb1_def)
-            apply simp
-           apply simp
+             apply simp+
           apply (rule Red_bb)
          apply (rule push_through_assumption_test1, rule Red_impl)
             apply (simp add: triangle_before_cfg_to_dag_prog.block_2_def)
@@ -98,7 +97,7 @@ proof -
     by (simp add: triangle_before_cfg_to_dag_prog.block_3_def triangle_before_cfg_to_dag_prog.node_3)
   show ?thesis
     apply (rule generic_ending_block_global_rel)
-            apply (rule Rel_Main_test[of empty_bb])
+            apply (rule Rel_Invs[of empty_bb])
             apply (simp add: empty_bb_def)
            apply (rule Red_bb)
           apply (simp add: empty_bb_def)
@@ -145,7 +144,8 @@ proof -
   show ?thesis 
     apply (rule block_global_rel_generic)
            apply (rule Rel_Main_test[of body_bb1])
-           apply (simp add: body_bb1_def)
+             apply (simp add: body_bb1_def)
+            apply (simp add: triangle_before_cfg_to_dag_prog.block_2_def)
           apply (rule assms(1))
          apply (simp add: body_bb1_def)
         apply (rule disjI2)
@@ -272,7 +272,8 @@ proof -
           apply (rule j_step_ast_trace)
           apply (rule Rel_Main_test[of bigblock0 _ triangle_before_cfg_to_dag_prog.block_0])
           apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
-         apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
+          apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
         apply (simp add: triangle_before_cfg_to_dag_prog.block_0_def)
        apply (rule disjI1)
        apply (rule triangle_before_cfg_to_dag_prog.node_0)
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
index 88dd662..8a95826 100644
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
@@ -1,5 +1,13 @@
 theory p_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
+  imports Boogie_Lang.Semantics 
+          Boogie_Lang.Util 
+          Boogie_Lang.BackedgeElim 
+          Boogie_Lang.TypingML
+          while_example2_before_ast_cfg
+          p_before_cfg_to_dag_prog 
+          p_before_passive_prog 
+          p_passification_proof 
+          p_vcphase_proof
 begin
 locale cfg_to_dag_lemmas = 
 fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
@@ -9,15 +17,15 @@ begin
 
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
 declare Nat.One_nat_def[simp del]
 
 lemma cfg_block_GeneratedUnifiedExit:
 assumes 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def p_before_cfg_to_dag_prog.post_def 
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_example2_before_ast_cfg.post )"
+unfolding expr_all_sat_def while_example2_before_ast_cfg.post_def 
 apply (rule cfg_dag_rel_post_invs_3)
 apply (erule assms(1))
 apply (rule p_before_passive_prog.node_0)
@@ -42,9 +50,9 @@ unfolding p_before_cfg_to_dag_prog.block_2_def p_before_passive_prog.block_1_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf while_example2_before_ast_cfg.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms while_example2_before_ast_cfg.l_x(2)} [] 1\<close>))
 
 done
 
@@ -53,8 +61,8 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] while_example2_before_ast_cfg.post  ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
 apply (rule p_before_cfg_to_dag_prog.node_2)
 apply (rule p_before_passive_prog.node_1)
@@ -96,7 +104,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
 apply (rule p_before_cfg_to_dag_prog.node_6)
 apply (rule p_before_passive_prog.node_2)
@@ -127,9 +135,9 @@ unfolding p_before_cfg_to_dag_prog.block_5_def p_before_passive_prog.block_3_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf while_example2_before_ast_cfg.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms while_example2_before_ast_cfg.l_x(2)} [] 1\<close>))
 
 done
 
@@ -138,8 +146,8 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] p_before_cfg_to_dag_prog.post ns1 s' 4 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] while_example2_before_ast_cfg.post  ns1 s' 4 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
 apply (rule p_before_cfg_to_dag_prog.node_5)
 apply (rule p_before_passive_prog.node_3)
@@ -178,7 +186,7 @@ apply (rule dag_rel_block_lemma_compact, simp)
 unfolding p_before_cfg_to_dag_prog.block_4_def p_before_passive_prog.block_4_def
 apply cfg_dag_rel_tac_single+
 apply simp
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(1)))
+apply ((simp add:while_example2_before_ast_cfg.l_x(1)))
 apply simp
 done
 
@@ -187,13 +195,13 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
 using Red DagAssms
 proof (induction j arbitrary: ns1 rule: less_induct)
 case (less j)
 show ?case
 proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
 next
 case (Suc j')
 from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
@@ -262,9 +270,9 @@ unfolding p_before_cfg_to_dag_prog.block_3_def p_before_passive_prog.block_5_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf while_example2_before_ast_cfg.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms while_example2_before_ast_cfg.l_x(2)} [] 1\<close>))
 
 done
 
@@ -273,7 +281,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule p_before_cfg_to_dag_prog.node_3)
 apply (rule p_before_passive_prog.node_5)
@@ -315,7 +323,7 @@ apply (rule dag_rel_block_lemma_compact, simp)
 unfolding p_before_cfg_to_dag_prog.block_1_def p_before_passive_prog.block_6_def
 apply cfg_dag_rel_tac_single+
 apply simp
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(1)))
+apply ((simp add:while_example2_before_ast_cfg.l_x(1)))
 apply simp
 done
 
@@ -324,13 +332,13 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
 using Red DagAssms
 proof (induction j arbitrary: ns1 rule: less_induct)
 case (less j)
 show ?case
 proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
 next
 case (Suc j')
 from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
@@ -398,9 +406,9 @@ unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_7_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf p_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf while_example2_before_ast_cfg.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms while_example2_before_ast_cfg.l_x(2)} [] 1\<close>))
 
 done
 
@@ -409,7 +417,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule p_before_cfg_to_dag_prog.node_0)
 apply (rule p_before_passive_prog.node_7)
@@ -454,16 +462,16 @@ assumes
 "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_example2_before_ast_cfg.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
 apply (rule cfg_dag_helper_entry)
 apply (rule p_before_passive_prog.node_9)
 apply (erule assms(3))
 apply (rule assms(2))
 unfolding p_before_passive_prog.block_9_def
-apply (rule assume_pres_normal[where ?es=p_before_cfg_to_dag_prog.pres])
+apply (rule assume_pres_normal[where ?es=while_example2_before_ast_cfg.pres])
 apply (rule assms(4))
-unfolding p_before_cfg_to_dag_prog.pres_def
+unfolding while_example2_before_ast_cfg.pres_def
 apply simp
 apply (rule p_before_passive_prog.outEdges_9)
 apply ((simp add:p_before_passive_prog.node_8 p_before_passive_prog.block_8_def))
@@ -475,23 +483,23 @@ end
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
 lemma end_to_end_theorem_aux:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
 FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
 Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_cfg_to_dag_prog.pres)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_example2_before_ast_cfg.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
 proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
 show ?thesis
 apply (rule cfg_to_dag_lemmas.entry_lemma)
@@ -526,9 +534,15 @@ qed
 lemma end_to_end_theorem:
 assumes 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms p_before_cfg_to_dag_prog.proc))"
+shows "(\<And> A. (Semantics.proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms p_before_cfg_to_dag_prog.proc))"
   apply (rule end_to_end_util[OF end_to_end_theorem_aux])
 apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
-
+apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def while_example2_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
+apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.post_def p_before_cfg_to_dag_prog.proc_body_def while_example2_before_ast_cfg.post_def while_example2_before_ast_cfg.post_def)
+apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
+apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def while_example2_before_ast_cfg.locals_vdecls_def while_example2_before_ast_cfg.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def)
+apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
+apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
+apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
+done
 end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
index d23b383..2b99185 100644
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
@@ -1,5 +1,5 @@
 theory p_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd while_example2_before_ast_cfg
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,7 +9,7 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
 abbreviation \<Lambda>2
   where
     "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
@@ -36,7 +36,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_2(2)))
+apply ((simp add:while_example2_before_ast_cfg.l_x(2) p_passive_prog.l_x_2(2)))
 by simp
 
 lemma block_anon6_LoopDone:
@@ -61,7 +61,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding p_before_passive_prog.block_3_def p_passive_prog.block_3_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_4(2)))
+apply ((simp add:while_example2_before_ast_cfg.l_x(2) p_passive_prog.l_x_4(2)))
 by simp
 
 lemma block_anon6_LoopHead:
@@ -73,7 +73,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding p_before_passive_prog.block_4_def p_passive_prog.block_4_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_3(2)))
+apply ((simp add:while_example2_before_ast_cfg.l_x(2) p_passive_prog.l_x_3(2)))
 by simp
 
 lemma block_anon5_LoopDone:
@@ -97,7 +97,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding p_before_passive_prog.block_6_def p_passive_prog.block_6_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_1(2)))
+apply ((simp add:while_example2_before_ast_cfg.l_x(2) p_passive_prog.l_x_1(2)))
 by simp
 
 lemma block_anon0:
@@ -109,7 +109,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding p_before_passive_prog.block_7_def p_passive_prog.block_7_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_0(2)))
+apply ((simp add:while_example2_before_ast_cfg.l_x(2) p_passive_prog.l_x_0(2)))
 by simp
 
 lemma block_0:
@@ -222,7 +222,7 @@ by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} []
 locale glue_proof = 
 fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
@@ -268,7 +268,9 @@ by ((simp add:BinderNs))
 lemma U0_ns_old_rel:
 shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
 apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
+    apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
+  unfolding while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def constants_vdecls_def globals_vdecls_def
+  apply simp
 apply (rule convert_fun_to_list[OF R_old_def])
 unfolding R_old_list_def 
 apply simp
@@ -296,7 +298,8 @@ apply (rule R_wt)
 apply (rule inj_R_rel)
 apply simp
 apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
+  using R_well_formed apply fastforce
+  unfolding constants_vdecls_def globals_vdecls_def
 using p_before_passive_prog.globals_locals_disj apply auto[1]
 using p_passive_prog.globals_locals_disj apply auto[1]
 done
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
index 8c19aab..792e11b 100644
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
@@ -59,7 +59,8 @@ proof -
   show ?thesis 
     apply (rule block_local_rel_generic)
            apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+            apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
           apply simp+
         apply (rule Red_bb)
        apply (rule Red_impl, simp)
@@ -83,7 +84,7 @@ proof -
              apply (rule Rel_Main_test[of body_bb1])
              apply (simp add: body_bb1_def)
             apply simp
-           apply simp
+           apply simp+
           apply (rule Red_bb)
          apply (rule push_through_assumption_test1, rule Red_impl)
             apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
@@ -105,7 +106,7 @@ proof -
              apply (rule Rel_Main_test[of body_bb2])
              apply (simp add: body_bb2_def)
             apply simp
-           apply simp
+           apply simp+
           apply (rule Red_bb)
          apply (rule push_through_assumption_test1, rule Red_impl)
             apply (simp add: p_before_cfg_to_dag_prog.block_5_def)
@@ -127,7 +128,7 @@ proof -
              apply (rule Rel_Main_test[of bigblock2])
              apply (simp add: bigblock2_def)
             apply simp
-           apply simp
+           apply simp+
           apply (rule Red_bb)
          apply (rule Red_impl)
          apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
@@ -146,8 +147,11 @@ qed
 lemma bb2_global_rel:
   assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock2, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 6, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   using assms
 proof -
   have node6_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 6 = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]" 
@@ -155,7 +159,8 @@ proof -
   show ?thesis
     apply (rule generic_ending_block_global_rel)
          apply (rule Rel_Main_test[of bigblock2])
-         apply (simp add: bigblock2_def)
+             apply (simp add: bigblock2_def)
+            apply simp
            apply (rule concrete_trace)
           apply (simp add: bigblock2_def)
          apply simp
@@ -171,7 +176,8 @@ proof -
        apply (rule p_before_cfg_to_dag_prog.outEdges_6)
     apply (rule cfg_is_correct)
       apply simp
-     apply simp
+     apply (rule cfg_satisfies_post)
+     apply simp+
     apply (simp add: p_before_cfg_to_dag_prog.node_6)
     apply (rule bb2_local_rel)
       apply assumption+
@@ -184,20 +190,27 @@ qed
 lemma second_loop_body_global_rel:
   assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb2, (KSeq unwrapped_bigblock1 (KEndBlock (KSeq bigblock2 KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Lt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
   and loop_ih:
         "\<And>k ns1''. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock1, (KEndBlock (KSeq bigblock2 KStop)), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>  
+        (\<And>m' s'.
+                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
 proof -
   have node5_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 5 = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]" 
     by (simp add: p_before_cfg_to_dag_prog.block_5_def p_before_cfg_to_dag_prog.node_5)
   show ?thesis 
     apply (rule block_global_rel_generic)
            apply (rule Rel_Main_test[of body_bb2])
-           apply (simp add: body_bb2_def)
+             apply (simp add: body_bb2_def)
+            apply simp
           apply (rule assms(1))
          apply (simp add: body_bb2_def)
         apply (rule disjI2)
@@ -208,17 +221,21 @@ proof -
          apply simp
         apply (rule trace_is_possible)
        apply (rule assms(2))
-       apply simp+
+        apply simp+
+       apply (rule assms(3))
+        apply simp+
      apply (simp add: p_before_cfg_to_dag_prog.node_5)
      apply (rule second_loop_body_bb_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
     apply (erule allE[where x=4])
+    apply (erule allE[where x=4])
     apply (simp add: p_before_cfg_to_dag_prog.outEdges_5)
     apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply simp+
+       apply (simp)+
+    apply blast
     done
 qed
 
@@ -227,8 +244,8 @@ lemma second_loop_head_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_sat_post: "\<And>m2 s2.
        A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1) -n\<rightarrow>* (m2, s2) \<Longrightarrow>
-       is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) []"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+       is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
 proof (induction j arbitrary: ns1 rule: less_induct)
   case (less j)
@@ -245,6 +262,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
               apply (simp add: unwrapped_bigblock1_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply (rule less(4), simp)
            apply simp
            apply (simp add: unwrapped_bigblock1_def)
           apply simp                 
@@ -262,24 +280,25 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       apply(rule disjE)
         apply assumption
 
-       apply (erule allE[where x = 5])
-       apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)
-       apply (simp add:member_rec(1))
+       apply (erule allE[where x = 5])+
+       apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)+
+       apply (simp add:member_rec(1))+
        apply (rule conjE)
         apply assumption
        apply simp
        apply (rule second_loop_body_global_rel)
           apply (simp add: body_bb2_def)
-         apply simp
+          apply simp
+         apply blast
         apply assumption
        apply (rule less.IH)
          apply (erule strictly_smaller_helper2)
           apply assumption+
        apply simp
 
-      apply (erule allE[where x = 6])
-      apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)
-      apply (simp add:member_rec(1))
+      apply (erule allE[where x = 6])+
+      apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)+
+      apply (simp add:member_rec(1))+
       apply (rule conjE)
        apply assumption
       apply simp
@@ -288,10 +307,11 @@ proof (induction j arbitrary: ns1 rule: less_induct)
           apply simp
          apply simp
          apply blast
-        apply simp
-       apply assumption
+        apply blast
+       apply simp
       apply (rule bb2_global_rel)
-        apply simp+
+         apply simp+
+      apply blast+
       done
    qed
 qed
@@ -300,19 +320,27 @@ lemma first_loop_body_global_rel:
   assumes j_step_ast_trace: 
     "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb1, (KSeq unwrapped_bigblock0 (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop)))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0), ns1\<rangle> \<Down> BoolV True"
   and loop_ih:
         "\<And>k ns1''. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock0, (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+        (\<And>m' s'.
+                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"  
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
 proof -
   have node2_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
     by (simp add: p_before_cfg_to_dag_prog.block_2_def p_before_cfg_to_dag_prog.node_2)
   show ?thesis 
     apply (rule block_global_rel_generic)
            apply (rule Rel_Main_test[of body_bb1])
-           apply (simp add: body_bb1_def)
+             apply (simp add: body_bb1_def)
+            apply simp
           apply (rule assms(1))
          apply (simp add: body_bb1_def)
         apply (rule disjI2)
@@ -323,17 +351,20 @@ proof -
          apply simp
         apply (rule trace_is_possible)
        apply (rule assms(2))
-       apply simp+
+    apply simp+
+       apply (rule cfg_satisfies_post)
+        apply blast+
      apply (simp add: p_before_cfg_to_dag_prog.node_2)
      apply (rule first_loop_body_bb_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
-    apply (erule allE[where x=1])
-    apply (simp add: p_before_cfg_to_dag_prog.outEdges_2)
+    apply (erule allE[where x=1])+
+    apply (simp add: p_before_cfg_to_dag_prog.outEdges_2)+
     apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply simp+
+       apply simp+
+    apply blast
     done
 qed
 
@@ -341,7 +372,10 @@ lemma first_loop_head_global_rel:
   assumes j_step_ast_trace: 
     "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock0, (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega>  while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms 
 proof (induction j arbitrary: ns1 rule: less_induct)
   case (less j)
@@ -358,6 +392,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
               apply (simp add: unwrapped_bigblock0_def p_before_cfg_to_dag_prog.block_1_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply (rule less(4), simp)
            apply simp
             apply (simp add: unwrapped_bigblock0_def)
           apply simp                 
@@ -375,41 +410,47 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       apply(rule disjE)
         apply assumption
     
-       apply (erule allE[where x = 2])
-       apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
+       apply (erule allE[where x = 2])+
+       apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)+
        apply (simp add:member_rec(1))
        apply (rule conjE)
         apply assumption
        apply simp
        apply (rule first_loop_body_global_rel)
           apply (simp add: body_bb1_def)
-         apply simp
+          apply simp
+         apply blast
         apply assumption
        apply (rule less.IH)
          apply (erule strictly_smaller_helper2)
          apply assumption+
 
-      apply (erule allE[where x = 3])
-      apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
+      apply (erule allE[where x = 3])+
+      apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)+
       apply (simp add:member_rec(1))
       apply (rule conjE)
        apply assumption
       apply simp
-      apply (rule ending_after_skipping_endblock_and_wrapper)
+      apply (rule ending_after_skipping_endblock_and_unwrapping)
               apply assumption
              apply (simp add: bigblock1_def bigblock2_def)
             apply simp
             apply assumption
+           apply blast
            apply simp
-          apply assumption
          apply (simp add: p_before_cfg_to_dag_prog.node_3)
          apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
         apply (rule neg_gt2)
        apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
        apply (simp add: member_rec)
       apply (rule second_loop_head_global_rel)
-       apply (simp add: unwrapped_bigblock1_def bigblock2_def)
-      apply auto
+        apply (simp add: unwrapped_bigblock1_def bigblock2_def)
+       apply (rule correctness_propagates_through_assumption)
+            apply assumption
+           apply (simp add: p_before_cfg_to_dag_prog.node_3)
+          apply simp+
+      apply (rule correctness_propagates_through_assumption3)
+            apply simp+
       done
   qed
 qed
@@ -418,29 +459,37 @@ lemma entry_block_global_rel:
   assumes j_step_ast_trace: 
     "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
 proof -
   show ?thesis
-    unfolding while_example2_before_ast_cfg.post_def
     apply (rule block_global_rel_while_successor)
           apply (rule j_step_ast_trace)
           apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
-         apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
+          apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
         apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
        apply (rule disjI1)
        apply (rule p_before_cfg_to_dag_prog.node_0)
        apply (rule cfg_is_correct, simp)
+      apply (rule cfg_satisfies_post, blast)
       apply simp
      apply (simp add: p_before_cfg_to_dag_prog.node_0)
      apply (rule bb0_local_rel)
       apply assumption
      apply simp
     apply (rule first_loop_head_global_rel)
-     apply (simp add: unwrapped_bigblock0_def)
+      apply (simp add: unwrapped_bigblock0_def)
+     apply (simp add: p_before_cfg_to_dag_prog.outEdges_0)
+     apply (simp add: member_rec(1))
+    apply (erule allE[where x = 1])+
     apply (simp add: p_before_cfg_to_dag_prog.outEdges_0)
     apply (simp add: member_rec(1))
+    apply blast
     done
 qed
 
@@ -488,7 +537,26 @@ using ParamsLocal apply (simp add: while_example2_before_ast_cfg.params_vdecls_d
 using ConstsGlobal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
                                    p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
 using OldGlobal apply simp
-using BinderNs apply simp
+  using BinderNs apply simp
+  apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
+                 p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
+                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def
+                                   while_example2_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
+                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
+                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+  using BinderNs apply simp
+  apply simp
 done
 qed
 

From 02126da4e7908bedab19efbc057cd37d4639b158 Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Fri, 3 Jun 2022 23:52:51 +0200
Subject: [PATCH 17/74] changed nested loop2

---
 BoogieLang/Ast_Cfg_Transformation.thy         |   5 +-
 .../nested_loop2_ast_cfg_proof.thy            | 457 ++++++++++++++----
 2 files changed, 359 insertions(+), 103 deletions(-)

diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index 9dbc8f0..8786817 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -216,6 +216,9 @@ lemma strictly_smaller_helper3: "j'' < j' \<Longrightarrow> j''' < j'' \<Longrig
 lemma strictly_smaller_helper4: "j' = Suc (Suc j'') \<Longrightarrow> k < j'' \<Longrightarrow> j = Suc j' \<Longrightarrow> k < j"
   by simp
 
+lemma smaller_helper5: "j = Suc j1 \<Longrightarrow> j1 = Suc (Suc j2) \<Longrightarrow> j2 < j"
+  by simp
+
 text \<open>The following are helper lemmas related to taking steps through assume cmds in a given ast- or cfg-trace.\<close>
 lemma push_through_assumption_test1: 
   assumes "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)"
@@ -493,7 +496,7 @@ lemma ending_after_skipping_endblock2:
            (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
            (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
-           (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp Not guard,ns1''\<rangle> \<Down> BoolV True) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+           (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
 proof -
   from assms(2-3) have disj_a:
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy
index cf77418..3319209 100644
--- a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy
@@ -16,8 +16,8 @@ abbreviation \<Lambda>1_local
   where
     "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls))"
 
-definition outer_body_bb1 
-  where "outer_body_bb1 \<equiv> 
+definition loop2_body_bb1 
+  where "loop2_body_bb1 \<equiv> 
                      (BigBlock None [] 
                      (Some (WhileWrapper 
                            (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
@@ -25,22 +25,22 @@ definition outer_body_bb1
                             [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
                       None)"
 
-definition outer_body_bb2
-  where "outer_body_bb2 \<equiv> (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)"
+definition loop2_body_bb2
+  where "loop2_body_bb2 \<equiv> (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)"
 
-definition outer_body_bb1_unwrapped where
-  "outer_body_bb1_unwrapped \<equiv> 
+definition loop2_body_bb1_unwrapped where
+  "loop2_body_bb1_unwrapped \<equiv> 
                    (BigBlock None [] 
                    (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
                           [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
                           [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None])) 
                     None)"
 
-definition inner_body_bb1 
-  where "inner_body_bb1 \<equiv> (BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None)"
+definition loop3_body_bb1 
+  where "loop3_body_bb1 \<equiv> (BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None)"
 
-definition loop_only_bigblock0 where
-  "loop_only_bigblock0 \<equiv> 
+definition loop1_body_bb1 where
+  "loop1_body_bb1 \<equiv> 
                       (BigBlock None []
                       (Some (WhileWrapper 
                             (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
@@ -54,8 +54,8 @@ definition loop_only_bigblock0 where
                              (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
                        None)"
 
-definition bb0_unwrapped where
-  "bb0_unwrapped \<equiv> (BigBlock None []
+definition loop1_body_bb1_unwrapped where
+  "loop1_body_bb1_unwrapped \<equiv> (BigBlock None []
                     (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
                           [(BinOp (Var 0) Ge (Lit (LInt 0)))]
                           [(BigBlock None [] 
@@ -67,6 +67,45 @@ definition bb0_unwrapped where
                            (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)])) 
                      None)"
 
+definition loop_only_bigblock0 where
+  "loop_only_bigblock0 \<equiv> 
+                      BigBlock None []
+                     (Some (WhileWrapper 
+                           (ParsedWhile (Some ((Lit (LBool True))))
+                            []
+                            [(BigBlock None []
+                             (Some (WhileWrapper 
+                                   (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                                   [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                                   [(BigBlock None [] 
+                                    (Some (WhileWrapper 
+                                         (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                                          [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                                          [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
+                                     None),
+                                   (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
+                              None)])))
+                       None"
+
+definition bb0_unwrapped where
+  "bb0_unwrapped \<equiv> BigBlock None []
+                     (Some 
+                           (ParsedWhile (Some ((Lit (LBool True))))
+                            []
+                            [(BigBlock None []
+                             (Some (WhileWrapper 
+                                   (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
+                                   [(BinOp (Var 0) Ge (Lit (LInt 0)))]
+                                   [(BigBlock None [] 
+                                    (Some (WhileWrapper 
+                                         (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
+                                          [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
+                                          [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
+                                     None),
+                                   (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
+                              None)]))
+                       None"
+
 definition empty_bb where
   "empty_bb \<equiv> (BigBlock None [] None None)"
 
@@ -89,8 +128,8 @@ proof -
     done
 qed
 
-lemma inner_body_bb1_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (inner_body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+lemma loop3_body_bb1_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (loop3_body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
   and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
   shows "reached_state \<noteq> Failure  \<and>
@@ -100,19 +139,19 @@ proof -
     unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def
     apply (rule guard_holds_push_through_assumption)
       apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of inner_body_bb1])
-             apply (simp add: inner_body_bb1_def)
+             apply (rule Rel_Main_test[of loop3_body_bb1])
+             apply (simp add: loop3_body_bb1_def)
             apply simp
            apply simp+
           apply (rule Red_bb)
          apply (rule push_through_assumption_test1, rule Red_impl)
             apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_6_def)
-           apply (simp add: trace_is_possible inner_body_bb1_def)+
+           apply (simp add: trace_is_possible loop3_body_bb1_def)+
     done
 qed
 
-lemma outer_body_bb2_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (outer_body_bb2 , KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+lemma loop2_body_bb2_local_rel:
+  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (loop2_body_bb2 , cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
   and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.block_7 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
   shows "reached_state \<noteq> Failure  \<and>
@@ -122,8 +161,8 @@ proof -
     unfolding nested_loop2_before_cfg_to_dag_prog.block_7_def 
     apply (rule guard_fails_push_through_assumption)
       apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of outer_body_bb2])
-             apply (simp add: outer_body_bb2_def)
+             apply (rule Rel_Main_test[of loop2_body_bb2])
+             apply (simp add: loop2_body_bb2_def)
             apply simp
            apply simp+
           apply (rule Red_bb)
@@ -134,7 +173,7 @@ proof -
             apply (rule neg_gt2)
           apply (rule trace_is_possible)
          apply simp
-        apply (simp add: outer_body_bb2_def)
+        apply (simp add: loop2_body_bb2_def)
         apply simp+
      apply (rule neg_gt2)
     apply (rule trace_is_possible)
@@ -145,8 +184,11 @@ qed
 lemma end_global_rel: 
   assumes Red_bb: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (empty_bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 9, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(Lit (LBool True)), ns1\<rangle> \<Down> BoolV False"
-shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
 proof -
   have node3_loc: "node_to_block nested_loop2_before_cfg_to_dag_prog.proc_body ! 9 = [(Assume (UnOp Not (Lit (LBool True))))]" 
     by (simp add: nested_loop2_before_cfg_to_dag_prog.block_9_def nested_loop2_before_cfg_to_dag_prog.node_9)
@@ -167,36 +209,43 @@ proof -
          defer
         apply (rule trace_is_possible)
        apply (rule nested_loop2_before_cfg_to_dag_prog.outEdges_9)
-      apply (rule cfg_is_correct, simp)
-     apply simp
-    apply (simp add: empty_bb_def)
+       apply (rule cfg_is_correct, simp)
+      apply (rule cfg_satisfies_post, blast)
+      apply simp
+     apply (simp add: empty_bb_def)
      apply (simp add: end_static)
     apply simp
     done
 qed
 
 
-lemma outer_body_bb2_global_rel:
-  assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb2, KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+lemma loop2_body_bb2_global_rel:
+  assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (loop2_body_bb2, KSeq loop1_body_bb1_unwrapped (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))), (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 7, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, (KEndBlock KStop), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(loop1_body_bb1_unwrapped, (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
+        (\<And>m' s'.
+                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   using assms
 proof -
   have node5_loc: "node_to_block nested_loop2_before_cfg_to_dag_prog.proc_body ! 7 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
     by (simp add: nested_loop2_before_cfg_to_dag_prog.block_7_def nested_loop2_before_cfg_to_dag_prog.node_7)
   show ?thesis 
     apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of outer_body_bb2])
-             apply (simp add: outer_body_bb2_def)
+           apply (rule Rel_Main_test[of loop2_body_bb2])
+             apply (simp add: loop2_body_bb2_def)
             defer
           apply (rule assms(1))
-         apply (simp add: outer_body_bb2_def)
+         apply (simp add: loop2_body_bb2_def)
         apply (rule disjI2)
         apply (rule disjI2)
         apply (rule conjI)
@@ -207,44 +256,53 @@ proof -
          apply (rule neg_gt2)
         apply (rule trace_is_possible)
        apply (rule assms(2))
-       apply simp+
+         apply simp+
+        apply (rule cfg_satisfies_post, blast)
+        apply simp+
      apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_7)
-     apply (rule outer_body_bb2_local_rel)
+     apply (rule loop2_body_bb2_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
-    apply (erule allE[where x=3])
+    apply (erule allE[where x=3])+
     apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_7)
     apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply simp+
+        apply simp+
+     apply blast+
     done
 qed
 
 
-lemma inner_loop_body_global_rel:
+lemma loop3_body_bb1_global_rel:
   assumes j_step_ast_trace: 
-          "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (inner_body_bb1, (KSeq outer_body_bb1_unwrapped (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))))), Normal ns1) -n\<longrightarrow>^j 
+          "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (loop3_body_bb1, (KSeq loop2_body_bb1_unwrapped (KEndBlock (KSeq loop2_body_bb2 (KSeq loop1_body_bb1_unwrapped (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))))))), Normal ns1) -n\<longrightarrow>^j 
                                  (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 6, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
   and loop_ih:
         "\<And>k ns1''. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(outer_body_bb1_unwrapped, (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop)))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(loop2_body_bb1_unwrapped, (KEndBlock (KSeq loop2_body_bb2 (KSeq loop1_body_bb1_unwrapped (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop)))))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+        (\<And>m' s'.
+                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
 proof -
   have node5_loc: "node_to_block nested_loop2_before_cfg_to_dag_prog.proc_body ! 6 = 
                    [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]" 
     by (simp add: nested_loop2_before_cfg_to_dag_prog.block_6_def nested_loop2_before_cfg_to_dag_prog.node_6)
   show ?thesis 
     apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of inner_body_bb1])
-             apply (simp add: inner_body_bb1_def)
+           apply (rule Rel_Main_test[of loop3_body_bb1])
+             apply (simp add: loop3_body_bb1_def)
             defer
           apply (rule assms(1))
-         apply (simp add: inner_body_bb1_def)
+         apply (simp add: loop3_body_bb1_def)
         apply (rule disjI2)
         apply (rule disjI1)
         apply (rule conjI)
@@ -253,31 +311,40 @@ proof -
          apply simp
         apply (rule trace_is_possible)
        apply (rule assms(2))
-       apply simp+
+         apply simp+
+        apply (rule cfg_satisfies_post, blast)
+        apply simp+
      apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_6)
-     apply (rule inner_body_bb1_local_rel)
+     apply (rule loop3_body_bb1_local_rel)
        apply assumption
       apply simp
      apply (rule trace_is_possible)
 
-    apply (erule allE[where x=5])
+    apply (erule allE[where x=5])+
     apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_6)
     apply (simp add: member_rec(1))
     apply (rule loop_ih)
-      apply simp+
+        apply simp+
+     apply blast+
     done
 qed
 
 
-lemma inner_loop_head_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1_unwrapped, (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop)))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+lemma loop2_body_bb1_unwrapped_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (loop2_body_bb1_unwrapped, (KEndBlock (KSeq loop2_body_bb2 (KSeq loop1_body_bb1_unwrapped (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop)))))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(loop1_body_bb1_unwrapped, (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+        (\<And>m' s'.
+                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
 proof (induction j arbitrary: ns1 rule: less_induct)
   case (less j)
@@ -290,17 +357,18 @@ proof (induction j arbitrary: ns1 rule: less_induct)
     case (Suc j')
     show ?thesis
       apply (rule block_global_rel_loop_head)
-              apply (rule Rel_Invs[of outer_body_bb1_unwrapped _ _ _ nested_loop2_before_cfg_to_dag_prog.block_5])
-              apply (simp add: outer_body_bb1_unwrapped_def nested_loop2_before_cfg_to_dag_prog.block_5_def)
+              apply (rule Rel_Invs[of loop2_body_bb1_unwrapped _ _ _ nested_loop2_before_cfg_to_dag_prog.block_5])
+              apply (simp add: loop2_body_bb1_unwrapped_def nested_loop2_before_cfg_to_dag_prog.block_5_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply (rule less(4), blast)
            apply simp
-           apply (simp add: outer_body_bb1_unwrapped_def)
+           apply (simp add: loop2_body_bb1_unwrapped_def)
           apply simp
          apply (rule block_local_rel_loop_head)
-             apply (rule Rel_Invs[of outer_body_bb1_unwrapped])
-             apply (simp add: outer_body_bb1_unwrapped_def)
-            apply (simp add: outer_body_bb1_unwrapped_def)
+             apply (rule Rel_Invs[of loop2_body_bb1_unwrapped])
+             apply (simp add: loop2_body_bb1_unwrapped_def)
+            apply (simp add: loop2_body_bb1_unwrapped_def)
            apply (simp)
           apply (rule nested_loop2_before_cfg_to_dag_prog.block_5_def)
          apply (simp, simp)
@@ -308,27 +376,29 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       apply(rule disjE)
         apply assumption
 
-       apply (erule allE[where x = 6])
+       apply (erule allE[where x = 6])+
        apply (simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5)
        apply (simp add:member_rec(1))
        apply (rule conjE)
         apply assumption
        apply simp
-       apply (rule inner_loop_body_global_rel) 
-          apply (simp add: inner_body_bb1_def)
-         apply simp
+       apply (rule loop3_body_bb1_global_rel) 
+          apply (simp add: loop3_body_bb1_def)
+          apply simp
+         apply blast
         apply assumption
        apply (rule less.IH)
          apply (rule strictly_smaller_helper2)
            apply assumption
           apply assumption
          apply assumption
-        apply assumption
-       apply (rule less.prems(3))
+         apply assumption
+        apply blast
+       apply (rule less.prems(4))
          apply (rule strictly_smaller_helper3)
            apply assumption+
 
-      apply (erule allE[where x = 7])
+      apply (erule allE[where x = 7])+
       apply (simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5)
       apply (simp add:member_rec(1))
       apply (rule conjE)
@@ -339,44 +409,63 @@ proof (induction j arbitrary: ns1 rule: less_induct)
           apply assumption
          apply simp
          apply blast
+        apply blast
         apply simp
-       apply assumption
-      apply (rule outer_body_bb2_global_rel)
+      apply (rule loop2_body_bb2_global_rel)
          apply assumption+
-      apply (rule less.prems(3))
+      apply (rule less.prems(4))
         apply (rule strictly_smaller_helper4)
           apply assumption+
       done
   qed
 qed
 
-lemma inner_loop_head_global_rel_wrapped:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1, (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+lemma loop2_body_bb1_wrapped_global_rel:
+  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (loop2_body_bb1, (KSeq loop2_body_bb2 (KSeq loop1_body_bb1_unwrapped (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(loop1_body_bb1_unwrapped, (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
-  apply (rule ending3)
+        (\<And>m' s'.
+                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
+  apply (rule ending_after_unwrapping)
      apply (rule j_step_ast_trace)
-    apply (simp add: outer_body_bb1_def)
+    apply (simp add: loop2_body_bb1_def)
     apply (rule cfg_is_correct, simp)
+   apply (rule cfg_satisfies_post, blast)
    apply simp
-  apply (rule inner_loop_head_global_rel)
-    apply (simp add: outer_body_bb1_unwrapped_def)
-   apply assumption
+  apply (rule loop2_body_bb1_unwrapped_global_rel)
+    apply (simp add: loop2_body_bb1_unwrapped_def)
+    apply assumption
+   apply blast
   apply (rule loop_ih)
     apply (rule strictly_smaller_helper2)
      apply assumption+
   done
 
-lemma outer_loop_head_global_rel:
+lemma loop1_body_bb1_unwrapped_global_rel:
   assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bb0_unwrapped, KEndBlock KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (loop1_body_bb1_unwrapped, (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> [] reached_bb reached_cont reached_state)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
+  and loop_ih:
+        "\<And>k ns1'. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (\<And>m' s'.
+                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms 
 proof (induction j arbitrary: ns1 rule: less_induct)
   case (less j)
@@ -389,31 +478,32 @@ proof (induction j arbitrary: ns1 rule: less_induct)
     case (Suc j')
     show ?thesis
       apply (rule block_global_rel_loop_head) 
-              apply (rule Rel_Invs[of bb0_unwrapped])
-              apply (simp add: bb0_unwrapped_def)
+              apply (rule Rel_Invs[of loop1_body_bb1_unwrapped])
+              apply (simp add: loop1_body_bb1_unwrapped_def)
              apply (rule less(2))
             apply (rule less(3), simp)
+           apply (rule less(4), blast)
            apply simp
-           apply (simp add: bb0_unwrapped_def)
+           apply (simp add: loop1_body_bb1_unwrapped_def)
           apply simp
          apply (rule block_local_rel_loop_head)
-              apply (rule Rel_Invs[of bb0_unwrapped])
-              apply (simp add: bb0_unwrapped_def)
-            apply (simp add: bb0_unwrapped_def)
+              apply (rule Rel_Invs[of loop1_body_bb1_unwrapped])
+              apply (simp add: loop1_body_bb1_unwrapped_def)
+            apply (simp add: loop1_body_bb1_unwrapped_def)
            apply (simp, simp, simp)
        apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_3)
        apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_3_def)
       apply(rule disjE)
         apply assumption
     
-       apply (erule allE[where x = 4])
+       apply (erule allE[where x = 4])+
        apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_3)
        apply (simp add:member_rec(1))
        apply (rule conjE)
         apply assumption
        apply simp
-       apply (rule inner_loop_head_global_rel_wrapped)
-         apply (simp add: outer_body_bb1_def outer_body_bb2_def)
+       apply (rule loop2_body_bb1_wrapped_global_rel)
+         apply (simp add: loop2_body_bb1_def loop2_body_bb2_def)
         apply (rule correctness_propagates_through_assumption2)
             apply assumption
            apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_4)
@@ -421,13 +511,165 @@ proof (induction j arbitrary: ns1 rule: less_induct)
           apply assumption
          apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_4)
          apply (simp add: member_rec)
+         apply assumption
+        apply (rule correctness_propagates_through_assumption4)
+             apply blast
+            apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_4)
+            apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_4_def)
+           apply simp
+          apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_4)
+          apply (simp add: member_rec)
+         apply simp+
+       apply (rule less.IH)
+         apply (rule strictly_smaller_helper2)
+           apply assumption
+          apply assumption
+         apply assumption
+         apply assumption
+        apply blast
+       apply (rule less.prems(4))
+         apply (rule strictly_smaller_helper3)
+           apply assumption+
+
+      apply (erule allE[where x = 8])+
+      apply (simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3)
+      apply (simp add:member_rec(1))
+      apply (rule conjE)
+       apply assumption
+      apply simp
+      apply (rule ending_after_skipping_endblock2)
+           apply assumption
+          apply assumption
+         apply simp
+         apply blast
+        apply blast
+        apply simp
+      apply (rule less(5))
+        apply (rule smaller_helper5)
+         apply assumption
+        apply assumption
+       apply assumption
+      apply (rule correctness_propagates_through_assumption)
+           apply assumption
+          apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_8)
+          apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_8_def)
+         apply (rule neg_gt2)
+        apply assumption  
+       apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_8)
+       apply (simp add: member_rec)
+       apply simp
+      apply (rule correctness_propagates_through_assumption3)
+            apply blast
+           apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_8)
+           apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_8_def)
+          apply (rule neg_gt2)
+         apply simp
+        apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_8)
+        apply (simp add: member_rec)
+       apply simp+
+      done
+  qed
+qed
+
+lemma loop1_body_bb1_wrapped_global_rel:
+  assumes j_step_ast_trace: 
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (loop1_body_bb1, (KSeq bb0_unwrapped (KEndBlock KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
+  and loop_ih:
+        "\<And>k ns1'. k < j \<Longrightarrow>
+        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+        (\<And>m' s'.
+                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)) \<Longrightarrow>
+        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
+  apply (rule ending_after_unwrapping)
+     apply (rule j_step_ast_trace)
+    apply (simp add: loop1_body_bb1_def)
+    apply (rule cfg_is_correct, simp)
+   apply (rule cfg_satisfies_post, blast)
+   apply simp
+  apply (rule loop1_body_bb1_unwrapped_global_rel)
+    apply (simp add: loop1_body_bb1_unwrapped_def)
+    apply assumption
+   apply blast
+  apply (rule loop_ih)
+    apply (rule strictly_smaller_helper2)
+     apply assumption+
+  done
+
+lemma bb0_unwrapped_global_rel:
+  assumes j_step_ast_trace: 
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bb0_unwrapped, KEndBlock KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
+  using assms 
+proof (induction j arbitrary: ns1 rule: less_induct)
+  case (less j)
+  then show ?case 
+  proof (cases j)
+    case 0
+    then show ?thesis
+      using valid_configuration_def less.prems(1) by fastforce
+  next
+    case (Suc j')
+    show ?thesis
+      apply (rule block_global_rel_loop_head) 
+              apply (rule Rel_Invs[of bb0_unwrapped])
+              apply (simp add: bb0_unwrapped_def)
+             apply (rule less(2))
+            apply (rule less(3), simp)
+           apply (rule less(4), blast)
+           apply simp
+           apply (simp add: bb0_unwrapped_def)
+          apply simp
+         apply (rule block_local_rel_loop_head)
+              apply (rule Rel_Invs[of bb0_unwrapped])
+              apply (simp add: bb0_unwrapped_def)
+            apply (simp add: bb0_unwrapped_def)
+           apply (simp, simp, simp)
+       apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_1)
+       apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_1_def)
+      apply(rule disjE)
+        apply assumption
+    
+       apply (erule allE[where x = 2])+
+       apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_1)
+       apply (simp add:member_rec(1))
+       apply (rule conjE)
         apply assumption
+       apply simp
+       apply (rule loop1_body_bb1_wrapped_global_rel)
+         apply (simp add: loop1_body_bb1_def)
+        apply (rule correctness_propagates_through_assumption2)
+            apply assumption
+           apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_2)
+           apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_2_def)
+          apply assumption
+         apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_2)
+         apply (simp add: member_rec)
+         apply assumption
+        apply (rule correctness_propagates_through_assumption4)
+             apply blast
+            apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_2)
+            apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_2_def)
+           apply simp
+          apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_2)
+          apply (simp add: member_rec)
+         apply simp+
        apply (rule less.IH)
          apply (rule strictly_smaller_helper2)
           apply assumption+
 
-      apply (erule allE[where x = 8])
-      apply (simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3)
+      apply (erule allE[where x = 9])+
+      apply (simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_1)
       apply (simp add:member_rec(1))
       apply (rule conjE)
        apply assumption
@@ -437,10 +679,13 @@ proof (induction j arbitrary: ns1 rule: less_induct)
           apply simp
          apply simp
          apply blast
+        apply blast
         apply simp
        apply simp
       apply (rule end_global_rel)
-        apply (simp add: empty_bb_def)+
+         apply (simp add: empty_bb_def)
+        apply simp
+       apply assumption+
       done
   qed
 qed
@@ -448,28 +693,36 @@ qed
 lemma entry_block_global_rel:
   assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.post reached_bb reached_cont reached_state)"
+  and cfg_satisfies_post: "\<And>m' s'.
+                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
+  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
 proof -
   show ?thesis
-    unfolding nested_loop2_before_cfg_to_dag_prog.post_def
     apply (rule block_global_rel_while_successor)
            apply (rule j_step_ast_trace)
           apply (rule Rel_Main_test[of bigblock0 _ nested_loop2_before_cfg_to_dag_prog.block_0])
+            apply (simp add: bigblock0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
+           apply (simp add: bigblock0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
           apply (simp add: bigblock0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
-         apply (simp add: bigblock0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
         apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)
        apply (rule disjI1)
        apply (rule nested_loop2_before_cfg_to_dag_prog.node_0)
        apply (rule cfg_is_correct, simp)
+      apply (rule cfg_satisfies_post, blast)
       apply simp
      apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_0)
      apply (rule bb0_local_rel)
       apply assumption
      apply simp
-    apply (rule outer_loop_head_global_rel)
-     apply (simp add: bb0_unwrapped_def)
+    apply (erule allE[where x = 1])+
     apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_0)
     apply (simp add: member_rec(1))
+    apply (rule bb0_unwrapped_global_rel)
+     apply (simp add: bb0_unwrapped_def)
+    apply blast+
     done
-qed
\ No newline at end of file
+qed
+
+end

From a59e2257362f4e3406bb0044006b231eaa03829f Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Sun, 26 Jun 2022 18:03:14 +0200
Subject: [PATCH 18/74] changed the definition of a procedure and of
 proc_is_correct

---
 BoogieLang/Ast.thy                            |  91 +++----
 BoogieLang/Ast_Cfg_Transformation.thy         | 254 ++++++++++--------
 BoogieLang/BackedgeElim.thy                   |  20 +-
 BoogieLang/Lang.thy                           |  22 +-
 BoogieLang/Passification.thy                  |   6 +-
 BoogieLang/Semantics.thy                      |  48 +++-
 .../p_proofs/if_example_ast_cfg_proof.thy     |  21 +-
 .../nested_loop2_ast_cfg_proof.thy            |  12 +-
 .../nested_loop_ast_cfg_proof.thy             |  51 ++--
 .../p_proofs/p_cfgtodag_proof.thy             |   7 +-
 .../p_proofs/while_example2_ast_cfg_proof.thy |  88 +++---
 11 files changed, 320 insertions(+), 300 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 66ac21f..a406c78 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -73,11 +73,20 @@ fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Righta
         else (find_label lbl bbs cont))"
   | "find_label lbl ((BigBlock bb_name cmds (Some s) (Some t)) # bbs) cont = None"
 
+fun get_state :: "'a ast_config \<Rightarrow> 'a state"
+  where
+    "get_state (bb, cont, s1) = s1"
+
+fun is_final :: "'a ast_config \<Rightarrow> bool" 
+  where
+    "is_final ((BigBlock bb_name [] None None), KStop, s1) = True"
+  | "is_final other = False"
+
 text\<open>function defining the semantics of bigblocks; small-step semantics 
       Note: arrow symbols in the 'syntactic sugar' clash if the exact same syntax is used as in red_cmd\<close>
-inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
+inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context  \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
   ("_,_,_,_,_,_ \<turnstile> (\<langle>_\<rangle> \<longrightarrow>/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
+  for A :: "'a absval_ty_fun" and M :: "'struct_ty proc_context"  and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
   where
     RedSimpleCmds: 
     "\<lbrakk>(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, (Normal n_s)\<rangle> [\<rightarrow>] s1) \<and> (cs \<noteq> Nil) \<rbrakk> 
@@ -86,7 +95,7 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
 
   (* TODO: fix this rule! *)
   | RedFailure_or_Magic: 
-    "\<lbrakk> (s1 = Magic) \<or> (s1 = Failure) \<rbrakk> 
+    "\<lbrakk> (s1 = Magic) \<or> (s1 = Failure); \<not> (is_final ((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1))  \<rbrakk> 
       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1)\<rangle> \<longrightarrow> 
                           ((BigBlock bb_name [] None None), KStop, s1)"
 
@@ -166,40 +175,24 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightar
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None (Some (Goto label))), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                             (found_bigblock, found_cont, (Normal n_s))"
 
-abbreviation red_bigblock_k_step :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> nat \<Rightarrow> 'a ast_config \<Rightarrow> bool"
+abbreviation red_bigblock_k_step :: "'a absval_ty_fun \<Rightarrow> 'struct_ty  proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> nat \<Rightarrow> 'a ast_config \<Rightarrow> bool"
   ("_,_,_,_,_,_ \<turnstile>_ -n\<longrightarrow>^_/ _" [51,0,0,0,0] 81)
 where "red_bigblock_k_step A M \<Lambda> \<Gamma> \<Omega> T c1 n c2 \<equiv> ((red_bigblock A M \<Lambda> \<Gamma> \<Omega> T)^^n) c1 c2"
 
-(*
-inductive red_bigblock_trans :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
-  ("_,_,_,_,_,_ \<turnstile> (\<langle>_\<rangle> [\<longrightarrow>]/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
-  where
-    BBRefl: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>config\<rangle> [\<longrightarrow>] config"
-  | BBTrans: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>start_config\<rangle> \<longrightarrow> inter_config;  A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>inter_config\<rangle> [\<longrightarrow>] end_config\<rbrakk> \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>start_config\<rangle> [\<longrightarrow>] end_config"
-*)
-
 subsection \<open>Procedure Correctness\<close>
 
 text\<open>defining correctness of the AST\<close>
 
-record ast_procedure =
+(*
+record 'struct_ty ast_procedure =
   proc_ty_args :: nat
   proc_args :: vdecls
   proc_rets :: vdecls
   proc_modifs :: "vname list"
   proc_pres :: "(expr \<times> bool) list" 
   proc_posts :: "(expr \<times> bool) list"
-  proc_body :: "(vdecls \<times> ast) option"
-
-fun get_state :: "'a ast_config \<Rightarrow> 'a state"
-  where
-    "get_state (bb, cont, s1) = s1"
-
-fun is_final :: "'a ast_config \<Rightarrow> bool" 
-  where
-    "is_final ((BigBlock bb_name [] None None), KStop, s1) = True"
-  | "is_final other = False"
+  proc_body :: "(vdecls \<times> 'struct_ty) option"
+*)
 
 fun init_ast :: "ast \<Rightarrow> 'a nstate \<Rightarrow> 'a ast_config"
   where
@@ -211,18 +204,19 @@ definition valid_configuration
          (get_state (bb, cont, state)) \<noteq> Failure \<and> 
          (is_final (bb, cont, state) \<longrightarrow> (\<forall>ns'. (get_state (bb, cont, state)) = Normal ns' \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns' posts))"
 
-definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool"
+definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool"
   where "proc_body_satisfies_spec A M \<Lambda> \<Gamma> \<Omega> pres posts ast ns \<equiv>
          expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns pres \<longrightarrow> 
           (\<forall> bb cont state. (rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> ast) (init_ast ast ns) (bb, cont, state)) \<longrightarrow> 
                     valid_configuration A \<Lambda> \<Gamma> \<Omega> posts bb cont state)"
 
-fun proc_all_pres :: "ast_procedure \<Rightarrow> expr list"
+fun proc_all_pres :: "'struct_ty procedure \<Rightarrow> expr list"
   where "proc_all_pres p = map fst (proc_pres p)"
 
-fun proc_checked_posts :: "ast_procedure \<Rightarrow> expr list"
+fun proc_checked_posts :: "'struct_ty procedure \<Rightarrow> expr list"
   where "proc_checked_posts p = map fst (filter (\<lambda>x. \<not> snd(x)) (proc_posts p))"
 
+(*
 fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdecls \<Rightarrow> vdecls \<Rightarrow> axiom list \<Rightarrow> ast_procedure \<Rightarrow> bool"
   where 
     "proc_is_correct A fun_decls constants global_vars axioms proc =
@@ -241,42 +235,21 @@ fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdec
             )
           )))
       | None \<Rightarrow> True)"
+*)
 
-(* TODO: Rework this! *)
 inductive syntactic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infixl "\<sim>" 40) 
   where
-    refl [simp]:   "a \<sim> a"
-  | neg_cong:      "a \<sim> b \<Longrightarrow> UnOp Not a \<sim> UnOp Not b"
-  | conj_cong:     "a1 \<sim> b1 \<Longrightarrow> a2 \<sim> b2 \<Longrightarrow> (a1 \<guillemotleft>And\<guillemotright> a2) \<sim> (b1 \<guillemotleft>And\<guillemotright> b2)"
-  | disj_cong:     "a1 \<sim> b1 \<Longrightarrow> a2 \<sim> b2 \<Longrightarrow> (a1 \<guillemotleft>Or\<guillemotright> a2) \<sim> (b1 \<guillemotleft>Or\<guillemotright> b2)"
-  | conj_commute:  "(a \<guillemotleft>And\<guillemotright> b) \<sim> (b \<guillemotleft>And\<guillemotright> a)"
-  | disj_commute:  "(a \<guillemotleft>Or\<guillemotright> b) \<sim> (b \<guillemotleft>Or\<guillemotright> a)"
-  | conj_assoc:    "(a \<guillemotleft>And\<guillemotright> b) \<guillemotleft>And\<guillemotright> c \<sim> a \<guillemotleft>And\<guillemotright> (b \<guillemotleft>And\<guillemotright> c)"
-  | disj_assoc:    "(a \<guillemotleft>Or\<guillemotright> b) \<guillemotleft>Or\<guillemotright> c \<sim> a \<guillemotleft>Or\<guillemotright> (b \<guillemotleft>Or\<guillemotright> c)"
-  | disj_conj:     "a \<guillemotleft>Or\<guillemotright> (b \<guillemotleft>And\<guillemotright> c) \<sim> (a \<guillemotleft>Or\<guillemotright> b) \<guillemotleft>And\<guillemotright> (a \<guillemotleft>Or\<guillemotright> c)"
-  | conj_disj:     "a \<guillemotleft>And\<guillemotright> (b \<guillemotleft>Or\<guillemotright> c) \<sim> (a \<guillemotleft>And\<guillemotright> b) \<guillemotleft>Or\<guillemotright> (a \<guillemotleft>And\<guillemotright> c)"
-  | de_morgan1:    "UnOp Not (a \<guillemotleft>And\<guillemotright> b) \<sim> (UnOp Not a) \<guillemotleft>Or\<guillemotright> (UnOp Not b)"
-  | de_morgan2:    "UnOp Not (a \<guillemotleft>Or\<guillemotright> b) \<sim> (UnOp Not a) \<guillemotleft>And\<guillemotright> (UnOp Not b)"
-  | neg_neg:       "UnOp Not (UnOp Not a) \<sim> a"
-  | tnd:           "a \<guillemotleft>Or\<guillemotright> (UnOp Not) a \<sim> (Lit (LBool True))"
-  | contr:         "a \<guillemotleft>And\<guillemotright> (UnOp Not) a \<sim> (Lit (LBool False))"
-  | disj_idem:     "a \<guillemotleft>Or\<guillemotright> a \<sim> a"
-  | conj_idem:     "a \<guillemotleft>And\<guillemotright> a \<sim> a"
-  | conj_True:     "a \<guillemotleft>And\<guillemotright> (Lit (LBool True)) \<sim> a"
-  | disj_True:     "a \<guillemotleft>Or\<guillemotright> (Lit (LBool True)) \<sim> (Lit (LBool True))"
-  | neg_lt:        "UnOp Not (a \<guillemotleft>Lt\<guillemotright> b) \<sim> (a \<guillemotleft>Ge\<guillemotright> b)"
-  | neg_gt1:        "UnOp Not (a \<guillemotleft>Gt\<guillemotright> b) \<sim> (a \<guillemotleft>Le\<guillemotright> b)"
-  | neg_gt2:        "UnOp Not (a \<guillemotleft>Gt\<guillemotright> b) \<sim> (b \<guillemotleft>Ge\<guillemotright> a)"
-  | neg_le:        "UnOp Not (a \<guillemotleft>Le\<guillemotright> b) \<sim> (a \<guillemotleft>Gt\<guillemotright> b)"
-  | neg_ge:        "UnOp Not (a \<guillemotleft>Ge\<guillemotright> b) \<sim> (a \<guillemotleft>Lt\<guillemotright> b)"
-  | neg_lt2:        "UnOp Not (a \<guillemotleft>Lt\<guillemotright> b) \<sim> (b \<guillemotleft>Le\<guillemotright> a)"
-  | neg_eq:        "UnOp Not (a \<guillemotleft>Eq\<guillemotright> b) \<sim> (a \<guillemotleft>Neq\<guillemotright> b)"
-  | neg_neq:       "UnOp Not (a \<guillemotleft>Neq\<guillemotright> b) \<sim> (a \<guillemotleft>Eq\<guillemotright> b)"
+    neg_refl:       "UnOp Not e1 \<sim> UnOp Not e1"
+  | neg_equiv1: "UnOp Not (Lit (LBool True)) \<sim> (Lit (LBool False))"
+  | neg_equiv2: "UnOp Not (Lit (LBool False)) \<sim> (Lit (LBool True))"
+  | double_neg: "UnOp Not (UnOp Not e1) \<sim> e1"
+  | neg_eq:     "UnOp Not (a \<guillemotleft>Eq\<guillemotright> b) \<sim> (a \<guillemotleft>Neq\<guillemotright> b)"
+  | neg_neq:    "UnOp Not (a \<guillemotleft>Neq\<guillemotright> b) \<sim> (a \<guillemotleft>Eq\<guillemotright> b)"
+  | neg_lt:     "UnOp Not (a \<guillemotleft>Lt\<guillemotright> b) \<sim> (b \<guillemotleft>Le\<guillemotright> a)"
+  | neg_le:     "UnOp Not (a \<guillemotleft>Le\<guillemotright> b) \<sim> (b \<guillemotleft>Lt\<guillemotright> a)"
+  | neg_gt:     "UnOp Not (a \<guillemotleft>Gt\<guillemotright> b) \<sim> (b \<guillemotleft>Ge\<guillemotright> a)"
+  | neg_ge:     "UnOp Not (a \<guillemotleft>Ge\<guillemotright> b) \<sim> (b \<guillemotleft>Gt\<guillemotright> a)"
 
-(*
-definition semantic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infixl "\<approx>" 40) where
-  "exp1 \<approx> exp2 \<longleftrightarrow> (\<forall> A \<Lambda> \<Gamma> \<Omega> ns val. ((red_expr A \<Lambda> \<Gamma> \<Omega> exp1 ns val) = (red_expr A \<Lambda> \<Gamma> \<Omega> exp2 ns val)))"
-*)
 
 inductive ast_cfg_rel :: "expr option \<Rightarrow> cmd list \<Rightarrow> bigblock \<Rightarrow> cmd list \<Rightarrow> bool"
   where 
diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index 8786817..a0bdad1 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -123,14 +123,13 @@ lemma valid_config_implies_not_failure:
 
 lemma valid_config_implies_satisfied_posts:
   assumes "Semantics.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
-  shows "is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
-  using Semantics.valid_configuration_def assms by (metis expr_all_sat_def)
+  shows "is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
+  using Semantics.valid_configuration_def assms by (metis)
 
 text \<open>If an \<^term>\<open>ast_config\<close> (bigblock, cont, state) is an ending configuration, then any correspoding cfg block is locally correct.\<close>
 lemma end_static:
   assumes "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock None [] None None, KStop, Normal ns1)\<rangle> \<longrightarrow> (step_bb, step_cont, step_state)"
-  shows "step_state \<noteq> Failure \<and>
-         (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>any_block ,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')"
+  shows "step_state \<noteq> Failure \<and> (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>0,\<Gamma>,[] \<turnstile> \<langle>any_block ,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')"
   using assms
   by (cases) auto
 
@@ -305,37 +304,37 @@ proof -
 qed
 
 lemma correctness_propagates_through_assumption3:
-  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> (is_final_config (m, s) \<longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> (is_final_config (m, s) \<longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
       and "node_to_block G ! n0 = [Assume c]"
       and "UnOp Not guard \<sim> c"
       and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV False"
       and "List.member (out_edges G ! n0) n1"
-    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> (is_final_config (m, s) \<Longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> (is_final_config (m, s) \<Longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
 proof -
   fix m1 s1
   have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, ns1\<rangle> \<Down> BoolV True" using assms(3-4) equiv_preserves_value false_equals_not_true by blast
   then have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume c], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk RedCmdListCons RedCmdListNil)
-  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> (is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> (is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
   proof -
     assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
-    thus "(is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+    thus "(is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
       using a1 assms by (metis RedNormalSucc converse_rtranclp_into_rtranclp)
   qed
 qed
 
 lemma correctness_propagates_through_assumption4:
-  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> (is_final_config (m, s) \<longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> (is_final_config (m, s) \<longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
       and "node_to_block G ! n0 = [Assume guard]"
       and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV True"
       and "List.member (out_edges G ! n0) n1"
-    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> (is_final_config (m, s) \<Longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> (is_final_config (m, s) \<Longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
 proof -
   fix m1 s1
   have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume guard], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk assms(3) red_cmd_list.simps)
-  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> (is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> (is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
   proof -
     assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
-    thus "(is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+    thus "(is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
       using a1 assms by (metis RedNormalSucc converse_rtranclp_into_rtranclp)
   qed
 qed
@@ -397,14 +396,14 @@ lemma ending_after_skipping_endblock:
       and "bb = BigBlock None [] None None"
       and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
       and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
       and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False" 
       and "\<And> j''. 
             j' = Suc j'' \<Longrightarrow>
             A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
            (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
            (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
            (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
 proof -
@@ -488,14 +487,14 @@ lemma ending_after_skipping_endblock2:
       and "bb = BigBlock None [] None None"
       and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
       and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
       and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False" 
       and "\<And> j''. 
             j' = Suc (Suc j'') \<Longrightarrow>
             A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
            (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
            (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
            (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
 proof -
@@ -564,13 +563,13 @@ lemma ending_after_unwrapping:
       and "bb = BigBlock name [] (Some (WhileWrapper loop)) None"
       and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
       and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
       and "\<And> j''. 
             j = Suc j'' \<Longrightarrow>
             A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
            (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
            (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
            (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
 proof -
@@ -685,7 +684,7 @@ lemma ending_after_skipping_endblock_and_unwrapping:
       and "bb = BigBlock None [] None None"
       and corr: "\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
       and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
       and guard_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1''\<rangle> \<Down> BoolV False" 
       and "node_to_block G ! n = [Assume c]" 
       and "(UnOp Not guard) \<sim> c"
@@ -699,7 +698,7 @@ lemma ending_after_skipping_endblock_and_unwrapping:
               (reached_bb, reached_cont, reached_state) \<Longrightarrow>
           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
           (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow> 
+           is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow> 
           (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   using assms
@@ -816,17 +815,19 @@ text \<open>The following are lemmas proving global relations between various ki
 text \<open>Global lemma for a big block, which concludes the program.\<close>
 lemma generic_ending_block_global_rel:
   assumes syn_rel: "ast_cfg_rel None [] bb cs2"
-  and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and "bb = (BigBlock name cs1 None any_tr)"
   and "((any_tr = None)) \<or> (any_tr = (Some Return))"
+  and "cont0 = KStop"
+  and node_to_block_assm: "node_to_block(G) ! n = related_block"
   and block_id:
-      "(node_to_block(G) ! n = cs2) \<or> 
-       (node_to_block(G) ! n = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
-       (node_to_block(G) ! n = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
+      "(related_block = cs2) \<or> 
+       (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
+       (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
   and "out_edges G ! n = []"
   and cfg_reaches_not_failure: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
-                                      is_final_config (m',s') \<Longrightarrow> (\<forall> ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) post_invs)"
+                                      is_final_config (m',s') \<Longrightarrow> (\<forall> ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) post_invs)"
   and local_rel: "\<And> step_bb step_cont step_state. 
                     red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, KStop, (Normal ns1)) (step_bb, step_cont, step_state) \<Longrightarrow> 
                     (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>
@@ -842,20 +843,20 @@ proof (cases cs2)
       case None thus ?thesis
       proof -
         have "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" 
-          using block_id \<open>out_edges G ! n = []\<close> Nil 
+          using block_id \<open>out_edges G ! n = []\<close> Nil node_to_block_assm
           by (metis RedCmdListNil RedNormalReturn push_through_assumption0 push_through_assumption1 r_into_rtranclp)
-        hence "list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" using cfg_satisfies_posts 
+        hence "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" using cfg_satisfies_posts 
           using is_final_config.simps(2) by blast
         thus ?thesis 
-          by (metis Ast.valid_configuration_def None \<open>cs1 = []\<close> assms(3) expr_all_sat_def final_is_static_propagate 
-                    get_state.simps is_final.simps(1) j_step_ast_trace relpowp_imp_rtranclp state.inject state.simps(3))
+          by (metis Ast.valid_configuration_def None \<open>cs1 = []\<close> assms(3) final_is_static_propagate 
+                    get_state.simps is_final.simps(1) j_step_ast_trace relpowp_imp_rtranclp state.inject state.simps(3) \<open>cont0 = KStop\<close>)
       qed
     next
       case (Some a)
       then show ?thesis
       proof (cases j)
         case 0
-        from this j_step_ast_trace assms(3) have "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] None (Some Return)), KStop, (Normal ns1))" 
+        from this j_step_ast_trace assms(3) have "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] None (Some Return)), cont0, (Normal ns1))" 
           using \<open>cs1 = []\<close> Some assms(4) by simp
         then show ?thesis by (simp add: valid_configuration_def)
       next
@@ -864,7 +865,7 @@ proof (cases cs2)
         proof (cases a)
           case (Return) 
           from Suc j_step_ast_trace assms(3) obtain inter_bb inter_cont inter_state where
-            step0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+            step0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), cont0, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
             rest0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
             by (metis prod_cases3 relpowp_Suc_D2) 
           from cfg_reaches_not_failure have 
@@ -883,10 +884,10 @@ proof (cases cs2)
           hence "(red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))"
             by (simp add: RedNormalReturn 
                           \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block G ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
-                          assms(6))
+                          assms(8))
 
           hence "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" by simp
-          hence "list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" 
+          hence "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" 
             using cfg_satisfies_posts is_final_config.simps(2) by blast
           then have "is_final (inter_bb, inter_cont, inter_state)"
             using inter_conc is_final.simps(1) by blast
@@ -894,7 +895,7 @@ proof (cases cs2)
             unfolding valid_configuration_def
             apply (simp only: get_state.simps)
             apply (simp add: inter_conc)
-            using \<open>list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs\<close> expr_all_sat_def inter_conc by blast
+            using \<open>(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs\<close> expr_all_sat_def inter_conc by blast
           then show ?thesis
             by (metis \<open>is_final (inter_bb, inter_cont, inter_state)\<close> final_is_static_propagate inter_conc prod.sel(1) prod.sel(2) relpowp_imp_rtranclp rest0)
         next
@@ -909,7 +910,7 @@ next
   thus ?thesis
   proof (cases j)
     case 0
-    from this j_step_ast_trace assms(3) have eq: "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), KStop, (Normal ns1))" by simp
+    from this j_step_ast_trace assms(3) have eq: "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), cont0, (Normal ns1))" by simp
     then show ?thesis 
     proof (cases any_tr)
       case None
@@ -929,14 +930,14 @@ next
   next
     case (Suc j')
     from this j_step_ast_trace assms(3) obtain inter_bb inter_cont inter_state where
-      step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), KStop, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+      step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), cont0, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
       rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
       by (metis prod_cases3 relpowp_Suc_D2) 
     then show ?thesis 
     proof (cases any_tr)
       case None
-      from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, KStop, inter_state)"
-      by (cases) (auto simp add: RedSimpleCmds)
+      from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, cont0, inter_state)"
+      by (cases) (auto simp add: RedSimpleCmds \<open>cont0 = KStop\<close>)
  
       have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
         using assms(5) cfg_reaches_not_failure dag_verifies_propagate_2 by blast
@@ -947,16 +948,16 @@ next
         using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms by (cases) blast+
 
       hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
-        by (simp add: RedCmdListNil RedNormalReturn assms(5-6) local.Cons)
+        by (simp add: RedCmdListNil RedNormalReturn assms(7-8) local.Cons)
 
       hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
-      hence posts_sat: "\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns1') post_invs" 
+      hence posts_sat: "\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1') post_invs" 
         using cfg_satisfies_posts is_final_config.simps(2) by blast
 
-      have "is_final (inter_bb, inter_cont, inter_state)" using concrete_inter by simp 
+      have "is_final (inter_bb, inter_cont, inter_state)" using concrete_inter \<open>cont0 = KStop\<close> by simp 
 
       hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs inter_bb inter_cont inter_state)" 
-        unfolding valid_configuration_def expr_all_sat_def 
+        unfolding valid_configuration_def
         using posts_sat local_corr by auto
  
       then show ?thesis by (metis Pair_inject \<open>is_final (inter_bb, inter_cont, inter_state)\<close> concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest)
@@ -968,7 +969,7 @@ next
         then show ?thesis using Some assms(4) by blast
       next
         case (Return)
-        from step this Some have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None (Some Return), KStop, inter_state)"
+        from step this Some have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None (Some Return), cont0, inter_state)"
         proof cases
           case RedSimpleCmds thus ?thesis using Return Some by blast
         qed (auto simp add: \<open>cs1 \<noteq> []\<close>)
@@ -982,10 +983,10 @@ next
           using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms by (cases) blast+
   
         hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
-          by (simp add: RedCmdListNil RedNormalReturn assms(5-6) local.Cons)
+          by (simp add: RedCmdListNil RedNormalReturn assms(7-8) local.Cons)
   
         hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
-        hence posts_sat: "\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns1') post_invs" 
+        hence posts_sat: "\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1') post_invs" 
           using cfg_satisfies_posts is_final_config.simps(2) by blast
     
         from step have "inter_state \<noteq> Failure" using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms
@@ -1009,7 +1010,7 @@ next
             by (cases) blast+
             hence "is_final (inter_bb2, inter_cont2, inter_state2)" by simp
             hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs inter_bb2 inter_cont2 inter_state2)" 
-              by (simp add: Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> expr_all_sat_def inter2_conc posts_sat)
+              by (simp add: Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> inter2_conc posts_sat)
             then show ?thesis
               by (metis \<open>is_final (inter_bb2, inter_cont2, inter_state2)\<close> final_is_static_propagate inter2_conc prod.inject relpowp_imp_rtranclp snd_rest)
           qed
@@ -1039,7 +1040,7 @@ lemma block_global_rel_while_successor:
        (node_to_block(G) ! n = c#cmds) \<and> c = Assume not_guard \<and> (UnOp Not entry_guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> entry_guard ns1 (BoolV False))"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
-                                      is_final_config (m',s') \<Longrightarrow> (\<forall> ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
+                                      is_final_config (m',s') \<Longrightarrow> (\<forall> ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and block_local_rel:
     "\<And> reached_bb_inter reached_cont_inter reached_state_inter. 
     (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
@@ -1051,7 +1052,7 @@ lemma block_global_rel_while_successor:
          (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, Normal ns2) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
          (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns2) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                              is_final_config (m', s') \<longrightarrow> 
-                                                             (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) \<Longrightarrow>
+                                                             (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) \<Longrightarrow>
          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] (Some (ParsedWhile guard invs (body_bb0#body_bbs))) None), KEndBlock cont1, Normal ns2) -n\<longrightarrow>^k 
                       (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
          (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
@@ -1096,7 +1097,7 @@ next
       hence Red_cfg_sat_conc: 
         "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                              is_final_config (m', s') \<longrightarrow> 
-                                                             (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))" 
+                                                             (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))" 
         by (metis (no_types, lifting) Normal RedNormalSucc cfg_satisfies_posts converse_rtranclp_into_rtranclp local_conclusion)
 
       from 2 j_step_ast_trace assms(3) obtain inter_bb2 inter_cont2 inter_state2 where
@@ -1127,24 +1128,25 @@ text \<open>Global lemma for a big block that's the head of a loop.
       The body of the loop is required to be non-empty.\<close>
 lemma block_global_rel_loop_head:
   assumes block_rel: "ast_cfg_rel None assertions bb assertions"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, KEndBlock cont1, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
   and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
-                                        is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
+                                        is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and "bb = (BigBlock name [] any_str any_tr)"
   and bb_successor_while: "any_str = Some (ParsedWhile cont_guard invs (bb0#body_bbs))"
   and block_local_rel:
-    "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, KEndBlock cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+    "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
     (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
     (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and "node_to_block(G) ! n = assertions"
+  and "cont0 = KEndBlock cont1"
   and succ_correct: 
    "\<And> ns1'' loop_guard j'. 
     j = Suc j' \<Longrightarrow>
     (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
     (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
-                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
     ((cont_guard = Some loop_guard) \<and> 
       (red_expr A \<Lambda> \<Gamma> \<Omega> loop_guard ns1'' (BoolV True)) \<and> 
       A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (bb#(rev body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or> 
@@ -1161,14 +1163,14 @@ proof -
     show ?thesis 
     proof cases
       assume "j = 0"
-      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))" using ast_trace assms(5) by simp 
-      thus ?thesis by (simp add: Ast.valid_configuration_def)
+      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(5) by simp 
+      thus ?thesis by (simp add: Ast.valid_configuration_def \<open>cont0 = KEndBlock cont1\<close>)
     next
       assume "j \<noteq> 0" 
       from this obtain j' where "j = Suc j'" using not0_implies_Suc by blast
   
       from ast_trace this assms(5) obtain inter_bb inter_cont inter_state where
-        first_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name [] any_str any_tr), KEndBlock cont1, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+        first_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name [] any_str any_tr), cont0, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
         rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
         by (metis prod_cases3 relpowp_Suc_D2)
   
@@ -1178,7 +1180,7 @@ proof -
         from first_step show ?thesis using bb_successor_while
         proof cases
           case RedParsedWhileTrue
-          hence concrete_inter1: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont ((BigBlock name [] any_str any_tr)#(rev body_bbs)) (KEndBlock cont1), (Normal ns1))"
+          hence concrete_inter1: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont ((BigBlock name [] any_str any_tr)#(rev body_bbs)) cont0, (Normal ns1))"
             using bb_successor_while None by blast
   
           from first_step
@@ -1190,14 +1192,14 @@ proof -
               "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
                                                         (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
-                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
             using cfg_satisfies_post 
             by (metis (no_types, lifting) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileTrue(4))
   
-          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post None rest concrete_inter1 succ_correct assms(5) by blast 
+          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post None rest concrete_inter1 succ_correct assms(5) \<open>cont0 = KEndBlock cont1\<close> by blast 
         next 
           case RedParsedWhileFalse
-          hence concrete_inter2: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1))" by simp
+          hence concrete_inter2: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), cont0, (Normal ns1))" by simp
   
           from first_step
           have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
@@ -1208,11 +1210,11 @@ proof -
               "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
                                                         (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
-                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
             using cfg_satisfies_post 
             by (metis (no_types, lifting) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
   
-          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post None rest concrete_inter2 succ_correct by blast
+          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post None rest concrete_inter2 succ_correct \<open>cont0 = KEndBlock cont1\<close>  by blast
         next 
           case RedParsedWhile_InvFail thus ?thesis using assms(8) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(5) by blast
         qed auto
@@ -1226,7 +1228,7 @@ proof -
           from first_step show ?thesis 
           proof cases
             case RedParsedWhileTrue
-            hence concrete_inter3: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont ((BigBlock name [] any_str any_tr)#(rev body_bbs)) (KEndBlock cont1), (Normal ns1))"
+            hence concrete_inter3: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont ((BigBlock name [] any_str any_tr)#(rev body_bbs)) (cont0), (Normal ns1))"
               using bb_successor_while Some by blast
   
             from first_step
@@ -1238,11 +1240,11 @@ proof -
                 "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
                                                           (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                           is_final_config (m', s') \<longrightarrow> 
-                                                          (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
+                                                          (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
               using cfg_satisfies_post 
             by (metis (no_types, lifting) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileTrue(4))
   
-            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post Some guard_true rest concrete_inter3 succ_correct assms(5) by blast 
+            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post Some guard_true rest concrete_inter3 succ_correct assms(5) \<open>cont0 = KEndBlock cont1\<close>  by blast 
         next 
             case RedParsedWhile_InvFail thus ?thesis using assms(8) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(5) by blast
         qed (auto simp add: bb_successor_while Some guard_not_false)
@@ -1255,7 +1257,7 @@ proof -
           from first_step show ?thesis 
           proof cases
             case RedParsedWhileFalse
-            hence concrete_inter4: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1))" by simp
+            hence concrete_inter4: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), cont0, (Normal ns1))" by simp
 
           from first_step
           have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
@@ -1266,11 +1268,11 @@ proof -
               "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
                                                         (\<forall>m' s'. (((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s'))) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
-                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
             using cfg_satisfies_post 
             by (metis (no_types, lifting) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
   
-            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post Some guard_false rest concrete_inter4 succ_correct by blast
+            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post Some guard_false rest concrete_inter4 succ_correct \<open>cont0 = KEndBlock cont1\<close> by blast
           next
             case RedParsedWhile_InvFail thus ?thesis using Some bb_successor_while guard_not_true by blast
           qed (auto simp add: bb_successor_while Some guard_not_true)
@@ -1291,13 +1293,14 @@ lemma block_global_rel_if_successor:
   assumes block_rel: "ast_cfg_rel None [] bb cs2"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and "bb = (BigBlock name cs1 any_str any_tr)"
+  and "node_to_block(G) ! n  = related_block"
   and block_id:
-      "(node_to_block(G) ! n = cs2) \<or> 
-       (node_to_block(G) ! n = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
-       (node_to_block(G) ! n = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
+      "(related_block = cs2) \<or> 
+       (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
+       (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
   and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
   and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
-                                        is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
+                                        is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and bb_successor_if: "any_str = Some (ParsedIf cont_guard (then0#then_bbs) (else0#else_bbs))"
   and block_local_rel:
         "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
@@ -1310,7 +1313,7 @@ lemma block_global_rel_if_successor:
         (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
         (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                             is_final_config (m', s') \<longrightarrow> 
-                                                            (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
+                                                            (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
         ((cont_guard = Some block_guard) \<and> 
           (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV True)) \<and> 
           A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or> 
@@ -1348,12 +1351,12 @@ proof cases
       from cfg_correct Cons block_id
       have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
         using dag_verifies_propagate_2 
-        by (metis push_through_assumption0 push_through_assumption1)
+        by (metis push_through_assumption0 push_through_assumption1 \<open>node_to_block(G) ! n = related_block\<close>)
   
       from local_rel_corr first_step Cons
       have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
         using block_local_rel local.Rel_Main_test assms(3) 
-        by (metis \<open>cs1 \<noteq> []\<close> assume_ml bigblock.inject block_id state.simps(7))
+        by (metis \<open>cs1 \<noteq> []\<close> assume_ml bigblock.inject block_id state.simps(7) \<open>node_to_block(G) ! n = related_block\<close>)
   
       from first_step Cons \<open>cs1 \<noteq> []\<close>
       have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
@@ -1392,7 +1395,7 @@ proof cases
 
               have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
-                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct local.Cons
                 by (metis (no_types, lifting) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
@@ -1411,7 +1414,7 @@ proof cases
 
               have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
-                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct local.Cons
                 by (metis (no_types, lifting) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
@@ -1438,7 +1441,7 @@ proof cases
 
               have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
-                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct local.Cons
                 by (metis (no_types, lifting) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
@@ -1463,7 +1466,7 @@ proof cases
 
                 have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                           is_final_config (m', s') \<longrightarrow> 
-                                                          (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                                                          (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                   using cfg_satisfies_post cfg_correct local.Cons
                   by (metis (no_types, lifting) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
@@ -1523,14 +1526,14 @@ next
             hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
   
             have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil
+              using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
               by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
             have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                       is_final_config (m', s') \<longrightarrow> 
-                                                      (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                                                      (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
               using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
-              by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1)
+              by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1 \<open>node_to_block(G) ! n = related_block\<close>)
   
             have "j' < j" using 1 using Suc_lessD by blast
             
@@ -1541,14 +1544,14 @@ next
   
             from snd_step 
             have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil
+              using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
               by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
             have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                       is_final_config (m', s') \<longrightarrow> 
-                                                      (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                                                      (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
               using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
-              by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1)
+              by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1 \<open>node_to_block(G) ! n = related_block\<close>)
   
             have "j' < j" using 1 using Suc_lessD by blast
   
@@ -1567,14 +1570,14 @@ next
   
             from snd_step 
             have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              using assms(4) cfg_correct correctness_propagates_through_empty local.Nil
+              using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
               by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
             have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                       is_final_config (m', s') \<longrightarrow> 
-                                                      (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                                                      (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
               using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
-              by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1)
+              by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1 \<open>node_to_block(G) ! n = related_block\<close>)
   
             have "j' < j" using 1 using Suc_lessD by blast
             
@@ -1591,14 +1594,14 @@ next
   
               from snd_step 
               have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-                using assms(4) cfg_correct correctness_propagates_through_empty local.Nil
-                by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
+                using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
+                by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2) 
 
               have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
-                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
-                by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1)
+                by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1 \<open>node_to_block(G) ! n = related_block\<close>)
   
               have "j' < j" using 1 using Suc_lessD by blast
         
@@ -1626,13 +1629,14 @@ lemma block_global_rel_generic:
   assumes block_rel: "ast_cfg_rel None [] bb cs2"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and "bb = (BigBlock name cs1 any_str any_tr)"
+  and node_to_block_assm: "node_to_block(G) ! n = related_block"
   and block_id:
-      "(node_to_block(G) ! n = cs2) \<or> 
-       (node_to_block(G) ! n = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
-       (node_to_block(G) ! n = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
+      "(related_block = cs2) \<or> 
+       (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
+       (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
   and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
   and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
-                                        is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
+                                        is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)"
   and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
   and block_local_rel: 
         "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
@@ -1645,7 +1649,7 @@ lemma block_global_rel_generic:
         \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                             is_final_config (m', s') \<longrightarrow> 
-                                                            (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
+                                                            (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)))) \<Longrightarrow>
         A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
         (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
@@ -1672,7 +1676,7 @@ proof cases
         rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
         by (metis ast_trace get_state.cases relpowp_Suc_D2)
   
-      from cfg_correct Cons block_id 
+      from cfg_correct Cons block_id node_to_block_assm
       have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
         apply (simp)
         apply (rule disjE)
@@ -1680,7 +1684,7 @@ proof cases
          apply (rule dag_verifies_propagate_2)
            apply blast
           apply assumption
-         apply assumption
+         apply simp
         apply (rule disjE)
           apply simp
         apply (metis dag_verifies_propagate_2 push_through_assumption0)
@@ -1722,19 +1726,19 @@ proof cases
           have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
           proof cases
             case RedSimpleCmds show ?thesis 
-              using 1 snd_step_equiv  RedSimpleCmds(3) dag_verifies_propagate Rel_Main_test(1) cfg_correct assms(3-4) 
+              using 1 snd_step_equiv  RedSimpleCmds(3) dag_verifies_propagate Rel_Main_test(1) cfg_correct assms(3-5) 
               by (metis bigblock.inject push_through_assumption0 push_through_assumption1)
           qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
 
           have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                     is_final_config (m', s') \<longrightarrow> 
-                                                    (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                                                    (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts))))"
             using cfg_satisfies_post cfg_correct local.Cons
             by (metis (no_types, lifting) "1" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
           have "j'' < j" using succ_0 2 by simp
   
-          then show ?thesis using snd_step_equiv succ_correct snd_rest_of_steps "1" succ_cfg_correct succ_cfg_sat by blast
+          then show ?thesis using expr_all_sat_def snd_step_equiv succ_correct snd_rest_of_steps "1" succ_cfg_correct succ_cfg_sat by auto
         qed
       next
         case Failure
@@ -1769,14 +1773,14 @@ next
           by (cases) auto 
 
         have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-          using assms(4) cfg_correct correctness_propagates_through_empty local.Nil
+          using assms(4-5) cfg_correct correctness_propagates_through_empty local.Nil
           by (metis (no_types, lifting) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
         have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                   is_final_config (m', s') \<longrightarrow> 
-                                                  (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
+                                                  (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts))))"
           using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
-          by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1)
+          by (smt (verit, best) RedCmdListNil RedNormalSucc block_id node_to_block_assm converse_rtranclp_into_rtranclp push_through_assumption1)
 
         have "j' < j" using 1 using Suc_lessD by blast
         
@@ -1809,16 +1813,17 @@ lemma end_to_end_util2:
            (Ast.valid_configuration B \<Lambda> \<Gamma> [] checked_posts end_bb end_cont end_state)" and
           "all_pres = proc_all_pres proc_ast" and
           "checked_posts = proc_checked_posts proc_ast" and
-          ABody: "ast_procedure.proc_body proc_ast = Some (locals, ast)" and
+          ABody: "procedure.proc_body proc_ast = Some (locals, ast)" and
           AVarContext:"\<Lambda> = (constants@global_vars, (proc_args proc_ast)@locals)" and
           ARets:"proc_rets proc_ast = []" and
          (* "fun_decls = prog_funcs prog" and
           "axs = prog_axioms prog" and*)
           "proc_ty_args proc_ast = 0" 
           (*"const_decls = prog_consts prog"*)
-  shows "Ast.proc_is_correct B fun_decls constants global_vars axioms proc_ast"
+        shows "proc_is_correct B fun_decls constants global_vars axioms proc_ast Ast.proc_body_satisfies_spec"
+  sorry
 proof -
-  show "proc_is_correct B fun_decls constants global_vars axioms proc_ast"
+  show "proc_is_correct B fun_decls constants global_vars axioms proc_ast Ast.proc_body_satisfies_spec"
   proof( (simp only: proc_is_correct.simps), subst ABody, simp split: option.split, (rule allI | rule impI)+,
          unfold proc_body_satisfies_spec_def,(rule allI | rule impI)+)  
     fix \<Gamma> \<Omega> gs ls end_bb end_cont end_state
@@ -1870,4 +1875,37 @@ proof -
   qed
 qed
 
+definition loop_IH 
+  where "loop_IH j A M \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state \<equiv> 
+          (\<forall>k ns1. k < j \<longrightarrow>
+                    (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<longrightarrow>
+                    (\<forall>m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure)) \<longrightarrow>
+                    (\<forall>m' s'.  (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                               is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)) \<longrightarrow>
+                    (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
+
+lemma loop_IH_prove:
+  assumes "\<And> k ns1. k < j \<Longrightarrow>
+                    (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+                    (\<forall>m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+                    (\<forall>m' s'.  (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                               is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)) \<Longrightarrow>
+                    (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  shows "loop_IH j A M \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state"
+  using assms
+  unfolding loop_IH_def
+  by blast
+
+lemma loop_IH_apply:
+  assumes "loop_IH j A M \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state" and
+          "k < j" and
+          "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state))" and
+          "(\<forall>m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure))" and
+          "(\<forall>m' s'.  (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                               is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)))"
+        shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  using assms
+  unfolding loop_IH_def 
+  by blast
+
 end
\ No newline at end of file
diff --git a/BoogieLang/BackedgeElim.thy b/BoogieLang/BackedgeElim.thy
index a78733c..d89d8f8 100644
--- a/BoogieLang/BackedgeElim.thy
+++ b/BoogieLang/BackedgeElim.thy
@@ -2,7 +2,7 @@ section \<open>A collection of lemmas, definitions and tactics that aid the cert
 CFG-to-DAG phase\<close>
 
 theory BackedgeElim
-imports Semantics Util TypeSafety "HOL-Eisbach.Eisbach" "HOL-Eisbach.Eisbach_Tools"
+imports Lang Semantics Util TypeSafety "HOL-Eisbach.Eisbach" "HOL-Eisbach.Eisbach_Tools"
 begin
 
 subsection \<open>State equality up to a set\<close>
@@ -597,7 +597,7 @@ proof -
   from cfg_dag_rel_havoc[OF Rel SameModH StateWt TyExists] obtain cs2A cs2B ns2' where
     "cs2 = cs2A@cs2B" and StateRel1:"nstate_same_on \<Lambda> ns1 ns2' {}" and A2Red1:"A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2A, Normal ns2\<rangle> [\<rightarrow>] Normal ns2'"
     and RelHavoc:"cfg_dag_rel c [] pre_invs post_invs cs1 cs2B"
-    by meson
+    by metis
 
   with StateWt2 have StateWtNs2':"state_well_typed A \<Lambda> \<Omega> ns2'" using cfg_dag_rel_no_calls_2 red_cmds_state_wt_preserve Rel
     by (metis list_all_append)
@@ -725,7 +725,7 @@ lemma dag_lemma_assms_subset:
   using nstate_same_on_subset
   by blast
 
-definition dag_lemma_conclusion :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 
+definition dag_lemma_conclusion :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 
                    'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow>
                     cmd list \<Rightarrow> 'a nstate \<Rightarrow> 'a state \<Rightarrow> bool \<Rightarrow> bool"
   where "dag_lemma_conclusion A M \<Lambda> \<Gamma> \<Omega> post_invs cs2 ns2 s' c \<equiv>
@@ -1212,7 +1212,7 @@ proof -
     RedCsA:"(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>csA,Normal ns2\<rangle> [\<rightarrow>] Normal ns2)" and
     InvsHold2:"list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns2) post_invs"
     using cfg_dag_rel_post_invs[OF Rel refl refl refl BlockCorrect] InvsWt
-    by meson
+    by metis
   have InvsHold1:"list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" 
     apply (rule List.List.list.pred_mono_strong)
     apply (rule InvsHold2)
@@ -1303,7 +1303,7 @@ lemma cfg_dag_empty_propagate_helper:
 lemma strictly_smaller_helper: "j'' \<le> j' \<Longrightarrow> j = Suc j' \<Longrightarrow> j'' < j"
   by simp
 
-definition loop_ih :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 
+definition loop_ih :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 
                    'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> vname list \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow>
                     'a nstate \<Rightarrow> 'a state \<Rightarrow> nat \<Rightarrow> nat + unit \<Rightarrow> nat \<Rightarrow> bool"
   where "loop_ih A M \<Lambda> \<Gamma> \<Omega> G H invs posts ns1 s' node_id  m' j\<equiv> 
@@ -1421,7 +1421,7 @@ subsection \<open>Helper lemma for final end-to-end theorem\<close>
 
 lemma end_to_end_util:
   assumes AExpanded:"\<And> \<Gamma> m' s' ns M.
-          A,M,\<Lambda>,\<Gamma>,[],cfg_body  \<turnstile> (Inl n, Normal ns) -n\<rightarrow>* (m', s') \<Longrightarrow>
+           A,M,\<Lambda>,\<Gamma>,[],cfg_body  \<turnstile> (Inl n, Normal ns) -n\<rightarrow>* (m', s') \<Longrightarrow>
            (\<And> v. (closed ((type_of_val A) v))) \<Longrightarrow>
            (\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t)))) \<Longrightarrow>
            (fun_interp_wf A fun_decls \<Gamma>) \<Longrightarrow>
@@ -1442,12 +1442,12 @@ lemma end_to_end_util:
           "proc_ty_args proc = 0" and
           "n = entry cfg_body"
           (*"const_decls = prog_consts prog"*)
-  shows "proc_is_correct A fun_decls constants global_vars axioms proc"
+        shows "proc_is_correct A fun_decls constants global_vars axioms proc Semantics.proc_body_satisfies_spec"
 proof -
-  show "proc_is_correct A fun_decls constants global_vars axioms proc"
+  show "proc_is_correct A fun_decls constants global_vars axioms proc Semantics.proc_body_satisfies_spec"
   proof( (simp only: proc_is_correct.simps), subst ABody, simp split: option.split, (rule allI | rule impI)+,
          unfold proc_body_satisfies_spec_def,(rule allI | rule impI)+)  
-    fix \<Gamma> \<Omega> gs ls m' s'
+    fix \<Gamma> \<Omega> gs ls m' s' 
     assume Atyp:"(\<forall>t. closed t \<longrightarrow> (\<exists>v. type_of_val A v = t)) \<and> (\<forall>v. closed (type_of_val A v))" and
            FunWf:"fun_interp_wf A fun_decls \<Gamma>" and
            ARenv: "list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc" and
@@ -1473,7 +1473,7 @@ proof -
                 apply (subst \<open>n = entry cfg_body\<close>)
                 apply (subst Contexteq)
       using Ared \<open>\<Omega> = []\<close>
-                apply fastforce
+               apply fastforce
               apply (simp add: Atyp)
              apply (simp add: Atyp)
             apply (simp add: FunWf)
diff --git a/BoogieLang/Lang.thy b/BoogieLang/Lang.thy
index 11eb461..839c9a0 100644
--- a/BoogieLang/Lang.thy
+++ b/BoogieLang/Lang.thy
@@ -92,31 +92,31 @@ CFG of a procedure body is represented by:
 
 text \<open>Procedure pre- and postconditions contain a boolean to indicate whether they are free (true) or 
       checked (false).\<close>
-record procedure =
+record 'struct_ty procedure =
   proc_ty_args :: nat
   proc_args :: vdecls
   proc_rets :: vdecls
   proc_modifs :: "vname list"
   proc_pres :: "(expr \<times> bool) list" 
   proc_posts :: "(expr \<times> bool) list"
-  proc_body :: "(vdecls \<times> mbodyCFG) option"
+  proc_body :: "(vdecls \<times> 'struct_ty) option"
 
-fun proc_checked_pres :: "procedure \<Rightarrow> expr list"
+fun proc_checked_pres :: "'struct_ty procedure \<Rightarrow> expr list"
   where "proc_checked_pres p = map fst (filter (\<lambda>x. \<not> snd(x)) (proc_pres p))"
 
-fun proc_free_pres :: "procedure \<Rightarrow> expr list"
+fun proc_free_pres :: "'struct_ty procedure \<Rightarrow> expr list"
   where "proc_free_pres p = map fst (filter (\<lambda>x. snd(x)) (proc_pres p))"
 
-fun proc_all_pres :: "procedure \<Rightarrow> expr list"
+fun proc_all_pres :: "'struct_ty procedure \<Rightarrow> expr list"
   where "proc_all_pres p = map fst (proc_pres p)"
 
-fun proc_checked_posts :: "procedure \<Rightarrow> expr list"
+fun proc_checked_posts :: "'struct_ty procedure \<Rightarrow> expr list"
   where "proc_checked_posts p = map fst (filter (\<lambda>x. \<not> snd(x)) (proc_posts p))"
 
-fun proc_all_posts :: "procedure \<Rightarrow> expr list"
+fun proc_all_posts :: "'struct_ty procedure \<Rightarrow> expr list"
   where "proc_all_posts p = map fst (proc_posts p)"
 
-fun proc_free_posts :: "procedure \<Rightarrow> expr list"
+fun proc_free_posts :: "'struct_ty procedure \<Rightarrow> expr list"
   where "proc_free_posts p = map fst (filter (\<lambda>x. snd(x)) (proc_posts p))"
 
 definition exprs_to_only_checked_spec :: "expr list \<Rightarrow> (expr \<times> bool) list"
@@ -133,18 +133,18 @@ lemma exprs_to_only_checked_spec_2: "es = map fst (filter (\<lambda>x. \<not> sn
   unfolding exprs_to_only_checked_spec_def
   by (induction es) auto
 
-type_synonym pdecl = "pname \<times> procedure"
+type_synonym 'struct_ty pdecl = "pname \<times> 'struct_ty procedure"
 
 text \<open>An axiom is a boolean expression that can refer to constants.\<close>
 type_synonym axiom = expr
 
-record prog =
+record 'struct_ty prog =
   prog_ty_constr :: tdecls 
   prog_funcs :: fdecls
   prog_consts :: vdecls
   prog_globals :: vdecls
   prog_axioms :: "axiom list"
-  prog_procs :: "pdecl list"
+  prog_procs :: "'struct_ty pdecl list"
 
 text \<open>Type declarations are ignored by the semantics (all possible types are taken into account, which
 is more general and the resulting semantics can be reduced to the case where one only quantifies over 
diff --git a/BoogieLang/Passification.thy b/BoogieLang/Passification.thy
index 7f45adc..7343cd7 100644
--- a/BoogieLang/Passification.thy
+++ b/BoogieLang/Passification.thy
@@ -27,7 +27,7 @@ lemma dependent_ext:
   unfolding dependent_def
   by blast
 
-definition set_red_cmd :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd \<Rightarrow> 'a nstate set \<Rightarrow> 'a state set"
+definition set_red_cmd :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd \<Rightarrow> 'a nstate set \<Rightarrow> 'a state set"
   where "set_red_cmd A M \<Lambda> \<Gamma> \<Omega> c N = {s. \<exists>n_s. n_s \<in> N \<and> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, Normal n_s\<rangle> \<rightarrow> s}"
 
 text \<open>\<^term>\<open>set_red_cmd\<close> lifts the command reduction to the reduction of a a set of input states \<close>
@@ -1201,7 +1201,7 @@ definition passive_block_conclusion
   where "passive_block_conclusion A M \<Lambda> \<Lambda>' \<Gamma> \<Omega> U0 D1 R R_old cs2 s' = 
   (s' \<noteq> Magic \<longrightarrow> (\<exists> U1 \<subseteq> U0. U1 \<noteq> {} \<and> dependent A \<Lambda>' \<Omega> U1 D1 \<and> passive_sim A M \<Lambda> \<Lambda>' \<Gamma> \<Omega> cs2 s' R R_old U1))"
 
-definition passive_lemma_assms :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> var_context \<Rightarrow> 
+definition passive_lemma_assms :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> var_context \<Rightarrow> 
                    'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> vname list \<Rightarrow> passive_rel \<Rightarrow> passive_rel \<Rightarrow> 
                   ('a nstate) set \<Rightarrow> vname set \<Rightarrow> 'a nstate \<Rightarrow> bool"
   where "passive_lemma_assms A M \<Lambda> \<Lambda>' \<Gamma> \<Omega> W R R_old U0 D0 ns = 
@@ -1244,7 +1244,7 @@ definition passive_sim_cfg_fail
 definition dependent_2
   where "dependent_2 A \<Lambda>' \<Omega> U0 m = dependent A \<Lambda>' \<Omega> U0 {y. y \<le> m}"
 
-definition passive_lemma_assms_2 :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> var_context \<Rightarrow> 
+definition passive_lemma_assms_2 :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> var_context \<Rightarrow> 
                    'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> vname \<Rightarrow> passive_rel \<Rightarrow> passive_rel \<Rightarrow> 
                   ('a nstate) set \<Rightarrow> vname set \<Rightarrow> 'a nstate \<Rightarrow> bool"
   where "passive_lemma_assms_2 A M \<Lambda> \<Lambda>' \<Gamma> \<Omega> w_min R R_old U0 D0 ns = 
diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index ea190be..3d64955 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -386,7 +386,7 @@ fun instantiate :: "rtype_env \<Rightarrow> ty \<Rightarrow> ty"
 lemma instantiate_nil [simp]: "instantiate [] \<tau> = \<tau>"
   by (induction \<tau>) (simp_all add: map_idI)
 
-type_synonym proc_context = "pdecl list"
+type_synonym 'struct_ty proc_context = "'struct_ty pdecl list"
 
 subsection \<open>Expression reduction (big-step semantics)\<close>
 
@@ -473,9 +473,9 @@ definition where_clauses_all_sat_context :: "'a absval_ty_fun \<Rightarrow> var_
 
 text \<open>Command reduction (big-step semantics)\<close>
 
-inductive red_cmd :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
+inductive red_cmd :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
   ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<rightarrow>/ _)" [51,51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and  \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
+  for A :: "'a absval_ty_fun" and M :: "'struct_ty proc_context" and \<Lambda> :: var_context and  \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where
     RedAssertOk: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<rangle> \<Down> LitV (LBool True) \<rbrakk> \<Longrightarrow> 
                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Assert e, Normal n_s\<rangle> \<rightarrow> Normal n_s"
@@ -527,9 +527,9 @@ inductive_cases RedHavoc_case: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<l
 
 text \<open>Command list reduction (big-step semantics)\<close>
 
-inductive red_cmd_list :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd list \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
+inductive red_cmd_list :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd list \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
   ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) [\<rightarrow>]/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
+  for A :: "'a absval_ty_fun" and M :: "'struct_ty proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where
     RedCmdListNil: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[],s\<rangle> [\<rightarrow>] s"
   | RedCmdListCons: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s''; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s''\<rangle> [\<rightarrow>] s' \<rbrakk> \<Longrightarrow> 
@@ -542,9 +542,9 @@ text \<open>CFG reduction (small-step semantics)\<close>
 
 type_synonym 'a cfg_config = "(node+unit) \<times> 'a state"
 
-inductive red_cfg :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> 'a cfg_config \<Rightarrow> 'a cfg_config \<Rightarrow> bool"
+inductive red_cfg :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> 'a cfg_config \<Rightarrow> 'a cfg_config \<Rightarrow> bool"
   ("_,_,_,_,_,_ \<turnstile> (_ -n\<rightarrow>/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: proc_context and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and G :: mbodyCFG
+  for A :: "'a absval_ty_fun" and M :: "'struct_ty proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and G :: mbodyCFG
   where
     RedNormalSucc: "\<lbrakk>node_to_block(G) ! n = cs; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns'; List.member (out_edges(G) ! n) n'  \<rbrakk> \<Longrightarrow> 
               A,M,\<Lambda>,\<Gamma>,\<Omega>,G  \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (Inl n', Normal ns')"
@@ -564,13 +564,13 @@ inductive_cases RedNormalSucc_case: "A,M,\<Lambda>,\<Gamma>,G,\<Omega>  \<turnst
 
 text \<open>Reflexive and transitive closure of CFG reduction\<close>
 
-abbreviation red_cfg_multi :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> 'a cfg_config \<Rightarrow> 'a cfg_config \<Rightarrow> bool"
+abbreviation red_cfg_multi :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> 'a cfg_config \<Rightarrow> 'a cfg_config \<Rightarrow> bool"
   ("_,_,_,_,_,_ \<turnstile>_ -n\<rightarrow>*/ _" [51,0,0,0] 81)
   where "red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G \<equiv> rtranclp (red_cfg A M \<Lambda> \<Gamma> \<Omega> G)"
 
 text \<open>N-step CFG reduction\<close>
 
-abbreviation red_cfg_k_step :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> 'a cfg_config \<Rightarrow> nat \<Rightarrow> 'a cfg_config \<Rightarrow> bool"
+abbreviation red_cfg_k_step :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> 'a cfg_config \<Rightarrow> nat \<Rightarrow> 'a cfg_config \<Rightarrow> bool"
   ("_,_,_,_,_,_ \<turnstile>_ -n\<rightarrow>^_/ _" [51,0,0,0,0] 81)
 where "red_cfg_k_step A M \<Lambda> \<Gamma> \<Omega> G c1 n c2 \<equiv> ((red_cfg A M \<Lambda> \<Gamma> \<Omega> G)^^n) c1 c2"
 
@@ -635,7 +635,7 @@ definition valid_configuration
          s' \<noteq> Failure \<and> 
          (is_final_config (m',s') \<longrightarrow> (\<forall>ns'. s' = Normal ns' \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns' posts))"
 
-definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> mbodyCFG \<Rightarrow> 'a nstate \<Rightarrow> bool"
+definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> mbodyCFG \<Rightarrow> 'a nstate \<Rightarrow> bool"
   where "proc_body_satisfies_spec A M \<Lambda> \<Gamma> \<Omega> pres posts mbody ns \<equiv>
          expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns pres \<longrightarrow> 
           (\<forall> m' s'. (A, M, \<Lambda>, \<Gamma>, \<Omega>, mbody \<turnstile> (Inl (entry(mbody)), Normal ns) -n\<rightarrow>* (m',s')) \<longrightarrow> 
@@ -660,6 +660,29 @@ abbreviation axiom_assm
   where "axiom_assm A \<Gamma> consts ns axioms \<equiv> 
      (axioms_sat A (consts, []) \<Gamma> (nstate_global_restriction ns consts) axioms)"
 
+fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdecls \<Rightarrow> vdecls \<Rightarrow> axiom list \<Rightarrow> 'struct_ty procedure \<Rightarrow> 
+                       ('a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> 'struct_ty \<Rightarrow> 'a nstate \<Rightarrow> bool) \<Rightarrow> 
+                         bool"
+  where 
+    "proc_is_correct A fun_decls constants global_vars axioms proc (proc_body_satisfies_spec_general) =  
+      (case proc_body(proc) of
+        Some (locals, struct) \<Rightarrow> 
+          ( ( (\<forall>t. closed t \<longrightarrow> (\<exists>v. type_of_val A (v :: 'a val) = t)) \<and> (\<forall>v. closed ((type_of_val A) v)) ) \<longrightarrow>
+          (\<forall> \<Gamma>. fun_interp_wf A fun_decls \<Gamma> \<longrightarrow>
+          (
+             (\<forall>\<Omega> gs ls. (list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc) \<longrightarrow>        
+             (state_typ_wf A \<Omega> gs (constants @ global_vars) \<longrightarrow>
+              state_typ_wf A \<Omega> ls ((proc_args proc)@ (locals @ proc_rets proc)) \<longrightarrow>
+              (axioms_sat A (constants, []) \<Gamma> (global_to_nstate (state_restriction gs constants)) axioms) \<longrightarrow>            
+              (proc_body_satisfies_spec_general 
+                                        A [] (constants@global_vars, (proc_args proc)@(locals@(proc_rets proc))) \<Gamma> \<Omega> 
+                                       (proc_all_pres proc) (proc_checked_posts proc) struct
+                                       \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> ) )
+            )
+          )))
+      | None \<Rightarrow> True)"
+
+(*
 fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdecls \<Rightarrow> vdecls \<Rightarrow> axiom list \<Rightarrow> procedure \<Rightarrow> bool"
   where 
     "proc_is_correct A fun_decls constants global_vars axioms proc =
@@ -678,15 +701,16 @@ fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdec
             )
           )))
       | None \<Rightarrow> True)"
+*)
 
-text \<open>\<^term>\<open>proc_is_correct A fun_decls constants global_vars axioms proc\<close> gives the definition
+text \<open>\<^term>\<open>proc_is_correct A fun_decls constants global_vars axioms proc proc_body_satisfies_spec_general\<close> gives the definition
 that a procedure \<^term>\<open>proc\<close> is correct w.r.t. the type interpretation \<^term>\<open>A\<close> the function declarations \<open>fun_decls\<close>, 
 constants \<^term>\<open>constants\<close>, global variables \<^term>\<open>global_vars\<close> and Boogie axioms \<^term>\<open>axioms\<close>. 
 
 Since the current proof generation does not support procedure calls yet, we just instantiate the
 procedure context to the empty list here. 
 
-In our certificates, we prove (\<^term>\<open>\<And>A. proc_is_correct A fun_decls constants global_vars axioms proc\<close>),
+In our certificates, we prove (\<^term>\<open>\<And>A. proc_is_correct A fun_decls constants global_vars axioms proc proc_body_satisfies_spec_general\<close>),
 i.e., we prove procedure correctness for every type interpretation (\<And> is a universal quantifier at 
 the meta level). Note that for certain type interpretations procedure correctness is trivial (see
 the definition of \<^term>\<open>proc_is_correct\<close>).
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
index 4c24499..2434a10 100644
--- a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
@@ -32,9 +32,7 @@ proof -
     apply (rule block_local_rel_generic) 
            apply (rule Rel_Main_test[of bigblock0])
             apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
-          apply simp
-         apply simp
+           apply (simp add: p_before_cfg_to_dag_prog.block_0_def)+
         apply (rule Red_bb0_to)
        apply (rule Red0_impl)
        apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)+
@@ -77,8 +75,7 @@ proof -
       apply (rule block_local_rel_generic)
              apply (rule Rel_Main_test[of bigblock_else])
              apply (simp add: bigblock_else_def)
-            apply simp
-           apply simp+
+            apply simp+
           apply (rule Red_bb0_to)
          apply (rule Red0_impl)
          apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
@@ -86,9 +83,7 @@ proof -
              apply simp
             apply (rule neg_gt2)
           apply (rule trace_is_possible)
-         apply simp
-        apply (simp add: bigblock_else_def)
-        apply simp+
+          apply (simp add: bigblock_else_def)+
      apply (rule neg_gt2)
     apply (rule trace_is_possible)
     done
@@ -119,7 +114,7 @@ lemma block2_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
   and cfg_satisfies_post: "\<And>m' s'.
                  (A,M,\<Lambda>,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   using assms
 proof -
@@ -130,7 +125,7 @@ proof -
             apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
         apply (rule concrete_trace)
        apply (simp add: bigblock1_def)
-         apply simp
+         apply simp+
         apply (rule disjI1)
         apply (rule p_before_cfg_to_dag_prog.node_2)
        apply (rule p_before_cfg_to_dag_prog.outEdges_2)
@@ -150,7 +145,7 @@ lemma block_then_global_rel:
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                  (A,M,\<Lambda>,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
@@ -194,7 +189,7 @@ lemma block_else_global_rel:
   and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                  (A,M,\<Lambda>,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool False)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
@@ -240,7 +235,7 @@ lemma block0_global_rel:
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_satisfies_post: "\<And>m' s'.
                  (A,M,\<Lambda>,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
   shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
 proof -
   show ?thesis 
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy
index 3319209..ba5a884 100644
--- a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy
@@ -114,8 +114,6 @@ lemma bb0_local_rel:
   and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
   shows "reached_state \<noteq> Failure  \<and>
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop2_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
     apply (rule block_local_rel_generic)
            apply (rule Rel_Main_test[of bigblock0 _ nested_loop2_before_cfg_to_dag_prog.block_0])
            apply (simp add: bigblock0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
@@ -125,8 +123,7 @@ proof -
       apply (simp add: nested_loop2_before_ast_cfg.bigblock0_def)
      apply simp
     apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)
-    done
-qed
+  done
 
 lemma loop3_body_bb1_local_rel:
   assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (loop3_body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
@@ -134,8 +131,6 @@ lemma loop3_body_bb1_local_rel:
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
   shows "reached_state \<noteq> Failure  \<and>
          (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop2_before_cfg_to_dag_prog.block_6, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
     unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def
     apply (rule guard_holds_push_through_assumption)
       apply (rule block_local_rel_generic)
@@ -148,7 +143,6 @@ proof -
             apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_6_def)
            apply (simp add: trace_is_possible loop3_body_bb1_def)+
     done
-qed
 
 lemma loop2_body_bb2_local_rel:
   assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (loop2_body_bb2 , cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
@@ -172,9 +166,7 @@ proof -
              apply simp
             apply (rule neg_gt2)
           apply (rule trace_is_possible)
-         apply simp
-        apply (simp add: loop2_body_bb2_def)
-        apply simp+
+        apply (simp add: loop2_body_bb2_def)+
      apply (rule neg_gt2)
     apply (rule trace_is_possible)
     done
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
index 8c3290e..a66cb30 100644
--- a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
@@ -78,14 +78,12 @@ lemma bb0_local_rel:
 proof -
   show ?thesis 
     apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock0 _ nested_loop_before_cfg_to_dag_prog.block_0])
+           apply (rule Rel_Main_test[of bigblock0])
            apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
           apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)+
         apply (rule Red_bb)
-       apply (rule Red_impl, simp)
-      apply (simp add: nested_loop_before_ast_cfg.bigblock0_def)
-     apply simp
-    apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
+       apply (rule Red_impl)
+      apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)+
     done
 qed
 
@@ -124,18 +122,15 @@ proof -
       apply (rule block_local_rel_generic)
              apply (rule Rel_Main_test[of outer_body_bb2])
              apply (simp add: outer_body_bb2_def)
-            apply simp
-           apply simp+
+            apply simp+
           apply (rule Red_bb)
          apply (rule Red_impl)
          apply (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def)
          apply (rule push_through_assumption1)
              apply simp
             apply (rule neg_gt2)
-          apply (rule trace_is_possible)
-         apply simp
-        apply (simp add: outer_body_bb2_def)
-        apply simp+
+           apply (rule trace_is_possible)
+          apply (simp add: outer_body_bb2_def)+
      apply (rule neg_gt2)
     apply (rule trace_is_possible)
     done
@@ -147,7 +142,7 @@ lemma end_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                            (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 6, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
 shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
 proof -
@@ -159,7 +154,7 @@ proof -
             apply (simp add: empty_bb_def)
            apply (rule Red_bb)
           apply (simp add: empty_bb_def)
-         apply simp
+         apply simp+
         apply (rule disjI2)
         apply (rule disjI2)
         apply (rule conjI)
@@ -184,7 +179,7 @@ lemma outer_body_bb2_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                            (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
@@ -192,7 +187,7 @@ lemma outer_body_bb2_global_rel:
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
         (\<And>m' s'.
                  (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                  is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
+                  is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   using assms
@@ -241,7 +236,7 @@ lemma inner_loop_body_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                            (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
   and loop_ih:
         "\<And>k ns1''. k < j \<Longrightarrow>
@@ -249,7 +244,7 @@ lemma inner_loop_body_global_rel:
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
         (\<And>m' s'.
                  (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega>  nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega>  nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
 proof -
@@ -295,14 +290,14 @@ lemma inner_loop_head_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                            (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
         (\<And>m' s'.
                    (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
+                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
@@ -332,7 +327,8 @@ proof (induction j arbitrary: ns1 rule: less_induct)
            apply (simp)
           apply (rule nested_loop_before_cfg_to_dag_prog.block_3_def)
          apply (simp, simp)
-       apply (simp add: nested_loop_before_cfg_to_dag_prog.node_3)
+        apply (simp add: nested_loop_before_cfg_to_dag_prog.node_3)
+       apply simp
       apply(rule disjE)
         apply assumption
 
@@ -372,7 +368,7 @@ proof (induction j arbitrary: ns1 rule: less_induct)
         apply blast
         apply simp
       apply (rule outer_body_bb2_global_rel)
-         apply assumption+
+          apply assumption+
       apply (rule less.prems(4))
         apply (rule strictly_smaller_helper4)
            apply assumption+
@@ -385,14 +381,14 @@ lemma inner_loop_head_global_rel_wrapped:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                            (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
   and loop_ih:
         "\<And>k ns1'. k < j \<Longrightarrow>
         (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
         (\<And>m' s'.
                    (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
+                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
   apply (rule ending_after_unwrapping)
@@ -416,7 +412,7 @@ lemma outer_loop_head_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                            (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms 
 proof (induction j arbitrary: ns1 rule: less_induct)
@@ -444,8 +440,9 @@ proof (induction j arbitrary: ns1 rule: less_induct)
             apply (simp add: bb0_unwrapped_def)
            apply (simp, simp, simp)
        apply (simp add: nested_loop_before_cfg_to_dag_prog.node_1)
-       apply (simp add: nested_loop_before_cfg_to_dag_prog.block_1_def)
-      apply(rule disjE)
+        apply (simp add: nested_loop_before_cfg_to_dag_prog.block_1_def)
+       apply simp
+       apply(rule disjE)
         apply assumption
     
        apply (erule allE[where x = 2])+
@@ -500,7 +497,7 @@ lemma entry_block_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                            (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
+                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
 proof -
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
index 8a95826..5deaa9a 100644
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
@@ -497,7 +497,7 @@ ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] while_example2_before_ast_cfg.post m' s')"
 proof -
 from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
@@ -535,10 +535,11 @@ lemma end_to_end_theorem:
 assumes 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))"
 shows "(\<And> A. (Semantics.proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms p_before_cfg_to_dag_prog.proc))"
-  apply (rule end_to_end_util[OF end_to_end_theorem_aux])
+  apply (rule end_to_end_util)
+  apply (rule end_to_end_theorem_aux)
 apply assumption using VC apply simp  apply assumption+
 apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def while_example2_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
-apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.post_def p_before_cfg_to_dag_prog.proc_body_def while_example2_before_ast_cfg.post_def while_example2_before_ast_cfg.post_def)
+apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.post_def p_before_cfg_to_dag_prog.proc_body_def while_example2_before_ast_cfg.post_def)
 apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
 apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def while_example2_before_ast_cfg.locals_vdecls_def while_example2_before_ast_cfg.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def)
 apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
index 792e11b..a0dbe08 100644
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
+++ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
@@ -149,7 +149,7 @@ lemma bb2_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                              (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 6, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   using assms
@@ -161,9 +161,8 @@ proof -
          apply (rule Rel_Main_test[of bigblock2])
              apply (simp add: bigblock2_def)
             apply simp
-           apply (rule concrete_trace)
-          apply (simp add: bigblock2_def)
-         apply simp
+           apply (rule assms(1))
+          apply (simp add: bigblock2_def)+
         apply (rule disjI2)
         apply (rule disjI2)
         apply (rule conjI)
@@ -192,7 +191,7 @@ lemma second_loop_body_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                              (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end while_example2_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Lt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
   and loop_ih:
         "\<And>k ns1''. k < j \<Longrightarrow>
@@ -200,7 +199,7 @@ lemma second_loop_body_global_rel:
         (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>  
         (\<And>m' s'.
                  (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)) \<Longrightarrow>
+                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end while_example2_before_ast_cfg.post)) \<Longrightarrow>
         (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
 proof -
@@ -229,8 +228,7 @@ proof -
        apply assumption
       apply simp
      apply (rule trace_is_possible)
-    apply (erule allE[where x=4])
-    apply (erule allE[where x=4])
+    apply (erule allE[where x=4])+
     apply (simp add: p_before_cfg_to_dag_prog.outEdges_5)
     apply (simp add: member_rec(1))
     apply (rule loop_ih)
@@ -244,7 +242,7 @@ lemma second_loop_head_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_sat_post: "\<And>m2 s2.
        A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1) -n\<rightarrow>* (m2, s2) \<Longrightarrow>
-       is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post"
+       is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post"
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
 proof (induction j arbitrary: ns1 rule: less_induct)
@@ -276,7 +274,8 @@ proof (induction j arbitrary: ns1 rule: less_induct)
          apply simp
         apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
        apply (simp add: p_before_cfg_to_dag_prog.node_4)
-       apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
+        apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
+       apply simp
       apply(rule disjE)
         apply assumption
 
@@ -293,7 +292,10 @@ proof (induction j arbitrary: ns1 rule: less_induct)
         apply assumption
        apply (rule less.IH)
          apply (erule strictly_smaller_helper2)
-          apply assumption+
+          apply assumption
+         apply assumption
+        apply assumption
+       apply assumption
        apply simp
 
       apply (erule allE[where x = 6])+
@@ -315,23 +317,18 @@ proof (induction j arbitrary: ns1 rule: less_induct)
       done
    qed
 qed
+ 
 
 lemma first_loop_body_global_rel:
   assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb1, (KSeq unwrapped_bigblock0 (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop)))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb1, (KSeq unwrapped_bigblock0 cont0), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                              (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end while_example2_before_ast_cfg.post)"
   and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0), ns1\<rangle> \<Down> BoolV True"
-  and loop_ih:
-        "\<And>k ns1''. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock0, (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m' s'.
-                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"  
+  and loop_ih_assm: "loop_IH j A M \<Lambda>1_local \<Gamma> \<Omega> T unwrapped_bigblock0 cont0 
+                                               p_before_cfg_to_dag_prog.proc_body 1 while_example2_before_ast_cfg.post reached_bb reached_cont reached_state"
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
 proof -
   have node2_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
@@ -345,7 +342,7 @@ proof -
          apply (simp add: body_bb1_def)
         apply (rule disjI2)
         apply (rule disjI1)
-        apply (rule conjI)
+         apply (rule conjI)
          apply (rule node2_loc)
         apply (rule conjI)
          apply simp
@@ -362,9 +359,12 @@ proof -
     apply (erule allE[where x=1])+
     apply (simp add: p_before_cfg_to_dag_prog.outEdges_2)+
     apply (simp add: member_rec(1))
-    apply (rule loop_ih)
-       apply simp+
-    apply blast
+    apply (rule loop_IH_apply)
+        apply (rule loop_ih_assm)
+       apply simp
+      apply simp
+     apply simp
+    apply simp
     done
 qed
 
@@ -374,7 +374,7 @@ lemma first_loop_head_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                              (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end while_example2_before_ast_cfg.post)"
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega>  while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms 
 proof (induction j arbitrary: ns1 rule: less_induct)
@@ -398,15 +398,8 @@ proof (induction j arbitrary: ns1 rule: less_induct)
           apply simp                 
          apply (rule block_local_rel_loop_head)
              apply (rule Rel_Invs[of unwrapped_bigblock0])
-             apply (simp add: unwrapped_bigblock0_def)
-           apply (simp add: unwrapped_bigblock0_def)
-           apply (simp)
-           apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
-          apply simp
-         apply simp
-        apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
-       apply (simp add: p_before_cfg_to_dag_prog.node_1)
-       apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
+            apply (simp add: unwrapped_bigblock0_def)+
+          apply (simp add: p_before_cfg_to_dag_prog.block_1_def p_before_cfg_to_dag_prog.node_1)+
       apply(rule disjE)
         apply assumption
     
@@ -421,9 +414,13 @@ proof (induction j arbitrary: ns1 rule: less_induct)
           apply simp
          apply blast
         apply assumption
+       apply (rule loop_IH_prove)
        apply (rule less.IH)
          apply (erule strictly_smaller_helper2)
-         apply assumption+
+          apply assumption
+         apply assumption
+        apply simp
+       apply blast
 
       apply (erule allE[where x = 3])+
       apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)+
@@ -449,9 +446,12 @@ proof (induction j arbitrary: ns1 rule: less_induct)
             apply assumption
            apply (simp add: p_before_cfg_to_dag_prog.node_3)
           apply simp+
+      sorry
+(*
       apply (rule correctness_propagates_through_assumption3)
             apply simp+
       done
+*)
   qed
 qed
 
@@ -461,7 +461,7 @@ lemma entry_block_global_rel:
   and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
   and cfg_satisfies_post: "\<And>m' s'.
                              (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
+                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
   shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
   using assms
 proof -
@@ -498,10 +498,9 @@ abbreviation \<Lambda>0_local
     "\<Lambda>0_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
 lemma end_to_end_theorem_aux2:
 assumes 
-Red: "rtranclp (red_bigblock 
-      A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<Gamma> [] 
-            while_example2_before_ast_cfg.proc_body) 
-      (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) (end_bb, end_cont, end_state)" and 
+Red: "rtranclp (red_bigblock A M \<Lambda>0_local \<Gamma> [] while_example2_before_ast_cfg.proc_body) 
+               (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) 
+               (end_bb, end_cont, end_state)" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
@@ -519,7 +518,8 @@ proof -
 by (meson rtranclp_imp_relpowp)
   show ?thesis
 apply (rule entry_block_global_rel)
-apply (rule Aux)
+      apply (rule Aux)
+
 apply (rule valid_config_implies_not_failure)
 apply (rule end_to_end_theorem_aux)
 apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
@@ -538,6 +538,7 @@ using ConstsGlobal apply (simp add: while_example2_before_ast_cfg.params_vdecls_
                                    p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
 using OldGlobal apply simp
   using BinderNs apply simp
+
   apply (rule valid_config_implies_satisfied_posts)
 apply (rule end_to_end_theorem_aux)
 apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
@@ -555,8 +556,7 @@ using ParamsLocal apply (simp add: while_example2_before_ast_cfg.params_vdecls_d
 using ConstsGlobal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
                                    p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
 using OldGlobal apply simp
-  using BinderNs apply simp
-  apply simp
+  using BinderNs apply simp+
 done
 qed
 

From a4ef31889ca9c9a178a1d17b54a4027a41acc22a Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Wed, 20 Jul 2022 11:39:47 +0200
Subject: [PATCH 19/74] latest version

---
 BoogieLang/Ast.thy                            |  63 +-
 BoogieLang/Ast_Cfg_Transformation.thy         | 713 ++++++++++----
 BoogieLang/BackedgeElim.thy                   |   5 +-
 BoogieLang/Passification.thy                  |   2 +-
 BoogieLang/Semantics.thy                      |  18 +-
 .../consecutive_ifs_ast_cfg_proof.thy         | 345 -------
 .../consecutive_ifs_before_ast_cfg.thy        |  93 --
 .../empty_branch_if_ast_cfg_proof.thy         | 256 -----
 .../empty_branch_if_before_ast_cfg.thy        |  89 --
 .../empty_generic_block_before_ast_cfg.thy    |  89 --
 ...y_generic_block_before_cfg_to_dag_prog.thy |  89 --
 ...mpty_generic_block_before_passive_prog.thy |  62 --
 .../empty_generic_block_cfgtodag_proof.thy    | 143 ---
 .../q_proofs/q_before_cfg_to_dag_prog.thy     |  89 --
 .../q_proofs/q_cfgtodag_proof.thy             | 143 ---
 .../q_proofs/q_passive_prog.thy               |  77 --
 .../q_proofs/q_vcphase_proof.thy              | 148 ---
 .../p_proofs/if_example_ast_cfg_proof.thy     | 350 -------
 .../p_proofs/if_example_ast_form~             |   4 -
 .../p_proofs/if_example_before_ast_cfg.thy    |  90 --
 .../p_proofs/p_before_cfg_to_dag_prog.thy     | 125 ---
 .../p_proofs/p_passive_prog.thy               | 128 ---
 .../nested_if_ast_cfg_proof.thy               | 335 -------
 .../nested_if_before_ast_cfg.thy              |  99 --
 .../nested_loop2_ast_cfg_proof.thy            | 720 --------------
 .../nested_loop2_before_ast_cfg.thy           | 108 ---
 .../nested_loop_ast_cfg_proof.thy             | 529 ----------
 .../nested_loop_before_ast_cfg.thy            | 103 --
 ...no_guard_empty_branch_if_ast_cfg_proof.thy | 166 ----
 ...o_guard_empty_branch_if_before_ast_cfg.thy |  87 --
 .../no_guard_if_ast_cfg_proof.thy             | 195 ----
 .../no_guard_if_before_ast_cfg.thy            |  85 --
 .../no_inv_loop_ast_cfg_proof.thy             | 283 ------
 .../no_inv_loop_before_ast_cfg.thy            |  86 --
 .../triangle_ast_cfg_proof.thy                | 297 ------
 .../triangle_before_ast_cfg.thy               | 109 ---
 .../p_proofs/p_cfgtodag_proof.thy             | 549 -----------
 .../p_proofs/p_passive_prog.thy               | 199 ----
 .../p_proofs/p_vcphase_proof.thy              | 364 -------
 .../p_proofs/while_example2_ast_cfg_proof.thy | 583 ------------
 .../while_example2_before_ast_cfg.thy         | 102 --
 .../p_proofs/while_example_2_before_ast_cfg~  |   9 -
 .../m_proofs/while_example_ast_cfg_proof.thy  |   5 -
 .../m_proofs/while_example_before_ast_cfg.thy |  89 --
 .../assert_false_in_if.bpl                    |   9 +
 .../assert_false_in_if_2.bpl                  |  12 +
 .../assert_false_in_if_3.bpl                  |  12 +
 .../assume_false_assert_false.bpl             |  12 +
 .../assume_false_in_if.bpl                    |   9 +
 .../complete_bigblock_loop_in_loop.bpl        |  17 +
 .../consecutive_ifs.bpl                       |  22 +
 .../consecutive_loops.bpl                     |  18 +
 .../consecutive_loops_in_loop.bpl             |  25 +
 .../consecutive_loops_in_loop_2.bpl           |  26 +
 .../empty_branch_if.bpl                       |  14 +
 .../empty_generic_block.bpl                   |  11 +
 .../empty_loop.bpl                            |   8 +
 .../globals.bpl                               |  13 +
 .../if_example.bpl                            |  20 +
 .../if_example_no_else_branch.bpl             |  17 +
 .../if_inside_loop.bpl                        |  20 +
 .../loop_example.bpl                          |  13 +
 .../loop_example_no_inv.bpl                   |  12 +
 .../loop_in_else_branch.bpl                   |  21 +
 .../loop_in_then_branch.bpl                   |  17 +
 .../nested_if.bpl                             |  21 +
 .../nested_loop.bpl                           |  36 +
 .../nested_loop2.bpl                          |  28 +
 .../nested_loop_while_true.bpl                |  25 +
 .../no_guard_empty_branch_if.bpl              |  13 +
 .../no_guard_if.bpl                           |  14 +
 .../no_guard_loop.bpl                         |  29 +
 .../no_guard_loop2.bpl                        |  27 +
 .../no_guard_loop3.bpl                        |  27 +
 .../no_guard_loop4.bpl                        |  27 +
 .../no_inv_loop.bpl                           |   9 +
 .../return_in_loop.bpl                        |  20 +
 .../return_in_loop2.bpl                       |  16 +
 .../simple_return_test.bpl                    |   7 +
 .../start_loop.bpl                            |   8 +
 .../triangle_example.bpl                      |  15 +
 .../trivial_assert_false.bpl                  |   3 +
 .../trivial_assume_false.bpl                  |   3 +
 .../trivial_example.bpl                       |   8 +
 .../assert_false_in_if.bpl                    |   9 +
 .../assert_false_in_if_2.bpl                  |  12 +
 .../assert_false_in_if_3.bpl                  |  12 +
 .../assume_false_assert_false.bpl             |  12 +
 .../assume_false_in_if.bpl                    |   9 +
 .../complete_bigblock_loop_in_loop.bpl        |  17 +
 .../consecutive_ifs.bpl                       |  22 +
 .../consecutive_loops.bpl                     |  18 +
 .../consecutive_loops_in_loop.bpl             |  25 +
 .../consecutive_loops_in_loop_2.bpl           |  26 +
 .../empty_branch_if.bpl                       |  14 +
 .../empty_generic_block.bpl                   |  11 +
 .../empty_loop.bpl                            |   8 +
 .../globals.bpl                               |  13 +
 .../if_example.bpl                            |  20 +
 .../if_example_no_else_branch.bpl             |  17 +
 .../if_inside_loop.bpl                        |  20 +
 .../loop_example.bpl                          |  13 +
 .../loop_example_no_inv.bpl                   |  12 +
 .../loop_in_else_branch.bpl                   |  21 +
 .../loop_in_then_branch.bpl                   |  17 +
 .../nested_if.bpl                             |  21 +
 .../nested_loop.bpl                           |  36 +
 .../nested_loop2.bpl                          |  28 +
 .../nested_loop_while_true.bpl                |  25 +
 .../no_guard_empty_branch_if.bpl              |  13 +
 .../no_guard_if.bpl                           |  14 +
 .../no_guard_loop.bpl                         |  29 +
 .../no_guard_loop2.bpl                        |  27 +
 .../no_guard_loop3.bpl                        |  27 +
 .../no_guard_loop4.bpl                        |  27 +
 .../no_inv_loop.bpl                           |   9 +
 .../return_in_loop.bpl                        |  20 +
 .../return_in_loop2.bpl                       |  16 +
 .../simple_return_test.bpl                    |   7 +
 .../start_loop.bpl                            |   8 +
 .../triangle_example.bpl                      |  15 +
 .../trivial_assert_false.bpl                  |   3 +
 .../trivial_assume_false.bpl                  |   3 +
 .../trivial_example.bpl                       |   8 +
 boogie_examples/other/break_example.bpl       |  16 +
 boogie_examples/other/goto_example.bpl        |  11 +
 boogie_examples/other/if_example_CFG.bpl      |  23 +
 .../other/if_example_duplicate.bpl            |  20 +
 boogie_examples/other/labeled_break.bpl       |  32 +
 .../assert_false_in_if_2.bpl                  |  12 +
 .../assert_false_in_if_3.bpl                  |  12 +
 .../assume_false_assert_false.bpl             |  12 +
 .../20220720_112439_timing_certificates.csv   |  41 +
 .../assert_false_in_if_2_proofs/ROOT          |  12 +
 .../assert_false_in_if_2_asttocfg_proof.thy   | 335 +++++++
 ...t_false_in_if_2_before_ast_to_cfg_prog.thy | 123 +++
 ...t_false_in_if_2_before_cfg_to_dag_prog.thy | 149 +++
 ...sert_false_in_if_2_before_passive_prog.thy |  95 ++
 .../assert_false_in_if_2_cfgtodag_proof.thy   | 284 ++++++
 ...sert_false_in_if_2_passification_proof.thy | 258 +++++
 .../assert_false_in_if_2_passive_prog.thy     | 119 +++
 .../assert_false_in_if_2_vcphase_proof.thy    | 228 +++++
 .../global_data.thy                           |   0
 .../assert_false_in_if_3_proofs/ROOT          |  12 +
 .../assert_false_in_if_3_asttocfg_proof.thy   | 315 ++++++
 ...t_false_in_if_3_before_ast_to_cfg_prog.thy | 123 +++
 ...t_false_in_if_3_before_cfg_to_dag_prog.thy | 149 +++
 ...sert_false_in_if_3_before_passive_prog.thy |  95 ++
 .../assert_false_in_if_3_cfgtodag_proof.thy   | 284 ++++++
 ...sert_false_in_if_3_passification_proof.thy | 254 +++++
 .../assert_false_in_if_3_passive_prog.thy     | 119 +++
 .../assert_false_in_if_3_vcphase_proof.thy    | 225 +++++
 .../global_data.thy                           |   0
 .../assert_false_in_if_proofs/ROOT            |  12 +
 .../assert_false_in_if_asttocfg_proof.thy     | 269 ++++++
 ...ert_false_in_if_before_ast_to_cfg_prog.thy | 117 +++
 ...ert_false_in_if_before_cfg_to_dag_prog.thy | 138 +++
 ...assert_false_in_if_before_passive_prog.thy |  95 ++
 .../assert_false_in_if_cfgtodag_proof.thy     | 242 +++++
 ...assert_false_in_if_passification_proof.thy | 258 +++++
 .../assert_false_in_if_passive_prog.thy       | 119 +++
 .../assert_false_in_if_vcphase_proof.thy      | 223 +++++
 .../global_data.thy                           |   0
 .../assume_false_assert_false_proofs/ROOT     |  12 +
 ...sume_false_assert_false_asttocfg_proof.thy | 335 +++++++
 ...se_assert_false_before_ast_to_cfg_prog.thy | 123 +++
 ...se_assert_false_before_cfg_to_dag_prog.thy | 149 +++
 ...false_assert_false_before_passive_prog.thy |  95 ++
 ...sume_false_assert_false_cfgtodag_proof.thy | 284 ++++++
 ...false_assert_false_passification_proof.thy | 259 +++++
 ...assume_false_assert_false_passive_prog.thy | 128 +++
 ...ssume_false_assert_false_vcphase_proof.thy | 236 +++++
 .../global_data.thy                           |   0
 .../assume_false_in_if_proofs/ROOT            |  12 +
 .../assume_false_in_if_asttocfg_proof.thy     | 269 ++++++
 ...ume_false_in_if_before_ast_to_cfg_prog.thy | 117 +++
 ...ume_false_in_if_before_cfg_to_dag_prog.thy | 138 +++
 ...assume_false_in_if_before_passive_prog.thy |  95 ++
 .../assume_false_in_if_cfgtodag_proof.thy     | 242 +++++
 ...assume_false_in_if_passification_proof.thy | 258 +++++
 .../assume_false_in_if_passive_prog.thy       | 119 +++
 .../assume_false_in_if_vcphase_proof.thy      | 218 +++++
 .../global_data.thy                           |   0
 .../ROOT                                      |  12 +
 .../global_data.thy                           |   0
 .../while_succ_in_while_asttocfg_proof.thy    | 557 +++++++++++
 ...e_succ_in_while_before_ast_to_cfg_prog.thy | 150 +++
 ...e_succ_in_while_before_cfg_to_dag_prog.thy | 213 +++++
 ...hile_succ_in_while_before_passive_prog.thy | 161 ++++
 .../while_succ_in_while_cfgtodag_proof.thy    | 634 ++++++++++++
 ...hile_succ_in_while_passification_proof.thy | 385 ++++++++
 .../while_succ_in_while_passive_prog.thy      | 248 +++++
 .../while_succ_in_while_vcphase_proof.thy     | 423 ++++++++
 .../consecutive_ifs_proofs/ROOT               |  12 +
 .../consecutive_ifs_asttocfg_proof.thy        | 449 +++++++++
 ...consecutive_ifs_before_ast_to_cfg_prog.thy | 135 +++
 ...consecutive_ifs_before_cfg_to_dag_prog.thy |  65 +-
 .../consecutive_ifs_before_passive_prog.thy   |  12 +-
 .../consecutive_ifs_cfgtodag_proof.thy        |  98 +-
 .../consecutive_ifs_passification_proof.thy   |  22 +-
 .../consecutive_ifs_passive_prog.thy          |  12 +-
 .../consecutive_ifs_vcphase_proof.thy         |  14 +-
 .../consecutive_ifs_proofs}/global_data.thy   |   0
 .../consecutive_loops_in_loop_2_proofs/ROOT   |  12 +
 ...ecutive_loops_in_loop_2_asttocfg_proof.thy | 774 +++++++++++++++
 ...loops_in_loop_2_before_ast_to_cfg_prog.thy | 168 ++++
 ...loops_in_loop_2_before_cfg_to_dag_prog.thy | 257 +++++
 ...ve_loops_in_loop_2_before_passive_prog.thy | 205 ++++
 ...ecutive_loops_in_loop_2_cfgtodag_proof.thy | 900 ++++++++++++++++++
 ...ve_loops_in_loop_2_passification_proof.thy | 485 ++++++++++
 ...nsecutive_loops_in_loop_2_passive_prog.thy | 319 +++++++
 ...secutive_loops_in_loop_2_vcphase_proof.thy | 551 +++++++++++
 .../global_data.thy                           |   0
 .../consecutive_loops_in_loop_proofs/ROOT     |  12 +
 ...nsecutive_loops_in_loop_asttocfg_proof.thy | 746 +++++++++++++++
 ...e_loops_in_loop_before_ast_to_cfg_prog.thy | 168 ++++
 ...e_loops_in_loop_before_cfg_to_dag_prog.thy | 257 +++++
 ...tive_loops_in_loop_before_passive_prog.thy | 205 ++++
 ...nsecutive_loops_in_loop_cfgtodag_proof.thy | 900 ++++++++++++++++++
 ...tive_loops_in_loop_passification_proof.thy | 484 ++++++++++
 ...consecutive_loops_in_loop_passive_prog.thy | 310 ++++++
 ...onsecutive_loops_in_loop_vcphase_proof.thy | 543 +++++++++++
 .../global_data.thy                           |   0
 .../consecutive_loops_proofs/ROOT             |  12 +
 .../consecutive_loops_asttocfg_proof.thy      | 537 +++++++++++
 ...nsecutive_loops_before_ast_to_cfg_prog.thy | 141 +++
 ...nsecutive_loops_before_cfg_to_dag_prog.thy | 204 ++++
 .../consecutive_loops_before_passive_prog.thy | 161 ++++
 .../consecutive_loops_cfgtodag_proof.thy      | 608 ++++++++++++
 .../consecutive_loops_passification_proof.thy | 385 ++++++++
 .../consecutive_loops_passive_prog.thy        | 221 +++++
 .../consecutive_loops_vcphase_proof.thy       | 407 ++++++++
 .../consecutive_loops_proofs}/global_data.thy |   0
 .../empty_branch_if_proofs/ROOT               |  12 +
 .../empty_branch_if_asttocfg_proof.thy        | 341 +++++++
 ...empty_branch_if_before_ast_to_cfg_prog.thy | 123 +++
 ...empty_branch_if_before_cfg_to_dag_prog.thy |  61 +-
 .../empty_branch_if_before_passive_prog.thy   |  12 +-
 .../empty_branch_if_cfgtodag_proof.thy        |  80 +-
 .../empty_branch_if_passification_proof.thy   |  24 +-
 .../empty_branch_if_passive_prog.thy          |  12 +-
 .../empty_branch_if_vcphase_proof.thy         |  14 +-
 .../empty_branch_if_proofs}/global_data.thy   |   0
 .../empty_generic_block_proofs/ROOT           |  12 +
 .../empty_generic_block_asttocfg_proof.thy    | 233 +++++
 ...y_generic_block_before_ast_to_cfg_prog.thy | 117 +++
 ...y_generic_block_before_cfg_to_dag_prog.thy | 138 +++
 ...mpty_generic_block_before_passive_prog.thy |  84 ++
 .../empty_generic_block_cfgtodag_proof.thy    | 225 +++++
 ...mpty_generic_block_passification_proof.thy | 102 +-
 .../empty_generic_block_passive_prog.thy      |  36 +-
 .../empty_generic_block_vcphase_proof.thy     | 112 ++-
 .../global_data.thy                           |   0
 .../empty_loop_proofs/ROOT                    |  12 +
 .../empty_loop_proofs}/global_data.thy        |   0
 .../p_proofs/p_asttocfg_proof.thy             | 333 +++++++
 .../p_proofs/p_before_ast_to_cfg_prog.thy     | 123 +++
 .../p_proofs/p_before_cfg_to_dag_prog.thy     |  79 +-
 .../p_proofs/p_before_passive_prog.thy        | 117 +++
 .../p_proofs/p_cfgtodag_proof.thy             | 282 ++++--
 .../p_proofs/p_passification_proof.thy        | 181 ++--
 .../p_proofs/p_passive_prog.thy               | 132 +++
 .../p_proofs/p_vcphase_proof.thy              | 273 ++++++
 .../globals_proofs/ROOT                       |  12 +
 .../globals_proofs/global_data.thy            |  48 +
 .../p_proofs/p_asttocfg_proof.thy             | 138 +++
 .../p_proofs/p_before_ast_to_cfg_prog.thy     | 131 +++
 .../p_proofs/p_before_cfg_to_dag_prog.thy     | 142 +++
 .../p_proofs/p_before_passive_prog.thy        |  62 ++
 .../p_proofs/p_cfgtodag_proof.thy             | 135 +++
 .../p_proofs/p_passification_proof.thy        | 141 +--
 .../p_proofs/p_passive_prog.thy               |  87 ++
 .../p_proofs/p_vcphase_proof.thy              | 228 +++++
 .../if_example_no_else_branch_proofs/ROOT     |  12 +
 .../global_data.thy                           |   4 +-
 ..._example_no_else_branch_asttocfg_proof.thy | 517 ++++++++++
 ..._no_else_branch_before_ast_to_cfg_prog.thy | 141 +++
 ..._no_else_branch_before_cfg_to_dag_prog.thy | 182 ++++
 ...ple_no_else_branch_before_passive_prog.thy | 128 +++
 ..._example_no_else_branch_cfgtodag_proof.thy | 433 +++++++++
 ...ple_no_else_branch_passification_proof.thy | 328 +++++++
 ...if_example_no_else_branch_passive_prog.thy | 170 ++++
 ...f_example_no_else_branch_vcphase_proof.thy | 327 +++++++
 .../if_example_proofs/ROOT                    |  12 +
 .../if_example_proofs/global_data.thy         |  32 +
 .../if_example_test_2_asttocfg_proof.thy      | 360 +++++++
 ..._example_test_2_before_ast_to_cfg_prog.thy | 123 +++
 ..._example_test_2_before_cfg_to_dag_prog.thy | 149 +++
 .../if_example_test_2_before_passive_prog.thy |  14 +-
 .../if_example_test_2_cfgtodag_proof.thy      | 284 ++++++
 .../if_example_test_2_passification_proof.thy | 262 +++++
 .../if_example_test_2_passive_prog.thy        | 128 +++
 .../if_example_test_2_vcphase_proof.thy       |  90 +-
 .../if_inside_loop_proofs/ROOT                |  12 +
 .../if_inside_loop_proofs/global_data.thy     |  32 +
 .../if_inside_while_asttocfg_proof.thy        | 510 ++++++++++
 ...if_inside_while_before_ast_to_cfg_prog.thy | 144 +++
 ...if_inside_while_before_cfg_to_dag_prog.thy | 191 ++++
 .../if_inside_while_before_passive_prog.thy   |  36 +-
 .../if_inside_while_cfgtodag_proof.thy        | 498 ++++++++++
 .../if_inside_while_passification_proof.thy   | 344 +++++++
 .../if_inside_while_passive_prog.thy          | 199 ++++
 .../if_inside_while_vcphase_proof.thy         | 353 +++++++
 .../loop_example_no_inv_proofs/ROOT           |  12 +
 .../global_data.thy                           |  32 +
 .../m_proofs/m_asttocfg_proof.thy             | 352 +++++++
 .../m_proofs/m_before_ast_to_cfg_prog.thy     | 132 +++
 .../m_proofs/m_before_cfg_to_dag_prog.thy     | 169 ++++
 .../m_proofs/m_before_passive_prog.thy        | 117 +++
 .../m_proofs/m_cfgtodag_proof.thy             | 375 ++++++++
 .../m_proofs/m_passification_proof.thy        | 314 ++++++
 .../m_proofs/m_passive_prog.thy               | 159 ++++
 .../m_proofs/m_vcphase_proof.thy              | 291 ++++++
 .../loop_example_proofs/ROOT                  |  12 +
 .../loop_example_proofs/global_data.thy       |  32 +
 .../m_proofs/m_asttocfg_proof.thy             | 352 +++++++
 .../m_proofs/m_before_ast_to_cfg_prog.thy     | 132 +++
 .../m_proofs/m_before_cfg_to_dag_prog.thy     |  66 +-
 .../m_proofs/m_before_passive_prog.thy        | 117 +++
 .../m_proofs/m_cfgtodag_proof.thy             | 231 +++--
 .../m_proofs/m_passification_proof.thy        | 117 ++-
 .../m_proofs/m_passive_prog.thy               |  45 +-
 .../m_proofs/m_vcphase_proof.thy              | 131 +--
 .../loop_in_else_branch_proofs/ROOT           |  12 +
 .../global_data.thy                           |  32 +
 .../while_in_if_true_asttocfg_proof.thy       | 492 ++++++++++
 ...hile_in_if_true_before_ast_to_cfg_prog.thy | 144 +++
 ...hile_in_if_true_before_cfg_to_dag_prog.thy | 191 ++++
 .../while_in_if_true_before_passive_prog.thy  | 139 +++
 .../while_in_if_true_cfgtodag_proof.thy       | 479 ++++++++++
 .../while_in_if_true_passification_proof.thy  | 351 +++++++
 .../while_in_if_true_passive_prog.thy         | 217 +++++
 .../while_in_if_true_vcphase_proof.thy        | 373 ++++++++
 .../loop_in_then_branch_proofs/ROOT           |  12 +
 .../global_data.thy                           |  32 +
 .../while_in_if_true_asttocfg_proof.thy       | 488 ++++++++++
 ...hile_in_if_true_before_ast_to_cfg_prog.thy | 144 +++
 ...hile_in_if_true_before_cfg_to_dag_prog.thy | 191 ++++
 .../while_in_if_true_before_passive_prog.thy  | 139 +++
 .../while_in_if_true_cfgtodag_proof.thy       | 479 ++++++++++
 .../while_in_if_true_passification_proof.thy  | 351 +++++++
 .../while_in_if_true_passive_prog.thy         | 217 +++++
 .../while_in_if_true_vcphase_proof.thy        | 373 ++++++++
 .../nested_if_proofs/ROOT                     |  12 +
 .../nested_if_proofs/global_data.thy          |  32 +
 .../nested_if_asttocfg_proof.thy              | 387 ++++++++
 .../nested_if_before_ast_to_cfg_prog.thy      | 138 +++
 .../nested_if_before_cfg_to_dag_prog.thy      |  63 +-
 .../nested_if_before_passive_prog.thy         |  14 +-
 .../nested_if_cfgtodag_proof.thy              |  84 +-
 .../nested_if_passification_proof.thy         | 108 ++-
 .../nested_if_passive_prog.thy                |  42 +-
 .../nested_if_vcphase_proof.thy               |  44 +-
 .../nested_loop2_proofs/ROOT                  |  12 +
 .../nested_loop2_proofs/global_data.thy       |  32 +
 .../nested_loop3_asttocfg_proof.thy           | 713 ++++++++++++++
 .../nested_loop3_before_ast_to_cfg_prog.thy   | 177 ++++
 .../nested_loop3_before_cfg_to_dag_prog.thy   | 255 +++++
 .../nested_loop3_before_passive_prog.thy      | 194 ++++
 .../nested_loop3_cfgtodag_proof.thy           | 867 +++++++++++++++++
 .../nested_loop3_passification_proof.thy      | 461 +++++++++
 .../nested_loop3_passive_prog.thy             | 326 +++++++
 .../nested_loop3_vcphase_proof.thy            | 542 +++++++++++
 .../nested_loop_proofs/ROOT                   |  12 +
 .../nested_loop_proofs/global_data.thy        |  32 +
 .../nested_loop_asttocfg_proof.thy            | 536 +++++++++++
 .../nested_loop_before_ast_to_cfg_prog.thy    | 150 +++
 .../nested_loop_before_cfg_to_dag_prog.thy    |  72 +-
 .../nested_loop_before_passive_prog.thy       |  51 +-
 .../nested_loop_cfgtodag_proof.thy            | 298 +++---
 .../nested_loop_passification_proof.thy       | 159 ++--
 .../nested_loop_passive_prog.thy              |  77 +-
 .../nested_loop_vcphase_proof.thy             | 159 ++--
 .../nested_loop_while_true_proofs/ROOT        |  12 +
 .../global_data.thy                           |  32 +
 .../nested_loop2_asttocfg_proof.thy           | 713 ++++++++++++++
 .../nested_loop2_before_ast_to_cfg_prog.thy   | 168 ++++
 .../nested_loop2_before_cfg_to_dag_prog.thy   |  89 +-
 .../nested_loop2_before_passive_prog.thy      | 194 ++++
 .../nested_loop2_cfgtodag_proof.thy           | 412 +++++---
 .../nested_loop2_passification_proof.thy      | 192 ++--
 .../nested_loop2_passive_prog.thy             |  94 +-
 .../nested_loop2_vcphase_proof.thy            | 220 +++--
 .../no_guard_empty_branch_if_proofs/ROOT      |  12 +
 .../global_data.thy                           |  32 +
 ...o_guard_empty_branch_if_asttocfg_proof.thy | 251 +++++
 ...empty_branch_if_before_ast_to_cfg_prog.thy | 117 +++
 ...empty_branch_if_before_cfg_to_dag_prog.thy |  53 +-
 ...rd_empty_branch_if_before_passive_prog.thy |  12 +-
 ...o_guard_empty_branch_if_cfgtodag_proof.thy |  66 +-
 ...rd_empty_branch_if_passification_proof.thy |  20 +-
 .../no_guard_empty_branch_if_passive_prog.thy |  10 +-
 ...no_guard_empty_branch_if_vcphase_proof.thy |  14 +-
 .../no_guard_if_proofs/ROOT                   |  12 +
 .../no_guard_if_proofs/global_data.thy        |  32 +
 .../no_guard_if_asttocfg_proof.thy            | 267 ++++++
 .../no_guard_if_before_ast_to_cfg_prog.thy    | 117 +++
 .../no_guard_if_before_cfg_to_dag_prog.thy    |  53 +-
 .../no_guard_if_before_passive_prog.thy       |  12 +-
 .../no_guard_if_cfgtodag_proof.thy            |  66 +-
 .../no_guard_if_passification_proof.thy       |  20 +-
 .../no_guard_if_passive_prog.thy              |  10 +-
 .../no_guard_if_vcphase_proof.thy             |  14 +-
 .../M_proofs/M_asttocfg_proof.thy             | 716 ++++++++++++++
 .../M_proofs/M_before_ast_to_cfg_prog.thy     | 177 ++++
 .../M_proofs/M_before_cfg_to_dag_prog.thy     | 244 +++++
 .../M_proofs/M_before_passive_prog.thy        | 183 ++++
 .../M_proofs/M_cfgtodag_proof.thy             | 775 +++++++++++++++
 .../M_proofs/M_passification_proof.thy        | 458 +++++++++
 .../M_proofs/M_passive_prog.thy               | 297 ++++++
 .../M_proofs/M_vcphase_proof.thy              | 473 +++++++++
 .../no_guard_loop2_proofs/ROOT                |  12 +
 .../no_guard_loop2_proofs/global_data.thy     |  32 +
 .../M_proofs/M_asttocfg_proof.thy             | 679 +++++++++++++
 .../M_proofs/M_before_ast_to_cfg_prog.thy     | 171 ++++
 .../M_proofs/M_before_cfg_to_dag_prog.thy     | 233 +++++
 .../M_proofs/M_before_passive_prog.thy        | 172 ++++
 .../M_proofs/M_cfgtodag_proof.thy             | 712 ++++++++++++++
 .../M_proofs/M_passification_proof.thy        | 422 ++++++++
 .../M_proofs/M_passive_prog.thy               | 295 ++++++
 .../M_proofs/M_vcphase_proof.thy              | 455 +++++++++
 .../no_guard_loop3_proofs/ROOT                |  12 +
 .../no_guard_loop3_proofs/global_data.thy     |  32 +
 .../M_proofs/M_asttocfg_proof.thy             | 678 +++++++++++++
 .../M_proofs/M_before_ast_to_cfg_prog.thy     | 171 ++++
 .../M_proofs/M_before_cfg_to_dag_prog.thy     | 233 +++++
 .../M_proofs/M_before_passive_prog.thy        |  38 +-
 .../M_proofs/M_cfgtodag_proof.thy             | 711 ++++++++++++++
 .../M_proofs/M_passification_proof.thy        | 429 +++++++++
 .../M_proofs/M_passive_prog.thy               | 286 ++++++
 .../M_proofs/M_vcphase_proof.thy              | 447 +++++++++
 .../no_guard_loop4_proofs/ROOT                |  12 +
 .../no_guard_loop4_proofs/global_data.thy     |  32 +
 .../M_proofs/M_asttocfg_proof.thy             | 732 ++++++++++++++
 .../M_proofs/M_before_ast_to_cfg_prog.thy     | 177 ++++
 .../M_proofs/M_before_cfg_to_dag_prog.thy     | 255 +++++
 .../M_proofs/M_before_passive_prog.thy        | 194 ++++
 .../M_proofs/M_cfgtodag_proof.thy             | 820 ++++++++++++++++
 .../M_proofs/M_passification_proof.thy        | 482 ++++++++++
 .../M_proofs/M_passive_prog.thy               | 317 ++++++
 .../M_proofs/M_vcphase_proof.thy              | 505 ++++++++++
 .../no_guard_loop_proofs/ROOT                 |  12 +
 .../no_guard_loop_proofs/global_data.thy      |  32 +
 .../no_inv_loop_proofs/ROOT                   |  12 +
 .../no_inv_loop_proofs/global_data.thy        |  32 +
 .../no_inv_loop_asttocfg_proof.thy            | 344 +++++++
 .../no_inv_loop_before_ast_to_cfg_prog.thy    | 123 +++
 .../no_inv_loop_before_cfg_to_dag_prog.thy    |  45 +-
 .../no_inv_loop_before_passive_prog.thy       |  12 +-
 .../no_inv_loop_cfgtodag_proof.thy            |  54 +-
 .../no_inv_loop_passification_proof.thy       |  24 +-
 .../no_inv_loop_passive_prog.thy              |  14 +-
 .../no_inv_loop_vcphase_proof.thy             |  14 +-
 .../return_in_loop2_proofs/ROOT               |  12 +
 .../return_in_loop2_proofs/global_data.thy    |  32 +
 .../return_in_loop_asttocfg_proof.thy         | 518 ++++++++++
 .../return_in_loop_before_ast_to_cfg_prog.thy | 141 +++
 .../return_in_loop_before_cfg_to_dag_prog.thy | 193 ++++
 .../return_in_loop_before_passive_prog.thy    | 150 +++
 .../return_in_loop_cfgtodag_proof.thy         | 534 +++++++++++
 .../return_in_loop_passification_proof.thy    | 363 +++++++
 .../return_in_loop_passive_prog.thy           | 183 ++++
 .../return_in_loop_vcphase_proof.thy          | 361 +++++++
 .../return_in_loop_proofs/ROOT                |  12 +
 .../return_in_loop_proofs/global_data.thy     |  32 +
 .../return_in_loop_asttocfg_proof.thy         | 529 ++++++++++
 .../return_in_loop_before_ast_to_cfg_prog.thy | 141 +++
 .../return_in_loop_before_cfg_to_dag_prog.thy | 204 ++++
 .../return_in_loop_before_passive_prog.thy    | 161 ++++
 .../return_in_loop_cfgtodag_proof.thy         | 514 ++++++++++
 .../return_in_loop_passification_proof.thy    | 385 ++++++++
 .../return_in_loop_passive_prog.thy           | 203 ++++
 .../return_in_loop_vcphase_proof.thy          | 395 ++++++++
 .../simple_return_test_proofs/ROOT            |  12 +
 .../simple_return_test_proofs/global_data.thy |  32 +
 .../return_test_asttocfg_proof.thy            | 138 +++
 .../return_test_before_ast_to_cfg_prog.thy    | 105 ++
 .../return_test_before_cfg_to_dag_prog.thy    | 116 +++
 .../return_test_before_passive_prog.thy       |  62 ++
 .../return_test_cfgtodag_proof.thy            | 135 +++
 .../return_test_passification_proof.thy       | 195 ++++
 .../return_test_passive_prog.thy              |  77 ++
 .../return_test_vcphase_proof.thy             | 141 +++
 .../start_loop_proofs/ROOT                    |  12 +
 .../start_loop_proofs/global_data.thy         |  36 +
 .../start_loop_asttocfg_proof.thy             | 315 ++++++
 .../start_loop_before_ast_to_cfg_prog.thy     | 123 +++
 .../start_loop_before_cfg_to_dag_prog.thy     | 149 +++
 .../start_loop_before_passive_prog.thy        |  24 +-
 .../start_loop_cfgtodag_proof.thy             | 329 +++++++
 .../start_loop_passification_proof.thy        | 272 ++++++
 .../start_loop_passive_prog.thy               | 117 +++
 .../start_loop_vcphase_proof.thy              | 235 +++++
 .../triangle_example_proofs/ROOT              |  12 +
 .../triangle_example_proofs/global_data.thy   |  32 +
 .../triangle_asttocfg_proof.thy               | 344 +++++++
 .../triangle_before_ast_to_cfg_prog.thy       | 141 +++
 .../triangle_before_cfg_to_dag_prog.thy       |  49 +-
 .../triangle_before_passive_prog.thy          |  12 +-
 .../triangle_cfgtodag_proof.thy               |  76 +-
 .../triangle_passification_proof.thy          |  32 +-
 .../triangle_proofs/triangle_passive_prog.thy |  22 +-
 .../triangle_vcphase_proof.thy                |  14 +-
 .../trivial_assert_false_proofs/ROOT          |  12 +
 .../global_data.thy                           |  32 +
 .../trivial_assert_false_asttocfg_proof.thy   | 138 +++
 ...al_assert_false_before_ast_to_cfg_prog.thy |  96 ++
 ...al_assert_false_before_cfg_to_dag_prog.thy | 107 +++
 ...ivial_assert_false_before_passive_prog.thy |  62 ++
 .../trivial_assert_false_cfgtodag_proof.thy   | 135 +++
 ...ivial_assert_false_passification_proof.thy | 195 ++++
 .../trivial_assert_false_passive_prog.thy     |  68 ++
 .../trivial_assert_false_vcphase_proof.thy    | 141 +++
 .../trivial_assume_false_proofs/ROOT          |  12 +
 .../global_data.thy                           |  32 +
 .../trivial_assume_false_asttocfg_proof.thy   | 138 +++
 ...al_assume_false_before_ast_to_cfg_prog.thy |  96 ++
 ...al_assume_false_before_cfg_to_dag_prog.thy | 107 +++
 ...ivial_assume_false_before_passive_prog.thy |  62 ++
 .../trivial_assume_false_cfgtodag_proof.thy   | 135 +++
 ...ivial_assume_false_passification_proof.thy | 195 ++++
 .../trivial_assume_false_passive_prog.thy     |  68 ++
 .../trivial_assume_false_vcphase_proof.thy    | 138 +++
 .../trivial_example_proofs/ROOT               |  12 +
 .../trivial_example_proofs/global_data.thy    |  36 +
 .../p_proofs/p_asttocfg_proof.thy             | 138 +++
 .../p_proofs/p_before_ast_to_cfg_prog.thy     | 118 +++
 .../p_proofs/p_before_cfg_to_dag_prog.thy     | 129 +++
 .../p_proofs/p_before_passive_prog.thy        |  16 +-
 .../p_proofs/p_cfgtodag_proof.thy             | 135 +++
 .../p_proofs/p_passification_proof.thy        | 101 +-
 .../p_proofs/p_passive_prog.thy               |  86 ++
 .../p_proofs/p_vcphase_proof.thy              | 188 ++++
 533 files changed, 74157 insertions(+), 9843 deletions(-)
 delete mode 100644 BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_cfg.thy
 delete mode 100644 BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy
 delete mode 100644 BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_cfg.thy
 delete mode 100644 BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy
 delete mode 100644 BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy
 delete mode 100644 BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_cfg_to_dag_prog.thy
 delete mode 100644 BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_cfgtodag_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passive_prog.thy
 delete mode 100644 BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_vcphase_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~
 delete mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
 delete mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
 delete mode 100644 BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy
 delete mode 100644 BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_cfg.thy
 delete mode 100644 BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_ast_cfg.thy
 delete mode 100644 BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy
 delete mode 100644 BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_cfg.thy
 delete mode 100644 BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy
 delete mode 100644 BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_cfg.thy
 delete mode 100644 BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_cfg.thy
 delete mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy
 delete mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
 delete mode 100644 BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~
 delete mode 100644 BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_ast_cfg_proof.thy
 delete mode 100644 BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_before_ast_cfg.thy
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_2.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_3.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_assert_false.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_in_if.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/complete_bigblock_loop_in_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_ifs.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop_2.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/empty_branch_if.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/empty_generic_block.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/empty_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/globals.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/if_example.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/if_example_no_else_branch.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/if_inside_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example_no_inv.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_else_branch.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_then_branch.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/nested_if.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop2.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop_while_true.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_empty_branch_if.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_if.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop2.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop3.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop4.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_inv_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop2.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/simple_return_test.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/start_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/triangle_example.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assert_false.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assume_false.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_example.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_2.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_3.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_assert_false.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_in_if.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/complete_bigblock_loop_in_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_ifs.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop_2.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_branch_if.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_generic_block.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/globals.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example_no_else_branch.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_inside_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example_no_inv.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_else_branch.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_then_branch.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_if.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop2.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop_while_true.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_empty_branch_if.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_if.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop2.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop3.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop4.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_inv_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop2.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/simple_return_test.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/start_loop.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/triangle_example.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assert_false.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assume_false.bpl
 create mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_example.bpl
 create mode 100644 boogie_examples/other/break_example.bpl
 create mode 100644 boogie_examples/other/goto_example.bpl
 create mode 100644 boogie_examples/other/if_example_CFG.bpl
 create mode 100644 boogie_examples/other/if_example_duplicate.bpl
 create mode 100644 boogie_examples/other/labeled_break.bpl
 create mode 100644 boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_2.bpl
 create mode 100644 boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_3.bpl
 create mode 100644 boogie_examples/proofgen_depends_on_pruning/assume_false_assert_false.bpl
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/20220720_112439_timing_certificates.csv
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_vcphase_proof.thy
 rename {BoogieLang/generated_example_proofs/consecutive_ifs_proofs => boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_vcphase_proof.thy
 rename {BoogieLang/generated_example_proofs/empty_branch_if_proofs => boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_vcphase_proof.thy
 rename {BoogieLang/generated_example_proofs/empty_generic_block_proofs => boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_vcphase_proof.thy
 rename {BoogieLang/generated_example_proofs/goto_example_proofs => boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_vcphase_proof.thy
 rename {BoogieLang/generated_example_proofs/nested_if_proofs => boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/ROOT
 rename {BoogieLang/generated_example_proofs/nested_loop2_proofs => boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_to_cfg_prog.thy
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy (55%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy (77%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy (82%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy (90%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy (70%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy (91%)
 rename {BoogieLang/generated_example_proofs/nested_loop_proofs => boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_vcphase_proof.thy
 rename {BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs => boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_vcphase_proof.thy
 rename {BoogieLang/generated_example_proofs/no_guard_if_proofs => boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_vcphase_proof.thy
 rename {BoogieLang/generated_example_proofs/no_inv_loop_proofs => boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_to_cfg_prog.thy
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy (52%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy (72%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy (78%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy (88%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy (67%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy (90%)
 rename {BoogieLang/generated_example_proofs/triangle_example_proofs => boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy (59%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy (57%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy (53%)
 rename {BoogieLang/generated_example_proofs/while_example2_proofs => boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/ROOT
 rename {BoogieLang/generated_example_proofs/while_example_proofs => boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs}/global_data.thy (100%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
 rename {BoogieLang/generated_example_proofs/while_example2_proofs => boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs}/p_proofs/p_before_cfg_to_dag_prog.thy (58%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_passive_prog.thy
 rename {BoogieLang/generated_example_proofs/if_example_proofs => boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs}/p_proofs/p_cfgtodag_proof.thy (50%)
 rename {BoogieLang/generated_example_proofs/while_example2_proofs => boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs}/p_proofs/p_passification_proof.thy (65%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_cfgtodag_proof.thy
 rename {BoogieLang/generated_example_proofs/if_example_proofs => boogie_examples/simple_examples_no_optimization_proofs/globals_proofs}/p_proofs/p_passification_proof.thy (54%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/ROOT
 rename {BoogieLang/generated_example_proofs/if_example_proofs => boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs}/global_data.thy (79%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_cfg_to_dag_prog.thy
 rename BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy => boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_passive_prog.thy (64%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passive_prog.thy
 rename BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy => boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_vcphase_proof.thy (55%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_cfg_to_dag_prog.thy
 rename BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy => boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_passive_prog.thy (59%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_ast_to_cfg_prog.thy
 rename {BoogieLang/generated_example_proofs/while_example_proofs => boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs}/m_proofs/m_before_cfg_to_dag_prog.thy (53%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_passive_prog.thy
 rename {BoogieLang/generated_example_proofs/while_example_proofs => boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs}/m_proofs/m_cfgtodag_proof.thy (67%)
 rename {BoogieLang/generated_example_proofs/while_example_proofs => boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs}/m_proofs/m_passification_proof.thy (79%)
 rename {BoogieLang/generated_example_proofs/while_example_proofs => boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs}/m_proofs/m_passive_prog.thy (59%)
 rename {BoogieLang/generated_example_proofs/while_example_proofs => boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs}/m_proofs/m_vcphase_proof.thy (79%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_to_cfg_prog.thy
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy (54%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy (78%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy (79%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy (77%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy (55%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy (82%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_to_cfg_prog.thy
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy (56%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy (60%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy (72%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy (81%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy (53%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy (82%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_ast_to_cfg_prog.thy
 rename {BoogieLang/generated_example_proofs/nested_loop2_proofs => boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs}/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy (56%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy
 rename {BoogieLang/generated_example_proofs/nested_loop2_proofs => boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs}/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy (72%)
 rename {BoogieLang/generated_example_proofs/nested_loop2_proofs => boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs}/nested_loop2_proofs/nested_loop2_passification_proof.thy (79%)
 rename {BoogieLang/generated_example_proofs/nested_loop2_proofs => boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs}/nested_loop2_proofs/nested_loop2_passive_prog.thy (54%)
 rename {BoogieLang/generated_example_proofs/nested_loop2_proofs => boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs}/nested_loop2_proofs/nested_loop2_vcphase_proof.thy (80%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_to_cfg_prog.thy
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy (53%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy (68%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy (75%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy (88%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy (68%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy (86%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_to_cfg_prog.thy
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy (54%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy (72%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy (76%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy (88%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy (71%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy (87%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
 rename BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy => boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_passive_prog.thy (63%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_to_cfg_prog.thy
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy (59%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy (75%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy (79%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy (89%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy (66%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy (90%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_cfg_to_dag_prog.thy
 rename BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_passive_prog.thy => boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_passive_prog.thy (62%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_to_cfg_prog.thy
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy (57%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy (79%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy (76%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy (88%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy (60%)
 rename {BoogieLang/generated_example_proofs => boogie_examples/simple_examples_no_optimization_proofs}/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy (93%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_cfg_to_dag_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_cfgtodag_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passification_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_vcphase_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/ROOT
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/global_data.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_asttocfg_proof.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
 rename BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_passive_prog.thy => boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_passive_prog.thy (54%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_cfgtodag_proof.thy
 rename BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passification_proof.thy => boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passification_proof.thy (59%)
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passive_prog.thy
 create mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_vcphase_proof.thy

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index a406c78..44e8b56 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -84,16 +84,16 @@ fun is_final :: "'a ast_config \<Rightarrow> bool"
 
 text\<open>function defining the semantics of bigblocks; small-step semantics 
       Note: arrow symbols in the 'syntactic sugar' clash if the exact same syntax is used as in red_cmd\<close>
-inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context  \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
+inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> ast proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
   ("_,_,_,_,_,_ \<turnstile> (\<langle>_\<rangle> \<longrightarrow>/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: "'struct_ty proc_context"  and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
+  for A :: "'a absval_ty_fun" and M :: "ast proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
   where
     RedSimpleCmds: 
-    "\<lbrakk>(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, (Normal n_s)\<rangle> [\<rightarrow>] s1) \<and> (cs \<noteq> Nil) \<rbrakk> 
+    "\<lbrakk>\<forall>M'. (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, (Normal n_s)\<rangle> [\<rightarrow>] s1) \<and> (cs \<noteq> Nil) \<rbrakk> 
       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name cs str_cmd tr_cmd), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                               ((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1)"  
 
-  (* TODO: fix this rule! *)
+  (* TODO: think about this again! *)
   | RedFailure_or_Magic: 
     "\<lbrakk> (s1 = Magic) \<or> (s1 = Failure); \<not> (is_final ((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1))  \<rbrakk> 
       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1)\<rangle> \<longrightarrow> 
@@ -122,6 +122,19 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_contex
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name []
                                 (Some (ParsedIf bb_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow>
                             (else_hd, (convert_list_to_cont (rev else_bbs) cont0), Normal n_s)"
+  (*
+  | RedParsedIfFalseNoElseBranchSeq: 
+    "\<lbrakk>\<And>b. bb_guard = (Some b) \<Longrightarrow>  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool False) \<rbrakk> 
+        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name []
+                                (Some (ParsedIf bb_guard thenbigblocks [])) None), KSeq pr cont_pr, Normal n_s)\<rangle> \<longrightarrow>
+                            (pr, cont_pr, Normal n_s)"
+
+  | RedParsedIfFalseNoElseBranchStop: 
+    "\<lbrakk>\<And>b. bb_guard = (Some b) \<Longrightarrow>  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool False) \<rbrakk> 
+        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name []
+                                (Some (ParsedIf bb_guard thenbigblocks [])) None), KStop, Normal n_s)\<rangle> \<longrightarrow>
+                            (BigBlock bb_name [] None None, KStop, Normal n_s)"
+  *)
 
   | RedParsedWhileWrapper: 
     "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
@@ -175,7 +188,7 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_contex
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None (Some (Goto label))), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                             (found_bigblock, found_cont, (Normal n_s))"
 
-abbreviation red_bigblock_k_step :: "'a absval_ty_fun \<Rightarrow> 'struct_ty  proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> nat \<Rightarrow> 'a ast_config \<Rightarrow> bool"
+abbreviation red_bigblock_k_step :: "'a absval_ty_fun \<Rightarrow> ast proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> nat \<Rightarrow> 'a ast_config \<Rightarrow> bool"
   ("_,_,_,_,_,_ \<turnstile>_ -n\<longrightarrow>^_/ _" [51,0,0,0,0] 81)
 where "red_bigblock_k_step A M \<Lambda> \<Gamma> \<Omega> T c1 n c2 \<equiv> ((red_bigblock A M \<Lambda> \<Gamma> \<Omega> T)^^n) c1 c2"
 
@@ -183,17 +196,6 @@ subsection \<open>Procedure Correctness\<close>
 
 text\<open>defining correctness of the AST\<close>
 
-(*
-record 'struct_ty ast_procedure =
-  proc_ty_args :: nat
-  proc_args :: vdecls
-  proc_rets :: vdecls
-  proc_modifs :: "vname list"
-  proc_pres :: "(expr \<times> bool) list" 
-  proc_posts :: "(expr \<times> bool) list"
-  proc_body :: "(vdecls \<times> 'struct_ty) option"
-*)
-
 fun init_ast :: "ast \<Rightarrow> 'a nstate \<Rightarrow> 'a ast_config"
   where
     "init_ast [] ns1 = ((BigBlock None [] None None), KStop, Normal ns1)"
@@ -204,42 +206,21 @@ definition valid_configuration
          (get_state (bb, cont, state)) \<noteq> Failure \<and> 
          (is_final (bb, cont, state) \<longrightarrow> (\<forall>ns'. (get_state (bb, cont, state)) = Normal ns' \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns' posts))"
 
-definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool"
+definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> ast proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool"
   where "proc_body_satisfies_spec A M \<Lambda> \<Gamma> \<Omega> pres posts ast ns \<equiv>
          expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns pres \<longrightarrow> 
           (\<forall> bb cont state. (rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> ast) (init_ast ast ns) (bb, cont, state)) \<longrightarrow> 
                     valid_configuration A \<Lambda> \<Gamma> \<Omega> posts bb cont state)"
 
-fun proc_all_pres :: "'struct_ty procedure \<Rightarrow> expr list"
+fun proc_all_pres :: "ast procedure \<Rightarrow> expr list"
   where "proc_all_pres p = map fst (proc_pres p)"
 
-fun proc_checked_posts :: "'struct_ty procedure \<Rightarrow> expr list"
+fun proc_checked_posts :: "ast procedure \<Rightarrow> expr list"
   where "proc_checked_posts p = map fst (filter (\<lambda>x. \<not> snd(x)) (proc_posts p))"
 
-(*
-fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdecls \<Rightarrow> vdecls \<Rightarrow> axiom list \<Rightarrow> ast_procedure \<Rightarrow> bool"
-  where 
-    "proc_is_correct A fun_decls constants global_vars axioms proc =
-      (case proc_body(proc) of
-        Some (locals, ast) \<Rightarrow>
-          ( ( (\<forall>t. closed t \<longrightarrow> (\<exists>v. type_of_val A (v :: 'a val) = t)) \<and> (\<forall>v. closed ((type_of_val A) v)) ) \<longrightarrow>
-          (\<forall> \<Gamma>. fun_interp_wf A fun_decls \<Gamma> \<longrightarrow>
-          (
-             (\<forall>\<Omega> gs ls. (list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc) \<longrightarrow>        
-             (state_typ_wf A \<Omega> gs (constants @ global_vars) \<longrightarrow>
-              state_typ_wf A \<Omega> ls ((proc_args proc)@ (locals @ proc_rets proc)) \<longrightarrow>
-              (axioms_sat A (constants, []) \<Gamma> (global_to_nstate (state_restriction gs constants)) axioms) \<longrightarrow>            
-              proc_body_satisfies_spec A [] (constants@global_vars, (proc_args proc)@(locals@(proc_rets proc))) \<Gamma> \<Omega> 
-                                       (proc_all_pres proc) (proc_checked_posts proc) ast 
-                                       \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> )
-            )
-          )))
-      | None \<Rightarrow> True)"
-*)
-
 inductive syntactic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infixl "\<sim>" 40) 
   where
-    neg_refl:       "UnOp Not e1 \<sim> UnOp Not e1"
+    neg_refl:   "UnOp Not e1 \<sim> UnOp Not e1"
   | neg_equiv1: "UnOp Not (Lit (LBool True)) \<sim> (Lit (LBool False))"
   | neg_equiv2: "UnOp Not (Lit (LBool False)) \<sim> (Lit (LBool True))"
   | double_neg: "UnOp Not (UnOp Not e1) \<sim> e1"
diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index a0bdad1..fdf59e4 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -10,34 +10,372 @@ subsection \<open>Miscellaneous helper lemmas\<close>
 
 lemma not_true_equals_false:
   assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV True"
-  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV False"
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV (False)"  
   using assms
-  sorry
+  proof cases
+    case (RedUnOp v)
+    from this obtain b1 where "v = LitV (LBool b1)"
+      by (metis (no_types, lifting) map_option_eq_Some option.simps(3) unop_eval.simps(1) unop_eval_val.elims unop_not.elims)   
+    from this RedUnOp have 
+      expand1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr,ns1\<rangle> \<Down> (LitV (LBool b1))" and 
+      expand2: "unop_eval_val unop.Not (LitV (LBool b1)) = Some (BoolV True)"
+      by auto
+    then show ?thesis by fastforce
+  qed
 
 lemma not_false_equals_true:
   assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV False"
-  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV True"
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV (True)"  
   using assms
-  sorry
+  proof cases
+    case (RedUnOp v)
+    from this obtain b1 where "v = LitV (LBool b1)"
+      by (metis (no_types, lifting) map_option_eq_Some option.simps(3) unop_eval.simps(1) unop_eval_val.elims unop_not.elims)   
+    from this RedUnOp have 
+      expand1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr,ns1\<rangle> \<Down> (LitV (LBool b1))" and 
+      expand2: "unop_eval_val unop.Not (LitV (LBool b1)) = Some (BoolV False)"
+      by auto
+    then show ?thesis by fastforce
+  qed
 
 lemma true_equals_not_false:
   assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV True"
-  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV False"
-  using assms
-  sorry
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV (False)"
+  using assms by (simp add: red_expr_red_exprs.intros(5))
 
 lemma false_equals_not_true:
   assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV False"
-  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV True"
-  using assms
-  sorry
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV (True)"
+  using assms by (simp add: red_expr_red_exprs.intros(5))
 
 lemma equiv_preserves_value:
   assumes "a \<sim> b"
   and "red_expr A \<Lambda> \<Gamma> \<Omega> a ns (BoolV boolean)"
   shows "red_expr A \<Lambda> \<Gamma> \<Omega> b ns (BoolV boolean)"
   using assms
-  sorry
+proof cases
+  case (neg_refl e1)
+  then show ?thesis using assms by simp
+next
+  case neg_equiv1
+  then show ?thesis using assms by (metis (full_types) RedLit not_true_equals_false val_elim)
+next
+  case neg_equiv2
+  then show ?thesis using assms by (metis (full_types) RedLit not_false_equals_true val_elim)
+next
+  case double_neg
+  then show ?thesis using assms by (metis (full_types) not_false_equals_true not_true_equals_false)
+next
+  case (neg_eq e1 e2)
+  from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Eq\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
+  show ?thesis
+  proof (cases boolean)
+    case True
+    from this assms neg_eq have 
+      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Eq\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by simp
+    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Eq\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by (metis not_true_equals_false)
+    from this obtain v1 v2 where
+      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
+    from this eq_false have "v1 \<noteq> v2" 
+      using RedBinOp_case
+      by (smt (verit, del_insts) RedBinOp_case binop_eval_val.simps(1) expr_eval_determ(1) lit.inject(1) option.inject val.inject(1))
+
+    hence "binop_eval_val Neq v1 v2 = Some (LitV (LBool (v1 \<noteq> v2)))" by simp
+    thus ?thesis using neg_eq redE1 redE2 by (simp add: RedBinOp True \<open>v1 \<noteq> v2\<close>)
+  next
+    case False
+    from this assms neg_eq have 
+      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Eq\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by simp
+    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Eq\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by (metis not_false_equals_true)
+    from this obtain v1 v2 where
+      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
+    from this eq_false have "v1 = v2" 
+      using RedBinOp_case
+      by (smt (verit, del_insts) RedBinOp_case binop_eval_val.simps(1) expr_eval_determ(1) lit.inject(1) option.inject val.inject(1))
+
+    hence "binop_eval_val Neq v1 v2 = Some (LitV (LBool (v1 \<noteq> v2)))" by simp
+    thus ?thesis using neg_eq redE1 redE2 by (simp add: RedBinOp False \<open>v1 = v2\<close>)
+  qed
+next
+  case (neg_neq e1 e2)
+  from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Neq\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
+  show ?thesis
+  proof (cases boolean)
+    case True
+    from this assms neg_neq have 
+      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Neq\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by simp
+    hence neq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Neq\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by (metis not_true_equals_false)
+    from this obtain v1 v2 where
+      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
+    from this neq_false have "v1 = v2" 
+      using RedBinOp_case
+      by (smt (verit) binop_eval_val.simps(2) expr_eval_determ(1) lit.inject(1) option.inject val.inject(1))
+
+    hence "binop_eval_val Eq v1 v2 = Some (LitV (LBool (v1 = v2)))" by simp
+    thus ?thesis using neg_neq redE1 redE2 by (simp add: RedBinOp True \<open>v1 = v2\<close>)
+  next
+    case False
+    from this assms neg_neq have 
+      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Neq\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by simp
+    hence neq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Neq\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by (metis not_false_equals_true)
+    from this obtain v1 v2 where
+      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
+    from this neq_false have "v1 \<noteq> v2" 
+      using RedBinOp_case
+      by (smt (verit) binop_eval_val.simps(2) expr_eval_determ(1) lit.inject(1) option.inject val.inject(1))
+
+    hence "binop_eval_val Eq v1 v2 = Some (LitV (LBool (v1 = v2)))" by simp
+    thus ?thesis using neg_neq redE1 redE2 by (simp add: RedBinOp False \<open>v1 \<noteq> v2\<close>)
+  qed
+next
+  case (neg_lt e1 e2)
+  from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Lt\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
+  show ?thesis
+  proof (cases boolean)
+    case True
+    from this assms neg_lt have 
+      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Lt\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by simp
+    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Lt\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by (metis not_true_equals_false)
+    
+    from this obtain v1 v2 where
+      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
+
+    from this eq_false have "binop_eval_val Lt v1 v2 = (Some (BoolV False))" by (metis RedBinOp_case expr_eval_determ(1))
+
+    from this obtain lit1 lit2 where
+      "v1 = (LitV lit1)" and 
+      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(26) binop_eval_val.simps(27) option.discI val.exhaust)
+
+    from this \<open>binop_eval_val Lt v1 v2 = (Some (BoolV False))\<close> have "binop_less lit1 lit2 = Some (LBool False)" by simp 
+
+    from this obtain i1 i2 where
+      "lit1 = LInt i1" and
+      "lit2 = LInt i2" by (metis binop_less.elims option.simps(3))
+
+    from this \<open>binop_less lit1 lit2 = Some (LBool False)\<close> have "\<not>(i1 < i2)" by simp
+    hence "i2 \<le> i1" by simp
+    hence "binop_lessOrEqual lit2 lit1 = (Some (LBool True))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval Le lit2 lit1 = Some (LBool True)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval_val Le (LitV lit2) (LitV lit1) = Some (BoolV True)" by simp 
+    thus ?thesis using neg_lt redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> True by (simp add: RedBinOp) 
+  next
+    case False
+    from this assms neg_lt have 
+      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Lt\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by simp
+    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Lt\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by (metis not_false_equals_true)
+    
+    from this obtain v1 v2 where
+      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
+
+    from this eq_false have "binop_eval_val Lt v1 v2 = (Some (BoolV True))" by (metis RedBinOp_case expr_eval_determ(1))
+
+    from this obtain lit1 lit2 where
+      "v1 = (LitV lit1)" and 
+      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(26) binop_eval_val.simps(27) option.discI val.exhaust)
+
+    from this \<open>binop_eval_val Lt v1 v2 = (Some (BoolV True))\<close> have "binop_less lit1 lit2 = Some (LBool True)" by simp 
+
+    from this obtain i1 i2 where
+      "lit1 = LInt i1" and
+      "lit2 = LInt i2" by (metis binop_less.elims option.simps(3))
+
+    from this \<open>binop_less lit1 lit2 = Some (LBool True)\<close> have "(i1 < i2)" by simp
+    hence "\<not>(i2 \<le> i1)" by simp
+    hence "binop_lessOrEqual lit2 lit1 = (Some (LBool False))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval Le lit2 lit1 = Some (LBool False)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval_val Le (LitV lit2) (LitV lit1) = Some (BoolV False)" by simp 
+    thus ?thesis using neg_lt redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> False by (simp add: RedBinOp) 
+  qed
+next
+  case (neg_le e1 e2)
+  from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Le\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
+  show ?thesis
+  proof (cases boolean)
+    case True
+    from this assms neg_le have 
+      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Le\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by simp
+    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Le\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by (metis not_true_equals_false)
+    
+    from this obtain v1 v2 where
+      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
+
+    from this eq_false have "binop_eval_val Le v1 v2 = (Some (BoolV False))" by (metis RedBinOp_case expr_eval_determ(1))
+
+    from this obtain lit1 lit2 where
+      "v1 = (LitV lit1)" and 
+      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(28) binop_eval_val.simps(29) option.discI val.exhaust)
+
+    from this \<open>binop_eval_val Le v1 v2 = (Some (BoolV False))\<close> have "binop_lessOrEqual lit1 lit2 = Some (LBool False)" by simp 
+
+    from this obtain i1 i2 where
+      "lit1 = LInt i1" and
+      "lit2 = LInt i2" by (metis binop_lessOrEqual.elims option.simps(3))
+
+    from this \<open>binop_lessOrEqual lit1 lit2 = Some (LBool False)\<close> have "\<not>(i1 \<le> i2)" by simp
+    hence "i2 < i1" by simp
+    hence "binop_less lit2 lit1 = (Some (LBool True))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval Lt lit2 lit1 = Some (LBool True)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval_val Lt (LitV lit2) (LitV lit1) = Some (BoolV True)" by simp 
+    thus ?thesis using neg_le redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> True by (simp add: RedBinOp) 
+  next
+    case False
+    from this assms neg_le have 
+      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Le\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by simp
+    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Le\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by (metis not_false_equals_true)
+    
+    from this obtain v1 v2 where
+      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
+
+    from this eq_false have "binop_eval_val Le v1 v2 = (Some (BoolV True))" by (metis RedBinOp_case expr_eval_determ(1))
+
+    from this obtain lit1 lit2 where
+      "v1 = (LitV lit1)" and 
+      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(28) binop_eval_val.simps(29) option.discI val.exhaust)
+
+    from this \<open>binop_eval_val Le v1 v2 = (Some (BoolV True))\<close> have "binop_lessOrEqual lit1 lit2 = Some (LBool True)" by simp 
+
+    from this obtain i1 i2 where
+      "lit1 = LInt i1" and
+      "lit2 = LInt i2" by (metis binop_lessOrEqual.elims option.simps(3))
+
+    from this \<open>binop_lessOrEqual lit1 lit2 = Some (LBool True)\<close> have "(i1 \<le> i2)" by simp
+    hence "\<not>(i2 < i1)" by simp
+    hence "binop_less lit2 lit1 = (Some (LBool False))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval Lt lit2 lit1 = Some (LBool False)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval_val Lt (LitV lit2) (LitV lit1) = Some (BoolV False)" by simp 
+    thus ?thesis using neg_le redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> False by (simp add: RedBinOp) 
+  qed
+next
+  case (neg_gt e1 e2)
+  from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Gt\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
+  show ?thesis
+  proof (cases boolean)
+    case True
+    from this assms neg_gt have 
+      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Gt\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by simp
+    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Gt\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by (metis not_true_equals_false)
+    
+    from this obtain v1 v2 where
+      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
+
+    from this eq_false have "binop_eval_val Gt v1 v2 = (Some (BoolV False))" by (metis RedBinOp_case expr_eval_determ(1))
+
+    from this obtain lit1 lit2 where
+      "v1 = (LitV lit1)" and 
+      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(30) binop_eval_val.simps(31) option.discI val.exhaust)
+
+    from this \<open>binop_eval_val Gt v1 v2 = (Some (BoolV False))\<close> have "binop_greater lit1 lit2 = Some (LBool False)" by simp 
+
+    from this obtain i1 i2 where
+      "lit1 = LInt i1" and
+      "lit2 = LInt i2" by (metis binop_greater.elims option.simps(3))
+
+    from this \<open>binop_greater lit1 lit2 = Some (LBool False)\<close> have "\<not>(i1 > i2)" by simp
+    hence "i2 \<ge> i1" by simp
+    hence "binop_greaterOrEqual lit2 lit1 = (Some (LBool True))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval Ge lit2 lit1 = Some (LBool True)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval_val Ge (LitV lit2) (LitV lit1) = Some (BoolV True)" by simp 
+    thus ?thesis using neg_gt redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> True by (simp add: RedBinOp) 
+  next
+    case False
+    from this assms neg_gt have 
+      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Gt\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by simp
+    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Gt\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by (metis not_false_equals_true)
+    
+    from this obtain v1 v2 where
+      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
+
+    from this eq_false have "binop_eval_val Gt v1 v2 = (Some (BoolV True))" by (metis RedBinOp_case expr_eval_determ(1))
+
+    from this obtain lit1 lit2 where
+      "v1 = (LitV lit1)" and 
+      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(30) binop_eval_val.simps(31) option.discI val.exhaust)
+
+    from this \<open>binop_eval_val Gt v1 v2 = (Some (BoolV True))\<close> have "binop_greater lit1 lit2 = Some (LBool True)" by simp 
+
+    from this obtain i1 i2 where
+      "lit1 = LInt i1" and
+      "lit2 = LInt i2" by (metis binop_greater.elims option.simps(3))
+
+    from this \<open>binop_greater lit1 lit2 = Some (LBool True)\<close> have "(i1 > i2)" by simp
+    hence "\<not>(i2 \<ge> i1)" by simp
+    hence "binop_greaterOrEqual lit2 lit1 = (Some (LBool False))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval Ge lit2 lit1 = Some (LBool False)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval_val Ge (LitV lit2) (LitV lit1) = Some (BoolV False)" by simp 
+    thus ?thesis using neg_gt redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> False by (simp add: RedBinOp) 
+  qed
+next
+  case (neg_ge e1 e2)
+    from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Ge\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
+  show ?thesis
+  proof (cases boolean)
+    case True
+    from this assms neg_ge have 
+      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Ge\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by simp
+    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Ge\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by (metis not_true_equals_false)
+    
+    from this obtain v1 v2 where
+      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
+
+    from this eq_false have "binop_eval_val Ge v1 v2 = (Some (BoolV False))" by (metis RedBinOp_case expr_eval_determ(1))
+
+    from this obtain lit1 lit2 where
+      "v1 = (LitV lit1)" and 
+      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(32) binop_eval_val.simps(33) option.discI val.exhaust)
+
+    from this \<open>binop_eval_val Ge v1 v2 = (Some (BoolV False))\<close> have "binop_greaterOrEqual lit1 lit2 = Some (LBool False)" by simp 
+
+    from this obtain i1 i2 where
+      "lit1 = LInt i1" and
+      "lit2 = LInt i2" by (metis binop_greaterOrEqual.elims option.simps(3))
+
+    from this \<open>binop_greaterOrEqual lit1 lit2 = Some (LBool False)\<close> have "\<not>(i1 \<ge> i2)" by simp
+    hence "i2 > i1" by simp
+    hence "binop_greater lit2 lit1 = (Some (LBool True))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval Gt lit2 lit1 = Some (LBool True)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval_val Gt (LitV lit2) (LitV lit1) = Some (BoolV True)" by simp 
+    thus ?thesis using neg_ge redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> True by (simp add: RedBinOp) 
+  next
+    case False
+    from this assms neg_ge have 
+      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Ge\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by simp
+    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Ge\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by (metis not_false_equals_true)
+    
+    from this obtain v1 v2 where
+      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
+
+    from this eq_false have "binop_eval_val Ge v1 v2 = (Some (BoolV True))" by (metis RedBinOp_case expr_eval_determ(1))
+
+    from this obtain lit1 lit2 where
+      "v1 = (LitV lit1)" and 
+      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(32) binop_eval_val.simps(33) option.discI val.exhaust)
+
+    from this \<open>binop_eval_val Ge v1 v2 = (Some (BoolV True))\<close> have "binop_greaterOrEqual lit1 lit2 = Some (LBool True)" by simp 
+
+    from this obtain i1 i2 where
+      "lit1 = LInt i1" and
+      "lit2 = LInt i2" by (metis binop_greaterOrEqual.elims option.simps(3))
+
+    from this \<open>binop_greaterOrEqual lit1 lit2 = Some (LBool True)\<close> have "(i1 \<ge> i2)" by simp
+    hence "\<not>(i2 > i1)" by simp
+    hence "binop_greater lit2 lit1 = (Some (LBool False))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval Gt lit2 lit1 = Some (LBool False)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
+    hence "binop_eval_val Gt (LitV lit2) (LitV lit1) = Some (BoolV False)" by simp 
+    thus ?thesis using neg_ge redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> False by (simp add: RedBinOp) 
+  qed
+qed
 
 (* TODO: Can I avoid needing this? *)
 fun inv_into_assertion :: "expr \<Rightarrow> cmd" where
@@ -128,10 +466,16 @@ lemma valid_config_implies_satisfied_posts:
 
 text \<open>If an \<^term>\<open>ast_config\<close> (bigblock, cont, state) is an ending configuration, then any correspoding cfg block is locally correct.\<close>
 lemma end_static:
-  assumes "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock None [] None None, KStop, Normal ns1)\<rangle> \<longrightarrow> (step_bb, step_cont, step_state)"
-  shows "step_state \<noteq> Failure \<and> (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>0,\<Gamma>,[] \<turnstile> \<langle>any_block ,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')"
+  assumes "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock any [] None None, KStop, Normal ns1)\<rangle> \<longrightarrow> (step_bb, step_cont, step_state)"
+  shows "step_state \<noteq> Failure \<and> (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> A,M',\<Lambda>0,\<Gamma>,[] \<turnstile> \<langle>any_block ,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')"
+  using assms
+  by (cases) auto 
+
+lemma end_return:
+  assumes "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock any [] None (Some Return), KStop, Normal ns1)\<rangle> \<longrightarrow> (step_bb, step_cont, step_state)"
+  shows "step_state \<noteq> Failure \<and> (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> A,M',\<Lambda>0,\<Gamma>,[] \<turnstile> \<langle>[] ,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')"
   using assms
-  by (cases) auto
+  by (cases) (auto simp add: RedCmdListNil)
 
 text \<open>If an ast configuration is final, then any transition in the ast will stay in the same configuration.\<close>
 lemma final_is_static: 
@@ -200,9 +544,8 @@ text \<open>The following are simple helper lemmas used in the proofs that invol
 lemma smaller_helper: "k < j \<Longrightarrow> k < (Suc j)"
   by simp
 
-lemma less_trans_inv: "y < z \<Longrightarrow> x < y \<Longrightarrow> x < z"
-  using less_trans
-  sorry
+lemma less_trans_inv: "(y :: nat) < z \<Longrightarrow> x < y \<Longrightarrow> x < z"
+  using less_trans by simp
 
 lemma eq_to_succ: "x = y \<Longrightarrow> x < (Suc y)" by simp 
 
@@ -354,6 +697,22 @@ proof -
   qed
 qed
 
+lemma correctness_propagates_through_empty2:
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> (is_final_config (m, s) \<longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+      and "node_to_block G ! n0 = []"
+      and "List.member (out_edges G ! n0) n1"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> (is_final_config (m, s) \<Longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+proof -
+  fix m1 s1
+  have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk assms(3) red_cmd_list.simps)
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> (is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+  proof -
+    assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
+    thus "(is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+      using a1 assms by (metis RedNormalSucc converse_rtranclp_into_rtranclp)
+  qed
+qed
+
 subsection \<open>Pairs of helper lemma + global lemma for certain special cases.\<close>
 
 text \<open>The following are pairs of lemmas. Each pair consists of a helper lemma and a global block lemma. 
@@ -394,17 +753,17 @@ lemma ending_after_skipping_endblock:
   assumes "j = Suc j'" 
       and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
       and "bb = BigBlock None [] None None"
-      and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
-      and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+      and "\<And>m3 s3. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
+      and "\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
-      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False" 
+      and "(cont_guard = Some guard) \<Longrightarrow> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False)" 
       and "\<And> j''. 
-            j' = Suc j'' \<Longrightarrow>
+            j' = Suc j'' \<Longrightarrow>                           
             A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
-           (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           (\<And>m' s'. A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+           (\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
-           (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+           ((cont_guard = Some guard) \<Longrightarrow> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False)) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
 proof -
   from assms(2-3) have disj_a:
@@ -485,17 +844,17 @@ lemma ending_after_skipping_endblock2:
   assumes "j = Suc j'" 
       and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, KEndBlock (KSeq bigblock_next cont0), Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
       and "bb = BigBlock None [] None None"
-      and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
-      and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+      and "\<And>m3 s3. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
+      and "\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
-      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False" 
+      and "(cont_guard = Some guard) \<Longrightarrow> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False)"
       and "\<And> j''. 
             j' = Suc (Suc j'') \<Longrightarrow>
             A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
-           (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           (\<And>m' s'. A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+           (\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
-           (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+           ((cont_guard = Some guard) \<Longrightarrow> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False)) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
 proof -
   from assms(2-3) have disj_a:
@@ -561,14 +920,14 @@ qed
 lemma ending_after_unwrapping:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)" 
       and "bb = BigBlock name [] (Some (WhileWrapper loop)) None"
-      and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
-      and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+      and "\<And>m3 s3. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
+      and "\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
       and "\<And> j''. 
             j = Suc j'' \<Longrightarrow>
             A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
-           (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           (\<And>m' s'. A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+           (\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
            (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
@@ -682,10 +1041,10 @@ lemma ending_after_skipping_endblock_and_unwrapping:
                       Normal ns1'') -n\<longrightarrow>^j'
            (reached_bb, reached_cont, reached_state)"
       and "bb = BigBlock None [] None None"
-      and corr: "\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
-      and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+      and corr: "\<forall>m3 s3. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
+      and "\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
-      and guard_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1''\<rangle> \<Down> BoolV False" 
+      and guard_false: "(cont_guard = Some guard) \<Longrightarrow> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False)"
       and "node_to_block G ! n = [Assume c]" 
       and "(UnOp Not guard) \<sim> c"
       and "List.member (out_edges(G) ! n) n1"
@@ -696,8 +1055,8 @@ lemma ending_after_skipping_endblock_and_unwrapping:
           List.member (out_edges(G) ! n) n1 \<Longrightarrow>
           A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') -n\<longrightarrow>^j''' 
               (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-          (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
-          (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+          (\<And>m' s'. A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+          (\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow> 
           (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
@@ -748,12 +1107,12 @@ lemma block_local_rel_generic:
   and "guard = None"
   and "invs = []"
   and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
   and "bb = (BigBlock name cs1 any_str any_tr)"
   and "cs1 \<noteq> Nil"
   and "cs2 \<noteq> Nil"
   shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
   using assms
 proof (induction arbitrary: ns1)
   case (Rel_Main_test bb name cs1 any_str any_tr)
@@ -765,11 +1124,11 @@ proof (induction arbitrary: ns1)
     case (Cons a list)
     then have "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name (a#list) any_str any_tr), cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
       using Rel_Main_test by blast
-    then have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(a#list), Normal ns1\<rangle> [\<rightarrow>] reached_state" using Rel_Main_test(5) 
+    then have "A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(a#list), Normal ns1\<rangle> [\<rightarrow>] reached_state" using Rel_Main_test(5) 
     proof cases
-      case RedSimpleCmds thus ?thesis by (simp add: RedSimpleCmds)
+      case RedSimpleCmds thus ?thesis by blast
     qed
-    then have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs1, Normal ns1\<rangle> [\<rightarrow>] reached_state" using Cons by simp
+    then have "A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs1, Normal ns1\<rangle> [\<rightarrow>] reached_state" using Cons by simp
     
     then show ?thesis using Rel_Main_test by auto
   qed 
@@ -781,9 +1140,9 @@ lemma block_local_rel_loop_head:
   and "bb =  (BigBlock name [] (Some (ParsedWhile loop_guard invs (bb0#body_bbs))) any_tr)"
   and "assert_invs = map inv_into_assertion invs"
   and Red_bb: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
   shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
   using assms
 proof cases
   case Rel_Invs
@@ -818,21 +1177,21 @@ lemma generic_ending_block_global_rel:
   and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
   and "bb = (BigBlock name cs1 None any_tr)"
   and "((any_tr = None)) \<or> (any_tr = (Some Return))"
-  and "cont0 = KStop"
+  and ending: "any_tr = None \<Longrightarrow> cont0 = KStop"
   and node_to_block_assm: "node_to_block(G) ! n = related_block"
   and block_id:
       "(related_block = cs2) \<or> 
        (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
        (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
   and "out_edges G ! n = []"
-  and cfg_reaches_not_failure: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
+  and cfg_reaches_not_failure: "\<And> m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
                                       is_final_config (m',s') \<Longrightarrow> (\<forall> ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) post_invs)"
   and local_rel: "\<And> step_bb step_cont step_state. 
                     red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, KStop, (Normal ns1)) (step_bb, step_cont, step_state) \<Longrightarrow> 
-                    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>
+                    (\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>
                     step_state \<noteq> Failure  \<and>
-                    (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+                    (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
 shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs reached_bb reached_cont reached_state)"
   using assms
 proof (cases cs2)
@@ -842,14 +1201,14 @@ proof (cases cs2)
     proof (cases any_tr)
       case None thus ?thesis
       proof -
-        have "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" 
+        have "(red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" 
           using block_id \<open>out_edges G ! n = []\<close> Nil node_to_block_assm
           by (metis RedCmdListNil RedNormalReturn push_through_assumption0 push_through_assumption1 r_into_rtranclp)
         hence "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" using cfg_satisfies_posts 
           using is_final_config.simps(2) by blast
         thus ?thesis 
           by (metis Ast.valid_configuration_def None \<open>cs1 = []\<close> assms(3) final_is_static_propagate 
-                    get_state.simps is_final.simps(1) j_step_ast_trace relpowp_imp_rtranclp state.inject state.simps(3) \<open>cont0 = KStop\<close>)
+                    get_state.simps is_final.simps(1) j_step_ast_trace relpowp_imp_rtranclp state.inject state.simps(3) ending[OF \<open>any_tr = None\<close>])
       qed
     next
       case (Some a)
@@ -869,24 +1228,31 @@ proof (cases cs2)
             rest0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
             by (metis prod_cases3 relpowp_Suc_D2) 
           from cfg_reaches_not_failure have 
-            cfg_local: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+            cfg_local: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
             using assms(5) dag_verifies_propagate_2 by blast
 
-          from cfg_local step0 have 
+          from step0 Return assms(3) Some Nil syn_rel have
+            inter_state_resolution: "inter_state = Normal ns1"
+          proof cases
+            case RedReturn thus ?thesis by (simp add: RedReturn)
+          qed (auto simp add: \<open>cs1 = []\<close>)
+            
+
+          from this cfg_local step0 have 
             "inter_state \<noteq> Failure  \<and>
-            (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-            using assms by blast
+            (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+            using assms by (metis RedReturn \<open>cs1 = []\<close>)
 
           from step0 have inter_conc: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KStop, Normal ns1)" 
             using \<open>cs1 = []\<close> Return Some
             by (cases) auto
 
-          hence "(red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))"
+          hence "(red_cfg A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))"
             by (simp add: RedNormalReturn 
-                          \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block G ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+                          \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block G ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
                           assms(8))
 
-          hence "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" by simp
+          hence "(red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" by simp
           hence "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" 
             using cfg_satisfies_posts is_final_config.simps(2) by blast
           then have "is_final (inter_bb, inter_cont, inter_state)"
@@ -937,24 +1303,26 @@ next
     proof (cases any_tr)
       case None
       from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, cont0, inter_state)"
-      by (cases) (auto simp add: RedSimpleCmds \<open>cont0 = KStop\<close>)
+      by (cases) (auto simp add: RedSimpleCmds ending)
  
-      have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+      have Red_impl: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
         using assms(5) cfg_reaches_not_failure dag_verifies_propagate_2 by blast
+
+      have "cont0 = KStop" using None by (simp add: ending)
   
-      from step have local_corr:
+      from step \<open>cont0 = KStop\<close> have local_corr:
             "inter_state \<noteq> Failure  \<and>
-            (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+            (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
         using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms by (cases) blast+
 
-      hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
+      hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
         by (simp add: RedCmdListNil RedNormalReturn assms(7-8) local.Cons)
 
-      hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
+      hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
       hence posts_sat: "\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1') post_invs" 
         using cfg_satisfies_posts is_final_config.simps(2) by blast
 
-      have "is_final (inter_bb, inter_cont, inter_state)" using concrete_inter \<open>cont0 = KStop\<close> by simp 
+      have "is_final (inter_bb, inter_cont, inter_state)" using concrete_inter ending \<open>cont0 = KStop\<close> by simp 
 
       hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs inter_bb inter_cont inter_state)" 
         unfolding valid_configuration_def
@@ -974,23 +1342,24 @@ next
           case RedSimpleCmds thus ?thesis using Return Some by blast
         qed (auto simp add: \<open>cs1 \<noteq> []\<close>)
 
-        have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-          using dag_verifies_propagate_2  assms(5) cfg_reaches_not_failure by blast 
+        have Red_impl: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+          using dag_verifies_propagate_2  assms(5) cfg_reaches_not_failure by blast
 
         from step have local_corr:
               "inter_state \<noteq> Failure  \<and>
-              (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-          using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms by (cases) blast+
+              (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+          using Red_impl block_local_rel_generic local.Cons assms
+          by (metis (no_types, lifting) \<open>cs1 \<noteq> []\<close> list.distinct(1) push_through_assumption0 push_through_assumption1)
   
-        hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
+        hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
           by (simp add: RedCmdListNil RedNormalReturn assms(7-8) local.Cons)
   
-        hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
+        hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
         hence posts_sat: "\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1') post_invs" 
           using cfg_satisfies_posts is_final_config.simps(2) by blast
     
-        from step have "inter_state \<noteq> Failure" using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms
-        by (cases) blast+
+        from step have "inter_state \<noteq> Failure" using Red_impl block_local_rel_generic local.Cons assms
+        by (metis (no_types, lifting) \<open>cs1 \<noteq> []\<close> list.distinct(1) push_through_assumption0 push_through_assumption1)
   
         then show ?thesis
         proof (cases inter_state)
@@ -1034,23 +1403,24 @@ lemma block_global_rel_while_successor:
   and syn_rel: "ast_cfg_rel None [] bb cmds"
   and "bb = (BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None)"
   and "cmds \<noteq> []"
+  and "node_to_block(G) ! n = related_block"
   and block_id:
-      "(node_to_block(G) ! n = cmds) \<or> 
-       (node_to_block(G) ! n = c#cmds) \<and> c = Assume entry_guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> entry_guard ns1 (BoolV True)) \<or> 
-       (node_to_block(G) ! n = c#cmds) \<and> c = Assume not_guard \<and> (UnOp Not entry_guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> entry_guard ns1 (BoolV False))"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
+      "(related_block = cmds) \<or> 
+       (related_block = c#cmds) \<and> c = Assume entry_guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> entry_guard ns1 (BoolV True)) \<or> 
+       (related_block = c#cmds) \<and> c = Assume not_guard \<and> (UnOp Not entry_guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> entry_guard ns1 (BoolV False))"
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
                                       is_final_config (m',s') \<Longrightarrow> (\<forall> ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and block_local_rel:
     "\<And> reached_bb_inter reached_cont_inter reached_state_inter. 
     (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block G ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+    (\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block G ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and global_rel_succ:
         "\<And> ns2 k.
          k < j \<Longrightarrow>
-         (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, Normal ns2) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
-         (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns2) -n\<rightarrow>* (m', s')) \<longrightarrow>
+         (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, Normal ns2) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+         (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns2) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                              is_final_config (m', s') \<longrightarrow> 
                                                              (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) \<Longrightarrow>
          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] (Some (ParsedWhile guard invs (body_bb0#body_bbs))) None), KEndBlock cont1, Normal ns2) -n\<longrightarrow>^k 
@@ -1074,14 +1444,14 @@ next
   proof cases
     case RedSimpleCmds thus ?thesis by blast
   qed (auto simp add: \<open>cmds \<noteq> []\<close>)
-  have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block G ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" using dag_verifies_propagate_2 cfg_is_correct assms(5) 
+  have Red_impl: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block G ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" using dag_verifies_propagate_2 cfg_is_correct assms(5) 
     by blast
-  have local_conclusion: "inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+  have local_conclusion: "inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
     using Red_impl first_step assms(3-4) block_local_rel_generic syn_rel block_local_rel by blast
   show ?thesis 
   proof (cases inter_state)
     case (Normal x1)
-    hence "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] inter_state)" using local_conclusion by blast
+    hence "(A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] inter_state)" using local_conclusion by blast
     then show ?thesis
     proof (cases j')
       case 0
@@ -1091,11 +1461,11 @@ next
       case 2: (Suc j'')
 
       hence Red_cfg_conc: 
-        "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))" 
-        using dag_verifies_propagate Normal \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n),Normal ns1\<rangle> [\<rightarrow>] inter_state\<close> assms(5) cfg_is_correct by blast
+        "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))" 
+        using dag_verifies_propagate Normal \<open>A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n),Normal ns1\<rangle> [\<rightarrow>] inter_state\<close> assms(5) cfg_is_correct by blast
 
       hence Red_cfg_sat_conc: 
-        "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+        "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                              is_final_config (m', s') \<longrightarrow> 
                                                              (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))" 
         by (metis (no_types, lifting) Normal RedNormalSucc cfg_satisfies_posts converse_rtranclp_into_rtranclp local_conclusion)
@@ -1112,7 +1482,7 @@ next
       qed auto 
 
       have "j'' < j" by (simp add: "2" \<open>j = Suc j'\<close>)
-      then show ?thesis using a3 rest_2 Normal Red_cfg_conc assms(9) cfg_satisfies_posts Red_cfg_sat_conc by blast
+      then show ?thesis using a3 rest_2 Normal Red_cfg_conc assms(9) cfg_satisfies_posts Red_cfg_sat_conc global_rel_succ by fastforce
     qed
   next
     case Failure
@@ -1129,22 +1499,22 @@ text \<open>Global lemma for a big block that's the head of a loop.
 lemma block_global_rel_loop_head:
   assumes block_rel: "ast_cfg_rel None assertions bb assertions"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
                                         is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and "bb = (BigBlock name [] any_str any_tr)"
   and bb_successor_while: "any_str = Some (ParsedWhile cont_guard invs (bb0#body_bbs))"
   and block_local_rel:
     "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+    (\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and "node_to_block(G) ! n = assertions"
   and "cont0 = KEndBlock cont1"
   and succ_correct: 
    "\<And> ns1'' loop_guard j'. 
     j = Suc j' \<Longrightarrow>
-    (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
-    (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
+    (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
+    (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
     ((cont_guard = Some loop_guard) \<and> 
@@ -1184,13 +1554,13 @@ proof -
             using bb_successor_while None by blast
   
           from first_step
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
             by (metis Pair_inject assms(5) assms(8) block_local_rel cfg_correct concrete_inter1 dag_verifies_propagate dag_verifies_propagate_2)
 
           from first_step
           have succ_cfg_satisfies_post: 
               "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
-                                                        (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                        (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
             using cfg_satisfies_post 
@@ -1202,13 +1572,13 @@ proof -
           hence concrete_inter2: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), cont0, (Normal ns1))" by simp
   
           from first_step
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
             by (metis assms(5) assms(8) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
 
           from first_step
           have succ_cfg_satisfies_post: 
               "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
-                                                        (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                        (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
             using cfg_satisfies_post 
@@ -1232,13 +1602,13 @@ proof -
               using bb_successor_while Some by blast
   
             from first_step
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               by (metis Pair_inject assms(5) assms(8) block_local_rel cfg_correct concrete_inter3 dag_verifies_propagate dag_verifies_propagate_2)
 
             from first_step
             have succ_cfg_satisfies_post: 
                 "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
-                                                          (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                          (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                           is_final_config (m', s') \<longrightarrow> 
                                                           (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
               using cfg_satisfies_post 
@@ -1260,13 +1630,13 @@ proof -
             hence concrete_inter4: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), cont0, (Normal ns1))" by simp
 
           from first_step
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
             by (metis assms(5) assms(8) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
 
           from first_step
           have succ_cfg_satisfies_post: 
               "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
-                                                        (\<forall>m' s'. (((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s'))) \<longrightarrow>
+                                                        (\<forall>m' s'. (((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s'))) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
             using cfg_satisfies_post 
@@ -1298,31 +1668,31 @@ lemma block_global_rel_if_successor:
       "(related_block = cs2) \<or> 
        (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
        (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
                                         is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and bb_successor_if: "any_str = Some (ParsedIf cont_guard (then0#then_bbs) (else0#else_bbs))"
   and block_local_rel:
         "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> 
+        (\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> 
         cs1 \<noteq> [] \<Longrightarrow> cs2 \<noteq> [] \<Longrightarrow>  
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and succ_correct: 
        "\<And> ns1'' block_guard k.
          k < j \<Longrightarrow> 
-        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
-        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
+        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
+        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                             is_final_config (m', s') \<longrightarrow> 
                                                             (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
-        ((cont_guard = Some block_guard) \<and> 
+        ( (cont_guard = Some block_guard) \<and> 
           (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV True)) \<and> 
-          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or> 
-        ((cont_guard = Some block_guard) \<and> 
-          (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV False)) \<and> 
-          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or>
+          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) ) \<or> 
+        ( (cont_guard = Some block_guard) \<and> 
+          (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV False)) \<and>
+          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) ) \<or>
         ( (cont_guard = None) \<and> 
           ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or>
-          (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state))) ) \<Longrightarrow>  
+           (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) ) ) \<Longrightarrow>  
         (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
   using assms cases
@@ -1349,12 +1719,12 @@ proof cases
         by (metis ast_trace get_state.cases relpowp_Suc_E2)
   
       from cfg_correct Cons block_id
-      have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+      have local_rel_corr: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
         using dag_verifies_propagate_2 
         by (metis push_through_assumption0 push_through_assumption1 \<open>node_to_block(G) ! n = related_block\<close>)
   
       from local_rel_corr first_step Cons
-      have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
+      have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
         using block_local_rel local.Rel_Main_test assms(3) 
         by (metis \<open>cs1 \<noteq> []\<close> assume_ml bigblock.inject block_id state.simps(7) \<open>node_to_block(G) ! n = related_block\<close>)
   
@@ -1386,14 +1756,14 @@ proof cases
             proof cases
               case RedParsedIfTrue
               hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
-  
+
               from first_step 
-              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               proof cases
-                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
+                case RedSimpleCmds show ?thesis using 2 RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
               qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
 
-              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct local.Cons
@@ -1403,16 +1773,16 @@ proof cases
               
               thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct succ_cfg_sat by blast
             next
-              case RedParsedIfFalse
+              case (RedParsedIfFalse)
               hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
   
               from first_step 
-              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               proof cases
-                case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
+                case RedSimpleCmds show ?thesis using 2 RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
               qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
 
-              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct local.Cons
@@ -1434,12 +1804,12 @@ proof cases
               qed (auto simp add: guard_not_false bb_successor_if 2 Some)
   
               from first_step 
-              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               proof cases
                 case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
               qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
 
-              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct local.Cons
@@ -1453,18 +1823,18 @@ proof cases
               thus ?thesis 
               proof cases
                 assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False))"
-                from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)" 
+                from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)"
                 proof cases
                   case RedParsedIfFalse thus ?thesis using guard_false bb_successor_if by (simp add: RedParsedIfFalse)
                 qed (auto simp add: guard_not_true bb_successor_if 2 Some)
   
                 from first_step 
-                have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+                have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
                 proof cases
-                  case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
+                  case RedSimpleCmds show ?thesis using 2 RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
                 qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
 
-                have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                           is_final_config (m', s') \<longrightarrow> 
                                                           (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                   using cfg_satisfies_post cfg_correct local.Cons
@@ -1489,7 +1859,7 @@ proof cases
       next
         case Failure
         then show ?thesis
-          using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n),Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+          using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n),Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
           by linarith
       next
         case Magic
@@ -1524,30 +1894,30 @@ next
           proof cases
             case RedParsedIfTrue
             hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
-  
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
               by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                       is_final_config (m', s') \<longrightarrow> 
                                                       (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
-              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
-              by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1 \<open>node_to_block(G) ! n = related_block\<close>)
+              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil RedCmdListNil RedNormalSucc \<open>node_to_block(G) ! n = related_block\<close>
+              by (smt (verit, best)  block_id converse_rtranclp_into_rtranclp push_through_assumption1 )
   
             have "j' < j" using 1 using Suc_lessD by blast
             
             thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct succ_cfg_sat by blast
           next
-            case RedParsedIfFalse
-            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
-  
+            case (RedParsedIfFalse)
+            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, Normal ns1)" using None bb_successor_if 1 by auto
+
             from snd_step 
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
               by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                       is_final_config (m', s') \<longrightarrow> 
                                                       (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
               using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
@@ -1569,11 +1939,11 @@ next
             qed (auto simp add: guard_not_false bb_successor_if Some)
   
             from snd_step 
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
               by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                       is_final_config (m', s') \<longrightarrow> 
                                                       (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
               using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
@@ -1587,17 +1957,17 @@ next
             thus ?thesis 
             proof cases
               assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))"
-              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, Normal ns1)" 
+              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, Normal ns1)"
               proof cases
                 case RedParsedIfFalse thus ?thesis using guard_false bb_successor_if by (simp add: RedParsedIfFalse)
               qed (auto simp add: guard_not_true bb_successor_if Some)
   
               from snd_step 
-              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
                 using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
                 by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2) 
 
-              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
@@ -1634,20 +2004,20 @@ lemma block_global_rel_generic:
       "(related_block = cs2) \<or> 
        (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
        (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
                                         is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)"
   and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
   and block_local_rel: 
         "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+        (\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
         cs1 \<noteq> [] \<Longrightarrow> cs2 \<noteq> [] \<Longrightarrow>
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and succ_correct: 
        "\<And>  ns1'' k.
         k < j \<Longrightarrow> 
-        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
-       (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
+        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+       (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                             is_final_config (m', s') \<longrightarrow> 
                                                             (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)))) \<Longrightarrow>
         A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
@@ -1677,7 +2047,7 @@ proof cases
         by (metis ast_trace get_state.cases relpowp_Suc_D2)
   
       from cfg_correct Cons block_id node_to_block_assm
-      have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+      have local_rel_corr: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
         apply (simp)
         apply (rule disjE)
           apply simp
@@ -1692,7 +2062,7 @@ proof cases
         done
   
       from local_rel_corr first_step 
-      have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
+      have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
         using block_local_rel assms(3) \<open>cs1 \<noteq> []\<close> Cons 
         by (metis bigblock.inject cfg_correct dag_verifies_propagate_2 local.Rel_Main_test(1))
   
@@ -1723,14 +2093,14 @@ proof cases
           qed (auto simp add: trivial_bb_successor "1")
   
           from first_step 
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
           proof cases
             case RedSimpleCmds show ?thesis 
               using 1 snd_step_equiv  RedSimpleCmds(3) dag_verifies_propagate Rel_Main_test(1) cfg_correct assms(3-5) 
               by (metis bigblock.inject push_through_assumption0 push_through_assumption1)
           qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
 
-          have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+          have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                     is_final_config (m', s') \<longrightarrow> 
                                                     (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts))))"
             using cfg_satisfies_post cfg_correct local.Cons
@@ -1743,7 +2113,7 @@ proof cases
       next
         case Failure
         then show ?thesis
-          using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+          using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
           by linarith
       next
         case Magic
@@ -1772,11 +2142,11 @@ next
         hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1,  cont1, (Normal ns1))" using trivial_bb_successor 1 
           by (cases) auto 
 
-        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
           using assms(4-5) cfg_correct correctness_propagates_through_empty local.Nil
           by (metis (no_types, lifting) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-        have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+        have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                   is_final_config (m', s') \<longrightarrow> 
                                                   (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts))))"
           using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
@@ -1821,7 +2191,6 @@ lemma end_to_end_util2:
           "proc_ty_args proc_ast = 0" 
           (*"const_decls = prog_consts prog"*)
         shows "proc_is_correct B fun_decls constants global_vars axioms proc_ast Ast.proc_body_satisfies_spec"
-  sorry
 proof -
   show "proc_is_correct B fun_decls constants global_vars axioms proc_ast Ast.proc_body_satisfies_spec"
   proof( (simp only: proc_is_correct.simps), subst ABody, simp split: option.split, (rule allI | rule impI)+,
@@ -1876,32 +2245,32 @@ proof -
 qed
 
 definition loop_IH 
-  where "loop_IH j A M \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state \<equiv> 
+  where "loop_IH j A M M' \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state \<equiv> 
           (\<forall>k ns1. k < j \<longrightarrow>
                     (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<longrightarrow>
-                    (\<forall>m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure)) \<longrightarrow>
-                    (\<forall>m' s'.  (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                    (\<forall>m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure)) \<longrightarrow>
+                    (\<forall>m' s'.  (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)) \<longrightarrow>
                     (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
 
 lemma loop_IH_prove:
   assumes "\<And> k ns1. k < j \<Longrightarrow>
                     (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-                    (\<forall>m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-                    (\<forall>m' s'.  (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                    (\<forall>m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+                    (\<forall>m' s'.  (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)) \<Longrightarrow>
                     (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  shows "loop_IH j A M \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state"
+  shows "loop_IH j A M M' \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state"
   using assms
   unfolding loop_IH_def
   by blast
 
 lemma loop_IH_apply:
-  assumes "loop_IH j A M \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state" and
+  assumes "loop_IH j A M M' \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state" and
           "k < j" and
           "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state))" and
-          "(\<forall>m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure))" and
-          "(\<forall>m' s'.  (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+          "(\<forall>m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure))" and
+          "(\<forall>m' s'.  (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)))"
         shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   using assms
diff --git a/BoogieLang/BackedgeElim.thy b/BoogieLang/BackedgeElim.thy
index d89d8f8..f3a471d 100644
--- a/BoogieLang/BackedgeElim.thy
+++ b/BoogieLang/BackedgeElim.thy
@@ -725,7 +725,7 @@ lemma dag_lemma_assms_subset:
   using nstate_same_on_subset
   by blast
 
-definition dag_lemma_conclusion :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 
+definition dag_lemma_conclusion :: "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 
                    'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow>
                     cmd list \<Rightarrow> 'a nstate \<Rightarrow> 'a state \<Rightarrow> bool \<Rightarrow> bool"
   where "dag_lemma_conclusion A M \<Lambda> \<Gamma> \<Omega> post_invs cs2 ns2 s' c \<equiv>
@@ -1303,7 +1303,7 @@ lemma cfg_dag_empty_propagate_helper:
 lemma strictly_smaller_helper: "j'' \<le> j' \<Longrightarrow> j = Suc j' \<Longrightarrow> j'' < j"
   by simp
 
-definition loop_ih :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 
+definition loop_ih :: "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 
                    'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> vname list \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow>
                     'a nstate \<Rightarrow> 'a state \<Rightarrow> nat \<Rightarrow> nat + unit \<Rightarrow> nat \<Rightarrow> bool"
   where "loop_ih A M \<Lambda> \<Gamma> \<Omega> G H invs posts ns1 s' node_id  m' j\<equiv> 
@@ -1419,6 +1419,7 @@ lemma backedge_loop_head_helper:
 
 subsection \<open>Helper lemma for final end-to-end theorem\<close>
 
+
 lemma end_to_end_util:
   assumes AExpanded:"\<And> \<Gamma> m' s' ns M.
            A,M,\<Lambda>,\<Gamma>,[],cfg_body  \<turnstile> (Inl n, Normal ns) -n\<rightarrow>* (m', s') \<Longrightarrow>
diff --git a/BoogieLang/Passification.thy b/BoogieLang/Passification.thy
index 7343cd7..6c51615 100644
--- a/BoogieLang/Passification.thy
+++ b/BoogieLang/Passification.thy
@@ -27,7 +27,7 @@ lemma dependent_ext:
   unfolding dependent_def
   by blast
 
-definition set_red_cmd :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd \<Rightarrow> 'a nstate set \<Rightarrow> 'a state set"
+definition set_red_cmd :: "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd \<Rightarrow> 'a nstate set \<Rightarrow> 'a state set"
   where "set_red_cmd A M \<Lambda> \<Gamma> \<Omega> c N = {s. \<exists>n_s. n_s \<in> N \<and> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, Normal n_s\<rangle> \<rightarrow> s}"
 
 text \<open>\<^term>\<open>set_red_cmd\<close> lifts the command reduction to the reduction of a a set of input states \<close>
diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index 3d64955..e2a64fa 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -473,9 +473,9 @@ definition where_clauses_all_sat_context :: "'a absval_ty_fun \<Rightarrow> var_
 
 text \<open>Command reduction (big-step semantics)\<close>
 
-inductive red_cmd :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
+inductive red_cmd :: "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
   ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<rightarrow>/ _)" [51,51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: "'struct_ty proc_context" and \<Lambda> :: var_context and  \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
+  for A :: "'a absval_ty_fun" and M :: "mbodyCFG proc_context" and \<Lambda> :: var_context and  \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where
     RedAssertOk: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<rangle> \<Down> LitV (LBool True) \<rbrakk> \<Longrightarrow> 
                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Assert e, Normal n_s\<rangle> \<rightarrow> Normal n_s"
@@ -527,9 +527,9 @@ inductive_cases RedHavoc_case: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<l
 
 text \<open>Command list reduction (big-step semantics)\<close>
 
-inductive red_cmd_list :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd list \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
+inductive red_cmd_list :: "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd list \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
   ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) [\<rightarrow>]/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: "'struct_ty proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
+  for A :: "'a absval_ty_fun" and M :: "mbodyCFG proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where
     RedCmdListNil: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[],s\<rangle> [\<rightarrow>] s"
   | RedCmdListCons: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s''; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s''\<rangle> [\<rightarrow>] s' \<rbrakk> \<Longrightarrow> 
@@ -542,9 +542,9 @@ text \<open>CFG reduction (small-step semantics)\<close>
 
 type_synonym 'a cfg_config = "(node+unit) \<times> 'a state"
 
-inductive red_cfg :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> 'a cfg_config \<Rightarrow> 'a cfg_config \<Rightarrow> bool"
+inductive red_cfg :: "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> 'a cfg_config \<Rightarrow> 'a cfg_config \<Rightarrow> bool"
   ("_,_,_,_,_,_ \<turnstile> (_ -n\<rightarrow>/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: "'struct_ty proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and G :: mbodyCFG
+  for A :: "'a absval_ty_fun" and M :: "mbodyCFG proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and G :: mbodyCFG
   where
     RedNormalSucc: "\<lbrakk>node_to_block(G) ! n = cs; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns'; List.member (out_edges(G) ! n) n'  \<rbrakk> \<Longrightarrow> 
               A,M,\<Lambda>,\<Gamma>,\<Omega>,G  \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (Inl n', Normal ns')"
@@ -564,13 +564,13 @@ inductive_cases RedNormalSucc_case: "A,M,\<Lambda>,\<Gamma>,G,\<Omega>  \<turnst
 
 text \<open>Reflexive and transitive closure of CFG reduction\<close>
 
-abbreviation red_cfg_multi :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> 'a cfg_config \<Rightarrow> 'a cfg_config \<Rightarrow> bool"
+abbreviation red_cfg_multi :: "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> 'a cfg_config \<Rightarrow> 'a cfg_config \<Rightarrow> bool"
   ("_,_,_,_,_,_ \<turnstile>_ -n\<rightarrow>*/ _" [51,0,0,0] 81)
   where "red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G \<equiv> rtranclp (red_cfg A M \<Lambda> \<Gamma> \<Omega> G)"
 
 text \<open>N-step CFG reduction\<close>
 
-abbreviation red_cfg_k_step :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> 'a cfg_config \<Rightarrow> nat \<Rightarrow> 'a cfg_config \<Rightarrow> bool"
+abbreviation red_cfg_k_step :: "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> mbodyCFG \<Rightarrow> 'a cfg_config \<Rightarrow> nat \<Rightarrow> 'a cfg_config \<Rightarrow> bool"
   ("_,_,_,_,_,_ \<turnstile>_ -n\<rightarrow>^_/ _" [51,0,0,0,0] 81)
 where "red_cfg_k_step A M \<Lambda> \<Gamma> \<Omega> G c1 n c2 \<equiv> ((red_cfg A M \<Lambda> \<Gamma> \<Omega> G)^^n) c1 c2"
 
@@ -635,7 +635,7 @@ definition valid_configuration
          s' \<noteq> Failure \<and> 
          (is_final_config (m',s') \<longrightarrow> (\<forall>ns'. s' = Normal ns' \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns' posts))"
 
-definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> mbodyCFG \<Rightarrow> 'a nstate \<Rightarrow> bool"
+definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> mbodyCFG \<Rightarrow> 'a nstate \<Rightarrow> bool"
   where "proc_body_satisfies_spec A M \<Lambda> \<Gamma> \<Omega> pres posts mbody ns \<equiv>
          expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns pres \<longrightarrow> 
           (\<forall> m' s'. (A, M, \<Lambda>, \<Gamma>, \<Omega>, mbody \<turnstile> (Inl (entry(mbody)), Normal ns) -n\<rightarrow>* (m',s')) \<longrightarrow> 
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy
deleted file mode 100644
index 98adb03..0000000
--- a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_ast_cfg_proof.thy
+++ /dev/null
@@ -1,345 +0,0 @@
-theory consecutive_ifs_ast_cfg_proof
-  imports Main
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          consecutive_ifs_before_cfg_to_dag_prog 
-          consecutive_ifs_before_ast_cfg
-          consecutive_ifs_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-
-begin
-declare Nat.One_nat_def[simp del]
-
-definition bigblock_then0 
-  where "bigblock_then0 \<equiv> BigBlock None [(Assign 0 (Lit (LInt 5)))] None None"
-
-definition bigblock_else0
-  where "bigblock_else0 \<equiv> BigBlock None [] None None"
-
-definition bigblock_then1 
-  where "bigblock_then1 \<equiv> BigBlock None [(Assign 0 (Lit (LInt 1)))] None None"
-
-definition bigblock_else1
-  where "bigblock_else1 \<equiv> BigBlock None [(Assign 0 (UnOp UMinus (Lit (LInt 1))))] None None"
-
-lemma bigblock0_local_rel:
-  assumes Red_bb0_to: 
-      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>consecutive_ifs_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic) 
-           apply (rule Rel_Main_test[of bigblock0])
-            apply (simp add: bigblock0_def consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: bigblock0_def consecutive_ifs_before_cfg_to_dag_prog.block_0_def)+
-    done
-qed
-
-
-lemma bigblock_then0_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>consecutive_ifs_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis
-    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_5_def)
-    apply (rule guard_holds_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of bigblock_then0])
-             apply (simp add: bigblock_then0_def)
-            apply simp
-           apply simp+
-          apply (rule Red_bb0_to)
-         apply (rule push_through_assumption_test1, rule Red0_impl)
-         apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_5_def)
-           apply (simp add: trace_is_possible bigblock_then0_def)+
-    done
-qed                                                                                 
-
-lemma bigblock_then1_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then1, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>consecutive_ifs_before_cfg_to_dag_prog.block_4, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of bigblock_then1])
-            apply (simp add: bigblock_then1_def consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
-           apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def bigblock_then1_def)+
-    done
-qed 
-
-lemma bigblock_else1_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else1, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>consecutive_ifs_before_cfg_to_dag_prog.block_3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of bigblock_else1])
-            apply (simp add: bigblock_else1_def consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
-           apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def bigblock_else1_def)+
-    done
-qed 
-
-
-lemma block_then1_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                             (A,M,\<Lambda>,\<Gamma>,\<Omega>,consecutive_ifs_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) consecutive_ifs_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-         apply (rule Rel_Main_test[of bigblock_then1 _ consecutive_ifs_before_cfg_to_dag_prog.block_4])
-             apply (simp add: bigblock_then1_def consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
-            apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
-           apply (rule assms(1))
-          apply (simp add: bigblock_then1_def)
-         apply simp
-        apply (rule disjI1)
-        apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_4)
-       apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_4)
-      apply (rule assms(2))
-      apply simp+
-     apply (rule cfg_satisfies_post, blast)
-     apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_4)+
-    apply (rule bigblock_then1_local_rel)
-     apply assumption+
-    done
-qed
-
-lemma block_else1_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                             (A,M,\<Lambda>,\<Gamma>,\<Omega>,consecutive_ifs_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) consecutive_ifs_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-         apply (rule Rel_Main_test[of bigblock_else1 _ consecutive_ifs_before_cfg_to_dag_prog.block_3])
-             apply (simp add: bigblock_else1_def consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
-            apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
-        apply (rule assms(1))
-          apply (simp add: bigblock_else1_def)
-         apply simp
-        apply (rule disjI1)
-        apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_3)
-       apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_3)
-      apply (rule assms(2))
-      apply simp+
-    apply (rule cfg_satisfies_post, blast)
-    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_3)+
-    apply (rule bigblock_else1_local_rel)
-     apply assumption+
-    done
-qed
-
-
-lemma block1_global_rel:
-  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,consecutive_ifs_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) consecutive_ifs_before_ast_cfg.post)"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node2_loc: "node_to_block consecutive_ifs_before_cfg_to_dag_prog.proc_body ! 2 = []" 
-    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_2_def consecutive_ifs_before_cfg_to_dag_prog.node_2)
-  show ?thesis 
-    apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Invs[of bigblock1])
-           apply (simp add: bigblock1_def) 
-          apply (rule ast_trace)
-          apply (simp add: bigblock1_def)
-         apply (rule disjI1)
-          apply (rule node2_loc)
-        apply (rule assms(1))
-        apply simp
-       apply (rule cfg_satisfies_post,blast)
-       apply simp
-       apply simp
-      apply simp
-    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_2)
-    apply (rule disjE)
-      apply assumption
-
-     apply (erule allE[where x=4])+
-     apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2)+
-     apply (simp add:member_rec(1))
-     apply (rule block_then1_global_rel)
-       apply (simp add: bigblock_then1_def)
-      apply simp
-    apply (blast)
-   
-    apply (erule allE[where x=3])+
-    apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2)+
-    apply (simp add:member_rec(1))
-    apply (rule block_else1_global_rel)
-      apply (simp add: bigblock_else1_def)
-     apply simp+
-    apply blast
-    done
-qed
-
-lemma block_then0_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,consecutive_ifs_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) consecutive_ifs_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node5_loc: "node_to_block consecutive_ifs_before_cfg_to_dag_prog.proc_body ! 5 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (Lit (LInt 5)))]" 
-    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_5_def consecutive_ifs_before_cfg_to_dag_prog.node_5)
-  show ?thesis 
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of bigblock_then0])
-             apply (simp add: bigblock_then0_def)
-            apply simp
-          apply (rule assms(1))
-         apply (simp add: bigblock_then0_def)
-        apply (rule disjI2)
-        apply (rule disjI1)
-        apply (rule conjI)
-         apply (rule node5_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-        apply simp+
-       apply (rule cfg_satisfies_post, blast)
-       apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_5)+
-     apply (rule bigblock_then0_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    apply (erule allE[where x=2])+
-    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_5)+
-     apply (simp add: member_rec(1))
-    apply (rule block1_global_rel)
-      apply auto[1]
-     apply blast
-    apply simp
-    done
-qed
-
-lemma block_else0_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,consecutive_ifs_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) consecutive_ifs_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool False)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node1_loc: "node_to_block consecutive_ifs_before_cfg_to_dag_prog.proc_body ! 1 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
-    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_1_def consecutive_ifs_before_cfg_to_dag_prog.node_1)
-  show ?thesis
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Invs[of bigblock_else0])
-           apply (simp add: bigblock_else0_def)
-          apply (rule assms(1))
-         apply (simp add: bigblock_else0_def)
-        apply (rule disjI2)
-        apply (rule disjI2)
-        apply (rule conjI)
-         apply (rule node1_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule conjI)
-         apply (rule neg_gt2)
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-        apply simp+
-       apply (rule cfg_satisfies_post, blast)
-    apply simp+
-    apply (erule allE[where x=2])+
-    apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_1)+
-     apply (simp add: member_rec(1))
-    apply (rule block1_global_rel)
-      apply auto[1]
-     apply blast
-    apply simp
-    done
-qed
-
-lemma block0_global_rel:
-  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,consecutive_ifs_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) consecutive_ifs_before_ast_cfg.post)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> consecutive_ifs_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node0_loc: "node_to_block consecutive_ifs_before_cfg_to_dag_prog.proc_body ! 0 = [(Havoc 0)]" 
-    by (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def consecutive_ifs_before_cfg_to_dag_prog.node_0)
-  show ?thesis 
-    apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Main_test[of bigblock0])
-             apply (simp add: bigblock0_def)
-            apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
-          apply (rule ast_trace)
-          apply (simp add: bigblock0_def)
-         apply (rule disjI1)
-          apply (rule node0_loc)
-        apply (rule assms(1))
-        apply simp
-       apply (rule cfg_satisfies_post, blast)
-       apply simp
-       apply simp
-     apply simp
-     apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_0)
-     apply (rule bigblock0_local_rel)
-      apply (simp add: bigblock0_def)
-     apply simp
-    apply (rule disjE)
-      apply assumption
-
-     apply (erule allE[where x=5])
-     apply (erule allE[where x=5])
-     apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_0)+
-     apply (simp add:member_rec(1))
-     apply (rule block_then0_global_rel)
-       apply (simp add: bigblock_then0_def)
-      apply blast+
-   
-    apply (erule allE[where x=1])
-    apply (erule allE[where x=1])
-    apply (simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_0)+
-    apply (simp add:member_rec(1))
-    apply (rule block_else0_global_rel)
-      apply (simp add: bigblock_else0_def)
-     apply blast+
-    done
-qed
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_cfg.thy
deleted file mode 100644
index 287791a..0000000
--- a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_cfg.thy
+++ /dev/null
@@ -1,93 +0,0 @@
-theory consecutive_ifs_before_ast_cfg
-  imports Main
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "../global_data"
-
-begin
-
-definition bigblock0
-  where "bigblock0 \<equiv> 
-          (BigBlock None [(Havoc 0)] 
-            (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                  [BigBlock None [(Assign 0 (Lit (LInt 5)))] None None] [BigBlock None [] None None])) 
-             None)"
-
-definition bigblock1
-  where "bigblock1 \<equiv> 
-          (BigBlock None [] 
-            (Some (ParsedIf None 
-                  [BigBlock None [(Assign 0 (Lit (LInt 1)))] None None] [BigBlock None [(Assign 0 (UnOp UMinus (Lit (LInt 1))))] None None])) 
-             None)"
-
-
-definition proc_body
-  where
-    "proc_body = bigblock0 # bigblock1 # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_ifs_before_ast_cfg.params_vdecls_def consecutive_ifs_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_ast_cfg.params_vdecls) )"
-unfolding consecutive_ifs_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_ast_cfg.locals_vdecls) )"
-unfolding consecutive_ifs_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_ast_cfg.params_vdecls consecutive_ifs_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = consecutive_ifs_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_ifs_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec consecutive_ifs_before_ast_cfg.post),proc_body = (Some (consecutive_ifs_before_ast_cfg.locals_vdecls,consecutive_ifs_before_ast_cfg.proc_body))|)"
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
deleted file mode 100644
index b403bee..0000000
--- a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_ast_cfg_proof.thy
+++ /dev/null
@@ -1,256 +0,0 @@
-theory empty_branch_if_ast_cfg_proof
-  imports Main
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          empty_branch_if_before_cfg_to_dag_prog 
-          empty_branch_if_before_ast_cfg
-          empty_branch_if_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-
-begin
-declare Nat.One_nat_def[simp del]
-
-definition bigblock_then 
-  where "bigblock_then \<equiv> BigBlock None [] None None"
-
-definition bigblock_else
-  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 6)))] None None"
-
-lemma bigblock0_local_rel:
-  assumes Red_bb0_to: 
-      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>empty_branch_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic) 
-           apply (rule Rel_Main_test[of bigblock0])
-            apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add:  empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)+
-    done
-qed
-
-lemma bigblock_else_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool False)"
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>empty_branch_if_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis
-    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_1_def)
-    apply (rule guard_fails_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of bigblock_else])
-               apply (simp add: bigblock_else_def)
-            apply simp
-           apply simp+
-          apply (rule Red_bb0_to)
-         apply (rule Red0_impl)
-         apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_1_def)
-         apply (rule push_through_assumption1)
-             apply simp
-            apply (rule neg_gt2)
-          apply (rule trace_is_possible)
-         apply simp
-        apply (simp add: bigblock_else_def)
-        apply simp+
-     apply (rule neg_gt2)
-    apply (rule trace_is_possible)
-    done
-qed
-
-lemma bigblock1_local_rel:
-  assumes Red_bb0_to: 
-      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock1, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>empty_branch_if_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic) 
-           apply (rule Rel_Main_test[of bigblock1])
-            apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)
-           apply (simp add:  empty_branch_if_before_cfg_to_dag_prog.block_2_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)+
-    done
-qed
-
-lemma block2_global_rel:
-  assumes concrete_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) empty_branch_if_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  using assms
-proof -
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-         apply (rule Rel_Main_test[of bigblock1 _ empty_branch_if_before_cfg_to_dag_prog.block_2])
-             apply (simp add: bigblock1_def empty_branch_if_before_cfg_to_dag_prog.block_2_def)
-           apply (simp add:  empty_branch_if_before_cfg_to_dag_prog.block_2_def)
-        apply (rule concrete_trace)
-       apply (simp add: bigblock1_def)
-         apply simp
-        apply (rule disjI1)
-        apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
-       apply (rule empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
-    apply (rule cfg_is_correct)
-      apply simp+
-    apply (rule cfg_satisfies_post, blast)
-    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_2)+
-    apply (rule bigblock1_local_rel)
-     apply assumption+
-    done
-qed
-
-
-lemma block_then_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) empty_branch_if_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -                    
-  have node3_loc: "node_to_block empty_branch_if_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]" 
-    by (simp add: empty_branch_if_before_cfg_to_dag_prog.block_3_def empty_branch_if_before_cfg_to_dag_prog.node_3)
-  show ?thesis 
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Invs[of bigblock_then])
-           apply (simp add: bigblock_then_def)
-          apply (rule assms(1))
-         apply (simp add: bigblock_then_def)
-        apply (rule disjI2)
-        apply (rule disjI1)
-        apply (rule conjI)
-         apply (rule node3_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-        apply simp
-       apply (rule cfg_satisfies_post, blast)
-       apply simp
-      apply simp
-     apply simp
-    apply (erule allE[where x=2])+
-    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_3)+
-    apply (simp add: member_rec(1))
-    apply (rule block2_global_rel)
-      apply simp+
-    apply (blast)
-    done
-qed
-
-
-lemma block_else_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) empty_branch_if_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool False)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node1_loc: "node_to_block empty_branch_if_before_cfg_to_dag_prog.proc_body ! 1 = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]" 
-    by (simp add: empty_branch_if_before_cfg_to_dag_prog.block_1_def empty_branch_if_before_cfg_to_dag_prog.node_1)
-  show ?thesis
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of bigblock_else])
-             apply (simp add: bigblock_else_def)
-            apply simp
-          apply (rule assms(1))
-         apply (simp add: bigblock_else_def)
-        apply (rule disjI2)
-        apply (rule disjI2)
-        apply (rule conjI)
-         apply (rule node1_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule conjI)
-         apply (rule neg_gt2)
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-        apply simp+
-       apply (rule cfg_satisfies_post, blast)
-     apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_1)+
-     apply (rule bigblock_else_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    apply (erule allE[where x=2])+
-    apply (simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_1)+
-    apply (simp add: member_rec(1))
-    apply (rule block2_global_rel)
-      apply assumption
-     apply blast+
-    done
-qed
-
-
-lemma block0_global_rel:
-  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) empty_branch_if_before_ast_cfg.post)"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis 
-    apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Main_test[of bigblock0 _ empty_branch_if_before_cfg_to_dag_prog.block_0])
-             apply (simp add: bigblock0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-    apply (simp add:  empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-          apply (rule ast_trace)
-          apply (simp add: bigblock0_def)
-         apply (rule disjI1)
-        apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
-        apply (rule assms(1))
-        apply simp
-       apply (rule cfg_satisfies_post, blast)
-       apply simp+
-     apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_0)
-     apply (rule bigblock0_local_rel)
-      apply (simp add: bigblock0_def)
-     apply assumption
-    apply simp
-    apply (rule disjE)
-      apply assumption
-
-     apply (erule allE[where x=3])+
-     apply (simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
-     apply (simp add:member_rec(1))
-     apply (rule conjE)
-      apply assumption
-     apply (rule block_then_global_rel)
-       apply (simp add: bigblock_then_def)       
-       apply simp
-      apply blast
-     apply assumption
-   
-    apply (erule allE[where x=1])+
-    apply (simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp add:member_rec(1))
-    apply (rule conjE)
-     apply assumption
-    apply (rule block_else_global_rel)
-      apply (simp add: bigblock_else_def)
-      apply simp+
-     apply blast+
-    done
-qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy
deleted file mode 100644
index 3c29d5a..0000000
--- a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_cfg.thy
+++ /dev/null
@@ -1,89 +0,0 @@
-theory empty_branch_if_before_ast_cfg
-  imports Main
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "../global_data"
-
-begin
-
-definition bigblock0
-  where "bigblock0 \<equiv> 
-          (BigBlock None [(Havoc 0)] 
-            (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) 
-                  [BigBlock None [] None None] [BigBlock None [(Assign 0 (Lit (LInt 6)))] None None])) 
-             None)"
-
-definition bigblock1
-  where "bigblock1 \<equiv> 
-          (BigBlock None [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))] None None)"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 #  bigblock1  # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding empty_branch_if_before_ast_cfg.params_vdecls_def empty_branch_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_cfg.params_vdecls) )"
-unfolding empty_branch_if_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_cfg.locals_vdecls) )"
-unfolding empty_branch_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_ast_cfg.post),proc_body = (Some (empty_branch_if_before_ast_cfg.locals_vdecls,empty_branch_if_before_ast_cfg.proc_body))|)"
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_cfg.thy
deleted file mode 100644
index 424dc10..0000000
--- a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_cfg.thy
+++ /dev/null
@@ -1,89 +0,0 @@
-theory empty_generic_block_before_ast_cfg
-  imports Main
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "../global_data"
-
-begin
-
-abbreviation bigblock0
-  where "bigblock0 \<equiv> 
-          (BigBlock None [(Havoc 0)] 
-            (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) 
-                  [BigBlock None [] None None] [BigBlock None [(Assign 0 (Lit (LInt 6)))] None None])) 
-             None)"
-
-abbreviation bigblock1
-  where "bigblock1 \<equiv> 
-          (BigBlock None [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))] None None)"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 #  bigblock1  # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding empty_branch_if_before_ast_cfg.params_vdecls_def empty_branch_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_cfg.params_vdecls) )"
-unfolding empty_branch_if_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_cfg.locals_vdecls) )"
-unfolding empty_branch_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_ast_cfg.params_vdecls empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_ast_cfg.post),proc_body = (Some (empty_branch_if_before_ast_cfg.locals_vdecls,empty_branch_if_before_ast_cfg.proc_body))|)"
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy
deleted file mode 100644
index d1b19cf..0000000
--- a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,89 +0,0 @@
-theory empty_generic_block_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = empty_generic_block_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_generic_block_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_generic_block_before_cfg_to_dag_prog.post),proc_body = (Some (empty_generic_block_before_cfg_to_dag_prog.locals_vdecls,empty_generic_block_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy
deleted file mode 100644
index 5bc5e43..0000000
--- a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy
+++ /dev/null
@@ -1,62 +0,0 @@
-theory empty_generic_block_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_generic_block_before_cfg_to_dag_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-
-end
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy
deleted file mode 100644
index 6aef149..0000000
--- a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy
+++ /dev/null
@@ -1,143 +0,0 @@
-theory empty_generic_block_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_generic_block_before_cfg_to_dag_prog empty_generic_block_before_passive_prog empty_generic_block_passification_proof empty_generic_block_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_generic_block_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_generic_block_before_cfg_to_dag_prog.block_0_def empty_generic_block_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule empty_generic_block_before_cfg_to_dag_prog.node_0)
-apply (rule empty_generic_block_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding empty_generic_block_before_cfg_to_dag_prog.post_def
-apply (rule block_anon0)
-apply assumption+
-by (rule empty_generic_block_before_cfg_to_dag_prog.outEdges_0)
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:empty_generic_block_before_passive_prog.outEdges_1))
-by ((simp add:empty_generic_block_before_passive_prog.node_1 empty_generic_block_before_passive_prog.block_1_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 empty_generic_block_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule empty_generic_block_before_passive_prog.node_2)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding empty_generic_block_before_passive_prog.block_2_def
-apply (rule assume_pres_normal[where ?es=empty_generic_block_before_cfg_to_dag_prog.pres])
-apply (rule assms(4))
-unfolding empty_generic_block_before_cfg_to_dag_prog.pres_def
-apply simp
-apply (rule empty_generic_block_before_passive_prog.outEdges_2)
-apply ((simp add:empty_generic_block_before_passive_prog.node_1 empty_generic_block_before_passive_prog.block_1_def))
-apply (rule empty_generic_block_before_passive_prog.outEdges_1)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_generic_block_before_cfg_to_dag_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule empty_generic_block_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms empty_generic_block_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 empty_generic_block_before_cfg_to_dag_prog.proc_def empty_generic_block_before_cfg_to_dag_prog.proc_body_def)
-
-
-end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 9c21c20..0000000
--- a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,89 +0,0 @@
-theory q_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding q_before_cfg_to_dag_prog.params_vdecls_def q_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) q_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding q_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) q_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding q_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = q_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec q_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec q_before_cfg_to_dag_prog.post),proc_body = (Some (q_before_cfg_to_dag_prog.locals_vdecls,q_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_cfgtodag_proof.thy
deleted file mode 100644
index 8d27920..0000000
--- a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_cfgtodag_proof.thy
+++ /dev/null
@@ -1,143 +0,0 @@
-theory q_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML q_before_cfg_to_dag_prog q_before_passive_prog q_passification_proof q_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] q_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] q_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] q_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding q_before_cfg_to_dag_prog.block_0_def q_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] q_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] q_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] q_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule q_before_cfg_to_dag_prog.node_0)
-apply (rule q_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding q_before_cfg_to_dag_prog.post_def
-apply (rule block_anon0)
-apply assumption+
-by (rule q_before_cfg_to_dag_prog.outEdges_0)
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] q_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] q_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:q_before_passive_prog.outEdges_1))
-by ((simp add:q_before_passive_prog.node_1 q_before_passive_prog.block_1_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] q_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] q_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 q_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] q_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule q_before_passive_prog.node_2)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding q_before_passive_prog.block_2_def
-apply (rule assume_pres_normal[where ?es=q_before_cfg_to_dag_prog.pres])
-apply (rule assms(4))
-unfolding q_before_cfg_to_dag_prog.pres_def
-apply simp
-apply (rule q_before_passive_prog.outEdges_2)
-apply ((simp add:q_before_passive_prog.node_1 q_before_passive_prog.block_1_def))
-apply (rule q_before_passive_prog.outEdges_1)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] q_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns q_before_cfg_to_dag_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] q_before_cfg_to_dag_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] q_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule q_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms q_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 q_before_cfg_to_dag_prog.proc_def q_before_cfg_to_dag_prog.proc_body_def)
-
-
-end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passive_prog.thy b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passive_prog.thy
deleted file mode 100644
index 6374952..0000000
--- a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passive_prog.thy
+++ /dev/null
@@ -1,77 +0,0 @@
-theory q_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util q_before_passive_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Lit (LInt 0)) Eq (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding q_passive_prog.params_vdecls_def q_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_vcphase_proof.thy b/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_vcphase_proof.thy
deleted file mode 100644
index 64a0f54..0000000
--- a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_vcphase_proof.thy
+++ /dev/null
@@ -1,148 +0,0 @@
-theory q_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML q_passive_prog q_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = ((0::int) = (0::int))"
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry  = (vc_anon0 )"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1
-lemmas forall_poly_thm = forall_vc_type[OF G1]
-lemmas exists_poly_thm = exists_vc_type[OF G1]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon0_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> q_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding q_passive_prog.block_0_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> q_passive_prog.block_1 (Normal n_s) s')" and 
-"(vc.vc_anon0 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
-using assms
-unfolding q_passive_prog.block_1_def
-apply cases
-by auto
-
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> q_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding q_passive_prog.block_2_def vc.vc_PreconditionGeneratedEntry_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> q_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) q_passive_prog.node_0 q_passive_prog.outEdges_0])
-using block_anon0AA0[OF _ assms(2)] by blast
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> q_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) q_passive_prog.node_1])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:q_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> q_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) q_passive_prog.node_2])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:q_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls)) \<Gamma> [] q_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF q_passive_prog.m_x])
-apply (subst lookup_var_local[OF q_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
deleted file mode 100644
index 2434a10..0000000
--- a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_cfg_proof.thy
+++ /dev/null
@@ -1,350 +0,0 @@
-theory if_example_ast_cfg_proof
-  imports Main
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          p_before_cfg_to_dag_prog 
-          if_example_before_ast_cfg
-          p_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-          p_before_passive_prog 
-          p_passification_proof 
-          p_vcphase_proof
-
-begin
-declare Nat.One_nat_def[simp del]
-
-definition bigblock_then 
-  where "bigblock_then \<equiv> BigBlock None [(Assign 0 (Lit (LInt 10)))] None None"
-
-definition bigblock_else
-  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 1)))] None None"
-
-lemma bigblock0_local_rel:
-  assumes Red_bb0_to: 
-      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic) 
-           apply (rule Rel_Main_test[of bigblock0])
-            apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: p_before_cfg_to_dag_prog.block_0_def)+
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)+
-    done
-qed
-
-
-lemma bigblock_then_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis
-    apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
-    apply (rule guard_holds_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of bigblock_then])
-             apply (simp add: bigblock_then_def)
-            apply simp
-           apply simp+
-          apply (rule Red_bb0_to)
-         apply (rule push_through_assumption_test1, rule Red0_impl)
-         apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
-           apply (simp add: trace_is_possible bigblock_then_def)+
-    done
-qed
-
-lemma bigblock_else_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool False)"
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis
-    apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
-    apply (rule guard_fails_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of bigblock_else])
-             apply (simp add: bigblock_else_def)
-            apply simp+
-          apply (rule Red_bb0_to)
-         apply (rule Red0_impl)
-         apply (simp add: p_before_cfg_to_dag_prog.block_1_def)
-         apply (rule push_through_assumption1)
-             apply simp
-            apply (rule neg_gt2)
-          apply (rule trace_is_possible)
-          apply (simp add: bigblock_else_def)+
-     apply (rule neg_gt2)
-    apply (rule trace_is_possible)
-    done
-qed
-
-lemma bigblock1_local_rel:
-  assumes Red_bb0_to: 
-      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock1, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic) 
-           apply (rule Rel_Main_test[of bigblock1])
-            apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)
-           apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)+
-    done
-qed
-
-lemma block2_global_rel:
-  assumes concrete_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock1, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)" 
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  using assms
-proof -
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-         apply (rule Rel_Main_test[of bigblock1 _ p_before_cfg_to_dag_prog.block_2])
-             apply (simp add: bigblock1_def p_before_cfg_to_dag_prog.block_2_def)
-            apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
-        apply (rule concrete_trace)
-       apply (simp add: bigblock1_def)
-         apply simp+
-        apply (rule disjI1)
-        apply (rule p_before_cfg_to_dag_prog.node_2)
-       apply (rule p_before_cfg_to_dag_prog.outEdges_2)
-    apply (rule cfg_is_correct)
-      apply simp
-     apply (rule cfg_satisfies_post, blast)
-     apply simp
-    apply (simp add: p_before_cfg_to_dag_prog.node_2)
-    apply (rule bigblock1_local_rel)
-     apply assumption+
-    done
-qed
-
-
-lemma block_then_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node3_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]" 
-    by (simp add: p_before_cfg_to_dag_prog.block_3_def p_before_cfg_to_dag_prog.node_3)
-  show ?thesis 
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of bigblock_then])
-             apply (simp add: bigblock_then_def)
-            apply simp
-          apply (rule assms(1))
-         apply (simp add: bigblock_then_def)
-        apply (rule disjI2)
-        apply (rule disjI1)
-        apply (rule conjI)
-         apply (rule node3_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-        apply simp+
-       apply (rule cfg_satisfies_post, blast)
-       apply simp+
-     apply (simp add: p_before_cfg_to_dag_prog.node_3)
-     apply (rule bigblock_then_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    apply (erule allE[where x=2])+
-    apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
-    apply (simp add: member_rec(1))
-    apply (rule block2_global_rel)
-      apply assumption
-     apply blast+
-    done
-qed
-
-
-lemma block_else_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 5))), ns1\<rangle> \<Down> LitV (LBool False)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node1_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 1 = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]" 
-    by (simp add: p_before_cfg_to_dag_prog.block_1_def p_before_cfg_to_dag_prog.node_1)
-  show ?thesis
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of bigblock_else])
-             apply (simp add: bigblock_else_def)
-            apply simp
-          apply (rule assms(1))
-         apply (simp add: bigblock_else_def)
-        apply (rule disjI2)
-        apply (rule disjI2)
-        apply (rule conjI)
-         apply (rule node1_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule conjI)
-         apply (rule neg_gt2)
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-        apply simp+
-       apply (rule cfg_satisfies_post, blast)
-       apply simp+
-     apply (simp add: p_before_cfg_to_dag_prog.node_1)
-     apply (rule bigblock_else_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    apply (erule allE[where x=2])+
-    apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)
-    apply (simp add: member_rec(1))
-    apply (rule block2_global_rel)
-      apply assumption
-    apply blast+
-    done
-qed
-
-
-lemma block0_global_rel:
-  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KSeq bigblock1 KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) if_example_before_ast_cfg.post)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> if_example_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis 
-    apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
-             apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def) 
-    apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
-          apply (rule ast_trace)
-          apply (simp add: bigblock0_def)
-         apply (rule disjI1)
-        apply (rule p_before_cfg_to_dag_prog.node_0)
-       apply (rule assms(1))
-        apply simp
-       apply (rule cfg_satisfies_post, blast)
-       apply simp+
-     apply (simp add: p_before_cfg_to_dag_prog.node_0)
-     apply (rule bigblock0_local_rel)
-      apply (simp add: bigblock0_def)
-     apply assumption
-    apply simp
-    apply (rule disjE)
-      apply assumption
-
-     apply (erule allE[where x=3])+
-     apply (simp add:p_before_cfg_to_dag_prog.outEdges_0)
-     apply (simp add:member_rec(1))
-     apply (rule conjE)
-      apply assumption
-     apply simp
-     apply (rule block_then_global_rel)
-       apply (simp add: bigblock_then_def)
-       apply simp
-      apply blast
-     apply assumption
-   
-    apply (erule allE[where x=1])+
-    apply (simp add:p_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp add:member_rec(1))
-    apply (rule conjE)
-     apply assumption
-    apply (rule block_else_global_rel)
-      apply (simp add: bigblock_else_def)
-      apply simp
-     apply blast
-    apply (simp add: false_equals_not_true)
-    done
-qed
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls))"
-lemma end_to_end_theorem_aux3:
-assumes 
-Red: "rtranclp (red_bigblock A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) \<Gamma> [] if_example_before_ast_cfg.proc_body) (bigblock0, (KSeq bigblock1 KStop), Normal ns) (end_bb, end_cont, end_state)" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_example_before_ast_cfg.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] if_example_before_ast_cfg.post end_bb end_cont end_state)"
-proof -
-from Red obtain j where Aux:"(A,M,((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)),\<Gamma>,[],if_example_before_ast_cfg.proc_body \<turnstile> (bigblock0, (KSeq bigblock1 KStop), Normal ns) -n\<longrightarrow>^j (end_bb, end_cont, end_state))"
-by (meson rtranclp_imp_relpowp)
-  show ?thesis
-apply (rule block0_global_rel)
-defer
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
-                 p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
-                                    p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
-                                    if_example_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
-                                    p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply simp
-using OldGlobal apply simp
-using BinderNs apply simp
-done
-qed
-
-lemma initialization:                              
-  assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock0, bigblock1] ns1) (reached_bb, reached_cont, reached_state)"
-  shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, KSeq bigblock1 KStop, Normal ns1) (reached_bb, reached_cont, reached_state)" 
-  using assms 
-  by simp
-
-
-lemma end_to_end_theorem3:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms if_example_before_ast_cfg.proc_ast))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux3])
-apply (rule initialization)
-unfolding if_example_before_ast_cfg.proc_body_def
-apply assumption using VC apply simp  apply assumption+
-apply (simp_all add: 
-      exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2
-      if_example_before_ast_cfg.proc_ast_def if_example_before_ast_cfg.proc_body_def)
-done
-end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~ b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~
deleted file mode 100644
index 3a3816b..0000000
--- a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_ast_form~
+++ /dev/null
@@ -1,4 +0,0 @@
-theory if_example_ast_form
-
-begin
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
deleted file mode 100644
index 6c46a7a..0000000
--- a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/if_example_before_ast_cfg.thy
+++ /dev/null
@@ -1,90 +0,0 @@
-theory if_example_before_ast_cfg
-  imports Main 
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "../global_data"
-
-begin
-definition bigblock0
-  where "bigblock0 \<equiv> 
-          (BigBlock None [(Havoc 0)] 
-            (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) 
-                      [BigBlock None [(Assign 0 (Lit (LInt 10)))] None None] 
-                      [BigBlock None [(Assign 0 (Lit (LInt 1)))] None None])) 
-             None)"
-
-definition bigblock1 
-  where "bigblock1 \<equiv> (BigBlock None [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))] None None)"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 #  bigblock1 # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),None)]"
-
-lemma locals_min_aux:
-shows "(((map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding if_example_before_ast_cfg.params_vdecls_def if_example_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_before_ast_cfg.params_vdecls) )"
-unfolding if_example_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_before_ast_cfg.locals_vdecls) )"
-unfolding if_example_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append if_example_before_ast_cfg.params_vdecls if_example_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "ast_procedure"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = if_example_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_example_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec if_example_before_ast_cfg.post),proc_body = (Some (if_example_before_ast_cfg.locals_vdecls,if_example_before_ast_cfg.proc_body))|)"
-
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 3d7f1e9..0000000
--- a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,125 +0,0 @@
-theory p_before_cfg_to_dag_prog
-  imports "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics" 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/TypeSafety" 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Util" 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/generated_example_proofs/if_example_proofs/global_data" 
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]"
-definition block_2
-  where
-    "block_2  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
-definition outEdges
-  where
-    "outEdges  = [[3,1],[2],[],[2]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [3,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy b/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy
deleted file mode 100644
index 4e1c3f9..0000000
--- a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passive_prog.thy
+++ /dev/null
@@ -1,128 +0,0 @@
-theory p_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 2) Gt (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 5)))),(Assume (BinOp (Var 2) Eq (Lit (LInt 10))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 1))),(Assume (BinOp (Var 2) Eq (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_ast_cfg_proof.thy
deleted file mode 100644
index 893fa46..0000000
--- a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_ast_cfg_proof.thy
+++ /dev/null
@@ -1,335 +0,0 @@
-theory nested_if_ast_cfg_proof
-  imports Main
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          nested_if_before_cfg_to_dag_prog 
-          nested_if_before_ast_cfg
-          nested_if_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-
-begin
-declare Nat.One_nat_def[simp del]
-
-definition outer_then where
-  "outer_then = (BigBlock None [] 
-                      (Some (ParsedIf 
-                            (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) 
-                            [(BigBlock None [(Assign 1 (BinOp (Var 1) Add (Var 0)))] None None)]
-                            [(BigBlock None [(Assign 1 (Var 0))] None None)] ) )
-                       None )"
-
-definition outer_else where
-  "outer_else = (BigBlock None [] None None)"
-
-definition inner_then where
-  "inner_then = (BigBlock None [(Assign 1 (BinOp (Var 1) Add (Var 0)))] None None)"
-
-definition inner_else where
-  "inner_else = (BigBlock None [(Assign 1 (Var 0))] None None)"
-
-lemma bigblock0_local_rel:
-  assumes Red_bb0_to: 
-      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic) 
-           apply (rule Rel_Main_test[of bigblock0])
-            apply (simp add: bigblock0_def nested_if_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: nested_if_before_cfg_to_dag_prog.block_0_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl, simp)
-      apply (simp add: bigblock0_def)
-     apply simp
-    apply (simp add: nested_if_before_cfg_to_dag_prog.block_0_def)
-    done
-qed
-
-lemma inner_then_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inner_then, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_if_before_cfg_to_dag_prog.block_4, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis
-    apply (simp add: nested_if_before_cfg_to_dag_prog.block_4_def)
-    apply (rule guard_holds_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of inner_then])
-             apply (simp add: inner_then_def)
-            apply simp
-           apply simp+
-          apply (rule Red_bb0_to)
-         apply (rule push_through_assumption_test1, rule Red0_impl)
-         apply (simp add: nested_if_before_cfg_to_dag_prog.block_4_def)
-           apply (simp add: trace_is_possible inner_then_def)+
-    done
-qed
-
-lemma inner_else_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inner_else, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool False)"
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_if_before_cfg_to_dag_prog.block_3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis
-    apply (simp add: nested_if_before_cfg_to_dag_prog.block_3_def)
-    apply (rule guard_fails_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of inner_else])
-             apply (simp add: inner_else_def)
-            apply simp
-           apply simp+
-          apply (rule Red_bb0_to)
-         apply (rule Red0_impl)
-         apply (simp add: nested_if_before_cfg_to_dag_prog.block_3_def)
-         apply (rule push_through_assumption1)
-             apply simp
-            apply (rule neg_gt2)
-          apply (rule trace_is_possible)
-         apply simp
-        apply (simp add: inner_else_def)
-        apply simp+
-     apply (rule neg_gt2)
-    apply (rule trace_is_possible)
-    done
-qed
-
-lemma outer_else_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (outer_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,nested_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) nested_if_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool False)"
-shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> nested_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -                                                            
-  have node1_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 1 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
-    by (simp add: nested_if_before_cfg_to_dag_prog.block_1_def nested_if_before_cfg_to_dag_prog.node_1)
-  show ?thesis
-  apply (rule generic_ending_block_global_rel)
-           apply (rule Rel_Invs[of outer_else])
-           apply (simp add: outer_else_def)
-          apply (rule assms(1))
-          apply (simp add: outer_else_def)
-         apply simp
-        apply (rule disjI2)
-        apply (rule disjI2)
-        apply (rule conjI)
-         apply (rule node1_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule conjI)
-         apply (rule neg_gt2)
-        apply (rule trace_is_possible)
-       apply (simp add: nested_if_before_cfg_to_dag_prog.outEdges_1)
-       apply (rule assms(2))
-      apply simp+
-     apply (rule cfg_satisfies_post, blast)
-     apply (simp add: nested_if_before_cfg_to_dag_prog.node_1)
-     apply (rule end_static)
-      apply (simp add: outer_else_def)
-    done
-qed
-
-lemma inner_else_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inner_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,nested_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) nested_if_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool False)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> nested_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node3_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 1 (Var 0))]" 
-    by (simp add: nested_if_before_cfg_to_dag_prog.block_3_def nested_if_before_cfg_to_dag_prog.node_3)
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-           apply (rule Rel_Main_test[of inner_else])
-             apply (simp add: inner_else_def)
-            apply simp
-          apply (rule assms(1))
-          apply (simp add: inner_else_def)
-         apply simp
-        apply (rule disjI2)
-        apply (rule disjI2)
-        apply (rule conjI)
-         apply (rule node3_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule conjI)
-         apply (rule neg_gt2)
-        apply (rule trace_is_possible)
-       apply (simp add: nested_if_before_cfg_to_dag_prog.outEdges_3)
-       apply (rule assms(2))
-      apply simp+
-     apply (rule cfg_satisfies_post, blast)
-     apply (simp add: nested_if_before_cfg_to_dag_prog.node_3)+
-     apply (rule inner_else_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    done
-qed
-
-lemma inner_then_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inner_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,nested_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) nested_if_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> nested_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node4_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 4 = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Add (Var 0)))]" 
-    by (simp add: nested_if_before_cfg_to_dag_prog.block_4_def nested_if_before_cfg_to_dag_prog.node_4)
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-           apply (rule Rel_Main_test[of inner_then])
-             apply (simp add: inner_then_def)
-            apply simp
-          apply (rule assms(1))
-          apply (simp add: inner_then_def)
-         apply simp
-        apply (rule disjI2)
-        apply (rule disjI1)
-        apply (rule conjI)
-         apply (rule node4_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule trace_is_possible)
-       apply (simp add: nested_if_before_cfg_to_dag_prog.outEdges_4)
-       apply (rule assms(2))
-      apply simp+
-     apply (rule cfg_satisfies_post, blast)
-     apply (simp add: nested_if_before_cfg_to_dag_prog.node_4)+
-     apply (rule inner_then_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    done
-qed
-
-lemma outer_then_global_rel:
-  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,nested_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) nested_if_before_ast_cfg.post)"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (outer_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> nested_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node2_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]" 
-    by (simp add: nested_if_before_cfg_to_dag_prog.block_2_def nested_if_before_cfg_to_dag_prog.node_2)
-  show ?thesis 
-    apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Invs[of outer_then])
-           apply (simp add: outer_then_def) 
-          apply (rule ast_trace)
-          apply (simp add: outer_then_def)
-         apply (rule disjI2)
-         apply (rule disjI1)
-         apply (rule conjI)
-          apply (rule node2_loc)
-         apply (rule conjI)
-          apply simp
-         apply (rule trace_is_possible)
-        apply (rule assms(1))
-        apply simp
-       apply (rule cfg_satisfies_post, blast)
-       apply simp
-      apply simp
-     apply simp
-    apply simp
-    apply (rule disjE)
-      apply assumption
-
-     apply (erule allE[where x=4])+
-     apply (simp add:nested_if_before_cfg_to_dag_prog.outEdges_2)
-     apply (simp add:member_rec(1))
-     apply (rule conjE)
-      apply assumption
-     apply simp
-     apply (rule inner_then_global_rel)
-       apply (simp add: inner_then_def)
-       apply simp
-      apply blast
-     apply assumption
-   
-    apply (erule allE[where x=3])+
-    apply (simp add:nested_if_before_cfg_to_dag_prog.outEdges_2)
-    apply (simp add:member_rec(1))
-    apply (rule conjE)
-     apply assumption
-    apply (rule inner_else_global_rel)
-      apply (simp add: inner_else_def)
-      apply simp+
-     apply blast+
-    done
-qed
-
-lemma entry_block_global_rel:
-  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>,\<Gamma>,\<Omega>,nested_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) nested_if_before_ast_cfg.post)"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> nested_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node0_loc: "node_to_block nested_if_before_cfg_to_dag_prog.proc_body ! 0 = [(Havoc 0),(Havoc 1)]" 
-    by (simp add: nested_if_before_cfg_to_dag_prog.block_0_def nested_if_before_cfg_to_dag_prog.node_0)
-  show ?thesis 
-    apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Main_test[of bigblock0])
-             apply (simp add: bigblock0_def)
-            apply simp
-          apply (rule ast_trace)
-          apply (simp add: bigblock0_def)
-         apply (rule disjI1)
-          apply (rule node0_loc)
-        apply (rule assms(1))
-        apply simp
-       apply (rule cfg_satisfies_post, blast)
-       apply simp
-       apply simp
-      apply simp
-    apply (simp add: nested_if_before_cfg_to_dag_prog.node_0)
-     apply (rule bigblock0_local_rel)
-      apply (simp add: bigblock0_def)
-     apply simp+
-    apply (rule disjE)
-      apply assumption
-
-     apply (erule allE[where x=2])+
-     apply (simp add:nested_if_before_cfg_to_dag_prog.outEdges_0)
-     apply (simp add:member_rec(1))
-     apply (rule conjE)
-      apply assumption
-     apply simp
-     apply (rule outer_then_global_rel)
-        apply auto[1]
-       apply blast
-       apply (simp add: outer_then_def)
-      apply simp
-   
-    apply (erule allE[where x=1])+
-    apply (simp add:nested_if_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp add:member_rec(1))
-    apply (rule conjE)
-     apply assumption
-    apply (rule outer_else_global_rel)
-      apply (simp add: outer_else_def)
-      apply simp+
-     apply blast+
-    done
-qed
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_cfg.thy
deleted file mode 100644
index ba2916e..0000000
--- a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_cfg.thy
+++ /dev/null
@@ -1,99 +0,0 @@
-theory nested_if_before_ast_cfg
-  imports Main
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "../global_data"
-begin
-
-definition bigblock0 where
-  "bigblock0 = BigBlock None [(Havoc 0),(Havoc 1)] 
-               (Some (ParsedIf 
-                     (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                     [(BigBlock None [] 
-                      (Some (ParsedIf 
-                            (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) 
-                            [(BigBlock None [(Assign 1 (BinOp (Var 1) Add (Var 0)))] None None)]
-                            [(BigBlock None [(Assign 1 (Var 0))] None None)] ) )
-                       None )]
-                     [(BigBlock None [] None None)] ) )
-                None"
-
-definition proc_body
-  where
-    "proc_body  = bigblock0 # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding nested_if_before_ast_cfg.params_vdecls_def nested_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_ast_cfg.params_vdecls) )"
-unfolding nested_if_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_ast_cfg.locals_vdecls) )"
-unfolding nested_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_n:
-shows "((map_of (append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_m:
-shows "((map_of (append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_n:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_m:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_ast_cfg.params_vdecls nested_if_before_ast_cfg.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = nested_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec nested_if_before_ast_cfg.post),proc_body = (Some (nested_if_before_ast_cfg.locals_vdecls,nested_if_before_ast_cfg.proc_body))|)"
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy
deleted file mode 100644
index ba5a884..0000000
--- a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_ast_cfg_proof.thy
+++ /dev/null
@@ -1,720 +0,0 @@
-theory nested_loop2_ast_cfg_proof
-  imports Main 
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          nested_loop2_before_cfg_to_dag_prog 
-          nested_loop2_before_ast_cfg
-          nested_loop2_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-
-begin
-declare Nat.One_nat_def[simp del]
-
-abbreviation \<Lambda>1_local
-  where
-    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls))"
-
-definition loop2_body_bb1 
-  where "loop2_body_bb1 \<equiv> 
-                     (BigBlock None [] 
-                     (Some (WhileWrapper 
-                           (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                            [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                            [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
-                      None)"
-
-definition loop2_body_bb2
-  where "loop2_body_bb2 \<equiv> (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)"
-
-definition loop2_body_bb1_unwrapped where
-  "loop2_body_bb1_unwrapped \<equiv> 
-                   (BigBlock None [] 
-                   (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                          [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                          [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None])) 
-                    None)"
-
-definition loop3_body_bb1 
-  where "loop3_body_bb1 \<equiv> (BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None)"
-
-definition loop1_body_bb1 where
-  "loop1_body_bb1 \<equiv> 
-                      (BigBlock None []
-                      (Some (WhileWrapper 
-                            (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                            [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                            [(BigBlock None [] 
-                             (Some (WhileWrapper 
-                                   (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                                    [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                                    [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
-                             None),
-                             (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
-                       None)"
-
-definition loop1_body_bb1_unwrapped where
-  "loop1_body_bb1_unwrapped \<equiv> (BigBlock None []
-                    (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                          [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                          [(BigBlock None [] 
-                           (Some (WhileWrapper 
-                                 (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                                  [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                                  [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
-                           None),
-                           (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)])) 
-                     None)"
-
-definition loop_only_bigblock0 where
-  "loop_only_bigblock0 \<equiv> 
-                      BigBlock None []
-                     (Some (WhileWrapper 
-                           (ParsedWhile (Some ((Lit (LBool True))))
-                            []
-                            [(BigBlock None []
-                             (Some (WhileWrapper 
-                                   (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                                   [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                                   [(BigBlock None [] 
-                                    (Some (WhileWrapper 
-                                         (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                                          [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                                          [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
-                                     None),
-                                   (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
-                              None)])))
-                       None"
-
-definition bb0_unwrapped where
-  "bb0_unwrapped \<equiv> BigBlock None []
-                     (Some 
-                           (ParsedWhile (Some ((Lit (LBool True))))
-                            []
-                            [(BigBlock None []
-                             (Some (WhileWrapper 
-                                   (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                                   [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                                   [(BigBlock None [] 
-                                    (Some (WhileWrapper 
-                                         (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                                          [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                                          [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
-                                     None),
-                                   (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
-                              None)]))
-                       None"
-
-definition empty_bb where
-  "empty_bb \<equiv> (BigBlock None [] None None)"
-
-lemma bb0_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop2_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock0 _ nested_loop2_before_cfg_to_dag_prog.block_0])
-           apply (simp add: bigblock0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
-          apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)+
-        apply (rule Red_bb)
-       apply (rule Red_impl, simp)
-      apply (simp add: nested_loop2_before_ast_cfg.bigblock0_def)
-     apply simp
-    apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)
-  done
-
-lemma loop3_body_bb1_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (loop3_body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop2_before_cfg_to_dag_prog.block_6, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-    unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def
-    apply (rule guard_holds_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of loop3_body_bb1])
-             apply (simp add: loop3_body_bb1_def)
-            apply simp
-           apply simp+
-          apply (rule Red_bb)
-         apply (rule push_through_assumption_test1, rule Red_impl)
-            apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_6_def)
-           apply (simp add: trace_is_possible loop3_body_bb1_def)+
-    done
-
-lemma loop2_body_bb2_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (loop2_body_bb2 , cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.block_7 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop2_before_cfg_to_dag_prog.block_7, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    unfolding nested_loop2_before_cfg_to_dag_prog.block_7_def 
-    apply (rule guard_fails_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of loop2_body_bb2])
-             apply (simp add: loop2_body_bb2_def)
-            apply simp
-           apply simp+
-          apply (rule Red_bb)
-         apply (rule Red_impl)
-         apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_7_def)
-         apply (rule push_through_assumption1)
-             apply simp
-            apply (rule neg_gt2)
-          apply (rule trace_is_possible)
-        apply (simp add: loop2_body_bb2_def)+
-     apply (rule neg_gt2)
-    apply (rule trace_is_possible)
-    done
-qed
-
-
-lemma end_global_rel: 
-  assumes Red_bb: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (empty_bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 9, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(Lit (LBool True)), ns1\<rangle> \<Down> BoolV False"
-shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-proof -
-  have node3_loc: "node_to_block nested_loop2_before_cfg_to_dag_prog.proc_body ! 9 = [(Assume (UnOp Not (Lit (LBool True))))]" 
-    by (simp add: nested_loop2_before_cfg_to_dag_prog.block_9_def nested_loop2_before_cfg_to_dag_prog.node_9)
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-            apply (rule Rel_Invs[of empty_bb])
-            apply (simp add: empty_bb_def)
-           apply (rule Red_bb)
-          apply (simp add: empty_bb_def)
-         apply simp
-        apply (rule disjI2)
-        apply (rule disjI2)
-        apply (rule conjI)
-         apply (rule node3_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule conjI)
-         defer
-        apply (rule trace_is_possible)
-       apply (rule nested_loop2_before_cfg_to_dag_prog.outEdges_9)
-       apply (rule cfg_is_correct, simp)
-      apply (rule cfg_satisfies_post, blast)
-      apply simp
-     apply (simp add: empty_bb_def)
-     apply (simp add: end_static)
-    apply simp
-    done
-qed
-
-
-lemma loop2_body_bb2_global_rel:
-  assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (loop2_body_bb2, KSeq loop1_body_bb1_unwrapped (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))), (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 7, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
-  and loop_ih:
-        "\<And>k ns1'. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(loop1_body_bb1_unwrapped, (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m' s'.
-                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  using assms
-proof -
-  have node5_loc: "node_to_block nested_loop2_before_cfg_to_dag_prog.proc_body ! 7 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
-    by (simp add: nested_loop2_before_cfg_to_dag_prog.block_7_def nested_loop2_before_cfg_to_dag_prog.node_7)
-  show ?thesis 
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of loop2_body_bb2])
-             apply (simp add: loop2_body_bb2_def)
-            defer
-          apply (rule assms(1))
-         apply (simp add: loop2_body_bb2_def)
-        apply (rule disjI2)
-        apply (rule disjI2)
-        apply (rule conjI)
-         apply (rule node5_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule conjI)
-         apply (rule neg_gt2)
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-         apply simp+
-        apply (rule cfg_satisfies_post, blast)
-        apply simp+
-     apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_7)
-     apply (rule loop2_body_bb2_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    apply (erule allE[where x=3])+
-    apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_7)
-    apply (simp add: member_rec(1))
-    apply (rule loop_ih)
-        apply simp+
-     apply blast+
-    done
-qed
-
-
-lemma loop3_body_bb1_global_rel:
-  assumes j_step_ast_trace: 
-          "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (loop3_body_bb1, (KSeq loop2_body_bb1_unwrapped (KEndBlock (KSeq loop2_body_bb2 (KSeq loop1_body_bb1_unwrapped (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))))))), Normal ns1) -n\<longrightarrow>^j 
-                                 (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 6, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
-  and loop_ih:
-        "\<And>k ns1''. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(loop2_body_bb1_unwrapped, (KEndBlock (KSeq loop2_body_bb2 (KSeq loop1_body_bb1_unwrapped (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop)))))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m' s'.
-                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-proof -
-  have node5_loc: "node_to_block nested_loop2_before_cfg_to_dag_prog.proc_body ! 6 = 
-                   [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]" 
-    by (simp add: nested_loop2_before_cfg_to_dag_prog.block_6_def nested_loop2_before_cfg_to_dag_prog.node_6)
-  show ?thesis 
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of loop3_body_bb1])
-             apply (simp add: loop3_body_bb1_def)
-            defer
-          apply (rule assms(1))
-         apply (simp add: loop3_body_bb1_def)
-        apply (rule disjI2)
-        apply (rule disjI1)
-        apply (rule conjI)
-         apply (rule node5_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-         apply simp+
-        apply (rule cfg_satisfies_post, blast)
-        apply simp+
-     apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_6)
-     apply (rule loop3_body_bb1_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-
-    apply (erule allE[where x=5])+
-    apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_6)
-    apply (simp add: member_rec(1))
-    apply (rule loop_ih)
-        apply simp+
-     apply blast+
-    done
-qed
-
-
-lemma loop2_body_bb1_unwrapped_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (loop2_body_bb1_unwrapped, (KEndBlock (KSeq loop2_body_bb2 (KSeq loop1_body_bb1_unwrapped (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop)))))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
-  and loop_ih:
-        "\<And>k ns1'. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(loop1_body_bb1_unwrapped, (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m' s'.
-                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-  case (less j)
-  then show ?case 
-  proof (cases j)
-    case 0
-    then show ?thesis
-      using Ast.valid_configuration_def less.prems(1) by fastforce
-  next
-    case (Suc j')
-    show ?thesis
-      apply (rule block_global_rel_loop_head)
-              apply (rule Rel_Invs[of loop2_body_bb1_unwrapped _ _ _ nested_loop2_before_cfg_to_dag_prog.block_5])
-              apply (simp add: loop2_body_bb1_unwrapped_def nested_loop2_before_cfg_to_dag_prog.block_5_def)
-             apply (rule less(2))
-            apply (rule less(3), simp)
-           apply (rule less(4), blast)
-           apply simp
-           apply (simp add: loop2_body_bb1_unwrapped_def)
-          apply simp
-         apply (rule block_local_rel_loop_head)
-             apply (rule Rel_Invs[of loop2_body_bb1_unwrapped])
-             apply (simp add: loop2_body_bb1_unwrapped_def)
-            apply (simp add: loop2_body_bb1_unwrapped_def)
-           apply (simp)
-          apply (rule nested_loop2_before_cfg_to_dag_prog.block_5_def)
-         apply (simp, simp)
-       apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_5)
-      apply(rule disjE)
-        apply assumption
-
-       apply (erule allE[where x = 6])+
-       apply (simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5)
-       apply (simp add:member_rec(1))
-       apply (rule conjE)
-        apply assumption
-       apply simp
-       apply (rule loop3_body_bb1_global_rel) 
-          apply (simp add: loop3_body_bb1_def)
-          apply simp
-         apply blast
-        apply assumption
-       apply (rule less.IH)
-         apply (rule strictly_smaller_helper2)
-           apply assumption
-          apply assumption
-         apply assumption
-         apply assumption
-        apply blast
-       apply (rule less.prems(4))
-         apply (rule strictly_smaller_helper3)
-           apply assumption+
-
-      apply (erule allE[where x = 7])+
-      apply (simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5)
-      apply (simp add:member_rec(1))
-      apply (rule conjE)
-       apply assumption
-      apply simp
-      apply (rule ending_after_skipping_endblock2)
-           apply assumption
-          apply assumption
-         apply simp
-         apply blast
-        apply blast
-        apply simp
-      apply (rule loop2_body_bb2_global_rel)
-         apply assumption+
-      apply (rule less.prems(4))
-        apply (rule strictly_smaller_helper4)
-          apply assumption+
-      done
-  qed
-qed
-
-lemma loop2_body_bb1_wrapped_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (loop2_body_bb1, (KSeq loop2_body_bb2 (KSeq loop1_body_bb1_unwrapped (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
-  and loop_ih:
-        "\<And>k ns1'. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(loop1_body_bb1_unwrapped, (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m' s'.
-                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  apply (rule ending_after_unwrapping)
-     apply (rule j_step_ast_trace)
-    apply (simp add: loop2_body_bb1_def)
-    apply (rule cfg_is_correct, simp)
-   apply (rule cfg_satisfies_post, blast)
-   apply simp
-  apply (rule loop2_body_bb1_unwrapped_global_rel)
-    apply (simp add: loop2_body_bb1_unwrapped_def)
-    apply assumption
-   apply blast
-  apply (rule loop_ih)
-    apply (rule strictly_smaller_helper2)
-     apply assumption+
-  done
-
-lemma loop1_body_bb1_unwrapped_global_rel:
-  assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (loop1_body_bb1_unwrapped, (KEndBlock (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
-  and loop_ih:
-        "\<And>k ns1'. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m' s'.
-                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms 
-proof (induction j arbitrary: ns1 rule: less_induct)
-  case (less j)
-  then show ?case 
-  proof (cases j)
-    case 0
-    then show ?thesis
-      using valid_configuration_def less.prems(1) by fastforce
-  next
-    case (Suc j')
-    show ?thesis
-      apply (rule block_global_rel_loop_head) 
-              apply (rule Rel_Invs[of loop1_body_bb1_unwrapped])
-              apply (simp add: loop1_body_bb1_unwrapped_def)
-             apply (rule less(2))
-            apply (rule less(3), simp)
-           apply (rule less(4), blast)
-           apply simp
-           apply (simp add: loop1_body_bb1_unwrapped_def)
-          apply simp
-         apply (rule block_local_rel_loop_head)
-              apply (rule Rel_Invs[of loop1_body_bb1_unwrapped])
-              apply (simp add: loop1_body_bb1_unwrapped_def)
-            apply (simp add: loop1_body_bb1_unwrapped_def)
-           apply (simp, simp, simp)
-       apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_3)
-       apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_3_def)
-      apply(rule disjE)
-        apply assumption
-    
-       apply (erule allE[where x = 4])+
-       apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_3)
-       apply (simp add:member_rec(1))
-       apply (rule conjE)
-        apply assumption
-       apply simp
-       apply (rule loop2_body_bb1_wrapped_global_rel)
-         apply (simp add: loop2_body_bb1_def loop2_body_bb2_def)
-        apply (rule correctness_propagates_through_assumption2)
-            apply assumption
-           apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_4)
-           apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_4_def)
-          apply assumption
-         apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_4)
-         apply (simp add: member_rec)
-         apply assumption
-        apply (rule correctness_propagates_through_assumption4)
-             apply blast
-            apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_4)
-            apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_4_def)
-           apply simp
-          apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_4)
-          apply (simp add: member_rec)
-         apply simp+
-       apply (rule less.IH)
-         apply (rule strictly_smaller_helper2)
-           apply assumption
-          apply assumption
-         apply assumption
-         apply assumption
-        apply blast
-       apply (rule less.prems(4))
-         apply (rule strictly_smaller_helper3)
-           apply assumption+
-
-      apply (erule allE[where x = 8])+
-      apply (simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3)
-      apply (simp add:member_rec(1))
-      apply (rule conjE)
-       apply assumption
-      apply simp
-      apply (rule ending_after_skipping_endblock2)
-           apply assumption
-          apply assumption
-         apply simp
-         apply blast
-        apply blast
-        apply simp
-      apply (rule less(5))
-        apply (rule smaller_helper5)
-         apply assumption
-        apply assumption
-       apply assumption
-      apply (rule correctness_propagates_through_assumption)
-           apply assumption
-          apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_8)
-          apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_8_def)
-         apply (rule neg_gt2)
-        apply assumption  
-       apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_8)
-       apply (simp add: member_rec)
-       apply simp
-      apply (rule correctness_propagates_through_assumption3)
-            apply blast
-           apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_8)
-           apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_8_def)
-          apply (rule neg_gt2)
-         apply simp
-        apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_8)
-        apply (simp add: member_rec)
-       apply simp+
-      done
-  qed
-qed
-
-lemma loop1_body_bb1_wrapped_global_rel:
-  assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (loop1_body_bb1, (KSeq bb0_unwrapped (KEndBlock KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
-  and loop_ih:
-        "\<And>k ns1'. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m' s'.
-                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  apply (rule ending_after_unwrapping)
-     apply (rule j_step_ast_trace)
-    apply (simp add: loop1_body_bb1_def)
-    apply (rule cfg_is_correct, simp)
-   apply (rule cfg_satisfies_post, blast)
-   apply simp
-  apply (rule loop1_body_bb1_unwrapped_global_rel)
-    apply (simp add: loop1_body_bb1_unwrapped_def)
-    apply assumption
-   apply blast
-  apply (rule loop_ih)
-    apply (rule strictly_smaller_helper2)
-     apply assumption+
-  done
-
-lemma bb0_unwrapped_global_rel:
-  assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bb0_unwrapped, KEndBlock KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms 
-proof (induction j arbitrary: ns1 rule: less_induct)
-  case (less j)
-  then show ?case 
-  proof (cases j)
-    case 0
-    then show ?thesis
-      using valid_configuration_def less.prems(1) by fastforce
-  next
-    case (Suc j')
-    show ?thesis
-      apply (rule block_global_rel_loop_head) 
-              apply (rule Rel_Invs[of bb0_unwrapped])
-              apply (simp add: bb0_unwrapped_def)
-             apply (rule less(2))
-            apply (rule less(3), simp)
-           apply (rule less(4), blast)
-           apply simp
-           apply (simp add: bb0_unwrapped_def)
-          apply simp
-         apply (rule block_local_rel_loop_head)
-              apply (rule Rel_Invs[of bb0_unwrapped])
-              apply (simp add: bb0_unwrapped_def)
-            apply (simp add: bb0_unwrapped_def)
-           apply (simp, simp, simp)
-       apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_1)
-       apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_1_def)
-      apply(rule disjE)
-        apply assumption
-    
-       apply (erule allE[where x = 2])+
-       apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_1)
-       apply (simp add:member_rec(1))
-       apply (rule conjE)
-        apply assumption
-       apply simp
-       apply (rule loop1_body_bb1_wrapped_global_rel)
-         apply (simp add: loop1_body_bb1_def)
-        apply (rule correctness_propagates_through_assumption2)
-            apply assumption
-           apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_2)
-           apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_2_def)
-          apply assumption
-         apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_2)
-         apply (simp add: member_rec)
-         apply assumption
-        apply (rule correctness_propagates_through_assumption4)
-             apply blast
-            apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_2)
-            apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_2_def)
-           apply simp
-          apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_2)
-          apply (simp add: member_rec)
-         apply simp+
-       apply (rule less.IH)
-         apply (rule strictly_smaller_helper2)
-          apply assumption+
-
-      apply (erule allE[where x = 9])+
-      apply (simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_1)
-      apply (simp add:member_rec(1))
-      apply (rule conjE)
-       apply assumption
-      apply simp
-      apply (rule ending_after_skipping_endblock)
-           apply assumption
-          apply simp
-         apply simp
-         apply blast
-        apply blast
-        apply simp
-       apply simp
-      apply (rule end_global_rel)
-         apply (simp add: empty_bb_def)
-        apply simp
-       apply assumption+
-      done
-  qed
-qed
-
-lemma entry_block_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop2_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop2_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms
-proof -
-  show ?thesis
-    apply (rule block_global_rel_while_successor)
-           apply (rule j_step_ast_trace)
-          apply (rule Rel_Main_test[of bigblock0 _ nested_loop2_before_cfg_to_dag_prog.block_0])
-            apply (simp add: bigblock0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: bigblock0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
-          apply (simp add: bigblock0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
-        apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)
-       apply (rule disjI1)
-       apply (rule nested_loop2_before_cfg_to_dag_prog.node_0)
-       apply (rule cfg_is_correct, simp)
-      apply (rule cfg_satisfies_post, blast)
-      apply simp
-     apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_0)
-     apply (rule bb0_local_rel)
-      apply assumption
-     apply simp
-    apply (erule allE[where x = 1])+
-    apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp add: member_rec(1))
-    apply (rule bb0_unwrapped_global_rel)
-     apply (simp add: bb0_unwrapped_def)
-    apply blast+
-    done
-qed
-
-end
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_ast_cfg.thy
deleted file mode 100644
index e1a7c7d..0000000
--- a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_ast_cfg.thy
+++ /dev/null
@@ -1,108 +0,0 @@
-theory nested_loop2_before_ast_cfg
-  imports
-    Boogie_Lang.Ast
-    Boogie_Lang.Semantics 
-    Boogie_Lang.TypeSafety 
-    Boogie_Lang.Util 
-    "../global_data"
-begin
-
-definition bigblock0 
-  where "bigblock0 \<equiv> BigBlock None [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]
-                     (Some (WhileWrapper 
-                           (ParsedWhile (Some ((Lit (LBool True))))
-                            []
-                            [(BigBlock None []
-                             (Some (WhileWrapper 
-                                   (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                                   [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                                   [(BigBlock None [] 
-                                    (Some (WhileWrapper 
-                                         (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                                          [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                                          [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
-                                     None),
-                                   (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
-                              None)])))
-                       None"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 # []"
-
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop2_before_ast_cfg.params_vdecls_def nested_loop2_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_ast_cfg.params_vdecls) )"
-unfolding nested_loop2_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_ast_cfg.locals_vdecls) )"
-unfolding nested_loop2_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_ast_cfg.params_vdecls nested_loop2_before_ast_cfg.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = nested_loop2_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop2_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec nested_loop2_before_ast_cfg.post),proc_body = (Some (nested_loop2_before_ast_cfg.locals_vdecls,nested_loop2_before_ast_cfg.proc_body))|)"
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
deleted file mode 100644
index a66cb30..0000000
--- a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_ast_cfg_proof.thy
+++ /dev/null
@@ -1,529 +0,0 @@
-theory nested_loop_ast_cfg_proof
-  imports Main 
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          nested_loop_before_cfg_to_dag_prog 
-          nested_loop_before_ast_cfg
-          nested_loop_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-
-begin
-declare Nat.One_nat_def[simp del]
-
-abbreviation \<Lambda>1_local
-  where
-    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
-
-definition outer_body_bb1 
-  where "outer_body_bb1 \<equiv> 
-                     (BigBlock None [] 
-                     (Some (WhileWrapper 
-                           (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                            [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                            [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
-                      None)"
-
-definition outer_body_bb2
-  where "outer_body_bb2 \<equiv> (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)"
-
-definition outer_body_bb1_unwrapped where
-  "outer_body_bb1_unwrapped \<equiv> 
-                   (BigBlock None [] 
-                   (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                          [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                          [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None])) 
-                    None)"
-
-definition inner_body_bb1 
-  where "inner_body_bb1 \<equiv> (BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None)"
-
-definition loop_only_bigblock0 where
-  "loop_only_bigblock0 \<equiv> 
-                      (BigBlock None []
-                      (Some (WhileWrapper 
-                            (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                            [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                            [(BigBlock None [] 
-                             (Some (WhileWrapper 
-                                   (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                                    [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                                    [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
-                             None),
-                             (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
-                       None)"
-
-definition bb0_unwrapped where
-  "bb0_unwrapped \<equiv> (BigBlock None []
-                    (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                          [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                          [(BigBlock None [] 
-                           (Some (WhileWrapper 
-                                 (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                                  [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                                  [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
-                           None),
-                           (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)])) 
-                     None)"
-
-definition empty_bb where
-  "empty_bb \<equiv> (BigBlock None [] None None)"
-
-lemma bb0_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock0])
-           apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-          apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)+
-        apply (rule Red_bb)
-       apply (rule Red_impl)
-      apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)+
-    done
-qed
-
-lemma inner_body_bb1_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (inner_body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_4, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    unfolding nested_loop_before_cfg_to_dag_prog.block_4_def 
-    apply (rule guard_holds_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of inner_body_bb1])
-             apply (simp add: inner_body_bb1_def)
-            apply simp
-           apply simp+
-          apply (rule Red_bb)
-         apply (rule push_through_assumption_test1, rule Red_impl)
-            apply (simp add: nested_loop_before_cfg_to_dag_prog.block_4_def)
-           apply (simp add: trace_is_possible inner_body_bb1_def)+
-    done
-qed
-
-lemma outer_body_bb2_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (outer_body_bb2 , KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>nested_loop_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    unfolding nested_loop_before_cfg_to_dag_prog.block_5_def 
-    apply (rule guard_fails_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of outer_body_bb2])
-             apply (simp add: outer_body_bb2_def)
-            apply simp+
-          apply (rule Red_bb)
-         apply (rule Red_impl)
-         apply (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def)
-         apply (rule push_through_assumption1)
-             apply simp
-            apply (rule neg_gt2)
-           apply (rule trace_is_possible)
-          apply (simp add: outer_body_bb2_def)+
-     apply (rule neg_gt2)
-    apply (rule trace_is_possible)
-    done
-qed
-
-
-lemma end_global_rel: 
-  assumes Red_bb: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (empty_bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 6, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
-shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
-proof -
-  have node3_loc: "node_to_block nested_loop_before_cfg_to_dag_prog.proc_body ! 6 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
-    by (simp add: nested_loop_before_cfg_to_dag_prog.block_6_def nested_loop_before_cfg_to_dag_prog.node_6)
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-            apply (rule Rel_Invs[of empty_bb])
-            apply (simp add: empty_bb_def)
-           apply (rule Red_bb)
-          apply (simp add: empty_bb_def)
-         apply simp+
-        apply (rule disjI2)
-        apply (rule disjI2)
-        apply (rule conjI)
-         apply (rule node3_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule conjI)
-         apply (rule neg_gt2)
-        apply (rule trace_is_possible)
-       apply (rule nested_loop_before_cfg_to_dag_prog.outEdges_6)
-      apply (rule cfg_is_correct, simp)
-     apply (rule cfg_satisfies_post, blast)
-     apply simp
-    apply (simp add: empty_bb_def)
-    apply (simp add: end_static)
-    done
-qed
-
-
-lemma outer_body_bb2_global_rel:
-  assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb2, KSeq bb0_unwrapped (KEndBlock KStop), (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
-  and loop_ih:
-        "\<And>k ns1'. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, (KEndBlock KStop), Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m' s'.
-                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                  is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  using assms
-proof -
-  have node5_loc: "node_to_block nested_loop_before_cfg_to_dag_prog.proc_body ! 5 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
-    by (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def nested_loop_before_cfg_to_dag_prog.node_5)
-  show ?thesis 
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of outer_body_bb2])
-             apply (simp add: outer_body_bb2_def)
-            apply simp
-          apply (rule assms(1))
-         apply (simp add: outer_body_bb2_def)
-        apply (rule disjI2)
-        apply (rule disjI2)
-        apply (rule conjI)
-         apply (rule node5_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule conjI)
-         apply (rule neg_gt2)
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-        apply simp+
-       apply (rule cfg_satisfies_post, blast)
-       apply simp+
-     apply (simp add: nested_loop_before_cfg_to_dag_prog.node_5)
-     apply (rule outer_body_bb2_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    apply (erule allE[where x=1])+
-    apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_5)
-    apply (simp add: member_rec(1))
-    apply (rule loop_ih)
-       apply simp+
-    apply (blast)
-    done
-qed
-
-
-lemma inner_loop_body_global_rel:
-  assumes j_step_ast_trace: 
-          "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (inner_body_bb1, (KSeq outer_body_bb1_unwrapped (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))))), Normal ns1) -n\<longrightarrow>^j 
-                                 (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 1) Gt (Lit (LInt 0))),ns1\<rangle> \<Down> BoolV True"
-  and loop_ih:
-        "\<And>k ns1''. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(outer_body_bb1_unwrapped, (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop)))), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m' s'.
-                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega>  nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega>  nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
-proof -
-  have node5_loc: "node_to_block nested_loop_before_cfg_to_dag_prog.proc_body ! 4 = 
-                   [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]" 
-    by (simp add: nested_loop_before_cfg_to_dag_prog.block_4_def nested_loop_before_cfg_to_dag_prog.node_4)
-  show ?thesis 
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of inner_body_bb1])
-             apply (simp add: inner_body_bb1_def)
-            apply simp
-          apply (rule assms(1))
-         apply (simp add: inner_body_bb1_def)
-        apply (rule disjI2)
-        apply (rule disjI1)
-        apply (rule conjI)
-         apply (rule node5_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-        apply simp+
-       apply (rule cfg_satisfies_post, blast)
-       apply simp+
-     apply (simp add: nested_loop_before_cfg_to_dag_prog.node_4)
-     apply (rule inner_body_bb1_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-
-    apply (erule allE[where x=3])+
-    apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_4)
-    apply (simp add: member_rec(1))
-    apply (rule loop_ih)
-       apply simp+
-    apply blast
-    done
-qed
-
-
-lemma inner_loop_head_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1_unwrapped, (KEndBlock (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop)))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
-  and loop_ih:
-        "\<And>k ns1'. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m' s'.
-                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-  case (less j)
-  then show ?case 
-  proof (cases j)
-    case 0
-    then show ?thesis
-      using Ast.valid_configuration_def less.prems(1) by fastforce
-  next
-    case (Suc j')
-    show ?thesis
-      apply (rule block_global_rel_loop_head)
-              apply (rule Rel_Invs[of outer_body_bb1_unwrapped _ _ _ nested_loop_before_cfg_to_dag_prog.block_3])
-              apply (simp add: outer_body_bb1_unwrapped_def nested_loop_before_cfg_to_dag_prog.block_3_def)
-             apply (rule less(2))
-            apply (rule less(3), simp)
-           apply (rule less(4), blast)
-           apply simp
-           apply (simp add: outer_body_bb1_unwrapped_def)
-          apply simp
-         apply (rule block_local_rel_loop_head)
-             apply (rule Rel_Invs[of outer_body_bb1_unwrapped])
-             apply (simp add: outer_body_bb1_unwrapped_def)
-            apply (simp add: outer_body_bb1_unwrapped_def)
-           apply (simp)
-          apply (rule nested_loop_before_cfg_to_dag_prog.block_3_def)
-         apply (simp, simp)
-        apply (simp add: nested_loop_before_cfg_to_dag_prog.node_3)
-       apply simp
-      apply(rule disjE)
-        apply assumption
-
-       apply (erule allE[where x = 4])+
-       apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)
-       apply (simp add:member_rec(1))
-       apply (rule conjE)
-        apply assumption
-       apply simp
-       apply (rule inner_loop_body_global_rel) 
-          apply (simp add: inner_body_bb1_def)
-          apply simp
-         apply (blast)
-        apply assumption
-       apply (rule less.IH)
-         apply (rule strictly_smaller_helper2)
-           apply assumption
-          apply assumption
-         apply assumption
-         apply assumption
-        apply blast
-       apply (rule less.prems(4))
-         apply (rule strictly_smaller_helper3)
-           apply assumption+
-
-      apply (erule allE[where x = 5])+
-      apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)
-      apply (simp add:member_rec(1))
-      apply (rule conjE)
-       apply assumption
-      apply simp
-      apply (rule ending_after_skipping_endblock2)
-           apply assumption
-          apply assumption
-         apply simp
-         apply blast
-        apply blast
-        apply simp
-      apply (rule outer_body_bb2_global_rel)
-          apply assumption+
-      apply (rule less.prems(4))
-        apply (rule strictly_smaller_helper4)
-           apply assumption+
-      done
-  qed
-qed
-
-lemma inner_loop_head_global_rel_wrapped:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (outer_body_bb1, (KSeq outer_body_bb2 (KSeq bb0_unwrapped (KEndBlock KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
-  and loop_ih:
-        "\<And>k ns1'. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(bb0_unwrapped, KEndBlock KStop, Normal ns1') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m' s'.
-                   (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                   is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  apply (rule ending_after_unwrapping)
-     apply (rule j_step_ast_trace)
-    apply (simp add: outer_body_bb1_def)
-    apply (rule cfg_is_correct, simp)
-   apply (rule cfg_satisfies_post, blast)
-   apply simp
-  apply (rule inner_loop_head_global_rel)
-    apply (simp add: outer_body_bb1_unwrapped_def)
-    apply assumption
-   apply blast
-  apply (rule loop_ih)
-    apply (rule strictly_smaller_helper2)
-     apply assumption+
-  done
-
-lemma outer_loop_head_global_rel:
-  assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bb0_unwrapped, KEndBlock KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms 
-proof (induction j arbitrary: ns1 rule: less_induct)
-  case (less j)
-  then show ?case 
-  proof (cases j)
-    case 0
-    then show ?thesis
-      using valid_configuration_def less.prems(1) by fastforce
-  next
-    case (Suc j')
-    show ?thesis
-      apply (rule block_global_rel_loop_head) 
-              apply (rule Rel_Invs[of bb0_unwrapped])
-              apply (simp add: bb0_unwrapped_def)
-             apply (rule less(2))
-            apply (rule less(3), simp)
-           apply (rule less(4), blast)
-           apply simp
-           apply (simp add: bb0_unwrapped_def)
-          apply simp
-         apply (rule block_local_rel_loop_head)
-              apply (rule Rel_Invs[of bb0_unwrapped])
-              apply (simp add: bb0_unwrapped_def)
-            apply (simp add: bb0_unwrapped_def)
-           apply (simp, simp, simp)
-       apply (simp add: nested_loop_before_cfg_to_dag_prog.node_1)
-        apply (simp add: nested_loop_before_cfg_to_dag_prog.block_1_def)
-       apply simp
-       apply(rule disjE)
-        apply assumption
-    
-       apply (erule allE[where x = 2])+
-       apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_1)
-       apply (simp add:member_rec(1))
-       apply (rule conjE)
-        apply assumption
-       apply simp
-       apply (rule inner_loop_head_global_rel_wrapped)
-         apply (simp add: outer_body_bb1_def outer_body_bb2_def)
-        apply (rule correctness_propagates_through_assumption2)
-            apply assumption
-           apply (simp add: nested_loop_before_cfg_to_dag_prog.node_2)
-           apply (simp add: nested_loop_before_cfg_to_dag_prog.block_2_def)
-          apply assumption
-         apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_2)
-         apply (simp add: member_rec)
-         apply assumption
-        apply (rule correctness_propagates_through_assumption4)
-             apply blast
-            apply (simp add: nested_loop_before_cfg_to_dag_prog.node_2)
-            apply (simp add: nested_loop_before_cfg_to_dag_prog.block_2_def)
-           apply simp
-          apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_2)
-          apply (simp add: member_rec)
-         apply simp+
-       apply (rule less.IH)
-         apply (rule strictly_smaller_helper2)
-          apply assumption+
-
-      apply (erule allE[where x = 6])+
-      apply (simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1)
-      apply (simp add:member_rec(1))
-      apply (rule conjE)
-       apply assumption
-      apply simp
-      apply (rule ending_after_skipping_endblock)
-           apply assumption
-          apply simp
-         apply simp+
-         apply blast+
-        apply simp
-      apply (rule end_global_rel)
-         apply (simp add: empty_bb_def)+
-       apply blast+
-      done
-  qed
-qed
-
-lemma entry_block_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                           (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,nested_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                           is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) nested_loop_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> nested_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms
-proof -
-  show ?thesis
-    unfolding nested_loop_before_cfg_to_dag_prog.post_def
-    apply (rule block_global_rel_while_successor)
-           apply (rule j_step_ast_trace)
-          apply (rule Rel_Main_test[of bigblock0 _ nested_loop_before_cfg_to_dag_prog.block_0])
-          apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-          apply (simp add: bigblock0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-        apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
-       apply (rule disjI1)
-       apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
-       apply (rule cfg_is_correct, simp)
-      apply (rule cfg_satisfies_post, blast)
-      apply simp
-     apply (simp add: nested_loop_before_cfg_to_dag_prog.node_0)
-     apply (rule bb0_local_rel)
-      apply assumption
-     apply simp
-    apply (erule allE[where x = 1])+
-    apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp add: member_rec(1))
-    apply (rule outer_loop_head_global_rel)
-      apply (simp add: bb0_unwrapped_def)
-     apply blast+
-    done
-qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy
deleted file mode 100644
index 9933ba9..0000000
--- a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_cfg.thy
+++ /dev/null
@@ -1,103 +0,0 @@
-theory nested_loop_before_ast_cfg
-  imports
-    Boogie_Lang.Ast
-    Boogie_Lang.Semantics 
-    Boogie_Lang.TypeSafety 
-    Boogie_Lang.Util 
-    "../global_data"
-begin
-
-definition bigblock0 
-  where "bigblock0 \<equiv> (BigBlock None [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]
-                      (Some (WhileWrapper 
-                            (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                            [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                            [(BigBlock None [] 
-                             (Some (WhileWrapper 
-                                   (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0))))
-                                    [(BinOp (Var 1) Ge (Lit (LInt 0)))] 
-                                    [BigBlock None [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] None None]))) 
-                             None),
-                             (BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None)]))) 
-                       None)"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 # []"
-
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop_before_ast_cfg.params_vdecls_def nested_loop_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_cfg.params_vdecls) )"
-unfolding nested_loop_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_cfg.locals_vdecls) )"
-unfolding nested_loop_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_ast_cfg.params_vdecls nested_loop_before_ast_cfg.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = nested_loop_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec nested_loop_before_ast_cfg.post),proc_body = (Some (nested_loop_before_ast_cfg.locals_vdecls,nested_loop_before_ast_cfg.proc_body))|)"
-
-end
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_ast_cfg_proof.thy
deleted file mode 100644
index 74057e6..0000000
--- a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_ast_cfg_proof.thy
+++ /dev/null
@@ -1,166 +0,0 @@
-theory no_guard_empty_branch_if_ast_cfg_proof
-  imports Main
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          no_guard_empty_branch_if_before_cfg_to_dag_prog 
-          no_guard_empty_branch_if_before_ast_cfg
-          no_guard_empty_branch_if_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-
-begin
-declare Nat.One_nat_def[simp del]
-
-definition bigblock_then 
-  where "bigblock_then \<equiv> BigBlock None [] None None"
-
-definition bigblock_else
-  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 6)))] None None"
-
-lemma bigblock0_local_rel:
-  assumes Red_bb0_to: 
-      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic) 
-           apply (rule Rel_Main_test[of bigblock0])
-            apply (simp add: bigblock0_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: bigblock0_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)+
-    done
-qed
-
-lemma bigblock_else_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of bigblock_else])
-            apply (simp add: bigblock_else_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def)
-           apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def)
-            apply simp
-           apply simp
-          apply (rule Red_bb0_to)
-         apply (rule Red0_impl)
-       apply (simp add: bigblock_else_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def)+
-    done
-qed
-
-lemma block_then_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) no_guard_empty_branch_if_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)"                
-proof -
-  have node2_loc: "node_to_block no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ! 2 = []" 
-    by (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-            apply (rule Rel_Invs[of bigblock_then])
-            apply (simp add: bigblock_then_def)
-           apply (rule assms(1))
-          apply (simp add: bigblock_then_def)
-         apply simp
-        apply (rule disjI1)
-         apply (rule node2_loc)
-       apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
-      apply (rule assms(2), simp)
-     apply (rule cfg_satisfies_post, blast)
-     apply simp
-    apply (simp add: bigblock_then_def)
-    apply (simp add: end_static)
-    done
-qed
-
-
-lemma block_else_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) no_guard_empty_branch_if_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node1_loc: "node_to_block no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ! 1 = [(Assign 0 (Lit (LInt 6)))]" 
-    by (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-           apply (rule Rel_Main_test[of bigblock_else])
-             apply (simp add: bigblock_else_def)
-            apply simp
-          apply (rule assms(1))
-          apply (simp add: bigblock_else_def)
-         apply simp
-        apply (rule disjI1)
-        apply (rule node1_loc)
-       apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
-       apply (rule assms(2))
-      apply simp+
-     apply (rule cfg_satisfies_post, blast)
-     apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)+
-     apply (rule bigblock_else_local_rel)
-       apply assumption
-      apply simp
-    done
-qed
-
-
-lemma block0_global_rel:
-  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) no_guard_empty_branch_if_before_ast_cfg.post)"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis 
-    apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Main_test[of bigblock0 _ no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0])
-             apply (simp add: bigblock0_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-            apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-          apply (rule ast_trace)
-          apply (simp add: bigblock0_def)
-         apply (rule disjI1)
-        apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
-       apply (rule assms(1))
-        apply simp+
-       apply (rule cfg_satisfies_post, blast)
-       apply simp+
-     apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
-     apply (rule bigblock0_local_rel)
-      apply (simp add: bigblock0_def)
-     apply assumption
-    apply simp
-    apply (rule disjE)
-      apply assumption
-
-     apply (erule allE[where x=2])+
-     apply (simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
-     apply (simp add:member_rec(1))
-     apply (rule block_then_global_rel)
-       apply (simp add: bigblock_then_def)       
-      apply simp
-     apply blast
-   
-    apply (erule allE[where x=1])+
-    apply (simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp add:member_rec(1))
-    apply (rule block_else_global_rel)
-      apply (simp add: bigblock_else_def)
-     apply simp
-    apply blast
-    done
-qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_cfg.thy
deleted file mode 100644
index b6202a8..0000000
--- a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_cfg.thy
+++ /dev/null
@@ -1,87 +0,0 @@
-theory no_guard_empty_branch_if_before_ast_cfg
-  imports
-    Boogie_Lang.Ast
-    Boogie_Lang.Semantics 
-    Boogie_Lang.TypeSafety 
-    Boogie_Lang.Util 
-    "../global_data"
-begin
-
-definition bigblock0 
-  where
-    "bigblock0 = BigBlock None [Havoc 0] 
-                  (Some (ParsedIf None 
-                            [(BigBlock None [] None None)]
-                            [(BigBlock None [(Assign 0 (Lit (LInt 6)))] None None )]))
-                   None"
-
-definition proc_body
-  where
-    "proc_body  = bigblock0 # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_empty_branch_if_before_ast_cfg.params_vdecls_def no_guard_empty_branch_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_ast_cfg.params_vdecls) )"
-unfolding no_guard_empty_branch_if_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_ast_cfg.locals_vdecls) )"
-unfolding no_guard_empty_branch_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_ast_cfg.params_vdecls no_guard_empty_branch_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = no_guard_empty_branch_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_ast_cfg.post),proc_body = (Some (no_guard_empty_branch_if_before_ast_cfg.locals_vdecls,no_guard_empty_branch_if_before_ast_cfg.proc_body))|)"
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
deleted file mode 100644
index 8f0601e..0000000
--- a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_ast_cfg_proof.thy
+++ /dev/null
@@ -1,195 +0,0 @@
-theory no_guard_if_ast_cfg_proof
-  imports Main
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          no_guard_if_before_cfg_to_dag_prog 
-          no_guard_if_before_ast_cfg
-          no_guard_if_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-
-begin
-declare Nat.One_nat_def[simp del]
-
-definition bigblock_then 
-  where "bigblock_then \<equiv> BigBlock None [(Assign 0 (Lit (LInt 0)))] None None"
-
-definition bigblock_else
-  where "bigblock_else \<equiv> BigBlock None [(Assign 0 (Lit (LInt 1)))] None None"
-
-lemma bigblock0_local_rel:
-  assumes Red_bb0_to: 
-      "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock0, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock0])
-            apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)
-          apply simp
-         apply simp
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl, simp)
-      apply (simp add: bigblock0_def)
-     apply (simp)
-    apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)
-    done
-qed
-
-
-lemma bigblock_then_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_then, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis
-    unfolding no_guard_if_before_cfg_to_dag_prog.block_2_def 
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock_then])
-           apply (simp add: bigblock_then_def)
-          apply simp
-         apply simp+
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_2_def)
-      apply (simp add: bigblock_then_def)
-    by simp_all
-qed
-
-lemma bigblock_else_local_rel:
-  assumes Red_bb0_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bigblock_else, KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red0_impl: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)" 
-  shows "reached_state \<noteq> Failure \<and> 
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>no_guard_if_before_cfg_to_dag_prog.block_1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-proof -
-  show ?thesis
-    unfolding no_guard_if_before_cfg_to_dag_prog.block_1_def 
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock_else])
-           apply (simp add: bigblock_else_def)
-          apply simp
-         apply simp+
-        apply (rule Red_bb0_to)
-       apply (rule Red0_impl)
-       apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_1_def)
-      apply (simp add: bigblock_else_def)
-    by simp_all
-qed
-
-
-lemma block_then_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_then, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,no_guard_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) no_guard_if_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node2_loc: "node_to_block no_guard_if_before_cfg_to_dag_prog.proc_body ! 2 = [(Assign 0 (Lit (LInt 0)))]" 
-    by (simp add: no_guard_if_before_cfg_to_dag_prog.block_2_def no_guard_if_before_cfg_to_dag_prog.node_2)
-  show ?thesis 
-    apply (rule generic_ending_block_global_rel)
-         apply (rule Rel_Main_test[of bigblock_then])
-             apply (simp add: bigblock_then_def)
-            apply simp
-        apply (rule assms(1))
-       apply (simp add: bigblock_then_def)
-         apply simp
-        apply (rule disjI1)
-        apply (rule node2_loc)
-       apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_2)
-      apply (rule assms(2))
-      apply simp
-     apply (rule cfg_satisfies_post, blast)
-     apply simp
-    apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_2)
-    apply (rule bigblock_then_local_rel)
-     apply simp+
-    done
-qed
-
-
-lemma block_else_global_rel:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock_else, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,no_guard_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) no_guard_if_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  have node1_loc: "node_to_block no_guard_if_before_cfg_to_dag_prog.proc_body ! 1 = [(Assign 0 (Lit (LInt 1)))]" 
-    by (simp add: no_guard_if_before_cfg_to_dag_prog.block_1_def no_guard_if_before_cfg_to_dag_prog.node_1)
-  show ?thesis 
-    apply (rule generic_ending_block_global_rel)
-         apply (rule Rel_Main_test[of bigblock_else])
-             apply (simp add: bigblock_else_def)
-            apply simp
-        apply (rule assms(1))
-       apply (simp add: bigblock_else_def)
-         apply simp
-        apply (rule disjI1)
-        apply (rule node1_loc)
-       apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_1)
-      apply (rule assms(2))
-      apply simp
-     apply (rule cfg_satisfies_post, blast)
-     apply simp
-    apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_1)
-    apply (rule bigblock_else_local_rel)
-     apply simp+
-    done
-qed
-
-
-lemma block0_global_rel:
-  assumes  "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>,\<Gamma>,\<Omega>,no_guard_if_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda> \<Gamma> \<Omega> ns_end) no_guard_if_before_ast_cfg.post)"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> no_guard_if_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-proof -
-  show ?thesis 
-    apply (rule block_global_rel_if_successor)
-           apply (rule Rel_Main_test[of bigblock0 _ no_guard_if_before_cfg_to_dag_prog.block_0])
-             apply (simp add: bigblock0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
-            apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)
-          apply (rule ast_trace)
-          apply (simp add: bigblock0_def)
-         apply (rule disjI1)
-        apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
-       apply (rule assms(1))
-        apply simp
-       apply (rule cfg_satisfies_post, blast)
-       apply simp+
-     apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_0)
-     apply (rule bigblock0_local_rel)
-      apply (simp add: bigblock0_def)
-     apply assumption
-    apply simp
-    apply (rule disjE)
-      apply assumption
-
-     apply (erule allE[where x=2])+
-     apply (simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0)
-     apply (simp add:member_rec(1))
-    unfolding no_guard_if_before_cfg_to_dag_prog.post_def
-     apply (rule block_then_global_rel)
-      apply (simp add: bigblock_then_def)
-      apply simp
-     apply blast
-   
-    apply (erule allE[where x=1])+
-    apply (simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp add:member_rec(1))
-    apply (rule block_else_global_rel)
-      apply (simp add: bigblock_else_def)
-     apply simp
-    apply blast
-    done
-qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy
deleted file mode 100644
index 324a21d..0000000
--- a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_cfg.thy
+++ /dev/null
@@ -1,85 +0,0 @@
-theory no_guard_if_before_ast_cfg
-  imports Main
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "../global_data"
-
-begin
-
-definition bigblock0
-  where "bigblock0 \<equiv> 
-          (BigBlock None [(Havoc 0)] 
-            (Some (ParsedIf None 
-                  [BigBlock None [(Assign 0 (Lit (LInt 0)))] None None] [BigBlock None [(Assign 0 (Lit (LInt 1)))] None None])) 
-             None)"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_if_before_ast_cfg.params_vdecls_def no_guard_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_cfg.params_vdecls) )"
-unfolding no_guard_if_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_cfg.locals_vdecls) )"
-unfolding no_guard_if_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_ast_cfg.params_vdecls no_guard_if_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = no_guard_if_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_if_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec no_guard_if_before_ast_cfg.post),proc_body = (Some (no_guard_if_before_ast_cfg.locals_vdecls,no_guard_if_before_ast_cfg.proc_body))|)"
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_ast_cfg_proof.thy
deleted file mode 100644
index 2a3c107..0000000
--- a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_ast_cfg_proof.thy
+++ /dev/null
@@ -1,283 +0,0 @@
-theory no_inv_loop_ast_cfg_proof
-  imports Main 
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          no_inv_loop_before_cfg_to_dag_prog 
-          no_inv_loop_before_ast_cfg
-          no_inv_loop_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-
-begin
-declare Nat.One_nat_def[simp del]
-
-abbreviation \<Lambda>1_local
-  where
-    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls))"
-
-definition body_bb1 
-  where "body_bb1 \<equiv> BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None"
-
-definition loop_only_bigblock0 
-  where
-    "loop_only_bigblock0 = BigBlock None []
-                    (Some (WhileWrapper 
-                          (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None])))
-                     None"
-
-definition unwrapped_bigblock0 
-  where
-    "unwrapped_bigblock0 = BigBlock None []
-                    (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None]))
-                     None"
-
-definition empty_bb 
-  where
-    "empty_bb = BigBlock None [] None None"
-
-lemma bb0_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>no_inv_loop_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock0 _ no_inv_loop_before_cfg_to_dag_prog.block_0])
-            apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-          apply simp+
-        apply (rule Red_bb)
-       apply (rule Red_impl, simp)
-      apply (simp add: bigblock0_def)
-     apply simp
-    apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-    done
-qed
-
-lemma loop_body_bb_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>no_inv_loop_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    unfolding no_inv_loop_before_cfg_to_dag_prog.block_2_def 
-    apply (rule guard_holds_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of body_bb1])
-             apply (simp add: body_bb1_def)
-            apply simp
-           apply simp+
-          apply (rule Red_bb)
-         apply (rule push_through_assumption_test1, rule Red_impl)
-            apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_2_def)
-           apply (simp add: trace_is_possible body_bb1_def)+
-    done
-qed
-
-lemma end_global_rel: 
-  assumes Red_bb: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (empty_bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,no_inv_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) no_inv_loop_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Gt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
-shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
-proof -
-  have node3_loc: "node_to_block no_inv_loop_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]" 
-    by (simp add: no_inv_loop_before_cfg_to_dag_prog.block_3_def no_inv_loop_before_cfg_to_dag_prog.node_3)
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-            apply (rule Rel_Invs[of empty_bb])
-            apply (simp add: empty_bb_def)
-           apply (rule Red_bb)
-          apply (simp add: empty_bb_def)
-         apply simp
-        apply (rule disjI2)
-        apply (rule disjI2)
-        apply (rule conjI)
-         apply (rule node3_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule conjI)
-         apply (rule neg_gt2)
-        apply (rule trace_is_possible)
-       apply (rule no_inv_loop_before_cfg_to_dag_prog.outEdges_3)
-      apply (rule cfg_is_correct, simp)
-     apply (rule cfg_satisfies_post, blast)
-     apply simp
-    apply (simp add: empty_bb_def)
-    apply (simp add: end_static)
-    done
-qed
-
-
-
-lemma second_loop_body_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb1, (KSeq unwrapped_bigblock0 (KEndBlock KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,no_inv_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) no_inv_loop_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
-  and loop_ih:
-        "\<And>k ns1''. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock0, (KEndBlock KStop), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m' s'.
-                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,no_inv_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) no_inv_loop_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
-proof -
-  have node2_loc: "node_to_block no_inv_loop_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
-    by (simp add: no_inv_loop_before_cfg_to_dag_prog.block_2_def no_inv_loop_before_cfg_to_dag_prog.node_2)
-  show ?thesis 
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of body_bb1])
-             apply (simp only: body_bb1_def)
-            apply simp
-          apply (rule assms(1))
-         apply (simp add: body_bb1_def)
-        apply (rule disjI2)
-        apply (rule disjI1)
-        apply (rule conjI)
-         apply (rule node2_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-        apply simp+
-       apply (rule cfg_satisfies_post, blast)
-       apply simp+
-     apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_2)
-     apply (rule loop_body_bb_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    apply (erule allE[where x=1])+
-    apply (simp add: no_inv_loop_before_cfg_to_dag_prog.outEdges_2)
-    apply (simp add: member_rec(1))
-    apply (rule loop_ih)
-       apply simp+
-    apply blast
-    done
-qed
-
-lemma second_loop_head_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock0, (KEndBlock KStop), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,no_inv_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) no_inv_loop_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-  case (less j)
-  then show ?case 
-  proof (cases j)
-    case 0
-    then show ?thesis
-      using Ast.valid_configuration_def less.prems(1) by fastforce
-  next
-    case (Suc j')
-    show ?thesis
-      apply (rule block_global_rel_loop_head)
-              apply (rule Rel_Invs[of unwrapped_bigblock0 _ _ _ no_inv_loop_before_cfg_to_dag_prog.block_1])
-              apply (simp add: unwrapped_bigblock0_def)
-             apply (rule less(2))
-            apply (rule less(3), simp)
-           apply (rule less(4), blast)
-           apply simp
-           apply (simp add: unwrapped_bigblock0_def)
-          apply simp                 
-         apply (rule block_local_rel_loop_head)
-              apply (rule Rel_Invs[of unwrapped_bigblock0])
-              apply (simp add: unwrapped_bigblock0_def)
-           apply (simp add: unwrapped_bigblock0_def)
-           apply simp
-           apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_1_def)
-          apply simp
-         apply simp
-        apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_1_def)
-       apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_1)
-       apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_1_def)
-      apply(rule disjE)
-        apply assumption
-
-       apply (erule allE[where x = 2])+
-       apply (simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1)
-       apply (simp add:member_rec(1))
-       apply (rule conjE)
-        apply assumption
-       apply simp
-       apply (rule second_loop_body_global_rel)
-          apply (simp add: body_bb1_def)
-          apply simp
-         apply blast
-        apply assumption
-       apply (rule less.IH)
-         apply (erule strictly_smaller_helper2)
-         apply assumption+
-
-      apply (erule allE[where x = 3])+
-      apply (simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1)
-      apply (simp add:member_rec(1))
-      apply (rule conjE)
-       apply assumption
-      apply simp
-      apply (rule ending_after_skipping_endblock)
-          apply assumption
-          apply simp
-         apply simp
-         apply blast
-        apply blast
-        apply simp
-      apply (rule end_global_rel)
-         apply (simp add: empty_bb_def)+
-       apply blast+
-      done
-   qed
- qed
-
-lemma entry_block_global_rel:
-  assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,no_inv_loop_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) no_inv_loop_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> no_inv_loop_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms
-proof -
-  show ?thesis
-    apply (rule block_global_rel_while_successor)
-          apply (rule j_step_ast_trace)
-          apply (rule Rel_Main_test[of bigblock0 _ no_inv_loop_before_cfg_to_dag_prog.block_0])
-          apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-          apply (simp add: bigblock0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-        apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-       apply (rule disjI1)
-       apply (rule no_inv_loop_before_cfg_to_dag_prog.node_0)
-       apply (rule cfg_is_correct, simp)
-      apply (rule cfg_satisfies_post, blast)
-      apply simp
-     apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_0)
-     apply (rule bb0_local_rel)
-      apply assumption
-     apply simp
-      apply (erule allE[where x = 1])+
-    apply (simp add: no_inv_loop_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp add: member_rec(1))
-    apply (rule second_loop_head_global_rel)
-     apply (simp add: unwrapped_bigblock0_def)
-     apply blast+
-    done
-qed
-
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_cfg.thy
deleted file mode 100644
index 5cb2dca..0000000
--- a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_cfg.thy
+++ /dev/null
@@ -1,86 +0,0 @@
-theory no_inv_loop_before_ast_cfg
-  imports
-    Boogie_Lang.Ast
-    Boogie_Lang.Semantics 
-    Boogie_Lang.TypeSafety 
-    Boogie_Lang.Util 
-    "../global_data"
-begin
-
-definition bigblock0 
-  where
-    "bigblock0 = BigBlock None [Havoc 0]
-                    (Some (WhileWrapper 
-                          (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None])))
-                     None"
-
-definition proc_body
-  where
-    "proc_body  = bigblock0 # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding no_inv_loop_before_ast_cfg.params_vdecls_def no_inv_loop_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_ast_cfg.params_vdecls) )"
-unfolding no_inv_loop_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_ast_cfg.locals_vdecls) )"
-unfolding no_inv_loop_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_ast_cfg.params_vdecls no_inv_loop_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = no_inv_loop_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_inv_loop_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec no_inv_loop_before_ast_cfg.post),proc_body = (Some (no_inv_loop_before_ast_cfg.locals_vdecls,no_inv_loop_before_ast_cfg.proc_body))|)"
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_ast_cfg_proof.thy
deleted file mode 100644
index bdf9a28..0000000
--- a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_ast_cfg_proof.thy
+++ /dev/null
@@ -1,297 +0,0 @@
-theory triangle_ast_cfg_proof
-  imports Main 
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          triangle_before_cfg_to_dag_prog 
-          triangle_before_ast_cfg
-          triangle_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-
-begin
-declare Nat.One_nat_def[simp del]
-
-abbreviation \<Lambda>1_local
-  where
-    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls))"
-
-definition body_bb1 
-  where "body_bb1 \<equiv> BigBlock None [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] None None"
-
-definition loop_only_bigblock0 
-  where
-    "loop_only_bigblock0 = BigBlock None []
-                               (Some (WhileWrapper 
-                                     (ParsedWhile 
-                                        (Some (BinOp (Var 1) Lt (Var 0))) 
-                                        [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),
-                                         (BinOp (Var 1) Le (Var 0))] 
-                                        [BigBlock None [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] None None]))) 
-                                None"
-
-definition unwrapped_bigblock0 
-  where
-    "unwrapped_bigblock0 = BigBlock None []
-                               (Some  (ParsedWhile 
-                                        (Some (BinOp (Var 1) Lt (Var 0))) 
-                                        [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),
-                                         (BinOp (Var 1) Le (Var 0))] 
-                                        [BigBlock None [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] None None])) 
-                                None"
-
-definition empty_bb 
-  where
-    "empty_bb = BigBlock None [] None None"
-
-lemma bb0_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>triangle_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock0 _ triangle_before_cfg_to_dag_prog.block_0])
-            apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: triangle_before_cfg_to_dag_prog.block_0_def)+
-        apply (rule Red_bb)
-       apply (rule Red_impl, simp)
-      apply (simp add: bigblock0_def)
-     apply simp
-    apply (simp add: triangle_before_cfg_to_dag_prog.block_0_def)
-    done
-qed
-
-lemma loop_body_bb_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 1 \<guillemotleft>Lt\<guillemotright> Var 0,ns1\<rangle> \<Down> BoolV True"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>triangle_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    unfolding triangle_before_cfg_to_dag_prog.block_2_def 
-    apply (rule guard_holds_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of body_bb1])
-             apply (simp add: body_bb1_def)
-             apply simp+
-          apply (rule Red_bb)
-         apply (rule push_through_assumption_test1, rule Red_impl)
-            apply (simp add: triangle_before_cfg_to_dag_prog.block_2_def)
-           apply (simp add: trace_is_possible body_bb1_def)+
-    done
-qed
-
-lemma end_global_rel: 
-  assumes Red_bb: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (empty_bb, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,triangle_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 3, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) triangle_before_ast_cfg.post"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 1 \<guillemotleft>Lt\<guillemotright> Var 0,ns1\<rangle> \<Down> BoolV False"
-shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> triangle_before_ast_cfg.post reached_bb reached_cont reached_state)"
-proof -
-  have node3_loc: "node_to_block triangle_before_cfg_to_dag_prog.proc_body ! 3 = [(Assume (BinOp (Var 0) Le (Var 1)))]" 
-    by (simp add: triangle_before_cfg_to_dag_prog.block_3_def triangle_before_cfg_to_dag_prog.node_3)
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-            apply (rule Rel_Invs[of empty_bb])
-            apply (simp add: empty_bb_def)
-           apply (rule Red_bb)
-          apply (simp add: empty_bb_def)
-         apply simp
-        apply (rule disjI2)
-        apply (rule disjI2)
-        apply (rule conjI)
-         apply (rule node3_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule conjI)
-         apply (rule neg_lt2)
-        apply (rule trace_is_possible)
-       apply (rule triangle_before_cfg_to_dag_prog.outEdges_3)
-      apply (rule cfg_is_correct, simp)
-     apply (rule cfg_satisfies_post)
-      apply assumption+
-    apply (simp add: empty_bb_def)
-    apply (simp add: end_static)
-    done
-qed
-
-
-
-lemma second_loop_body_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb1, (KSeq unwrapped_bigblock0 (KEndBlock KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,triangle_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) triangle_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 1 \<guillemotleft>Lt\<guillemotright> Var 0,ns1\<rangle> \<Down> BoolV True"
-  and loop_ih:
-        "\<And>k ns1''. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock0, (KEndBlock KStop), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-        (\<And>m2 s2.
-             ((A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,triangle_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1'') -n\<rightarrow>* (m2, s2)) \<Longrightarrow>
-             is_final_config (m2, s2) \<Longrightarrow> (\<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) triangle_before_ast_cfg.post))) \<Longrightarrow> 
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> triangle_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> triangle_before_ast_cfg.post reached_bb reached_cont reached_state)"
-proof -
-  have node2_loc: "node_to_block triangle_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 1) Lt (Var 0))),(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))]" 
-    by (simp add: triangle_before_cfg_to_dag_prog.block_2_def triangle_before_cfg_to_dag_prog.node_2)
-  show ?thesis 
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of body_bb1])
-             apply (simp add: body_bb1_def)
-            apply (simp add: triangle_before_cfg_to_dag_prog.block_2_def)
-          apply (rule assms(1))
-         apply (simp add: body_bb1_def)
-        apply (rule disjI2)
-        apply (rule disjI1)
-        apply (rule conjI)
-         apply (rule node2_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-        apply simp
-       apply (rule cfg_satisfies_post)
-        apply simp+
-     apply (simp add: triangle_before_cfg_to_dag_prog.node_2)
-     apply (rule loop_body_bb_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    apply (erule allE[where x=1])
-    apply (erule allE[where x=1])
-    apply (simp add: triangle_before_cfg_to_dag_prog.outEdges_2)
-    apply (simp add: member_rec(1))
-    apply (rule loop_ih)
-       apply simp+
-    apply auto
-    done
-qed
-
-lemma second_loop_head_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock0, (KEndBlock KStop), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m2 s2.
-                               ((A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,triangle_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m2, s2)) \<Longrightarrow>
-                               is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) triangle_before_ast_cfg.post)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> triangle_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-  case (less j)
-  then show ?case 
-  proof (cases j)
-    case 0
-    then show ?thesis
-      using Ast.valid_configuration_def less.prems(1) by fastforce
-  next
-    case (Suc j')
-    show ?thesis
-      apply (rule block_global_rel_loop_head)
-              apply (rule Rel_Invs[of unwrapped_bigblock0 _ _ _ triangle_before_cfg_to_dag_prog.block_1])
-              apply (simp add: unwrapped_bigblock0_def)
-             apply (rule less(2))
-            apply (rule less(3), simp)
-           apply (rule less(4))
-            apply assumption+
-           apply (simp add: unwrapped_bigblock0_def)
-          apply simp                 
-         apply (rule block_local_rel_loop_head)
-              apply (rule Rel_Invs[of unwrapped_bigblock0])
-              apply (simp add: unwrapped_bigblock0_def)
-           apply (simp add: unwrapped_bigblock0_def)
-           apply simp
-           apply (simp add: triangle_before_cfg_to_dag_prog.block_1_def)
-          apply simp
-         apply simp
-        apply (simp add: triangle_before_cfg_to_dag_prog.block_1_def)
-       apply (simp add: triangle_before_cfg_to_dag_prog.node_1)
-       apply (simp add: triangle_before_cfg_to_dag_prog.block_1_def)
-      apply(rule disjE)
-        apply assumption
-
-       apply (erule allE[where x = 2])
-       apply (erule allE[where x = 2])
-       apply (simp add:triangle_before_cfg_to_dag_prog.outEdges_1)
-       apply (simp add:member_rec(1))
-       apply (rule conjE)
-        apply assumption
-       apply simp
-       apply (rule second_loop_body_global_rel)
-          apply (simp add: body_bb1_def)
-          apply simp
-         apply blast
-        apply assumption
-       apply (rule less.IH)
-         apply (erule strictly_smaller_helper2)
-          apply assumption
-         apply assumption
-        apply assumption
-       apply blast
-       apply simp
-
-      apply (erule allE[where x = 3])
-      apply (erule allE[where x = 3])
-      apply (simp add:triangle_before_cfg_to_dag_prog.outEdges_1)
-      apply (simp add:member_rec(1))
-      apply (rule conjE)
-       apply assumption
-      apply simp
-      apply (rule ending_after_skipping_endblock)
-            apply assumption               
-           apply simp
-          apply simp
-         apply blast
-        apply blast
-       apply (simp add: empty_bb_def)
-      apply (rule end_global_rel)
-         apply (simp add: empty_bb_def)+
-       apply blast
-      apply simp
-      done
-   qed
- qed
-
-lemma entry_block_global_rel:
-  assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, KStop, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m2 s2.
-                               ((A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,triangle_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m2, s2)) \<Longrightarrow>
-                               is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> list_all (expr_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) triangle_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> triangle_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms
-proof -
-  show ?thesis
-    apply (rule block_global_rel_while_successor)
-          apply (rule j_step_ast_trace)
-          apply (rule Rel_Main_test[of bigblock0 _ triangle_before_cfg_to_dag_prog.block_0])
-          apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
-          apply (simp add: bigblock0_def triangle_before_cfg_to_dag_prog.block_0_def)
-        apply (simp add: triangle_before_cfg_to_dag_prog.block_0_def)
-       apply (rule disjI1)
-       apply (rule triangle_before_cfg_to_dag_prog.node_0)
-       apply (rule cfg_is_correct, simp)
-      apply (rule cfg_satisfies_post)
-       apply assumption+
-     apply (simp add: triangle_before_cfg_to_dag_prog.node_0)
-     apply (rule bb0_local_rel)
-      apply assumption
-     apply simp
-    apply (rule second_loop_head_global_rel)
-     apply (simp add: unwrapped_bigblock0_def)
-     apply (simp only: triangle_before_cfg_to_dag_prog.outEdges_0)
-     apply (simp add: member_rec(1))
-    apply (simp only: triangle_before_cfg_to_dag_prog.outEdges_0)
-    apply (erule allE[where x = 1])
-    apply (erule allE[where x = 1])
-    apply (simp add: member_rec(1))
-    apply blast
-    done
-qed
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_cfg.thy
deleted file mode 100644
index 6302092..0000000
--- a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_cfg.thy
+++ /dev/null
@@ -1,109 +0,0 @@
-theory triangle_before_ast_cfg
-  imports
-    Boogie_Lang.Ast
-    Boogie_Lang.Semantics 
-    Boogie_Lang.TypeSafety 
-    Boogie_Lang.Util 
-    "../global_data"
-begin
-
-definition bigblock0 
-  where
-    "bigblock0 = BigBlock None [(Assign 1 (Lit (LInt 0))),(Assign 2 (Lit (LInt 0)))]
-                               (Some (WhileWrapper 
-                                     (ParsedWhile 
-                                        (Some (BinOp (Var 1) Lt (Var 0))) 
-                                        [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),
-                                         (BinOp (Var 1) Le (Var 0))] 
-                                        [BigBlock None [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] None None]))) 
-                                None"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 # []"
-
-
-definition pres
-  where
-    "pres  = [(BinOp (Var 0) Ge (Lit (LInt 0)))]"
-definition post
-  where
-    "post  = [(BinOp (Var 2) Eq (BinOp (BinOp (Var 0) Mul (BinOp (Var 0) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))]"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding triangle_before_ast_cfg.params_vdecls_def triangle_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_ast_cfg.params_vdecls) )"
-unfolding triangle_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_ast_cfg.locals_vdecls) )"
-unfolding triangle_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_n:
-shows "((map_of (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_m:
-shows "((map_of (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_t:
-shows "((map_of (append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_n:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_m:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_t:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_ast_cfg.params_vdecls triangle_before_ast_cfg.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_t
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "(ast_procedure)"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = triangle_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec triangle_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec triangle_before_ast_cfg.post),proc_body = (Some (triangle_before_ast_cfg.locals_vdecls,triangle_before_ast_cfg.proc_body))|)"
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
deleted file mode 100644
index 5deaa9a..0000000
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_cfgtodag_proof.thy
+++ /dev/null
@@ -1,549 +0,0 @@
-theory p_cfgtodag_proof
-  imports Boogie_Lang.Semantics 
-          Boogie_Lang.Util 
-          Boogie_Lang.BackedgeElim 
-          Boogie_Lang.TypingML
-          while_example2_before_ast_cfg
-          p_before_cfg_to_dag_prog 
-          p_before_passive_prog 
-          p_passification_proof 
-          p_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_example2_before_ast_cfg.post )"
-unfolding expr_all_sat_def while_example2_before_ast_cfg.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule p_before_passive_prog.node_0)
-apply simp
-unfolding p_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma Mods_anon5_LoopBody:
-shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_2)"
-unfolding p_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_passive_prog.block_1 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_2_def p_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf while_example2_before_ast_cfg.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms while_example2_before_ast_cfg.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] while_example2_before_ast_cfg.post  ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_2)
-apply (rule p_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon5_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon5_LoopBody)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon5_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_6_def p_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule p_before_cfg_to_dag_prog.node_6)
-apply (rule p_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon6_LoopDone)
-apply assumption+
-apply (rule p_before_cfg_to_dag_prog.outEdges_6)
-apply (rule p_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma Mods_anon6_LoopBody:
-shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_5)"
-unfolding p_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 0)))] p_before_passive_prog.block_3 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_5_def p_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf while_example2_before_ast_cfg.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms while_example2_before_ast_cfg.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] while_example2_before_ast_cfg.post  ns1 s' 4 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_5)
-apply (rule p_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon6_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon6_LoopBody)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopHead:
-shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_4)"
-unfolding p_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_4_def p_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:while_example2_before_ast_cfg.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule p_before_cfg_to_dag_prog.node_4)
-apply (rule p_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon6_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon6_LoopHead)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:p_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:p_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-thm member_elim
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 0)))] p_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_3_def p_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf while_example2_before_ast_cfg.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms while_example2_before_ast_cfg.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_3)
-apply (rule p_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon5_LoopDone)
-apply (assumption+)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:p_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5_LoopHead:
-shows "(mods_contained_in (set [0]) p_before_cfg_to_dag_prog.block_1)"
-unfolding p_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_1_def p_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:while_example2_before_ast_cfg.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule p_before_cfg_to_dag_prog.node_1)
-apply (rule p_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon5_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon5_LoopHead)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:p_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:p_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf while_example2_before_ast_cfg.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms while_example2_before_ast_cfg.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_0)
-apply (rule p_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:p_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:p_before_passive_prog.outEdges_8))
-by ((simp add:p_before_passive_prog.node_8 p_before_passive_prog.block_8_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_example2_before_ast_cfg.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_example2_before_ast_cfg.post  m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule p_before_passive_prog.node_9)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding p_before_passive_prog.block_9_def
-apply (rule assume_pres_normal[where ?es=while_example2_before_ast_cfg.pres])
-apply (rule assms(4))
-unfolding while_example2_before_ast_cfg.pres_def
-apply simp
-apply (rule p_before_passive_prog.outEdges_9)
-apply ((simp add:p_before_passive_prog.node_8 p_before_passive_prog.block_8_def))
-apply (rule p_before_passive_prog.outEdges_8)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_example2_before_ast_cfg.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] while_example2_before_ast_cfg.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule p_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))"
-shows "(\<And> A. (Semantics.proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms p_before_cfg_to_dag_prog.proc))"
-  apply (rule end_to_end_util)
-  apply (rule end_to_end_theorem_aux)
-apply assumption using VC apply simp  apply assumption+
-apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def while_example2_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
-apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.post_def p_before_cfg_to_dag_prog.proc_body_def while_example2_before_ast_cfg.post_def)
-apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
-apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def while_example2_before_ast_cfg.locals_vdecls_def while_example2_before_ast_cfg.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def)
-apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
-apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
-apply (simp add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
-done
-end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy
deleted file mode 100644
index fef6ee3..0000000
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passive_prog.thy
+++ /dev/null
@@ -1,199 +0,0 @@
-theory p_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 4) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 4) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 3))),(Assert (BinOp (Var 3) Eq (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 3) Lt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 3) Add (Lit (LInt 1))))),(Assert (BinOp (Var 5) Le (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 3) Le (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2))),(Assert (BinOp (Var 2) Le (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 2) Ge (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[2,3],[4],[5,1],[6],[7],[8]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(5,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_3:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_4:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_3:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_4:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_4
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy
deleted file mode 100644
index 98ae579..0000000
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_vcphase_proof.thy
+++ /dev/null
@@ -1,364 +0,0 @@
-theory p_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon5_LoopBody
-  where
-    "vc_anon5_LoopBody x_1 x_2 = (((x_1 > (0::int)) \<and> (x_2 = (x_1 - (1::int)))) \<longrightarrow> (x_2 \<ge> (0::int)))"
-definition vc_anon6_LoopDone
-  where
-    "vc_anon6_LoopDone x_3 = (((0::int) \<le> x_3) \<longrightarrow> (x_3 = (0::int)))"
-definition vc_anon6_LoopBody
-  where
-    "vc_anon6_LoopBody x_3 x_4 = (((x_3 < (0::int)) \<and> (x_4 = (x_3 + (1::int)))) \<longrightarrow> (x_4 \<le> (0::int)))"
-definition vc_anon6_LoopHead
-  where
-    "vc_anon6_LoopHead x_3 x_4 = ((x_3 \<le> (0::int)) \<longrightarrow> ((vc_anon6_LoopDone x_3) \<and> (vc_anon6_LoopBody x_3 x_4)))"
-definition vc_anon5_LoopDone
-  where
-    "vc_anon5_LoopDone x_1 x_3 x_4 = (((0::int) \<ge> x_1) \<longrightarrow> ((x_1 \<le> (0::int)) \<and> ((x_1 \<le> (0::int)) \<longrightarrow> (vc_anon6_LoopHead x_3 x_4))))"
-definition vc_anon5_LoopHead
-  where
-    "vc_anon5_LoopHead x_1 x_3 x_4 x_2 = ((x_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon5_LoopDone x_1 x_3 x_4) \<and> (vc_anon5_LoopBody x_1 x_2)))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 x_1 x_3 x_4 x_2 = ((x_0 \<ge> (0::int)) \<and> ((x_0 \<ge> (0::int)) \<longrightarrow> (vc_anon5_LoopHead x_1 x_3 x_4 x_2)))"
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry x_0 x_1 x_3 x_4 x_2 = (vc_anon0 x_0 x_1 x_3 x_4 x_2)"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_2)))" and 
-G4: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_3)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_4)))" and 
-G6: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6
-lemmas forall_poly_thm = forall_vc_type[OF G6]
-lemmas exists_poly_thm = exists_vc_type[OF G6]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding p_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon5_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon5_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_x_1 vc_x_2) \<Longrightarrow> (s' = Magic)))"
-unfolding p_passive_prog.block_1_def vc.vc_anon5_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopDone_hints = [
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon6_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_x_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding p_passive_prog.block_2_def vc.vc_anon6_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_x_3 vc_x_4) \<Longrightarrow> (s' = Magic)))"
-unfolding p_passive_prog.block_3_def vc.vc_anon6_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon6_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopHead vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_3) \<and> (vc.vc_anon6_LoopBody vc_x_3 vc_x_4))))))))"
-unfolding p_passive_prog.block_4_def vc.vc_anon6_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopDone_hints = [
-(AssumeConjR 0,NONE), 
-(AssertSub,NONE)]
-\<close>
-lemma block_anon5_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6_LoopHead vc_x_3 vc_x_4)))))))"
-unfolding p_passive_prog.block_5_def vc.vc_anon5_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopHead vc_x_1 vc_x_3 vc_x_4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))))))))"
-unfolding p_passive_prog.block_6_def vc.vc_anon5_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon0_hints = [
-(AssertSub,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5_LoopHead vc_x_1 vc_x_3 vc_x_4 vc_x_2)))))))"
-unfolding p_passive_prog.block_7_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_8 (Normal n_s) s')" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)))))"
-using assms
-unfolding p_passive_prog.block_8_def
-apply cases
-by auto
-
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding p_passive_prog.block_9_def vc.vc_PreconditionGeneratedEntry_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopBody vc_x_1 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) p_passive_prog.node_1])
-by (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopDone vc_x_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) p_passive_prog.node_2])
-apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopBody vc_x_3 vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) p_passive_prog.node_3])
-by (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopHead vc_x_3 vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_4])
-apply (erule block_anon6_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_5])
-apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopHead vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_6])
-apply (erule block_anon5_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_7])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_8])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_9])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
-apply (subst lookup_var_local[OF p_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_3])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_4])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_4])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (rule HOL.conjunct1[OF sc_x_3])
-apply (rule HOL.conjunct1[OF sc_x_4])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
deleted file mode 100644
index a0dbe08..0000000
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_ast_cfg_proof.thy
+++ /dev/null
@@ -1,583 +0,0 @@
-theory while_example2_ast_cfg_proof
-  imports Main 
-          Boogie_Lang.Ast
-          Boogie_Lang.Semantics
-          Boogie_Lang.Ast_Cfg_Transformation
-          "../global_data" 
-          p_before_cfg_to_dag_prog 
-          while_example2_before_ast_cfg
-          p_cfgtodag_proof
-          "/home/alex/Isabelle_10-Nov-2021/lib/Apply_Trace_Cmd"
-          p_before_passive_prog 
-          p_passification_proof 
-          p_vcphase_proof
-
-begin
-declare Nat.One_nat_def[simp del]
-
-abbreviation \<Lambda>1_local
-  where
-    "\<Lambda>1_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
-
-definition body_bb1 
-  where "body_bb1 \<equiv> BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None"
-
-definition body_bb2 
-  where "body_bb2 \<equiv> BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None"
-
-definition unwrapped_bigblock1 where
-  "unwrapped_bigblock1 \<equiv> 
-            (BigBlock None [] 
-            (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) 
-                      [(BinOp (Var 0) Le (Lit (LInt 0)))]
-                      [BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None]))
-             None)"
-
-definition loop_only_bigblock0 where
-  "loop_only_bigblock0 \<equiv> 
-            (BigBlock None [] 
-            (Some (WhileWrapper
-                  (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                  [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                  [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None]))) 
-             None)"
-
-definition unwrapped_bigblock0 where
-  "unwrapped_bigblock0 \<equiv> 
-            (BigBlock None [] 
-            (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                      [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                      [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None])) 
-             None)"
-
-lemma bb0_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock0, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_0, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    apply (rule block_local_rel_generic)
-           apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
-            apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
-          apply simp+
-        apply (rule Red_bb)
-       apply (rule Red_impl, simp)
-      apply (simp add: bigblock0_def)
-     apply simp
-    apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
-    done
-qed
-
-lemma first_loop_body_bb_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (body_bb1, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    unfolding p_before_cfg_to_dag_prog.block_2_def 
-    apply (rule guard_holds_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of body_bb1])
-             apply (simp add: body_bb1_def)
-            apply simp
-           apply simp+
-          apply (rule Red_bb)
-         apply (rule push_through_assumption_test1, rule Red_impl)
-            apply (simp add: p_before_cfg_to_dag_prog.block_2_def)
-           apply (simp add: trace_is_possible body_bb1_def)+
-    done
-qed 
-
-lemma second_loop_body_bb_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (body_bb2, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Lt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_5, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis 
-    unfolding p_before_cfg_to_dag_prog.block_5_def 
-    apply (rule guard_holds_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of body_bb2])
-             apply (simp add: body_bb2_def)
-            apply simp
-           apply simp+
-          apply (rule Red_bb)
-         apply (rule push_through_assumption_test1, rule Red_impl)
-            apply (simp add: p_before_cfg_to_dag_prog.block_5_def)
-           apply (simp add: trace_is_possible body_bb2_def)+
-    done
-qed
-
-lemma bb2_local_rel:
-  assumes Red_bb: "red_bigblock A M \<Lambda>1_local \<Gamma> \<Omega> T (bigblock2 , KStop, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>p_before_cfg_to_dag_prog.block_6, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
-proof -
-  show ?thesis
-    apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
-    apply (rule guard_fails_push_through_assumption)
-      apply (rule block_local_rel_generic)
-             apply (rule Rel_Main_test[of bigblock2])
-             apply (simp add: bigblock2_def)
-            apply simp
-           apply simp+
-          apply (rule Red_bb)
-         apply (rule Red_impl)
-         apply (simp add: p_before_cfg_to_dag_prog.block_6_def)
-         apply (rule push_through_assumption1)
-             apply simp
-            apply (rule neg_lt2)
-          apply (rule trace_is_possible)
-         apply simp
-        apply (simp add: bigblock2_def)
-        apply simp+
-     apply (rule neg_lt2)
-    apply (rule trace_is_possible)
-    done
-qed
-
-lemma bb2_global_rel:
-  assumes concrete_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock2, KStop, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 6, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>(BinOp (Var 0) Lt (Lit (LInt 0))), ns1\<rangle> \<Down> BoolV False"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  using assms
-proof -
-  have node6_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 6 = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]" 
-    by (simp add: p_before_cfg_to_dag_prog.block_6_def p_before_cfg_to_dag_prog.node_6)
-  show ?thesis
-    apply (rule generic_ending_block_global_rel)
-         apply (rule Rel_Main_test[of bigblock2])
-             apply (simp add: bigblock2_def)
-            apply simp
-           apply (rule assms(1))
-          apply (simp add: bigblock2_def)+
-        apply (rule disjI2)
-        apply (rule disjI2)
-        apply (rule conjI)
-         apply (rule node6_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule conjI)
-         apply (rule neg_lt2)
-        apply (rule trace_is_possible)
-       apply (rule p_before_cfg_to_dag_prog.outEdges_6)
-    apply (rule cfg_is_correct)
-      apply simp
-     apply (rule cfg_satisfies_post)
-     apply simp+
-    apply (simp add: p_before_cfg_to_dag_prog.node_6)
-    apply (rule bb2_local_rel)
-      apply assumption+
-    apply (rule trace_is_possible)
-    done
-qed
-
-
-
-lemma second_loop_body_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb2, (KSeq unwrapped_bigblock1 (KEndBlock (KSeq bigblock2 KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 5, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end while_example2_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Lt\<guillemotright> Lit (LInt 0),ns1\<rangle> \<Down> BoolV True"
-  and loop_ih:
-        "\<And>k ns1''. k < j \<Longrightarrow>
-        (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile>(unwrapped_bigblock1, (KEndBlock (KSeq bigblock2 KStop)), Normal ns1'') -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-        (\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1'')) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>  
-        (\<And>m' s'.
-                 (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                 is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end while_example2_before_ast_cfg.post)) \<Longrightarrow>
-        (Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)" 
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-proof -
-  have node5_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 5 = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]" 
-    by (simp add: p_before_cfg_to_dag_prog.block_5_def p_before_cfg_to_dag_prog.node_5)
-  show ?thesis 
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of body_bb2])
-             apply (simp add: body_bb2_def)
-            apply simp
-          apply (rule assms(1))
-         apply (simp add: body_bb2_def)
-        apply (rule disjI2)
-        apply (rule disjI1)
-        apply (rule conjI)
-         apply (rule node5_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-        apply simp+
-       apply (rule assms(3))
-        apply simp+
-     apply (simp add: p_before_cfg_to_dag_prog.node_5)
-     apply (rule second_loop_body_bb_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    apply (erule allE[where x=4])+
-    apply (simp add: p_before_cfg_to_dag_prog.outEdges_5)
-    apply (simp add: member_rec(1))
-    apply (rule loop_ih)
-       apply (simp)+
-    apply blast
-    done
-qed
-
-lemma second_loop_head_global_rel:
-  assumes j_step_ast_trace: "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock1, (KEndBlock (KSeq bigblock2 KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_sat_post: "\<And>m2 s2.
-       A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 4, Normal ns1) -n\<rightarrow>* (m2, s2) \<Longrightarrow>
-       is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-  case (less j)
-  then show ?case 
-  proof (cases j)
-    case 0
-    then show ?thesis
-      using Ast.valid_configuration_def less.prems(1) by fastforce
-  next
-    case (Suc j')
-    show ?thesis
-      apply (rule block_global_rel_loop_head)
-              apply (rule Rel_Invs[of unwrapped_bigblock1 _ _ _ p_before_cfg_to_dag_prog.block_4])
-              apply (simp add: unwrapped_bigblock1_def)
-             apply (rule less(2))
-            apply (rule less(3), simp)
-           apply (rule less(4), simp)
-           apply simp
-           apply (simp add: unwrapped_bigblock1_def)
-          apply simp                 
-         apply (rule block_local_rel_loop_head)
-              apply (rule Rel_Invs[of unwrapped_bigblock1])
-              apply (simp add: unwrapped_bigblock1_def)
-           apply (simp add: unwrapped_bigblock1_def)
-           apply simp
-           apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
-          apply simp
-         apply simp
-        apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
-       apply (simp add: p_before_cfg_to_dag_prog.node_4)
-        apply (simp add: p_before_cfg_to_dag_prog.block_4_def)
-       apply simp
-      apply(rule disjE)
-        apply assumption
-
-       apply (erule allE[where x = 5])+
-       apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)+
-       apply (simp add:member_rec(1))+
-       apply (rule conjE)
-        apply assumption
-       apply simp
-       apply (rule second_loop_body_global_rel)
-          apply (simp add: body_bb2_def)
-          apply simp
-         apply blast
-        apply assumption
-       apply (rule less.IH)
-         apply (erule strictly_smaller_helper2)
-          apply assumption
-         apply assumption
-        apply assumption
-       apply assumption
-       apply simp
-
-      apply (erule allE[where x = 6])+
-      apply (simp add:p_before_cfg_to_dag_prog.outEdges_4)+
-      apply (simp add:member_rec(1))+
-      apply (rule conjE)
-       apply assumption
-      apply simp
-      apply (rule ending_after_skipping_endblock2)
-          apply assumption
-          apply simp
-         apply simp
-         apply blast
-        apply blast
-       apply simp
-      apply (rule bb2_global_rel)
-         apply simp+
-      apply blast+
-      done
-   qed
-qed
- 
-
-lemma first_loop_body_global_rel:
-  assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (body_bb1, (KSeq unwrapped_bigblock0 cont0), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 2, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end while_example2_before_ast_cfg.post)"
-  and trace_is_possible: "A,\<Lambda>1_local,\<Gamma>,\<Omega> \<turnstile> \<langle>Var 0 \<guillemotleft>Gt\<guillemotright> Lit (LInt 0), ns1\<rangle> \<Down> BoolV True"
-  and loop_ih_assm: "loop_IH j A M \<Lambda>1_local \<Gamma> \<Omega> T unwrapped_bigblock0 cont0 
-                                               p_before_cfg_to_dag_prog.proc_body 1 while_example2_before_ast_cfg.post reached_bb reached_cont reached_state"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-proof -
-  have node2_loc: "node_to_block p_before_cfg_to_dag_prog.proc_body ! 2 = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]" 
-    by (simp add: p_before_cfg_to_dag_prog.block_2_def p_before_cfg_to_dag_prog.node_2)
-  show ?thesis 
-    apply (rule block_global_rel_generic)
-           apply (rule Rel_Main_test[of body_bb1])
-             apply (simp add: body_bb1_def)
-            apply simp
-          apply (rule assms(1))
-         apply (simp add: body_bb1_def)
-        apply (rule disjI2)
-        apply (rule disjI1)
-         apply (rule conjI)
-         apply (rule node2_loc)
-        apply (rule conjI)
-         apply simp
-        apply (rule trace_is_possible)
-       apply (rule assms(2))
-    apply simp+
-       apply (rule cfg_satisfies_post)
-        apply blast+
-     apply (simp add: p_before_cfg_to_dag_prog.node_2)
-     apply (rule first_loop_body_bb_local_rel)
-       apply assumption
-      apply simp
-     apply (rule trace_is_possible)
-    apply (erule allE[where x=1])+
-    apply (simp add: p_before_cfg_to_dag_prog.outEdges_2)+
-    apply (simp add: member_rec(1))
-    apply (rule loop_IH_apply)
-        apply (rule loop_ih_assm)
-       apply simp
-      apply simp
-     apply simp
-    apply simp
-    done
-qed
-
-lemma first_loop_head_global_rel:
-  assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (unwrapped_bigblock0, (KEndBlock (KSeq bigblock1 (KSeq bigblock2 KStop))), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 1, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end while_example2_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega>  while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms 
-proof (induction j arbitrary: ns1 rule: less_induct)
-  case (less j)
-  then show ?case 
-  proof (cases j)
-    case 0
-    then show ?thesis
-      using valid_configuration_def less.prems(1) by fastforce
-  next
-    case (Suc j')
-    show ?thesis
-      apply (rule block_global_rel_loop_head) 
-               apply (rule Rel_Invs[of unwrapped_bigblock0 _ _ _ p_before_cfg_to_dag_prog.block_1])
-              apply (simp add: unwrapped_bigblock0_def p_before_cfg_to_dag_prog.block_1_def)
-             apply (rule less(2))
-            apply (rule less(3), simp)
-           apply (rule less(4), simp)
-           apply simp
-            apply (simp add: unwrapped_bigblock0_def)
-          apply simp                 
-         apply (rule block_local_rel_loop_head)
-             apply (rule Rel_Invs[of unwrapped_bigblock0])
-            apply (simp add: unwrapped_bigblock0_def)+
-          apply (simp add: p_before_cfg_to_dag_prog.block_1_def p_before_cfg_to_dag_prog.node_1)+
-      apply(rule disjE)
-        apply assumption
-    
-       apply (erule allE[where x = 2])+
-       apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)+
-       apply (simp add:member_rec(1))
-       apply (rule conjE)
-        apply assumption
-       apply simp
-       apply (rule first_loop_body_global_rel)
-          apply (simp add: body_bb1_def)
-          apply simp
-         apply blast
-        apply assumption
-       apply (rule loop_IH_prove)
-       apply (rule less.IH)
-         apply (erule strictly_smaller_helper2)
-          apply assumption
-         apply assumption
-        apply simp
-       apply blast
-
-      apply (erule allE[where x = 3])+
-      apply (simp add: p_before_cfg_to_dag_prog.outEdges_1)+
-      apply (simp add:member_rec(1))
-      apply (rule conjE)
-       apply assumption
-      apply simp
-      apply (rule ending_after_skipping_endblock_and_unwrapping)
-              apply assumption
-             apply (simp add: bigblock1_def bigblock2_def)
-            apply simp
-            apply assumption
-           apply blast
-           apply simp
-         apply (simp add: p_before_cfg_to_dag_prog.node_3)
-         apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
-        apply (rule neg_gt2)
-       apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
-       apply (simp add: member_rec)
-      apply (rule second_loop_head_global_rel)
-        apply (simp add: unwrapped_bigblock1_def bigblock2_def)
-       apply (rule correctness_propagates_through_assumption)
-            apply assumption
-           apply (simp add: p_before_cfg_to_dag_prog.node_3)
-          apply simp+
-      sorry
-(*
-      apply (rule correctness_propagates_through_assumption3)
-            apply simp+
-      done
-*)
-  qed
-qed
-
-lemma entry_block_global_rel:
-  assumes j_step_ast_trace: 
-    "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda>1_local \<Gamma> \<Omega> p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_post: "\<And>m' s'.
-                             (A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,p_before_cfg_to_dag_prog.proc_body \<turnstile>(Inl 0, Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                             is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) while_example2_before_ast_cfg.post)"
-  shows "(Ast.valid_configuration A \<Lambda>1_local \<Gamma> \<Omega> while_example2_before_ast_cfg.post reached_bb reached_cont reached_state)"
-  using assms
-proof -
-  show ?thesis
-    apply (rule block_global_rel_while_successor)
-          apply (rule j_step_ast_trace)
-          apply (rule Rel_Main_test[of bigblock0 _ p_before_cfg_to_dag_prog.block_0])
-          apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
-           apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
-          apply (simp add: bigblock0_def p_before_cfg_to_dag_prog.block_0_def)
-        apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
-       apply (rule disjI1)
-       apply (rule p_before_cfg_to_dag_prog.node_0)
-       apply (rule cfg_is_correct, simp)
-      apply (rule cfg_satisfies_post, blast)
-      apply simp
-     apply (simp add: p_before_cfg_to_dag_prog.node_0)
-     apply (rule bb0_local_rel)
-      apply assumption
-     apply simp
-    apply (rule first_loop_head_global_rel)
-      apply (simp add: unwrapped_bigblock0_def)
-     apply (simp add: p_before_cfg_to_dag_prog.outEdges_0)
-     apply (simp add: member_rec(1))
-    apply (erule allE[where x = 1])+
-    apply (simp add: p_before_cfg_to_dag_prog.outEdges_0)
-    apply (simp add: member_rec(1))
-    apply blast
-    done
-qed
-
-abbreviation \<Lambda>0_local
-  where
-    "\<Lambda>0_local  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
-lemma end_to_end_theorem_aux2:
-assumes 
-Red: "rtranclp (red_bigblock A M \<Lambda>0_local \<Gamma> [] while_example2_before_ast_cfg.proc_body) 
-               (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) 
-               (end_bb, end_cont, end_state)" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0_local \<Gamma> [] ns while_example2_before_ast_cfg.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0_local))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0_local))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0_local \<Gamma> [] while_example2_before_ast_cfg.post end_bb end_cont end_state)"
-proof -
-  from Red obtain j where 
-    Aux:"(A,M,((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)),\<Gamma>,[],while_example2_before_ast_cfg.proc_body \<turnstile> (bigblock0, (KSeq bigblock1 (KSeq bigblock2 KStop)), Normal ns) -n\<longrightarrow>^j (end_bb, end_cont, end_state))"
-by (meson rtranclp_imp_relpowp)
-  show ?thesis
-apply (rule entry_block_global_rel)
-      apply (rule Aux)
-
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
-                 p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
-                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def
-                                   while_example2_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
-                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
-                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-  using BinderNs apply simp
-
-  apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
-                 p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
-                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def
-                                   while_example2_before_ast_cfg.pres_def p_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
-                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def 
-                                   p_before_cfg_to_dag_prog.params_vdecls_def  p_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-  using BinderNs apply simp+
-done
-qed
-
-lemma initialization:                              
-  assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock0, bigblock1, bigblock2] ns1) (reached_bb, reached_cont, reached_state)"
-  shows "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (bigblock0, KSeq bigblock1 (KSeq bigblock2 KStop), Normal ns1) (reached_bb, reached_cont, reached_state)" 
-  using assms
-  by simp
- 
-
-lemma end_to_end_theorem2:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))"
-shows "(\<And> A. (Ast.proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms while_example2_before_ast_cfg.proc_ast))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux2])
-apply (rule initialization)
-unfolding while_example2_before_ast_cfg.proc_body_def
-apply assumption using VC apply simp  apply assumption+
-apply (simp_all add: 
-      exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2
-      while_example2_before_ast_cfg.proc_ast_def while_example2_before_ast_cfg.proc_body_def)
-done
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
deleted file mode 100644
index ac8ef55..0000000
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example2_before_ast_cfg.thy
+++ /dev/null
@@ -1,102 +0,0 @@
-theory while_example2_before_ast_cfg
-  imports Main 
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "../global_data"
-
-begin
-
-definition bigblock0
-  where "bigblock0 \<equiv> 
-          (BigBlock None [(Havoc 0)] 
-            (Some (WhileWrapper 
-                  (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) 
-                  [(BinOp (Var 0) Ge (Lit (LInt 0)))]
-                  [BigBlock None [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] None None]))) 
-             None)"
-
-definition bigblock1
-  where "bigblock1 \<equiv> 
-          (BigBlock None [] 
-            (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) 
-                      [(BinOp (Var 0) Le (Lit (LInt 0)))]
-                      [BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None]))) 
-             None)"
-
-definition bigblock2
-  where "bigblock2 \<equiv> 
-          (BigBlock None [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] None None)"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 #  bigblock1 # bigblock2 # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),None)]"
-
-lemma locals_min_aux:
-shows "(((map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_example2_before_ast_cfg.params_vdecls) )"
-unfolding while_example2_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_example2_before_ast_cfg.locals_vdecls) )"
-unfolding while_example2_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc_ast :: "ast_procedure"
-  where
-    "proc_ast  = (|proc_ty_args = 0,proc_args = while_example2_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_example2_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec while_example2_before_ast_cfg.post),proc_body = (Some (while_example2_before_ast_cfg.locals_vdecls,while_example2_before_ast_cfg.proc_body))|)"
-
-
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~ b/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~
deleted file mode 100644
index 2a65996..0000000
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/while_example_2_before_ast_cfg~
+++ /dev/null
@@ -1,9 +0,0 @@
-theory while_example_2_before_ast_cfg
-  imports Main 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Ast"
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics"
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/generated_example_proofs/while_example2_proofs/global_data"
-
-begin
-
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_ast_cfg_proof.thy b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_ast_cfg_proof.thy
deleted file mode 100644
index 2e235b2..0000000
--- a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_ast_cfg_proof.thy
+++ /dev/null
@@ -1,5 +0,0 @@
-theory while_example_ast_cfg_proof
-  imports Main Boogie_Lang.Ast Boogie_Lang.Semantics "../global_data" while_example_before_ast_cfg m_before_cfg_to_dag_prog
-
-begin
-end
\ No newline at end of file
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_before_ast_cfg.thy b/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_before_ast_cfg.thy
deleted file mode 100644
index a7f11c0..0000000
--- a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/while_example_before_ast_cfg.thy
+++ /dev/null
@@ -1,89 +0,0 @@
-theory while_example_before_ast_cfg
-  imports Main 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Ast"
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics"
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/generated_example_proofs/while_example_proofs/global_data"
-
-begin
-
-definition bigblock0
-  where "bigblock0 = 
-          (BigBlock None [(Assign 0 (Lit (LInt 0))), (Assume (BinOp (Var 1) Gt (Lit (LInt 0))))] 
-            (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Var 1))) 
-                      [(BinOp (Var 0) Le (Var 1))]
-                      [BigBlock None [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] None None])) 
-             None)"
-
-definition bigblock1
-  where "bigblock1 = 
-          (BigBlock None [(Assert (BinOp (Var 0) Ge (Var 1)))] None None)"
-
-definition proc_body
-  where
-    "proc_body = bigblock0 #  bigblock1  # []"
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-
-lemma locals_min_aux:
-shows "(((map fst (append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)))) \<ge> 0))"
-unfolding while_example_before_ast_cfg.params_vdecls_def while_example_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_example_before_ast_cfg.params_vdecls) )"
-unfolding while_example_before_ast_cfg.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_example_before_ast_cfg.locals_vdecls) )"
-unfolding while_example_before_ast_cfg.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example_before_ast_cfg.params_vdecls while_example_before_ast_cfg.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "ast_procedure"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = while_example_before_ast_cfg.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_example_before_ast_cfg.pres),proc_posts = (exprs_to_only_checked_spec while_example_before_ast_cfg.post),proc_body = (Some (while_example_before_ast_cfg.locals_vdecls,while_example_before_ast_cfg.proc_body))|)"
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if.bpl
new file mode 100644
index 0000000..c558e50
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if.bpl
@@ -0,0 +1,9 @@
+procedure assert_false_in_if() {
+    var x: int;
+
+    havoc x;
+    if (x != 8)
+    {
+        assert false;
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_2.bpl
new file mode 100644
index 0000000..d5b5947
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_2.bpl
@@ -0,0 +1,12 @@
+procedure assert_false_in_if_2() {
+    var x: int;
+
+    havoc x;
+    if (x != 8)
+    {
+        assert false;
+    }
+
+    x := 7;
+    assert x == 7;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_3.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_3.bpl
new file mode 100644
index 0000000..669e2f6
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_3.bpl
@@ -0,0 +1,12 @@
+procedure assert_false_in_if_3() {
+    var x: int;
+
+    havoc x;
+    if (*)
+    {
+        assert false;
+    }
+
+    x := 7;
+    assert x == 7;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_assert_false.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_assert_false.bpl
new file mode 100644
index 0000000..d5ca5c6
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_assert_false.bpl
@@ -0,0 +1,12 @@
+procedure assume_false_assert_false() {
+    var x: int;
+
+    havoc x;
+    if (x > 0)
+    {
+        assume false;
+        x := x - 1;
+    }
+
+    assert false;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_in_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_in_if.bpl
new file mode 100644
index 0000000..e123ebf
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_in_if.bpl
@@ -0,0 +1,9 @@
+procedure assume_false_in_if() {
+    var x: int;
+
+    havoc x;
+    if (x != 8)
+    {
+        assume false;
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/complete_bigblock_loop_in_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/complete_bigblock_loop_in_loop.bpl
new file mode 100644
index 0000000..8f64c6e
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/complete_bigblock_loop_in_loop.bpl
@@ -0,0 +1,17 @@
+procedure while_succ_in_while() {
+    var x: int;
+    var y: int;
+
+    havoc x;
+    havoc y;
+    while (x > 0)
+    {
+        x := x - 1;
+        while (y > 0)
+        {
+            y := y - 1;
+        }
+    }
+
+    assert x == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_ifs.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_ifs.bpl
new file mode 100644
index 0000000..8293604
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_ifs.bpl
@@ -0,0 +1,22 @@
+procedure consecutive_ifs() {
+    var x : int;
+
+    havoc x;
+    if (x > 0)
+    {
+        x := 5;
+    }
+    else
+    {
+        
+    }
+
+    if (*)
+    {
+        x := 1;
+    } 
+    else
+    {
+        x := -1;
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops.bpl
new file mode 100644
index 0000000..6996aa4
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops.bpl
@@ -0,0 +1,18 @@
+procedure consecutive_loops() {
+    var x: int;
+
+    havoc x;
+    while (x > 0)
+    {
+        x := x - 1;
+    }
+
+    while (x < 0)
+        invariant x <= 0;
+    {
+        x := x + 1;
+    }
+
+
+    assert x == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop.bpl
new file mode 100644
index 0000000..e612b51
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop.bpl
@@ -0,0 +1,25 @@
+procedure consecutive_loops_in_loop() {
+    var x: int;
+    var y: int;
+
+    havoc y;
+    havoc x;
+
+    while (y > 0)
+    {
+        while (x > 1)
+        {
+            x := x - 1;
+        }
+
+        while (x < 1)
+            invariant x <= 1;
+        {
+            x := x + 1;
+        }
+
+        assert x == 1;
+        y := y - x;
+    }
+    assert y == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop_2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop_2.bpl
new file mode 100644
index 0000000..9f927a0
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop_2.bpl
@@ -0,0 +1,26 @@
+procedure consecutive_loops_in_loop_2() {
+    var x: int;
+    var y: int;
+
+    havoc y;
+    havoc x;
+
+    while (y > 0)
+    {
+        x := y - 1;
+        while (x > 1)
+        {
+            x := x - 1;
+        }
+
+        while (x < 1)
+            invariant x <= 1;
+        {
+            x := x + 1;
+        }
+
+        assert x == 1;
+        y := y - x;
+    }
+    assert y == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_branch_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_branch_if.bpl
new file mode 100644
index 0000000..3f61074
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_branch_if.bpl
@@ -0,0 +1,14 @@
+procedure empty_branch_if() {
+    var x : int;
+
+    havoc x;
+    if(x > 5)
+    {
+
+    }
+    else
+    {
+        x := 6;
+    }
+    assert x > 5;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_generic_block.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_generic_block.bpl
new file mode 100644
index 0000000..a0542b6
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_generic_block.bpl
@@ -0,0 +1,11 @@
+procedure empty_generic_block() {
+    var x : int;
+
+    x := 0;
+
+    label1:
+
+    label2:
+
+    assert x == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_loop.bpl
new file mode 100644
index 0000000..ce89c5a
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_loop.bpl
@@ -0,0 +1,8 @@
+procedure p() {
+    var x: int;
+
+    x := 0;
+    while (x > 0)
+        invariant x >= 0; {}
+    assert x == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/globals.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/globals.bpl
new file mode 100644
index 0000000..be7ee48
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/globals.bpl
@@ -0,0 +1,13 @@
+var a : int;
+var b : bool;
+
+function f(a : int) : bool;
+function g(b : bool) : bool;
+
+procedure p(x : int) {
+    assume f(a);
+    assume g(b);
+
+    assert f(a);
+    assert g(b); 
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/if_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/if_example.bpl
new file mode 100644
index 0000000..66ef53c
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/if_example.bpl
@@ -0,0 +1,20 @@
+procedure if_example_test_2() {
+    var x: int;
+    
+    havoc x; // ---> [Havoc x] --- block 0
+
+//-------------------------------------------------------
+
+    if (x > 5)
+    {
+        x := 10; // ---> [Assume x > 5; x := 10] --- block 3
+    }
+    else
+    {
+        x := 1; // ---> [Assume 5 >= x; x := 1] --- block 1
+    }
+
+//#######################################################
+
+    assert x > 0; // ---> [Assert x > 0] --- block 2
+}
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/if_example_no_else_branch.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/if_example_no_else_branch.bpl
new file mode 100644
index 0000000..b6638f0
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/if_example_no_else_branch.bpl
@@ -0,0 +1,17 @@
+procedure if_example_no_else_branch() {
+    var x: int;
+    
+    havoc x; 
+
+    if (x > 5)
+    {
+        x := 10; 
+    }
+
+    if (x <= 5)
+    {
+        x := 1;
+    }
+
+    assert x > 0; 
+}
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/if_inside_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/if_inside_loop.bpl
new file mode 100644
index 0000000..639fbb8
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/if_inside_loop.bpl
@@ -0,0 +1,20 @@
+procedure if_inside_while() {
+    var x: int;
+    var y: int;
+
+    havoc x;
+    while (x > 0)
+    {
+        x := x - 1;
+        if (x > 1)
+        {
+            y := 10;
+        }
+        else
+        {
+            y := 20;
+        }
+    }
+
+    assert x == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example.bpl
new file mode 100644
index 0000000..1ba91a6
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example.bpl
@@ -0,0 +1,13 @@
+procedure m () {
+    var i: int;
+    var n: int;
+
+    i := 0;
+    assume n > 0;
+    while (i < n)
+        invariant i <= n;
+    {
+        i := i+1;
+    }
+    assert i >= n;    
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example_no_inv.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example_no_inv.bpl
new file mode 100644
index 0000000..89c0efe
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example_no_inv.bpl
@@ -0,0 +1,12 @@
+procedure m () {
+    var i: int;
+    var n: int;
+
+    i := 0;
+    assume n > 0;
+    while (i < n)
+    {
+        i := i+1;
+    }
+    assert i >= n;    
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_else_branch.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_else_branch.bpl
new file mode 100644
index 0000000..1e502d8
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_else_branch.bpl
@@ -0,0 +1,21 @@
+procedure while_in_if_true() {
+    var x: int;
+    var y: int;
+
+    havoc x;
+    havoc y;
+    if (x > 0)
+    {
+
+    }
+    else
+    {
+        x := x - 1;
+        while (y > 0)
+        {
+            y := y - 1;
+        }
+    }
+
+    assert x < 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_then_branch.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_then_branch.bpl
new file mode 100644
index 0000000..a4b87f3
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_then_branch.bpl
@@ -0,0 +1,17 @@
+procedure while_in_if_true() {
+    var x: int;
+    var y: int;
+
+    havoc x;
+    havoc y;
+    if (x > 0)
+    {
+        x := x - 1;
+        while (y > 0)
+        {
+            y := y - 1;
+        }
+    }
+
+    assert x >= 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_if.bpl
new file mode 100644
index 0000000..d4c19ba
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_if.bpl
@@ -0,0 +1,21 @@
+procedure nested_if() 
+{
+    var n : int;
+    var m : int;
+
+    if(n > 0)
+    {
+        if(m > 0)
+        {
+            m := m+n;
+        }
+        else
+        {
+            m := n;
+        }
+    }
+    else
+    {
+        
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop.bpl
new file mode 100644
index 0000000..7bd1a73
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop.bpl
@@ -0,0 +1,36 @@
+procedure nested_loop() {
+    var x : int;
+    var y : int;
+
+    ///// bigblock_0 , bigblock_1
+    ///// cont_0 = KSeq bigblock_6 cont_6
+    ///// cont_1 = KEndBlock (KSeq bigblock_6 cont_6)
+    x := 10;
+    y := 10;
+    while (x > 0)
+        invariant x >= 0;
+    {
+
+
+        ///////// bigblock_2, bigblock_3
+        ///////// cont_2 = KSeq bigblock_5 cont_5
+        ///////// cont_3 = KEndBlock (KSeq bigblock_5 cont_5)
+        while (y > 0)
+            invariant y >= 0;
+        {
+            ////// bigblock_4
+            ////// cont_4 = KSeq bigblock_3 cont_3 
+            y := y - 1;
+
+        }
+        ///// bigblock_5
+        ///// --> cont_5 = KSeq bigblock_1 cont_1
+        x := x - 1; 
+
+
+    }
+
+    //bigblock_6
+    //empty final big block --> cont_6 = KStop
+    
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop2.bpl
new file mode 100644
index 0000000..e84f707
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop2.bpl
@@ -0,0 +1,28 @@
+procedure nested_loop3() {
+    var x : int;
+    var y : int;
+    var z : int;
+
+    x := 10;
+    y := 10;
+    z := 10;
+    /////
+    while (z > 0)
+    {
+        /////
+        while (x > 0)
+            invariant x >= 0;
+        {
+            /////////
+            while (y > 0)
+                invariant y >= 0;
+            {
+                //////
+                z := z - 1;
+                y := y - 1;
+            }
+            /////
+            x := x - 1;
+        }
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop_while_true.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop_while_true.bpl
new file mode 100644
index 0000000..5b1c37d
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop_while_true.bpl
@@ -0,0 +1,25 @@
+procedure nested_loop2() {
+    var x : int;
+    var y : int;
+
+    x := 10;
+    y := 10;
+    /////
+    while (true)
+    {
+        /////
+        while (x > 0)
+            invariant x >= 0;
+        {
+            /////////
+            while (y > 0)
+                invariant y >= 0;
+            {
+                //////
+                y := y - 1;
+            }
+            /////
+            x := x - 1;
+        }
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_empty_branch_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_empty_branch_if.bpl
new file mode 100644
index 0000000..88f9a84
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_empty_branch_if.bpl
@@ -0,0 +1,13 @@
+procedure no_guard_empty_branch_if() {
+    var x : int;
+
+    havoc x;
+    if(*)
+    {
+
+    }
+    else
+    {
+        x := 6;
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_if.bpl
new file mode 100644
index 0000000..c66c20b
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_if.bpl
@@ -0,0 +1,14 @@
+procedure no_guard_if() {
+    var x : int;
+
+    havoc x;
+    if(*)
+    {
+        x := 0;
+    }
+    else
+    {
+        x := 1;
+    }
+    
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop.bpl
new file mode 100644
index 0000000..c213707
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop.bpl
@@ -0,0 +1,29 @@
+procedure  M();
+
+implementation M()
+{
+    var x: int;
+    var y: int;
+    var z: int;
+
+    havoc x;
+    havoc y;
+    havoc z;
+
+    while (*)
+    {
+        while (y > 10)
+        {
+            x := x*10;
+        }
+
+        if(x-10 > 200)
+        {
+            y := z+7;
+        }
+
+        x := x + y + z;
+    }
+
+    z := z - 2;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop2.bpl
new file mode 100644
index 0000000..0de89b3
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop2.bpl
@@ -0,0 +1,27 @@
+procedure  M();
+
+implementation M()
+{
+    var x: int;
+    var y: int;
+    var z: int;
+
+    havoc x;
+    havoc y;
+    havoc z;
+
+    while (*)
+    {
+        while (y > 10)
+        {
+            x := x*10;
+        }
+
+        if(x-10 > 200)
+        {
+            y := z+7;
+        }
+
+        x := x + y + z;
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop3.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop3.bpl
new file mode 100644
index 0000000..8ffcc28
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop3.bpl
@@ -0,0 +1,27 @@
+procedure  M();
+
+implementation M()
+{
+    var x: int;
+    var y: int;
+    var z: int;
+
+    havoc x;
+    havoc y;
+    havoc z;
+
+    while (y > 10)
+    {
+        x := x*10;
+
+        while (*)
+        {
+            x := x + y + z;
+            
+            if(x-10 > 200)
+            {
+                y := z+7;
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop4.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop4.bpl
new file mode 100644
index 0000000..742e174
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop4.bpl
@@ -0,0 +1,27 @@
+procedure  M();
+
+implementation M()
+{
+    var x: int;
+    var y: int;
+    var z: int;
+
+    havoc x;
+    havoc y;
+    havoc z;
+
+    while (*)
+    {
+        x := x + y + z;
+        
+        while (y > 10)
+        {
+            x := x*10;
+        }
+
+        if(x-10 > 200)
+        {
+            y := z+7;
+        }
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_inv_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_inv_loop.bpl
new file mode 100644
index 0000000..95d69db
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_inv_loop.bpl
@@ -0,0 +1,9 @@
+procedure no_inv_loop() {
+    var x : int;
+
+    havoc x;
+    while (x > 0)
+    {
+        x := x - 1;
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop.bpl
new file mode 100644
index 0000000..a63b1f0
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop.bpl
@@ -0,0 +1,20 @@
+procedure return_in_loop() {
+    var x: int;
+
+    havoc x;
+    while (x > 0)
+    {
+        x := x - 1;
+        return;
+    }
+
+    while (x < 0)
+        invariant x <= 0;
+    {
+        x := x + 1;
+        return;
+    }
+
+    x := 0;
+    assert x == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop2.bpl
new file mode 100644
index 0000000..b66cf8e
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop2.bpl
@@ -0,0 +1,16 @@
+procedure return_in_loop() {
+    var x: int;
+
+    x := 10;
+    while (x > 0)
+    {
+        if (x == 5)
+        {
+            assert x == 5;
+            return;
+        }
+        x := x - 1;
+    }
+
+    assert x != 5;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/simple_return_test.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/simple_return_test.bpl
new file mode 100644
index 0000000..3154efb
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/simple_return_test.bpl
@@ -0,0 +1,7 @@
+procedure return_test() 
+{
+   var m : int;
+
+   m := 0;
+   return; 
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/start_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/start_loop.bpl
new file mode 100644
index 0000000..24f412b
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/start_loop.bpl
@@ -0,0 +1,8 @@
+var t : int;
+procedure  start_loop()
+    modifies t;
+{
+   while(true) {
+    assume true;
+   } 
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/triangle_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/triangle_example.bpl
new file mode 100644
index 0000000..ae1e8b9
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/triangle_example.bpl
@@ -0,0 +1,15 @@
+procedure triangle(n: int) returns (t: int)
+    requires n >= 0;
+    ensures t == n*(n-1) div 2;
+{
+    var m : int;
+    m := 0;
+    t := 0;
+    while(m < n)
+        invariant t == (m*(m-1)) div 2;
+        invariant m <= n;
+        {
+            t := t + m;
+            m := m + 1;
+        }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assert_false.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assert_false.bpl
new file mode 100644
index 0000000..93081cb
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assert_false.bpl
@@ -0,0 +1,3 @@
+procedure trivial_assert_false() {
+    assert false;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assume_false.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assume_false.bpl
new file mode 100644
index 0000000..a1c5cd2
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assume_false.bpl
@@ -0,0 +1,3 @@
+procedure trivial_assume_false() {
+    assume false;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_example.bpl
new file mode 100644
index 0000000..2ff93d3
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_example.bpl
@@ -0,0 +1,8 @@
+function f(x: int) : bool;
+
+procedure p(x: int) {
+    var a : int;
+
+    assume f(a);
+    assert f(a);
+}
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if.bpl
new file mode 100644
index 0000000..c558e50
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if.bpl
@@ -0,0 +1,9 @@
+procedure assert_false_in_if() {
+    var x: int;
+
+    havoc x;
+    if (x != 8)
+    {
+        assert false;
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_2.bpl
new file mode 100644
index 0000000..d5b5947
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_2.bpl
@@ -0,0 +1,12 @@
+procedure assert_false_in_if_2() {
+    var x: int;
+
+    havoc x;
+    if (x != 8)
+    {
+        assert false;
+    }
+
+    x := 7;
+    assert x == 7;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_3.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_3.bpl
new file mode 100644
index 0000000..669e2f6
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_3.bpl
@@ -0,0 +1,12 @@
+procedure assert_false_in_if_3() {
+    var x: int;
+
+    havoc x;
+    if (*)
+    {
+        assert false;
+    }
+
+    x := 7;
+    assert x == 7;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_assert_false.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_assert_false.bpl
new file mode 100644
index 0000000..d5ca5c6
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_assert_false.bpl
@@ -0,0 +1,12 @@
+procedure assume_false_assert_false() {
+    var x: int;
+
+    havoc x;
+    if (x > 0)
+    {
+        assume false;
+        x := x - 1;
+    }
+
+    assert false;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_in_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_in_if.bpl
new file mode 100644
index 0000000..e123ebf
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_in_if.bpl
@@ -0,0 +1,9 @@
+procedure assume_false_in_if() {
+    var x: int;
+
+    havoc x;
+    if (x != 8)
+    {
+        assume false;
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/complete_bigblock_loop_in_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/complete_bigblock_loop_in_loop.bpl
new file mode 100644
index 0000000..8f64c6e
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/complete_bigblock_loop_in_loop.bpl
@@ -0,0 +1,17 @@
+procedure while_succ_in_while() {
+    var x: int;
+    var y: int;
+
+    havoc x;
+    havoc y;
+    while (x > 0)
+    {
+        x := x - 1;
+        while (y > 0)
+        {
+            y := y - 1;
+        }
+    }
+
+    assert x == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_ifs.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_ifs.bpl
new file mode 100644
index 0000000..8293604
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_ifs.bpl
@@ -0,0 +1,22 @@
+procedure consecutive_ifs() {
+    var x : int;
+
+    havoc x;
+    if (x > 0)
+    {
+        x := 5;
+    }
+    else
+    {
+        
+    }
+
+    if (*)
+    {
+        x := 1;
+    } 
+    else
+    {
+        x := -1;
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops.bpl
new file mode 100644
index 0000000..6996aa4
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops.bpl
@@ -0,0 +1,18 @@
+procedure consecutive_loops() {
+    var x: int;
+
+    havoc x;
+    while (x > 0)
+    {
+        x := x - 1;
+    }
+
+    while (x < 0)
+        invariant x <= 0;
+    {
+        x := x + 1;
+    }
+
+
+    assert x == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop.bpl
new file mode 100644
index 0000000..e612b51
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop.bpl
@@ -0,0 +1,25 @@
+procedure consecutive_loops_in_loop() {
+    var x: int;
+    var y: int;
+
+    havoc y;
+    havoc x;
+
+    while (y > 0)
+    {
+        while (x > 1)
+        {
+            x := x - 1;
+        }
+
+        while (x < 1)
+            invariant x <= 1;
+        {
+            x := x + 1;
+        }
+
+        assert x == 1;
+        y := y - x;
+    }
+    assert y == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop_2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop_2.bpl
new file mode 100644
index 0000000..9f927a0
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop_2.bpl
@@ -0,0 +1,26 @@
+procedure consecutive_loops_in_loop_2() {
+    var x: int;
+    var y: int;
+
+    havoc y;
+    havoc x;
+
+    while (y > 0)
+    {
+        x := y - 1;
+        while (x > 1)
+        {
+            x := x - 1;
+        }
+
+        while (x < 1)
+            invariant x <= 1;
+        {
+            x := x + 1;
+        }
+
+        assert x == 1;
+        y := y - x;
+    }
+    assert y == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_branch_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_branch_if.bpl
new file mode 100644
index 0000000..3f61074
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_branch_if.bpl
@@ -0,0 +1,14 @@
+procedure empty_branch_if() {
+    var x : int;
+
+    havoc x;
+    if(x > 5)
+    {
+
+    }
+    else
+    {
+        x := 6;
+    }
+    assert x > 5;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_generic_block.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_generic_block.bpl
new file mode 100644
index 0000000..a0542b6
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_generic_block.bpl
@@ -0,0 +1,11 @@
+procedure empty_generic_block() {
+    var x : int;
+
+    x := 0;
+
+    label1:
+
+    label2:
+
+    assert x == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_loop.bpl
new file mode 100644
index 0000000..ce89c5a
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_loop.bpl
@@ -0,0 +1,8 @@
+procedure p() {
+    var x: int;
+
+    x := 0;
+    while (x > 0)
+        invariant x >= 0; {}
+    assert x == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/globals.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/globals.bpl
new file mode 100644
index 0000000..be7ee48
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/globals.bpl
@@ -0,0 +1,13 @@
+var a : int;
+var b : bool;
+
+function f(a : int) : bool;
+function g(b : bool) : bool;
+
+procedure p(x : int) {
+    assume f(a);
+    assume g(b);
+
+    assert f(a);
+    assert g(b); 
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example.bpl
new file mode 100644
index 0000000..66ef53c
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example.bpl
@@ -0,0 +1,20 @@
+procedure if_example_test_2() {
+    var x: int;
+    
+    havoc x; // ---> [Havoc x] --- block 0
+
+//-------------------------------------------------------
+
+    if (x > 5)
+    {
+        x := 10; // ---> [Assume x > 5; x := 10] --- block 3
+    }
+    else
+    {
+        x := 1; // ---> [Assume 5 >= x; x := 1] --- block 1
+    }
+
+//#######################################################
+
+    assert x > 0; // ---> [Assert x > 0] --- block 2
+}
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example_no_else_branch.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example_no_else_branch.bpl
new file mode 100644
index 0000000..b6638f0
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example_no_else_branch.bpl
@@ -0,0 +1,17 @@
+procedure if_example_no_else_branch() {
+    var x: int;
+    
+    havoc x; 
+
+    if (x > 5)
+    {
+        x := 10; 
+    }
+
+    if (x <= 5)
+    {
+        x := 1;
+    }
+
+    assert x > 0; 
+}
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_inside_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_inside_loop.bpl
new file mode 100644
index 0000000..639fbb8
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_inside_loop.bpl
@@ -0,0 +1,20 @@
+procedure if_inside_while() {
+    var x: int;
+    var y: int;
+
+    havoc x;
+    while (x > 0)
+    {
+        x := x - 1;
+        if (x > 1)
+        {
+            y := 10;
+        }
+        else
+        {
+            y := 20;
+        }
+    }
+
+    assert x == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example.bpl
new file mode 100644
index 0000000..1ba91a6
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example.bpl
@@ -0,0 +1,13 @@
+procedure m () {
+    var i: int;
+    var n: int;
+
+    i := 0;
+    assume n > 0;
+    while (i < n)
+        invariant i <= n;
+    {
+        i := i+1;
+    }
+    assert i >= n;    
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example_no_inv.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example_no_inv.bpl
new file mode 100644
index 0000000..89c0efe
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example_no_inv.bpl
@@ -0,0 +1,12 @@
+procedure m () {
+    var i: int;
+    var n: int;
+
+    i := 0;
+    assume n > 0;
+    while (i < n)
+    {
+        i := i+1;
+    }
+    assert i >= n;    
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_else_branch.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_else_branch.bpl
new file mode 100644
index 0000000..1e502d8
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_else_branch.bpl
@@ -0,0 +1,21 @@
+procedure while_in_if_true() {
+    var x: int;
+    var y: int;
+
+    havoc x;
+    havoc y;
+    if (x > 0)
+    {
+
+    }
+    else
+    {
+        x := x - 1;
+        while (y > 0)
+        {
+            y := y - 1;
+        }
+    }
+
+    assert x < 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_then_branch.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_then_branch.bpl
new file mode 100644
index 0000000..a4b87f3
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_then_branch.bpl
@@ -0,0 +1,17 @@
+procedure while_in_if_true() {
+    var x: int;
+    var y: int;
+
+    havoc x;
+    havoc y;
+    if (x > 0)
+    {
+        x := x - 1;
+        while (y > 0)
+        {
+            y := y - 1;
+        }
+    }
+
+    assert x >= 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_if.bpl
new file mode 100644
index 0000000..d4c19ba
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_if.bpl
@@ -0,0 +1,21 @@
+procedure nested_if() 
+{
+    var n : int;
+    var m : int;
+
+    if(n > 0)
+    {
+        if(m > 0)
+        {
+            m := m+n;
+        }
+        else
+        {
+            m := n;
+        }
+    }
+    else
+    {
+        
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop.bpl
new file mode 100644
index 0000000..7bd1a73
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop.bpl
@@ -0,0 +1,36 @@
+procedure nested_loop() {
+    var x : int;
+    var y : int;
+
+    ///// bigblock_0 , bigblock_1
+    ///// cont_0 = KSeq bigblock_6 cont_6
+    ///// cont_1 = KEndBlock (KSeq bigblock_6 cont_6)
+    x := 10;
+    y := 10;
+    while (x > 0)
+        invariant x >= 0;
+    {
+
+
+        ///////// bigblock_2, bigblock_3
+        ///////// cont_2 = KSeq bigblock_5 cont_5
+        ///////// cont_3 = KEndBlock (KSeq bigblock_5 cont_5)
+        while (y > 0)
+            invariant y >= 0;
+        {
+            ////// bigblock_4
+            ////// cont_4 = KSeq bigblock_3 cont_3 
+            y := y - 1;
+
+        }
+        ///// bigblock_5
+        ///// --> cont_5 = KSeq bigblock_1 cont_1
+        x := x - 1; 
+
+
+    }
+
+    //bigblock_6
+    //empty final big block --> cont_6 = KStop
+    
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop2.bpl
new file mode 100644
index 0000000..e84f707
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop2.bpl
@@ -0,0 +1,28 @@
+procedure nested_loop3() {
+    var x : int;
+    var y : int;
+    var z : int;
+
+    x := 10;
+    y := 10;
+    z := 10;
+    /////
+    while (z > 0)
+    {
+        /////
+        while (x > 0)
+            invariant x >= 0;
+        {
+            /////////
+            while (y > 0)
+                invariant y >= 0;
+            {
+                //////
+                z := z - 1;
+                y := y - 1;
+            }
+            /////
+            x := x - 1;
+        }
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop_while_true.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop_while_true.bpl
new file mode 100644
index 0000000..5b1c37d
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop_while_true.bpl
@@ -0,0 +1,25 @@
+procedure nested_loop2() {
+    var x : int;
+    var y : int;
+
+    x := 10;
+    y := 10;
+    /////
+    while (true)
+    {
+        /////
+        while (x > 0)
+            invariant x >= 0;
+        {
+            /////////
+            while (y > 0)
+                invariant y >= 0;
+            {
+                //////
+                y := y - 1;
+            }
+            /////
+            x := x - 1;
+        }
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_empty_branch_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_empty_branch_if.bpl
new file mode 100644
index 0000000..88f9a84
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_empty_branch_if.bpl
@@ -0,0 +1,13 @@
+procedure no_guard_empty_branch_if() {
+    var x : int;
+
+    havoc x;
+    if(*)
+    {
+
+    }
+    else
+    {
+        x := 6;
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_if.bpl
new file mode 100644
index 0000000..c66c20b
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_if.bpl
@@ -0,0 +1,14 @@
+procedure no_guard_if() {
+    var x : int;
+
+    havoc x;
+    if(*)
+    {
+        x := 0;
+    }
+    else
+    {
+        x := 1;
+    }
+    
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop.bpl
new file mode 100644
index 0000000..c213707
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop.bpl
@@ -0,0 +1,29 @@
+procedure  M();
+
+implementation M()
+{
+    var x: int;
+    var y: int;
+    var z: int;
+
+    havoc x;
+    havoc y;
+    havoc z;
+
+    while (*)
+    {
+        while (y > 10)
+        {
+            x := x*10;
+        }
+
+        if(x-10 > 200)
+        {
+            y := z+7;
+        }
+
+        x := x + y + z;
+    }
+
+    z := z - 2;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop2.bpl
new file mode 100644
index 0000000..0de89b3
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop2.bpl
@@ -0,0 +1,27 @@
+procedure  M();
+
+implementation M()
+{
+    var x: int;
+    var y: int;
+    var z: int;
+
+    havoc x;
+    havoc y;
+    havoc z;
+
+    while (*)
+    {
+        while (y > 10)
+        {
+            x := x*10;
+        }
+
+        if(x-10 > 200)
+        {
+            y := z+7;
+        }
+
+        x := x + y + z;
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop3.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop3.bpl
new file mode 100644
index 0000000..8ffcc28
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop3.bpl
@@ -0,0 +1,27 @@
+procedure  M();
+
+implementation M()
+{
+    var x: int;
+    var y: int;
+    var z: int;
+
+    havoc x;
+    havoc y;
+    havoc z;
+
+    while (y > 10)
+    {
+        x := x*10;
+
+        while (*)
+        {
+            x := x + y + z;
+            
+            if(x-10 > 200)
+            {
+                y := z+7;
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop4.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop4.bpl
new file mode 100644
index 0000000..742e174
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop4.bpl
@@ -0,0 +1,27 @@
+procedure  M();
+
+implementation M()
+{
+    var x: int;
+    var y: int;
+    var z: int;
+
+    havoc x;
+    havoc y;
+    havoc z;
+
+    while (*)
+    {
+        x := x + y + z;
+        
+        while (y > 10)
+        {
+            x := x*10;
+        }
+
+        if(x-10 > 200)
+        {
+            y := z+7;
+        }
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_inv_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_inv_loop.bpl
new file mode 100644
index 0000000..95d69db
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_inv_loop.bpl
@@ -0,0 +1,9 @@
+procedure no_inv_loop() {
+    var x : int;
+
+    havoc x;
+    while (x > 0)
+    {
+        x := x - 1;
+    }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop.bpl
new file mode 100644
index 0000000..a63b1f0
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop.bpl
@@ -0,0 +1,20 @@
+procedure return_in_loop() {
+    var x: int;
+
+    havoc x;
+    while (x > 0)
+    {
+        x := x - 1;
+        return;
+    }
+
+    while (x < 0)
+        invariant x <= 0;
+    {
+        x := x + 1;
+        return;
+    }
+
+    x := 0;
+    assert x == 0;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop2.bpl
new file mode 100644
index 0000000..b66cf8e
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop2.bpl
@@ -0,0 +1,16 @@
+procedure return_in_loop() {
+    var x: int;
+
+    x := 10;
+    while (x > 0)
+    {
+        if (x == 5)
+        {
+            assert x == 5;
+            return;
+        }
+        x := x - 1;
+    }
+
+    assert x != 5;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/simple_return_test.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/simple_return_test.bpl
new file mode 100644
index 0000000..3154efb
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/simple_return_test.bpl
@@ -0,0 +1,7 @@
+procedure return_test() 
+{
+   var m : int;
+
+   m := 0;
+   return; 
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/start_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/start_loop.bpl
new file mode 100644
index 0000000..24f412b
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/start_loop.bpl
@@ -0,0 +1,8 @@
+var t : int;
+procedure  start_loop()
+    modifies t;
+{
+   while(true) {
+    assume true;
+   } 
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/triangle_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/triangle_example.bpl
new file mode 100644
index 0000000..ae1e8b9
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/triangle_example.bpl
@@ -0,0 +1,15 @@
+procedure triangle(n: int) returns (t: int)
+    requires n >= 0;
+    ensures t == n*(n-1) div 2;
+{
+    var m : int;
+    m := 0;
+    t := 0;
+    while(m < n)
+        invariant t == (m*(m-1)) div 2;
+        invariant m <= n;
+        {
+            t := t + m;
+            m := m + 1;
+        }
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assert_false.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assert_false.bpl
new file mode 100644
index 0000000..93081cb
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assert_false.bpl
@@ -0,0 +1,3 @@
+procedure trivial_assert_false() {
+    assert false;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assume_false.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assume_false.bpl
new file mode 100644
index 0000000..a1c5cd2
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assume_false.bpl
@@ -0,0 +1,3 @@
+procedure trivial_assume_false() {
+    assume false;
+}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_example.bpl
new file mode 100644
index 0000000..2ff93d3
--- /dev/null
+++ b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_example.bpl
@@ -0,0 +1,8 @@
+function f(x: int) : bool;
+
+procedure p(x: int) {
+    var a : int;
+
+    assume f(a);
+    assert f(a);
+}
diff --git a/boogie_examples/other/break_example.bpl b/boogie_examples/other/break_example.bpl
new file mode 100644
index 0000000..826b554
--- /dev/null
+++ b/boogie_examples/other/break_example.bpl
@@ -0,0 +1,16 @@
+procedure p() {
+    var y : int;
+
+    y := 0;
+    while (true)
+        invariant true;
+    {
+        y := y + 1;
+	if(y > 1)
+	{
+            break;
+	}
+    }
+
+    assert y >= 0;
+}
diff --git a/boogie_examples/other/goto_example.bpl b/boogie_examples/other/goto_example.bpl
new file mode 100644
index 0000000..1859e43
--- /dev/null
+++ b/boogie_examples/other/goto_example.bpl
@@ -0,0 +1,11 @@
+procedure q() {
+    var x : int;
+
+    x := 0;
+    goto label1;
+
+    x := 2;
+
+label1:
+    assert x == 0;
+}
diff --git a/boogie_examples/other/if_example_CFG.bpl b/boogie_examples/other/if_example_CFG.bpl
new file mode 100644
index 0000000..96d46e5
--- /dev/null
+++ b/boogie_examples/other/if_example_CFG.bpl
@@ -0,0 +1,23 @@
+implementation p()
+{
+  var x: int;
+
+
+  anon0:
+    havoc x;
+    goto anon4_Then, anon4_Else;
+
+  anon4_Else:
+    assume {:partition} 5 >= x;
+    x := 1;
+    goto anon3;
+
+  anon3:
+    assert x > 0;
+    return;
+
+  anon4_Then:
+    assume {:partition} x > 5;
+    x := 10;
+    goto anon3;
+}
diff --git a/boogie_examples/other/if_example_duplicate.bpl b/boogie_examples/other/if_example_duplicate.bpl
new file mode 100644
index 0000000..66ef53c
--- /dev/null
+++ b/boogie_examples/other/if_example_duplicate.bpl
@@ -0,0 +1,20 @@
+procedure if_example_test_2() {
+    var x: int;
+    
+    havoc x; // ---> [Havoc x] --- block 0
+
+//-------------------------------------------------------
+
+    if (x > 5)
+    {
+        x := 10; // ---> [Assume x > 5; x := 10] --- block 3
+    }
+    else
+    {
+        x := 1; // ---> [Assume 5 >= x; x := 1] --- block 1
+    }
+
+//#######################################################
+
+    assert x > 0; // ---> [Assert x > 0] --- block 2
+}
diff --git a/boogie_examples/other/labeled_break.bpl b/boogie_examples/other/labeled_break.bpl
new file mode 100644
index 0000000..cc7ab90
--- /dev/null
+++ b/boogie_examples/other/labeled_break.bpl
@@ -0,0 +1,32 @@
+procedure p() {
+    var x : int;
+    var y : int;
+    var n : int;
+
+    x := 0;
+    y := 0;
+    assume n > 0;
+
+ ////////////////////////   
+    
+    outer_label:
+
+    while (x > 0) 
+    {
+        /////////////
+        while (y > 0)
+        {
+            //////////
+            y := y+1;
+            break outer_label;
+            //////////
+        }
+        //////////////
+        x := x+1;
+        //////////////
+    }
+
+//////////////////////    
+
+    return;
+}
\ No newline at end of file
diff --git a/boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_2.bpl b/boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_2.bpl
new file mode 100644
index 0000000..d5b5947
--- /dev/null
+++ b/boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_2.bpl
@@ -0,0 +1,12 @@
+procedure assert_false_in_if_2() {
+    var x: int;
+
+    havoc x;
+    if (x != 8)
+    {
+        assert false;
+    }
+
+    x := 7;
+    assert x == 7;
+}
\ No newline at end of file
diff --git a/boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_3.bpl b/boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_3.bpl
new file mode 100644
index 0000000..669e2f6
--- /dev/null
+++ b/boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_3.bpl
@@ -0,0 +1,12 @@
+procedure assert_false_in_if_3() {
+    var x: int;
+
+    havoc x;
+    if (*)
+    {
+        assert false;
+    }
+
+    x := 7;
+    assert x == 7;
+}
\ No newline at end of file
diff --git a/boogie_examples/proofgen_depends_on_pruning/assume_false_assert_false.bpl b/boogie_examples/proofgen_depends_on_pruning/assume_false_assert_false.bpl
new file mode 100644
index 0000000..d5ca5c6
--- /dev/null
+++ b/boogie_examples/proofgen_depends_on_pruning/assume_false_assert_false.bpl
@@ -0,0 +1,12 @@
+procedure assume_false_assert_false() {
+    var x: int;
+
+    havoc x;
+    if (x > 0)
+    {
+        assume false;
+        x := x - 1;
+    }
+
+    assert false;
+}
\ No newline at end of file
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/20220720_112439_timing_certificates.csv b/boogie_examples/simple_examples_no_optimization_proofs/20220720_112439_timing_certificates.csv
new file mode 100644
index 0000000..cabece3
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/20220720_112439_timing_certificates.csv
@@ -0,0 +1,41 @@
+File,Mean,Median,Pstdev.
+simple_examples_no_optimization_proofs_2/loop_in_else_branch_proofs/ROOT,16.529927492141724,16.529927492141724,0.0
+simple_examples_no_optimization_proofs_2/return_in_loop2_proofs/ROOT,20.6615948677063,20.6615948677063,0.0
+simple_examples_no_optimization_proofs_2/empty_generic_block_proofs/ROOT,17.638909101486206,17.638909101486206,0.0
+simple_examples_no_optimization_proofs_2/if_example_no_else_branch_proofs/ROOT,16.70071840286255,16.70071840286255,0.0
+simple_examples_no_optimization_proofs_2/empty_loop_proofs/ROOT,18.356985569000244,18.356985569000244,0.0
+simple_examples_no_optimization_proofs_2/simple_return_test_proofs/ROOT,15.760504722595215,15.760504722595215,0.0
+simple_examples_no_optimization_proofs_2/no_guard_loop4_proofs/ROOT,22.520811319351196,22.520811319351196,0.0
+simple_examples_no_optimization_proofs_2/nested_loop_while_true_proofs/ROOT,21.14844298362732,21.14844298362732,0.0
+simple_examples_no_optimization_proofs_2/triangle_example_proofs/ROOT,18.182694673538208,18.182694673538208,0.0
+simple_examples_no_optimization_proofs_2/consecutive_loops_in_loop_2_proofs/ROOT,22.464988946914673,22.464988946914673,0.0
+simple_examples_no_optimization_proofs_2/assert_false_in_if_3_proofs/ROOT,16.334786653518677,16.334786653518677,0.0
+simple_examples_no_optimization_proofs_2/no_guard_loop_proofs/ROOT,24.018352031707764,24.018352031707764,0.0
+simple_examples_no_optimization_proofs_2/assume_false_assert_false_proofs/ROOT,16.269209146499634,16.269209146499634,0.0
+simple_examples_no_optimization_proofs_2/consecutive_loops_proofs/ROOT,21.778433084487915,21.778433084487915,0.0
+simple_examples_no_optimization_proofs_2/if_inside_loop_proofs/ROOT,20.71945309638977,20.71945309638977,0.0
+simple_examples_no_optimization_proofs_2/start_loop_proofs/ROOT,20.882461547851562,20.882461547851562,0.0
+simple_examples_no_optimization_proofs_2/loop_example_no_inv_proofs/ROOT,17.588947772979736,17.588947772979736,0.0
+simple_examples_no_optimization_proofs_2/return_in_loop_proofs/ROOT,18.51476764678955,18.51476764678955,0.0
+simple_examples_no_optimization_proofs_2/trivial_assume_false_proofs/ROOT,14.143598794937134,14.143598794937134,0.0
+simple_examples_no_optimization_proofs_2/assume_false_in_if_proofs/ROOT,15.7973051071167,15.7973051071167,0.0
+simple_examples_no_optimization_proofs_2/assert_false_in_if_proofs/ROOT,15.551785707473755,15.551785707473755,0.0
+simple_examples_no_optimization_proofs_2/no_guard_if_proofs/ROOT,15.046565055847168,15.046565055847168,0.0
+simple_examples_no_optimization_proofs_2/no_inv_loop_proofs/ROOT,17.20460557937622,17.20460557937622,0.0
+simple_examples_no_optimization_proofs_2/consecutive_loops_in_loop_proofs/ROOT,21.2952823638916,21.2952823638916,0.0
+simple_examples_no_optimization_proofs_2/nested_loop_proofs/ROOT,20.862541913986206,20.862541913986206,0.0
+simple_examples_no_optimization_proofs_2/consecutive_ifs_proofs/ROOT,15.956636667251587,15.956636667251587,0.0
+simple_examples_no_optimization_proofs_2/loop_in_then_branch_proofs/ROOT,18.217901945114136,18.217901945114136,0.0
+simple_examples_no_optimization_proofs_2/assert_false_in_if_2_proofs/ROOT,15.341740846633911,15.341740846633911,0.0
+simple_examples_no_optimization_proofs_2/globals_proofs/ROOT,20.984867572784424,20.984867572784424,0.0
+simple_examples_no_optimization_proofs_2/if_example_proofs/ROOT,16.11746120452881,16.11746120452881,0.0
+simple_examples_no_optimization_proofs_2/no_guard_empty_branch_if_proofs/ROOT,16.002037286758423,16.002037286758423,0.0
+simple_examples_no_optimization_proofs_2/no_guard_loop2_proofs/ROOT,22.825337171554565,22.825337171554565,0.0
+simple_examples_no_optimization_proofs_2/nested_loop2_proofs/ROOT,21.991888523101807,21.991888523101807,0.0
+simple_examples_no_optimization_proofs_2/trivial_assert_false_proofs/ROOT,15.958161354064941,15.958161354064941,0.0
+simple_examples_no_optimization_proofs_2/loop_example_proofs/ROOT,19.151580333709717,19.151580333709717,0.0
+simple_examples_no_optimization_proofs_2/nested_if_proofs/ROOT,15.94367241859436,15.94367241859436,0.0
+simple_examples_no_optimization_proofs_2/complete_bigblock_loop_in_loop_proofs/ROOT,20.320770740509033,20.320770740509033,0.0
+simple_examples_no_optimization_proofs_2/no_guard_loop3_proofs/ROOT,22.385133504867554,22.385133504867554,0.0
+simple_examples_no_optimization_proofs_2/trivial_example_proofs/ROOT,15.298888921737671,15.298888921737671,0.0
+simple_examples_no_optimization_proofs_2/empty_branch_if_proofs/ROOT,16.03464651107788,16.03464651107788,0.0
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/ROOT
new file mode 100644
index 0000000..de4142c
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/ROOT
@@ -0,0 +1,12 @@
+session assert_false_in_if_2_proofs = Boogie_Lang + 
+directories assert_false_in_if_2_proofs
+theories
+global_data
+"assert_false_in_if_2_proofs/assert_false_in_if_2_before_passive_prog"
+"assert_false_in_if_2_proofs/assert_false_in_if_2_passification_proof"
+"assert_false_in_if_2_proofs/assert_false_in_if_2_asttocfg_proof"
+"assert_false_in_if_2_proofs/assert_false_in_if_2_before_ast_to_cfg_prog"
+"assert_false_in_if_2_proofs/assert_false_in_if_2_cfgtodag_proof"
+"assert_false_in_if_2_proofs/assert_false_in_if_2_before_cfg_to_dag_prog"
+"assert_false_in_if_2_proofs/assert_false_in_if_2_vcphase_proof"
+"assert_false_in_if_2_proofs/assert_false_in_if_2_passive_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_asttocfg_proof.thy
new file mode 100644
index 0000000..9e70f48
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_asttocfg_proof.thy
@@ -0,0 +1,335 @@
+theory assert_false_in_if_2_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assert_false_in_if_2_before_ast_to_cfg_prog assert_false_in_if_2_before_cfg_to_dag_prog assert_false_in_if_2_cfgtodag_proof assert_false_in_if_2_passification_proof assert_false_in_if_2_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A assert_false_in_if_2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3_def assert_false_in_if_2_before_cfg_to_dag_prog.block_3_def)
+apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_3_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_3_def assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3_def)+)
+done
+
+
+lemma global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_2_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+apply (rule cont_3_def)
+apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_3)
+apply (rule disjI1)
+apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.block_3_def)
+apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_3)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.node_3)
+apply (rule rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_3)
+apply assumption+
+
+done
+qed
+
+lemma global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_2_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_2_def)
+
+apply (rule astTrace)
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_neq)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.node_2)
+
+
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
+unfolding assert_false_in_if_2_before_cfg_to_dag_prog.block_1_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_1_def)
+apply ((simp add: assms(3) assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1_def)+)
+done
+
+
+lemma global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_2_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1_def)
+apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_1)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.block_1_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_1_def)
+apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.node_1)
+apply (rule rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_1)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0_def assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_2_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0 _ assert_false_in_if_2_before_cfg_to_dag_prog.block_0])
+apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.node_0)
+apply (rule rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 2])+)
+apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_0_def assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assert_false_in_if_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assert_false_in_if_2_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assert_false_in_if_2_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.pres_def assert_false_in_if_2_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.pres_def assert_false_in_if_2_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) assert_false_in_if_2_before_ast_to_cfg_prog.fdecls assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.axioms assert_false_in_if_2_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 assert_false_in_if_2_before_ast_to_cfg_prog.ast_proc_def assert_false_in_if_2_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..3a6dc77
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_ast_to_cfg_prog.thy
@@ -0,0 +1,123 @@
+theory assert_false_in_if_2_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Neq (Lit (LInt 8)))) [(BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [(Assign 0 (Lit (LInt 7))),(Assert (BinOp (Var 0) Eq (Lit (LInt 7))))] (None ) (None ))"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KSeq bigblock_3 cont_3)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assert_false_in_if_2_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec assert_false_in_if_2_before_ast_to_cfg_prog.post),proc_body = (Some (assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls,assert_false_in_if_2_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..f0a26a2
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_cfg_to_dag_prog.thy
@@ -0,0 +1,149 @@
+theory assert_false_in_if_2_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 8)))),(Assert (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 8))))]"
+definition block_3
+  where
+    "block_3  = [(Assign 0 (Lit (LInt 7))),(Assert (BinOp (Var 0) Eq (Lit (LInt 7))))]"
+definition outEdges
+  where
+    "outEdges  = [[1,2],[3],[3],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assert_false_in_if_2_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec assert_false_in_if_2_before_cfg_to_dag_prog.post),proc_body = (Some (assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls,assert_false_in_if_2_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_passive_prog.thy
new file mode 100644
index 0000000..dc574a3
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory assert_false_in_if_2_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_2_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 7))),(Assert (BinOp (Var 0) Eq (Lit (LInt 7))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 8)))),(Assert (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 8))))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_cfgtodag_proof.thy
new file mode 100644
index 0000000..0cec8c7
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_cfgtodag_proof.thy
@@ -0,0 +1,284 @@
+theory assert_false_in_if_2_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assert_false_in_if_2_before_ast_to_cfg_prog assert_false_in_if_2_before_cfg_to_dag_prog assert_false_in_if_2_before_passive_prog assert_false_in_if_2_passification_proof assert_false_in_if_2_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A assert_false_in_if_2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_2_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assert_false_in_if_2_before_cfg_to_dag_prog.block_3_def assert_false_in_if_2_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_3)
+apply (rule assert_false_in_if_2_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.post_def
+apply (rule block_anon3)
+apply assumption+
+by (rule assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_3)
+
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_2_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assert_false_in_if_2_before_cfg_to_dag_prog.block_1_def assert_false_in_if_2_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_1)
+apply (rule assert_false_in_if_2_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon4_Then)
+apply (assumption+)
+apply ((simp add:assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:assert_false_in_if_2_before_passive_prog.outEdges_1))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_2_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assert_false_in_if_2_before_cfg_to_dag_prog.block_2_def assert_false_in_if_2_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_2)
+apply (rule assert_false_in_if_2_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon4_Else)
+apply (assumption+)
+apply ((simp add:assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:assert_false_in_if_2_before_passive_prog.outEdges_2))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_2_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def assert_false_in_if_2_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_0)
+apply (rule assert_false_in_if_2_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:assert_false_in_if_2_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:assert_false_in_if_2_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:assert_false_in_if_2_before_passive_prog.outEdges_4))
+by ((simp add:assert_false_in_if_2_before_passive_prog.node_4 assert_false_in_if_2_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assert_false_in_if_2_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule assert_false_in_if_2_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding assert_false_in_if_2_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=assert_false_in_if_2_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule assert_false_in_if_2_before_passive_prog.outEdges_5)
+apply ((simp add:assert_false_in_if_2_before_passive_prog.node_4 assert_false_in_if_2_before_passive_prog.block_4_def))
+apply (rule assert_false_in_if_2_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assert_false_in_if_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assert_false_in_if_2_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assert_false_in_if_2_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule assert_false_in_if_2_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passification_proof.thy
new file mode 100644
index 0000000..61a3026
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passification_proof.thy
@@ -0,0 +1,258 @@
+theory assert_false_in_if_2_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_2_before_ast_to_cfg_prog assert_false_in_if_2_passive_prog Boogie_Lang.PassificationML assert_false_in_if_2_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 7)))]) R_old assert_false_in_if_2_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_2_before_passive_prog.block_0_def assert_false_in_if_2_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_2_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_2_before_passive_prog.block_1_def assert_false_in_if_2_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_2_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_2_before_passive_prog.block_2_def assert_false_in_if_2_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old assert_false_in_if_2_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_2_before_passive_prog.block_3_def assert_false_in_if_2_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:assert_false_in_if_2_before_ast_to_cfg_prog.l_x(2) assert_false_in_if_2_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_2_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_2_before_passive_prog.block_4_def assert_false_in_if_2_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_2_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_2_before_passive_prog.block_5_def assert_false_in_if_2_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_2_before_passive_prog.node_0},@{thm assert_false_in_if_2_before_passive_prog.outEdges_0}) (@{thm assert_false_in_if_2_passive_prog.node_0},@{thm assert_false_in_if_2_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assert_false_in_if_2_before_passive_prog.node_1},@{thm assert_false_in_if_2_before_passive_prog.outEdges_1}) (@{thm assert_false_in_if_2_passive_prog.node_1},@{thm assert_false_in_if_2_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assert_false_in_if_2_before_passive_prog.node_2},@{thm assert_false_in_if_2_before_passive_prog.outEdges_2}) (@{thm assert_false_in_if_2_passive_prog.node_2},@{thm assert_false_in_if_2_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_2_before_passive_prog.node_3},@{thm assert_false_in_if_2_before_passive_prog.outEdges_3}) (@{thm assert_false_in_if_2_passive_prog.node_3},@{thm assert_false_in_if_2_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon4_Then}, 
+@{thm cfg_block_anon4_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_2_before_passive_prog.node_4},@{thm assert_false_in_if_2_before_passive_prog.outEdges_4}) (@{thm assert_false_in_if_2_passive_prog.node_4},@{thm assert_false_in_if_2_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_2_before_passive_prog.node_5},@{thm assert_false_in_if_2_before_passive_prog.outEdges_5}) (@{thm assert_false_in_if_2_passive_prog.node_5},@{thm assert_false_in_if_2_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assert_false_in_if_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls ns assert_false_in_if_2_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv assert_false_in_if_2_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding assert_false_in_if_2_passive_prog.params_vdecls_def assert_false_in_if_2_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using assert_false_in_if_2_before_passive_prog.globals_locals_disj apply auto[1]
+using assert_false_in_if_2_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] assert_false_in_if_2_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range assert_false_in_if_2_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] assert_false_in_if_2_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from assert_false_in_if_2_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passive_prog.thy
new file mode 100644
index 0000000..d1b70c3
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passive_prog.thy
@@ -0,0 +1,119 @@
+theory assert_false_in_if_2_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_2_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Lit (LInt 7)) Eq (Lit (LInt 7))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Neq (Lit (LInt 8)))),(Assert (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 1) Eq (Lit (LInt 8))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assert_false_in_if_2_passive_prog.params_vdecls_def assert_false_in_if_2_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)))) = {})"
+unfolding assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_vcphase_proof.thy
new file mode 100644
index 0000000..aaf62c3
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_vcphase_proof.thy
@@ -0,0 +1,228 @@
+theory assert_false_in_if_2_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML assert_false_in_if_2_passive_prog assert_false_in_if_2_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon4_Then
+  where
+    "vc_anon4_Then x_0 = (\<not> (x_0 \<noteq> (8::int)))"
+definition vc_anon3
+  where
+    "vc_anon3  = ((7::int) = (7::int))"
+definition vc_anon4_Else
+  where
+    "vc_anon4_Else x_0 = ((x_0 = (8::int)) \<longrightarrow> (vc_anon3 ))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 = ((vc_anon4_Then x_0) \<and> (vc_anon4_Else x_0))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2
+lemmas forall_poly_thm = forall_vc_type[OF G2]
+lemmas exists_poly_thm = exists_vc_type[OF G2]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon3_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon3AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding assert_false_in_if_2_passive_prog.block_0_def vc.vc_anon3_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Then_hints = [
+(AssumeNot,NONE)]
+\<close>
+lemma block_anon4_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then vc_x_0) \<Longrightarrow> (s' = Magic)))"
+unfolding assert_false_in_if_2_passive_prog.block_1_def vc.vc_anon4_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Else_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon4_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 )))))))"
+unfolding assert_false_in_if_2_passive_prog.block_2_def vc.vc_anon4_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.block_3 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))))))"
+using assms
+unfolding assert_false_in_if_2_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))))))"
+using assms
+unfolding assert_false_in_if_2_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding assert_false_in_if_2_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) assert_false_in_if_2_passive_prog.node_0 assert_false_in_if_2_passive_prog.outEdges_0])
+using block_anon3AA0[OF _ assms(2)] by blast
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Then vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) assert_false_in_if_2_passive_prog.node_1])
+by (erule block_anon4_ThenAA0[OF _ assms(2)])
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Else vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_2_passive_prog.node_2])
+apply (erule block_anon4_ElseAA0[OF _ assms(2)])
+apply ((simp add:assert_false_in_if_2_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_2_passive_prog.node_3])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:assert_false_in_if_2_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_2_passive_prog.node_4])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:assert_false_in_if_2_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_2_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:assert_false_in_if_2_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_2_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assert_false_in_if_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) assert_false_in_if_2_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assert_false_in_if_2_passive_prog.m_x])
+apply (subst lookup_var_local[OF assert_false_in_if_2_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assert_false_in_if_2_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF assert_false_in_if_2_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/consecutive_ifs_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/ROOT
new file mode 100644
index 0000000..075c5a5
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/ROOT
@@ -0,0 +1,12 @@
+session assert_false_in_if_3_proofs = Boogie_Lang + 
+directories assert_false_in_if_3_proofs
+theories
+global_data
+"assert_false_in_if_3_proofs/assert_false_in_if_3_passive_prog"
+"assert_false_in_if_3_proofs/assert_false_in_if_3_before_ast_to_cfg_prog"
+"assert_false_in_if_3_proofs/assert_false_in_if_3_before_cfg_to_dag_prog"
+"assert_false_in_if_3_proofs/assert_false_in_if_3_passification_proof"
+"assert_false_in_if_3_proofs/assert_false_in_if_3_vcphase_proof"
+"assert_false_in_if_3_proofs/assert_false_in_if_3_before_passive_prog"
+"assert_false_in_if_3_proofs/assert_false_in_if_3_asttocfg_proof"
+"assert_false_in_if_3_proofs/assert_false_in_if_3_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_asttocfg_proof.thy
new file mode 100644
index 0000000..48f1d18
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_asttocfg_proof.thy
@@ -0,0 +1,315 @@
+theory assert_false_in_if_3_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assert_false_in_if_3_before_ast_to_cfg_prog assert_false_in_if_3_before_cfg_to_dag_prog assert_false_in_if_3_cfgtodag_proof assert_false_in_if_3_passification_proof assert_false_in_if_3_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A assert_false_in_if_3_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3_def assert_false_in_if_3_before_cfg_to_dag_prog.block_3_def)
+apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_3_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_3_def assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3_def)+)
+done
+
+
+lemma global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_3_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+apply (rule cont_3_def)
+apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_3)
+apply (rule disjI1)
+apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.block_3_def)
+apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_3)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.node_3)
+apply (rule rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_3)
+apply assumption+
+
+done
+qed
+
+lemma global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_3_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_2_def)
+
+apply (rule astTrace)
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_2)
+apply (rule disjI1)
+apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.block_2_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.node_2)
+
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1_def assert_false_in_if_3_before_cfg_to_dag_prog.block_1_def)
+apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_1_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_1_def assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1_def)+)
+done
+
+
+lemma global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_3_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1_def)
+apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_1)
+apply (rule disjI1)
+apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.block_1_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_1_def)
+apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.node_1)
+apply (rule rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_1)
+apply assumption
+apply (simp)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0_def assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_3_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0 _ assert_false_in_if_3_before_cfg_to_dag_prog.block_0])
+apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.node_0)
+apply (rule rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+
+apply (rule disjE, simp)
+apply ((erule allE[where x = 1])+)
+apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_0_def assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assert_false_in_if_3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assert_false_in_if_3_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assert_false_in_if_3_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.pres_def assert_false_in_if_3_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.pres_def assert_false_in_if_3_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) assert_false_in_if_3_before_ast_to_cfg_prog.fdecls assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.axioms assert_false_in_if_3_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 assert_false_in_if_3_before_ast_to_cfg_prog.ast_proc_def assert_false_in_if_3_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..5aa16d5
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_ast_to_cfg_prog.thy
@@ -0,0 +1,123 @@
+theory assert_false_in_if_3_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (None ) [(BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [(Assign 0 (Lit (LInt 7))),(Assert (BinOp (Var 0) Eq (Lit (LInt 7))))] (None ) (None ))"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KSeq bigblock_3 cont_3)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assert_false_in_if_3_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec assert_false_in_if_3_before_ast_to_cfg_prog.post),proc_body = (Some (assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls,assert_false_in_if_3_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..db0e136
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_cfg_to_dag_prog.thy
@@ -0,0 +1,149 @@
+theory assert_false_in_if_3_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assert (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = []"
+definition block_3
+  where
+    "block_3  = [(Assign 0 (Lit (LInt 7))),(Assert (BinOp (Var 0) Eq (Lit (LInt 7))))]"
+definition outEdges
+  where
+    "outEdges  = [[1,2],[3],[3],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assert_false_in_if_3_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec assert_false_in_if_3_before_cfg_to_dag_prog.post),proc_body = (Some (assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls,assert_false_in_if_3_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_passive_prog.thy
new file mode 100644
index 0000000..60f32be
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory assert_false_in_if_3_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_3_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 7))),(Assert (BinOp (Var 0) Eq (Lit (LInt 7))))]"
+definition block_1
+  where
+    "block_1  = [(Assert (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = []"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_cfgtodag_proof.thy
new file mode 100644
index 0000000..507cb92
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_cfgtodag_proof.thy
@@ -0,0 +1,284 @@
+theory assert_false_in_if_3_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assert_false_in_if_3_before_ast_to_cfg_prog assert_false_in_if_3_before_cfg_to_dag_prog assert_false_in_if_3_before_passive_prog assert_false_in_if_3_passification_proof assert_false_in_if_3_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A assert_false_in_if_3_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_3_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assert_false_in_if_3_before_cfg_to_dag_prog.block_3_def assert_false_in_if_3_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_3)
+apply (rule assert_false_in_if_3_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.post_def
+apply (rule block_anon3)
+apply assumption+
+by (rule assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_3)
+
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_3_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assert_false_in_if_3_before_cfg_to_dag_prog.block_1_def assert_false_in_if_3_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_1)
+apply (rule assert_false_in_if_3_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon4_Then)
+apply (assumption+)
+apply ((simp add:assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:assert_false_in_if_3_before_passive_prog.outEdges_1))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_3_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assert_false_in_if_3_before_cfg_to_dag_prog.block_2_def assert_false_in_if_3_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_2)
+apply (rule assert_false_in_if_3_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon4_Else)
+apply (assumption+)
+apply ((simp add:assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:assert_false_in_if_3_before_passive_prog.outEdges_2))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_3_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def assert_false_in_if_3_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_0)
+apply (rule assert_false_in_if_3_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:assert_false_in_if_3_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:assert_false_in_if_3_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:assert_false_in_if_3_before_passive_prog.outEdges_4))
+by ((simp add:assert_false_in_if_3_before_passive_prog.node_4 assert_false_in_if_3_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assert_false_in_if_3_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule assert_false_in_if_3_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding assert_false_in_if_3_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=assert_false_in_if_3_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule assert_false_in_if_3_before_passive_prog.outEdges_5)
+apply ((simp add:assert_false_in_if_3_before_passive_prog.node_4 assert_false_in_if_3_before_passive_prog.block_4_def))
+apply (rule assert_false_in_if_3_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assert_false_in_if_3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assert_false_in_if_3_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assert_false_in_if_3_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule assert_false_in_if_3_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passification_proof.thy
new file mode 100644
index 0000000..f5169ad
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passification_proof.thy
@@ -0,0 +1,254 @@
+theory assert_false_in_if_3_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_3_before_ast_to_cfg_prog assert_false_in_if_3_passive_prog Boogie_Lang.PassificationML assert_false_in_if_3_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 7)))]) R_old assert_false_in_if_3_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_3_before_passive_prog.block_0_def assert_false_in_if_3_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_3_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_3_before_passive_prog.block_1_def assert_false_in_if_3_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_3_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_3_before_passive_prog.block_2_def assert_false_in_if_3_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old assert_false_in_if_3_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_3_before_passive_prog.block_3_def assert_false_in_if_3_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:assert_false_in_if_3_before_ast_to_cfg_prog.l_x(2) assert_false_in_if_3_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_3_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_3_before_passive_prog.block_4_def assert_false_in_if_3_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_3_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_3_before_passive_prog.block_5_def assert_false_in_if_3_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_3_before_passive_prog.node_0},@{thm assert_false_in_if_3_before_passive_prog.outEdges_0}) (@{thm assert_false_in_if_3_passive_prog.node_0},@{thm assert_false_in_if_3_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_3_before_passive_prog.node_1},@{thm assert_false_in_if_3_before_passive_prog.outEdges_1}) (@{thm assert_false_in_if_3_passive_prog.node_1},@{thm assert_false_in_if_3_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_3_before_passive_prog.node_2},@{thm assert_false_in_if_3_before_passive_prog.outEdges_2}) (@{thm assert_false_in_if_3_passive_prog.node_2},@{thm assert_false_in_if_3_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_3_before_passive_prog.node_3},@{thm assert_false_in_if_3_before_passive_prog.outEdges_3}) (@{thm assert_false_in_if_3_passive_prog.node_3},@{thm assert_false_in_if_3_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon4_Then}, 
+@{thm cfg_block_anon4_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_3_before_passive_prog.node_4},@{thm assert_false_in_if_3_before_passive_prog.outEdges_4}) (@{thm assert_false_in_if_3_passive_prog.node_4},@{thm assert_false_in_if_3_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_3_before_passive_prog.node_5},@{thm assert_false_in_if_3_before_passive_prog.outEdges_5}) (@{thm assert_false_in_if_3_passive_prog.node_5},@{thm assert_false_in_if_3_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assert_false_in_if_3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls ns assert_false_in_if_3_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv assert_false_in_if_3_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding assert_false_in_if_3_passive_prog.params_vdecls_def assert_false_in_if_3_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using assert_false_in_if_3_before_passive_prog.globals_locals_disj apply auto[1]
+using assert_false_in_if_3_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] assert_false_in_if_3_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range assert_false_in_if_3_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] assert_false_in_if_3_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from assert_false_in_if_3_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passive_prog.thy
new file mode 100644
index 0000000..2592c16
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passive_prog.thy
@@ -0,0 +1,119 @@
+theory assert_false_in_if_3_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_3_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Lit (LInt 7)) Eq (Lit (LInt 7))))]"
+definition block_1
+  where
+    "block_1  = [(Assert (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = []"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assert_false_in_if_3_passive_prog.params_vdecls_def assert_false_in_if_3_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)))) = {})"
+unfolding assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_vcphase_proof.thy
new file mode 100644
index 0000000..6875507
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_vcphase_proof.thy
@@ -0,0 +1,225 @@
+theory assert_false_in_if_3_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML assert_false_in_if_3_passive_prog assert_false_in_if_3_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon4_Then
+  where
+    "vc_anon4_Then  = False"
+definition vc_anon3
+  where
+    "vc_anon3  = ((7::int) = (7::int))"
+definition vc_anon0
+  where
+    "vc_anon0  = ((vc_anon4_Then ) \<and> (vc_anon3 ))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2
+lemmas forall_poly_thm = forall_vc_type[OF G2]
+lemmas exists_poly_thm = exists_vc_type[OF G2]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon3_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon3AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding assert_false_in_if_3_passive_prog.block_0_def vc.vc_anon3_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Then_hints = [
+(AssertFalse,NONE)]
+\<close>
+lemma block_anon4_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then ) \<Longrightarrow> (s' = Magic)))"
+unfolding assert_false_in_if_3_passive_prog.block_1_def vc.vc_anon4_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
+by (auto?)
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.block_2 (Normal n_s) s')" and 
+"(vc.vc_anon3 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 )))))"
+using assms
+unfolding assert_false_in_if_3_passive_prog.block_2_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.block_3 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))))))"
+using assms
+unfolding assert_false_in_if_3_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))))))"
+using assms
+unfolding assert_false_in_if_3_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding assert_false_in_if_3_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) assert_false_in_if_3_passive_prog.node_0 assert_false_in_if_3_passive_prog.outEdges_0])
+using block_anon3AA0[OF _ assms(2)] by blast
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Then )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) assert_false_in_if_3_passive_prog.node_1])
+by (erule block_anon4_ThenAA0[OF _ assms(2)])
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_3_passive_prog.node_2])
+apply (erule block_anon4_Else[OF _ assms(2)])
+apply ((simp add:assert_false_in_if_3_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_3_passive_prog.node_3])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:assert_false_in_if_3_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_3_passive_prog.node_4])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:assert_false_in_if_3_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_3_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:assert_false_in_if_3_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_3_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assert_false_in_if_3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) assert_false_in_if_3_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assert_false_in_if_3_passive_prog.m_x])
+apply (subst lookup_var_local[OF assert_false_in_if_3_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assert_false_in_if_3_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF assert_false_in_if_3_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/empty_branch_if_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/ROOT
new file mode 100644
index 0000000..8444fc7
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/ROOT
@@ -0,0 +1,12 @@
+session assert_false_in_if_proofs = Boogie_Lang + 
+directories assert_false_in_if_proofs
+theories
+global_data
+"assert_false_in_if_proofs/assert_false_in_if_before_passive_prog"
+"assert_false_in_if_proofs/assert_false_in_if_passification_proof"
+"assert_false_in_if_proofs/assert_false_in_if_passive_prog"
+"assert_false_in_if_proofs/assert_false_in_if_before_ast_to_cfg_prog"
+"assert_false_in_if_proofs/assert_false_in_if_vcphase_proof"
+"assert_false_in_if_proofs/assert_false_in_if_before_cfg_to_dag_prog"
+"assert_false_in_if_proofs/assert_false_in_if_cfgtodag_proof"
+"assert_false_in_if_proofs/assert_false_in_if_asttocfg_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_asttocfg_proof.thy
new file mode 100644
index 0000000..7010dfd
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_asttocfg_proof.thy
@@ -0,0 +1,269 @@
+theory assert_false_in_if_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assert_false_in_if_before_ast_to_cfg_prog assert_false_in_if_before_cfg_to_dag_prog assert_false_in_if_cfgtodag_proof assert_false_in_if_passification_proof assert_false_in_if_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A assert_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma global_rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of assert_false_in_if_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_2_def)
+
+apply (rule astTrace)
+apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (simp)
+apply (rule cont_2_def)
+apply (rule assert_false_in_if_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule assert_false_in_if_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply ( rule neg_neq)
+apply (rule guardHint)
+apply (rule assert_false_in_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.node_2)
+apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
+unfolding assert_false_in_if_before_cfg_to_dag_prog.block_1_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assert_false_in_if_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.block_1_def)
+apply ((simp add: assms(3) assert_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)+)
+done
+
+
+lemma global_rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of assert_false_in_if_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (simp)
+apply (rule cont_1_def)
+apply (rule assert_false_in_if_before_cfg_to_dag_prog.node_1)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule assert_false_in_if_before_cfg_to_dag_prog.block_1_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule assert_false_in_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.node_1)
+apply (rule rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_1)
+apply assumption+
+apply (rule guardHint)
+done
+qed
+
+lemma rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assert_false_in_if_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_0_def assert_false_in_if_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: assert_false_in_if_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: assert_false_in_if_before_cfg_to_dag_prog.block_0_def assert_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of assert_false_in_if_before_ast_to_cfg_prog.bigblock_0 _ assert_false_in_if_before_cfg_to_dag_prog.block_0])
+apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.block_0_def assert_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule assert_false_in_if_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.node_0)
+apply (rule rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: assert_false_in_if_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def assert_false_in_if_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 2])+)
+apply ((simp add: assert_false_in_if_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_0_def assert_false_in_if_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (assert_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assert_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assert_false_in_if_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assert_false_in_if_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (assert_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.pres_def assert_false_in_if_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.pres_def assert_false_in_if_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (assert_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) assert_false_in_if_before_ast_to_cfg_prog.fdecls assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls assert_false_in_if_before_ast_to_cfg_prog.axioms assert_false_in_if_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding assert_false_in_if_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 assert_false_in_if_before_ast_to_cfg_prog.ast_proc_def assert_false_in_if_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..27e79b0
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_ast_to_cfg_prog.thy
@@ -0,0 +1,117 @@
+theory assert_false_in_if_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Neq (Lit (LInt 8)))) [(BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
+definition cont_0
+  where
+    "cont_0  = KStop"
+definition cont_1
+  where
+    "cont_1  = KStop"
+definition cont_2
+  where
+    "cont_2  = KStop"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = assert_false_in_if_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assert_false_in_if_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec assert_false_in_if_before_ast_to_cfg_prog.post),proc_body = (Some (assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls,assert_false_in_if_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..f7bd2cf
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_cfg_to_dag_prog.thy
@@ -0,0 +1,138 @@
+theory assert_false_in_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 8)))),(Assert (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 8))))]"
+definition outEdges
+  where
+    "outEdges  = [[1,2],[],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = assert_false_in_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assert_false_in_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec assert_false_in_if_before_cfg_to_dag_prog.post),proc_body = (Some (assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls,assert_false_in_if_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_passive_prog.thy
new file mode 100644
index 0000000..fe880bf
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory assert_false_in_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 8)))),(Assert (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 8))))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_cfgtodag_proof.thy
new file mode 100644
index 0000000..f1ae58b
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_cfgtodag_proof.thy
@@ -0,0 +1,242 @@
+theory assert_false_in_if_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assert_false_in_if_before_ast_to_cfg_prog assert_false_in_if_before_cfg_to_dag_prog assert_false_in_if_before_passive_prog assert_false_in_if_passification_proof assert_false_in_if_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A assert_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assert_false_in_if_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def assert_false_in_if_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule assert_false_in_if_before_passive_prog.node_0)
+apply simp
+unfolding assert_false_in_if_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assert_false_in_if_before_cfg_to_dag_prog.block_1_def assert_false_in_if_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule assert_false_in_if_before_cfg_to_dag_prog.node_1)
+apply (rule assert_false_in_if_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_Then)
+apply assumption+
+apply (rule assert_false_in_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule assert_false_in_if_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assert_false_in_if_before_cfg_to_dag_prog.block_2_def assert_false_in_if_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule assert_false_in_if_before_cfg_to_dag_prog.node_2)
+apply (rule assert_false_in_if_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_Else)
+apply assumption+
+apply (rule assert_false_in_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule assert_false_in_if_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assert_false_in_if_before_cfg_to_dag_prog.block_0_def assert_false_in_if_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule assert_false_in_if_before_cfg_to_dag_prog.node_0)
+apply (rule assert_false_in_if_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:assert_false_in_if_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:assert_false_in_if_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:assert_false_in_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:assert_false_in_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:assert_false_in_if_before_passive_prog.outEdges_4))
+by ((simp add:assert_false_in_if_before_passive_prog.node_4 assert_false_in_if_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assert_false_in_if_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule assert_false_in_if_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding assert_false_in_if_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=assert_false_in_if_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding assert_false_in_if_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule assert_false_in_if_before_passive_prog.outEdges_5)
+apply ((simp add:assert_false_in_if_before_passive_prog.node_4 assert_false_in_if_before_passive_prog.block_4_def))
+apply (rule assert_false_in_if_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assert_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assert_false_in_if_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assert_false_in_if_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule assert_false_in_if_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passification_proof.thy
new file mode 100644
index 0000000..c9dc47b
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passification_proof.thy
@@ -0,0 +1,258 @@
+theory assert_false_in_if_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_before_ast_to_cfg_prog assert_false_in_if_passive_prog Boogie_Lang.PassificationML assert_false_in_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_before_passive_prog.block_0_def assert_false_in_if_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_before_passive_prog.block_1_def assert_false_in_if_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_before_passive_prog.block_2_def assert_false_in_if_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old assert_false_in_if_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_before_passive_prog.block_3_def assert_false_in_if_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:assert_false_in_if_before_ast_to_cfg_prog.l_x(2) assert_false_in_if_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_before_passive_prog.block_4_def assert_false_in_if_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assert_false_in_if_before_passive_prog.block_5_def assert_false_in_if_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_before_passive_prog.node_0},@{thm assert_false_in_if_before_passive_prog.outEdges_0}) (@{thm assert_false_in_if_passive_prog.node_0},@{thm assert_false_in_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon3_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assert_false_in_if_before_passive_prog.node_1},@{thm assert_false_in_if_before_passive_prog.outEdges_1}) (@{thm assert_false_in_if_passive_prog.node_1},@{thm assert_false_in_if_passive_prog.outEdges_1}) @{thm block_anon3_Then} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon3_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assert_false_in_if_before_passive_prog.node_2},@{thm assert_false_in_if_before_passive_prog.outEdges_2}) (@{thm assert_false_in_if_passive_prog.node_2},@{thm assert_false_in_if_passive_prog.outEdges_2}) @{thm block_anon3_Else} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_before_passive_prog.node_3},@{thm assert_false_in_if_before_passive_prog.outEdges_3}) (@{thm assert_false_in_if_passive_prog.node_3},@{thm assert_false_in_if_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon3_Then}, 
+@{thm cfg_block_anon3_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_before_passive_prog.node_4},@{thm assert_false_in_if_before_passive_prog.outEdges_4}) (@{thm assert_false_in_if_passive_prog.node_4},@{thm assert_false_in_if_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_before_passive_prog.node_5},@{thm assert_false_in_if_before_passive_prog.outEdges_5}) (@{thm assert_false_in_if_passive_prog.node_5},@{thm assert_false_in_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assert_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls ns assert_false_in_if_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv assert_false_in_if_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding assert_false_in_if_passive_prog.params_vdecls_def assert_false_in_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using assert_false_in_if_before_passive_prog.globals_locals_disj apply auto[1]
+using assert_false_in_if_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] assert_false_in_if_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range assert_false_in_if_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] assert_false_in_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from assert_false_in_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passive_prog.thy
new file mode 100644
index 0000000..d16c4c8
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passive_prog.thy
@@ -0,0 +1,119 @@
+theory assert_false_in_if_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Neq (Lit (LInt 8)))),(Assert (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 1) Eq (Lit (LInt 8))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assert_false_in_if_passive_prog.params_vdecls_def assert_false_in_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)))) = {})"
+unfolding assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_vcphase_proof.thy
new file mode 100644
index 0000000..18c9f3b
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_vcphase_proof.thy
@@ -0,0 +1,223 @@
+theory assert_false_in_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML assert_false_in_if_passive_prog assert_false_in_if_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon3_Then
+  where
+    "vc_anon3_Then x_0 = (\<not> (x_0 \<noteq> (8::int)))"
+definition vc_anon3_Else
+  where
+    "vc_anon3_Else  = True"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 = ((vc_anon3_Then x_0) \<and> (vc_anon3_Else ))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2
+lemmas forall_poly_thm = forall_vc_type[OF G2]
+lemmas exists_poly_thm = exists_vc_type[OF G2]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding assert_false_in_if_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon3_Then_hints = [
+(AssumeNot,NONE)]
+\<close>
+lemma block_anon3_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_Then vc_x_0) \<Longrightarrow> (s' = Magic)))"
+unfolding assert_false_in_if_passive_prog.block_1_def vc.vc_anon3_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon3_Else_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon3_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_Else ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding assert_false_in_if_passive_prog.block_2_def vc.vc_anon3_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.block_3 (Normal n_s) s')" and 
+"((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))))))"
+using assms
+unfolding assert_false_in_if_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))))))"
+using assms
+unfolding assert_false_in_if_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding assert_false_in_if_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) assert_false_in_if_passive_prog.node_0 assert_false_in_if_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon3_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3_Then vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) assert_false_in_if_passive_prog.node_1])
+by (erule block_anon3_ThenAA0[OF _ assms(2)])
+
+lemma cfg_block_anon3_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3_Else )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) assert_false_in_if_passive_prog.node_2])
+apply (erule block_anon3_ElseAA0[OF _ assms(2)])
+apply ((simp add:assert_false_in_if_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_passive_prog.node_3])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:assert_false_in_if_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_passive_prog.node_4])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:assert_false_in_if_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:assert_false_in_if_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assert_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) assert_false_in_if_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assert_false_in_if_passive_prog.m_x])
+apply (subst lookup_var_local[OF assert_false_in_if_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assert_false_in_if_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF assert_false_in_if_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/empty_generic_block_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/ROOT
new file mode 100644
index 0000000..c37c8fa
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/ROOT
@@ -0,0 +1,12 @@
+session assume_false_assert_false_proofs = Boogie_Lang + 
+directories assume_false_assert_false_proofs
+theories
+global_data
+"assume_false_assert_false_proofs/assume_false_assert_false_passive_prog"
+"assume_false_assert_false_proofs/assume_false_assert_false_vcphase_proof"
+"assume_false_assert_false_proofs/assume_false_assert_false_before_passive_prog"
+"assume_false_assert_false_proofs/assume_false_assert_false_passification_proof"
+"assume_false_assert_false_proofs/assume_false_assert_false_before_cfg_to_dag_prog"
+"assume_false_assert_false_proofs/assume_false_assert_false_before_ast_to_cfg_prog"
+"assume_false_assert_false_proofs/assume_false_assert_false_asttocfg_proof"
+"assume_false_assert_false_proofs/assume_false_assert_false_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_asttocfg_proof.thy
new file mode 100644
index 0000000..7e9c7e1
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_asttocfg_proof.thy
@@ -0,0 +1,335 @@
+theory assume_false_assert_false_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assume_false_assert_false_before_ast_to_cfg_prog assume_false_assert_false_before_cfg_to_dag_prog assume_false_assert_false_cfgtodag_proof assume_false_assert_false_passification_proof assume_false_assert_false_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A assume_false_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3_def assume_false_assert_false_before_cfg_to_dag_prog.block_3_def)
+apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_3_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_3_def assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3_def)+)
+done
+
+
+lemma global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_assert_false_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+apply (rule cont_3_def)
+apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_3)
+apply (rule disjI1)
+apply (rule assume_false_assert_false_before_cfg_to_dag_prog.block_3_def)
+apply (rule assume_false_assert_false_before_cfg_to_dag_prog.outEdges_3)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.node_3)
+apply (rule rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_3)
+apply assumption+
+
+done
+qed
+
+lemma global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_assert_false_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_2_def)
+
+apply (rule astTrace)
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule assume_false_assert_false_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.node_2)
+
+
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
+unfolding assume_false_assert_false_before_cfg_to_dag_prog.block_1_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_1_def)
+apply ((simp add: assms(3) assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1_def)+)
+done
+
+
+lemma global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_assert_false_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1_def)
+apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_1)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule assume_false_assert_false_before_cfg_to_dag_prog.block_1_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_1_def)
+apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.node_1)
+apply (rule rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_1)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0_def assume_false_assert_false_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_0_def assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_assert_false_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0 _ assume_false_assert_false_before_cfg_to_dag_prog.block_0])
+apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_0_def assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.node_0)
+apply (rule rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 2])+)
+apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_0_def assume_false_assert_false_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assume_false_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assume_false_assert_false_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assume_false_assert_false_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.pres_def assume_false_assert_false_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.pres_def assume_false_assert_false_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) assume_false_assert_false_before_ast_to_cfg_prog.fdecls assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls assume_false_assert_false_before_ast_to_cfg_prog.axioms assume_false_assert_false_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 assume_false_assert_false_before_ast_to_cfg_prog.ast_proc_def assume_false_assert_false_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..b6de00d
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_ast_to_cfg_prog.thy
@@ -0,0 +1,123 @@
+theory assume_false_assert_false_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BigBlock (None ) [(Assume (Lit (LBool False))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [(Assume (Lit (LBool False))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KSeq bigblock_3 cont_3)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assume_false_assert_false_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec assume_false_assert_false_before_ast_to_cfg_prog.post),proc_body = (Some (assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls,assume_false_assert_false_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..5bcaa8e
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_cfg_to_dag_prog.thy
@@ -0,0 +1,149 @@
+theory assume_false_assert_false_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assume (Lit (LBool False))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_3
+  where
+    "block_3  = [(Assert (Lit (LBool False)))]"
+definition outEdges
+  where
+    "outEdges  = [[1,2],[3],[3],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls),(append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls),(append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls),(append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assume_false_assert_false_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec assume_false_assert_false_before_cfg_to_dag_prog.post),proc_body = (Some (assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls,assume_false_assert_false_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_passive_prog.thy
new file mode 100644
index 0000000..37b1c4a
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory assume_false_assert_false_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util assume_false_assert_false_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (Lit (LBool False)))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assume (Lit (LBool False))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_cfgtodag_proof.thy
new file mode 100644
index 0000000..1d83d9d
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_cfgtodag_proof.thy
@@ -0,0 +1,284 @@
+theory assume_false_assert_false_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assume_false_assert_false_before_ast_to_cfg_prog assume_false_assert_false_before_cfg_to_dag_prog assume_false_assert_false_before_passive_prog assume_false_assert_false_passification_proof assume_false_assert_false_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A assume_false_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_assert_false_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assume_false_assert_false_before_cfg_to_dag_prog.block_3_def assume_false_assert_false_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_3)
+apply (rule assume_false_assert_false_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.post_def
+apply (rule block_anon3)
+apply assumption+
+by (rule assume_false_assert_false_before_cfg_to_dag_prog.outEdges_3)
+
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_assert_false_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assume_false_assert_false_before_cfg_to_dag_prog.block_1_def assume_false_assert_false_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_1)
+apply (rule assume_false_assert_false_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon4_Then)
+apply (assumption+)
+apply ((simp add:assume_false_assert_false_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:assume_false_assert_false_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:assume_false_assert_false_before_passive_prog.outEdges_1))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_assert_false_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assume_false_assert_false_before_cfg_to_dag_prog.block_2_def assume_false_assert_false_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_2)
+apply (rule assume_false_assert_false_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon4_Else)
+apply (assumption+)
+apply ((simp add:assume_false_assert_false_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:assume_false_assert_false_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:assume_false_assert_false_before_passive_prog.outEdges_2))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_assert_false_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assume_false_assert_false_before_cfg_to_dag_prog.block_0_def assume_false_assert_false_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_0)
+apply (rule assume_false_assert_false_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:assume_false_assert_false_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:assume_false_assert_false_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:assume_false_assert_false_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:assume_false_assert_false_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:assume_false_assert_false_before_passive_prog.outEdges_4))
+by ((simp add:assume_false_assert_false_before_passive_prog.node_4 assume_false_assert_false_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assume_false_assert_false_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule assume_false_assert_false_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding assume_false_assert_false_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=assume_false_assert_false_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule assume_false_assert_false_before_passive_prog.outEdges_5)
+apply ((simp add:assume_false_assert_false_before_passive_prog.node_4 assume_false_assert_false_before_passive_prog.block_4_def))
+apply (rule assume_false_assert_false_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assume_false_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assume_false_assert_false_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assume_false_assert_false_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule assume_false_assert_false_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passification_proof.thy
new file mode 100644
index 0000000..74cd692
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passification_proof.thy
@@ -0,0 +1,259 @@
+theory assume_false_assert_false_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util assume_false_assert_false_before_ast_to_cfg_prog assume_false_assert_false_passive_prog Boogie_Lang.PassificationML assume_false_assert_false_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_assert_false_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assume_false_assert_false_before_passive_prog.block_0_def assume_false_assert_false_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old assume_false_assert_false_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assume_false_assert_false_before_passive_prog.block_1_def assume_false_assert_false_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:assume_false_assert_false_before_ast_to_cfg_prog.l_x(2) assume_false_assert_false_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_assert_false_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assume_false_assert_false_before_passive_prog.block_2_def assume_false_assert_false_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old assume_false_assert_false_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assume_false_assert_false_before_passive_prog.block_3_def assume_false_assert_false_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:assume_false_assert_false_before_ast_to_cfg_prog.l_x(2) assume_false_assert_false_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_assert_false_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assume_false_assert_false_before_passive_prog.block_4_def assume_false_assert_false_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_assert_false_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assume_false_assert_false_before_passive_prog.block_5_def assume_false_assert_false_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_assert_false_before_passive_prog.node_0},@{thm assume_false_assert_false_before_passive_prog.outEdges_0}) (@{thm assume_false_assert_false_passive_prog.node_0},@{thm assume_false_assert_false_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assume_false_assert_false_before_passive_prog.node_1},@{thm assume_false_assert_false_before_passive_prog.outEdges_1}) (@{thm assume_false_assert_false_passive_prog.node_1},@{thm assume_false_assert_false_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assume_false_assert_false_before_passive_prog.node_2},@{thm assume_false_assert_false_before_passive_prog.outEdges_2}) (@{thm assume_false_assert_false_passive_prog.node_2},@{thm assume_false_assert_false_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_assert_false_before_passive_prog.node_3},@{thm assume_false_assert_false_before_passive_prog.outEdges_3}) (@{thm assume_false_assert_false_passive_prog.node_3},@{thm assume_false_assert_false_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon4_Then}, 
+@{thm cfg_block_anon4_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_assert_false_before_passive_prog.node_4},@{thm assume_false_assert_false_before_passive_prog.outEdges_4}) (@{thm assume_false_assert_false_passive_prog.node_4},@{thm assume_false_assert_false_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_assert_false_before_passive_prog.node_5},@{thm assume_false_assert_false_before_passive_prog.outEdges_5}) (@{thm assume_false_assert_false_passive_prog.node_5},@{thm assume_false_assert_false_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assume_false_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls ns assume_false_assert_false_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv assume_false_assert_false_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding assume_false_assert_false_passive_prog.params_vdecls_def assume_false_assert_false_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using assume_false_assert_false_before_passive_prog.globals_locals_disj apply auto[1]
+using assume_false_assert_false_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] assume_false_assert_false_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range assume_false_assert_false_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] assume_false_assert_false_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from assume_false_assert_false_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passive_prog.thy
new file mode 100644
index 0000000..08ed10e
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passive_prog.thy
@@ -0,0 +1,128 @@
+theory assume_false_assert_false_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util assume_false_assert_false_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (Lit (LBool False)))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assume (Lit (LBool False))),(Assume (BinOp (Var 2) Eq (BinOp (Var 1) Sub (Lit (LInt 1)))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assume_false_assert_false_passive_prog.params_vdecls_def assume_false_assert_false_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)))) = {})"
+unfolding assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_vcphase_proof.thy
new file mode 100644
index 0000000..f43ddf7
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_vcphase_proof.thy
@@ -0,0 +1,236 @@
+theory assume_false_assert_false_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML assume_false_assert_false_passive_prog assume_false_assert_false_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon4_Then
+  where
+    "vc_anon4_Then  = True"
+definition vc_anon3
+  where
+    "vc_anon3  = False"
+definition vc_anon4_Else
+  where
+    "vc_anon4_Else x_0 = (((0::int) \<ge> x_0) \<longrightarrow> (vc_anon3 ))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 = ((vc_anon4_Then ) \<and> (vc_anon4_Else x_0))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3
+lemmas forall_poly_thm = forall_vc_type[OF G3]
+lemmas exists_poly_thm = exists_vc_type[OF G3]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon3_hints = [
+(AssertFalse,NONE)]
+\<close>
+lemma block_anon3AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 ) \<Longrightarrow> (s' = Magic)))"
+unfolding assume_false_assert_false_passive_prog.block_0_def vc.vc_anon3_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Then_hints = [
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon4_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then ) \<Longrightarrow> (s' = Magic)))"
+unfolding assume_false_assert_false_passive_prog.block_1_def vc.vc_anon4_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_Else_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon4_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 )))))))"
+unfolding assume_false_assert_false_passive_prog.block_2_def vc.vc_anon4_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.block_3 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))))))"
+using assms
+unfolding assume_false_assert_false_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))))))"
+using assms
+unfolding assume_false_assert_false_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding assume_false_assert_false_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) assume_false_assert_false_passive_prog.node_0])
+by (erule block_anon3AA0[OF _ assms(2)])
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Then )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) assume_false_assert_false_passive_prog.node_1])
+by (erule block_anon4_ThenAA0[OF _ assms(2)])
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4_Else vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_assert_false_passive_prog.node_2])
+apply (erule block_anon4_ElseAA0[OF _ assms(2)])
+apply ((simp add:assume_false_assert_false_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_assert_false_passive_prog.node_3])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:assume_false_assert_false_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_assert_false_passive_prog.node_4])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:assume_false_assert_false_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_assert_false_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:assume_false_assert_false_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) \<Gamma> [] assume_false_assert_false_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assume_false_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) assume_false_assert_false_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assume_false_assert_false_passive_prog.m_x])
+apply (subst lookup_var_local[OF assume_false_assert_false_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assume_false_assert_false_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF assume_false_assert_false_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assume_false_assert_false_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF assume_false_assert_false_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/goto_example_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/ROOT
new file mode 100644
index 0000000..1bd673e
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/ROOT
@@ -0,0 +1,12 @@
+session assume_false_in_if_proofs = Boogie_Lang + 
+directories assume_false_in_if_proofs
+theories
+global_data
+"assume_false_in_if_proofs/assume_false_in_if_before_ast_to_cfg_prog"
+"assume_false_in_if_proofs/assume_false_in_if_before_cfg_to_dag_prog"
+"assume_false_in_if_proofs/assume_false_in_if_passive_prog"
+"assume_false_in_if_proofs/assume_false_in_if_vcphase_proof"
+"assume_false_in_if_proofs/assume_false_in_if_asttocfg_proof"
+"assume_false_in_if_proofs/assume_false_in_if_passification_proof"
+"assume_false_in_if_proofs/assume_false_in_if_before_passive_prog"
+"assume_false_in_if_proofs/assume_false_in_if_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_asttocfg_proof.thy
new file mode 100644
index 0000000..93f519a
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_asttocfg_proof.thy
@@ -0,0 +1,269 @@
+theory assume_false_in_if_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assume_false_in_if_before_ast_to_cfg_prog assume_false_in_if_before_cfg_to_dag_prog assume_false_in_if_cfgtodag_proof assume_false_in_if_passification_proof assume_false_in_if_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A assume_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma global_rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_in_if_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_in_if_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of assume_false_in_if_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_2_def)
+
+apply (rule astTrace)
+apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (simp)
+apply (rule cont_2_def)
+apply (rule assume_false_in_if_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule assume_false_in_if_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply ( rule neg_neq)
+apply (rule guardHint)
+apply (rule assume_false_in_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.node_2)
+apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assume_false_in_if_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
+unfolding assume_false_in_if_before_cfg_to_dag_prog.block_1_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assume_false_in_if_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.block_1_def)
+apply ((simp add: assms(3) assume_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)+)
+done
+
+
+lemma global_rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_in_if_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_in_if_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of assume_false_in_if_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (simp)
+apply (rule cont_1_def)
+apply (rule assume_false_in_if_before_cfg_to_dag_prog.node_1)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule assume_false_in_if_before_cfg_to_dag_prog.block_1_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule assume_false_in_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.node_1)
+apply (rule rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_1)
+apply assumption+
+apply (rule guardHint)
+done
+qed
+
+lemma rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assume_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of assume_false_in_if_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_0_def assume_false_in_if_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: assume_false_in_if_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: assume_false_in_if_before_cfg_to_dag_prog.block_0_def assume_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_in_if_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of assume_false_in_if_before_ast_to_cfg_prog.bigblock_0 _ assume_false_in_if_before_cfg_to_dag_prog.block_0])
+apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.block_0_def assume_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule assume_false_in_if_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.node_0)
+apply (rule rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: assume_false_in_if_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def assume_false_in_if_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 2])+)
+apply ((simp add: assume_false_in_if_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_0_def assume_false_in_if_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (assume_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assume_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assume_false_in_if_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assume_false_in_if_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (assume_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.pres_def assume_false_in_if_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.pres_def assume_false_in_if_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (assume_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) assume_false_in_if_before_ast_to_cfg_prog.fdecls assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls assume_false_in_if_before_ast_to_cfg_prog.axioms assume_false_in_if_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding assume_false_in_if_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 assume_false_in_if_before_ast_to_cfg_prog.ast_proc_def assume_false_in_if_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..ee24b64
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_ast_to_cfg_prog.thy
@@ -0,0 +1,117 @@
+theory assume_false_in_if_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Neq (Lit (LInt 8)))) [(BigBlock (None ) [(Assume (Lit (LBool False)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [(Assume (Lit (LBool False)))] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
+definition cont_0
+  where
+    "cont_0  = KStop"
+definition cont_1
+  where
+    "cont_1  = KStop"
+definition cont_2
+  where
+    "cont_2  = KStop"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = assume_false_in_if_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assume_false_in_if_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec assume_false_in_if_before_ast_to_cfg_prog.post),proc_body = (Some (assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls,assume_false_in_if_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..e3ce4af
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_cfg_to_dag_prog.thy
@@ -0,0 +1,138 @@
+theory assume_false_in_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 8)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 8))))]"
+definition outEdges
+  where
+    "outEdges  = [[1,2],[],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls),(append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls),(append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls),(append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = assume_false_in_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assume_false_in_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec assume_false_in_if_before_cfg_to_dag_prog.post),proc_body = (Some (assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls,assume_false_in_if_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_passive_prog.thy
new file mode 100644
index 0000000..9790c20
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_passive_prog.thy
@@ -0,0 +1,95 @@
+theory assume_false_in_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util assume_false_in_if_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 8)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 8))))]"
+definition block_3
+  where
+    "block_3  = [(Havoc 0)]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_cfgtodag_proof.thy
new file mode 100644
index 0000000..e243983
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_cfgtodag_proof.thy
@@ -0,0 +1,242 @@
+theory assume_false_in_if_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assume_false_in_if_before_ast_to_cfg_prog assume_false_in_if_before_cfg_to_dag_prog assume_false_in_if_before_passive_prog assume_false_in_if_passification_proof assume_false_in_if_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A assume_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assume_false_in_if_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def assume_false_in_if_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule assume_false_in_if_before_passive_prog.node_0)
+apply simp
+unfolding assume_false_in_if_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_in_if_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assume_false_in_if_before_cfg_to_dag_prog.block_1_def assume_false_in_if_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule assume_false_in_if_before_cfg_to_dag_prog.node_1)
+apply (rule assume_false_in_if_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_Then)
+apply assumption+
+apply (rule assume_false_in_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule assume_false_in_if_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_in_if_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assume_false_in_if_before_cfg_to_dag_prog.block_2_def assume_false_in_if_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule assume_false_in_if_before_cfg_to_dag_prog.node_2)
+apply (rule assume_false_in_if_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon3_Else)
+apply assumption+
+apply (rule assume_false_in_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule assume_false_in_if_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_in_if_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding assume_false_in_if_before_cfg_to_dag_prog.block_0_def assume_false_in_if_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule assume_false_in_if_before_cfg_to_dag_prog.node_0)
+apply (rule assume_false_in_if_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:assume_false_in_if_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:assume_false_in_if_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:assume_false_in_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:assume_false_in_if_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:assume_false_in_if_before_passive_prog.outEdges_4))
+by ((simp add:assume_false_in_if_before_passive_prog.node_4 assume_false_in_if_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assume_false_in_if_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule assume_false_in_if_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding assume_false_in_if_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=assume_false_in_if_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding assume_false_in_if_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule assume_false_in_if_before_passive_prog.outEdges_5)
+apply ((simp add:assume_false_in_if_before_passive_prog.node_4 assume_false_in_if_before_passive_prog.block_4_def))
+apply (rule assume_false_in_if_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assume_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assume_false_in_if_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assume_false_in_if_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule assume_false_in_if_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passification_proof.thy
new file mode 100644
index 0000000..17c1c82
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passification_proof.thy
@@ -0,0 +1,258 @@
+theory assume_false_in_if_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util assume_false_in_if_before_ast_to_cfg_prog assume_false_in_if_passive_prog Boogie_Lang.PassificationML assume_false_in_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_in_if_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assume_false_in_if_before_passive_prog.block_0_def assume_false_in_if_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_in_if_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assume_false_in_if_before_passive_prog.block_1_def assume_false_in_if_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_in_if_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assume_false_in_if_before_passive_prog.block_2_def assume_false_in_if_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old assume_false_in_if_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assume_false_in_if_before_passive_prog.block_3_def assume_false_in_if_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:assume_false_in_if_before_ast_to_cfg_prog.l_x(2) assume_false_in_if_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_in_if_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assume_false_in_if_before_passive_prog.block_4_def assume_false_in_if_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_in_if_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding assume_false_in_if_before_passive_prog.block_5_def assume_false_in_if_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_in_if_before_passive_prog.node_0},@{thm assume_false_in_if_before_passive_prog.outEdges_0}) (@{thm assume_false_in_if_passive_prog.node_0},@{thm assume_false_in_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon3_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assume_false_in_if_before_passive_prog.node_1},@{thm assume_false_in_if_before_passive_prog.outEdges_1}) (@{thm assume_false_in_if_passive_prog.node_1},@{thm assume_false_in_if_passive_prog.outEdges_1}) @{thm block_anon3_Then} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon3_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assume_false_in_if_before_passive_prog.node_2},@{thm assume_false_in_if_before_passive_prog.outEdges_2}) (@{thm assume_false_in_if_passive_prog.node_2},@{thm assume_false_in_if_passive_prog.outEdges_2}) @{thm block_anon3_Else} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_in_if_before_passive_prog.node_3},@{thm assume_false_in_if_before_passive_prog.outEdges_3}) (@{thm assume_false_in_if_passive_prog.node_3},@{thm assume_false_in_if_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon3_Then}, 
+@{thm cfg_block_anon3_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_in_if_before_passive_prog.node_4},@{thm assume_false_in_if_before_passive_prog.outEdges_4}) (@{thm assume_false_in_if_passive_prog.node_4},@{thm assume_false_in_if_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_in_if_before_passive_prog.node_5},@{thm assume_false_in_if_before_passive_prog.outEdges_5}) (@{thm assume_false_in_if_passive_prog.node_5},@{thm assume_false_in_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assume_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls ns assume_false_in_if_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv assume_false_in_if_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding assume_false_in_if_passive_prog.params_vdecls_def assume_false_in_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using assume_false_in_if_before_passive_prog.globals_locals_disj apply auto[1]
+using assume_false_in_if_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] assume_false_in_if_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range assume_false_in_if_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] assume_false_in_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from assume_false_in_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passive_prog.thy
new file mode 100644
index 0000000..90b37ac
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passive_prog.thy
@@ -0,0 +1,119 @@
+theory assume_false_in_if_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util assume_false_in_if_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Neq (Lit (LInt 8)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 1) Eq (Lit (LInt 8))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding assume_false_in_if_passive_prog.params_vdecls_def assume_false_in_if_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)))) = {})"
+unfolding assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_vcphase_proof.thy
new file mode 100644
index 0000000..007d0c8
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_vcphase_proof.thy
@@ -0,0 +1,218 @@
+theory assume_false_in_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML assume_false_in_if_passive_prog assume_false_in_if_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2
+lemmas forall_poly_thm = forall_vc_type[OF G2]
+lemmas exists_poly_thm = exists_vc_type[OF G2]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding assume_false_in_if_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon3_Then_hints = [
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon3_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding assume_false_in_if_passive_prog.block_1_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon3_Else_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon3_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding assume_false_in_if_passive_prog.block_2_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.block_3 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding assume_false_in_if_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding assume_false_in_if_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding assume_false_in_if_passive_prog.block_5_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) assume_false_in_if_passive_prog.node_0 assume_false_in_if_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon3_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) assume_false_in_if_passive_prog.node_1])
+by (erule block_anon3_ThenAA0[OF _ assms(2)])
+
+lemma cfg_block_anon3_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) assume_false_in_if_passive_prog.node_2])
+apply (erule block_anon3_ElseAA0[OF _ assms(2)])
+apply ((simp add:assume_false_in_if_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_in_if_passive_prog.node_3])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:assume_false_in_if_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_in_if_passive_prog.node_4])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:assume_false_in_if_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_in_if_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:assume_false_in_if_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)) \<Gamma> [] assume_false_in_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A assume_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) assume_false_in_if_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assume_false_in_if_passive_prog.m_x])
+apply (subst lookup_var_local[OF assume_false_in_if_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assume_false_in_if_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF assume_false_in_if_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/nested_if_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/ROOT
new file mode 100644
index 0000000..9f71b4d
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/ROOT
@@ -0,0 +1,12 @@
+session complete_bigblock_loop_in_loop_proofs = Boogie_Lang + 
+directories while_succ_in_while_proofs
+theories
+global_data
+"while_succ_in_while_proofs/while_succ_in_while_before_ast_to_cfg_prog"
+"while_succ_in_while_proofs/while_succ_in_while_asttocfg_proof"
+"while_succ_in_while_proofs/while_succ_in_while_vcphase_proof"
+"while_succ_in_while_proofs/while_succ_in_while_before_passive_prog"
+"while_succ_in_while_proofs/while_succ_in_while_cfgtodag_proof"
+"while_succ_in_while_proofs/while_succ_in_while_before_cfg_to_dag_prog"
+"while_succ_in_while_proofs/while_succ_in_while_passive_prog"
+"while_succ_in_while_proofs/while_succ_in_while_passification_proof"
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/nested_loop2_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_asttocfg_proof.thy
new file mode 100644
index 0000000..e506c4b
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_asttocfg_proof.thy
@@ -0,0 +1,557 @@
+theory while_succ_in_while_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML while_succ_in_while_before_ast_to_cfg_prog while_succ_in_while_before_cfg_to_dag_prog while_succ_in_while_cfgtodag_proof while_succ_in_while_passification_proof while_succ_in_while_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A while_succ_in_while_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_6_def while_succ_in_while_before_cfg_to_dag_prog.block_8_def)
+apply ((simp add: while_succ_in_while_before_cfg_to_dag_prog.block_8_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: while_succ_in_while_before_cfg_to_dag_prog.block_8_def while_succ_in_while_before_ast_to_cfg_prog.bigblock_6_def)+)
+done
+
+
+lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (simp)
+apply (rule cont_6_def)
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_8)
+apply (rule disjI1)
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.block_8_def)
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.outEdges_8)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_8)
+apply (rule rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_6)
+apply assumption+
+
+done
+qed
+
+lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T while_succ_in_while_before_ast_to_cfg_prog.bigblock_1 cont_1 while_succ_in_while_before_cfg_to_dag_prog.proc_body 1 while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_5_def)
+
+apply (rule astTrace)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_5_def)
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_6)
+apply (rule disjI1)
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.block_6_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_5_def)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_6)
+
+
+
+apply ((erule allE[where x=1])+)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_6)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_4_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: assms(3) while_succ_in_while_before_ast_to_cfg_prog.bigblock_4_def)+)
+done
+
+
+lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T while_succ_in_while_before_ast_to_cfg_prog.bigblock_3 cont_3 while_succ_in_while_before_cfg_to_dag_prog.proc_body 3 while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_4)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.block_4_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_4_def)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_4)
+apply (rule rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_4)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=3])+)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T while_succ_in_while_before_ast_to_cfg_prog.bigblock_1 cont_1 while_succ_in_while_before_cfg_to_dag_prog.proc_body 1 while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_3 _ _ _ while_succ_in_while_before_cfg_to_dag_prog.block_3])
+apply (simp add:while_succ_in_while_before_ast_to_cfg_prog.bigblock_3_def while_succ_in_while_before_cfg_to_dag_prog.block_3_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:while_succ_in_while_before_ast_to_cfg_prog.bigblock_3_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_3])
+apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.bigblock_3_def)+)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.block_3_def while_succ_in_while_before_cfg_to_dag_prog.node_3)+)
+apply (rule cont_3_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def while_succ_in_while_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_3_def cont_4_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 5])+)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_5)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_5)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_5)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: assms(3) while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T while_succ_in_while_before_ast_to_cfg_prog.bigblock_1 cont_1 while_succ_in_while_before_cfg_to_dag_prog.proc_body 1 while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def while_succ_in_while_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def while_succ_in_while_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def while_succ_in_while_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_2_def)
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_2)
+
+apply (rule disjI2)
+apply (rule disjI1)
+
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (simp)
+
+
+apply (rule guardHint)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_2)
+apply (rule rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def)
+apply ((simp)+)
+apply (rule guardHint)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_1 _ _ _ while_succ_in_while_before_cfg_to_dag_prog.block_1])
+apply (simp add:while_succ_in_while_before_ast_to_cfg_prog.bigblock_1_def while_succ_in_while_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:while_succ_in_while_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.block_1_def while_succ_in_while_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def cont_2_def while_succ_in_while_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 7])+)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_6)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_7)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_7_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_7)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_7)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_7_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_7)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_0_def while_succ_in_while_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: while_succ_in_while_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: while_succ_in_while_before_cfg_to_dag_prog.block_0_def while_succ_in_while_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_0 _ while_succ_in_while_before_cfg_to_dag_prog.block_0])
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_0_def while_succ_in_while_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_0_def while_succ_in_while_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_0_def while_succ_in_while_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_0_def)
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_0)
+apply (rule rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (while_succ_in_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A while_succ_in_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) while_succ_in_while_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_succ_in_while_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.pres_def while_succ_in_while_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.pres_def while_succ_in_while_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_6] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (while_succ_in_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_6_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) while_succ_in_while_before_ast_to_cfg_prog.fdecls while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls while_succ_in_while_before_ast_to_cfg_prog.axioms while_succ_in_while_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding while_succ_in_while_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 while_succ_in_while_before_ast_to_cfg_prog.ast_proc_def while_succ_in_while_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..549eb15
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_ast_to_cfg_prog.thy
@@ -0,0 +1,150 @@
+theory while_succ_in_while_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] (None ) (None ))"
+definition cont_6
+  where
+    "cont_6  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_6 cont_6)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_6 cont_6 ))"
+definition cont_5
+  where
+    "cont_5  = (KSeq bigblock_1 cont_1)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_5 cont_5)"
+definition cont_3
+  where
+    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_6]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = while_succ_in_while_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_succ_in_while_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec while_succ_in_while_before_ast_to_cfg_prog.post),proc_body = (Some (while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls,while_succ_in_while_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..a5d18cf
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_cfg_to_dag_prog.thy
@@ -0,0 +1,213 @@
+theory while_succ_in_while_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0),(Havoc 1)]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_8
+  where
+    "block_8  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[7,2],[3],[5,4],[3],[6],[1],[8],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [7,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [5,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls),(append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls),(append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls),(append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls),(append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls),(append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = while_succ_in_while_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_succ_in_while_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec while_succ_in_while_before_cfg_to_dag_prog.post),proc_body = (Some (while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls,while_succ_in_while_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_passive_prog.thy
new file mode 100644
index 0000000..13aae91
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_passive_prog.thy
@@ -0,0 +1,161 @@
+theory while_succ_in_while_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util while_succ_in_while_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_4
+  where
+    "block_4  = [(Havoc 1)]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_6
+  where
+    "block_6  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_8
+  where
+    "block_8  = [(Havoc 1),(Havoc 0)]"
+definition block_9
+  where
+    "block_9  = [(Havoc 0),(Havoc 1)]"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[3,1],[4],[0],[6],[7,5],[8],[9],[10]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 11,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_cfgtodag_proof.thy
new file mode 100644
index 0000000..747dd14
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_cfgtodag_proof.thy
@@ -0,0 +1,634 @@
+theory while_succ_in_while_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML while_succ_in_while_before_ast_to_cfg_prog while_succ_in_while_before_cfg_to_dag_prog while_succ_in_while_before_passive_prog while_succ_in_while_passification_proof while_succ_in_while_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A while_succ_in_while_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_succ_in_while_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def while_succ_in_while_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule while_succ_in_while_before_passive_prog.node_0)
+apply simp
+unfolding while_succ_in_while_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma Mods_anon6_LoopBody:
+shows "(mods_contained_in (set [1]) while_succ_in_while_before_cfg_to_dag_prog.block_4)"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_1 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_4_def while_succ_in_while_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body [1] [] while_succ_in_while_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_4)
+apply (rule while_succ_in_while_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon6_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon6_LoopBody)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon3:
+shows "(mods_contained_in (set [1,0]) while_succ_in_while_before_cfg_to_dag_prog.block_6)"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_6_def
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_6_def while_succ_in_while_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body [1,0] [] while_succ_in_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_6)
+apply (rule while_succ_in_while_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon3)
+apply (assumption+)
+apply (rule Mods_anon3)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_6))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon5_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopDone:
+shows "(mods_contained_in (set [1,0]) while_succ_in_while_before_cfg_to_dag_prog.block_5)"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_5_def while_succ_in_while_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body [1,0] [] while_succ_in_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_5)
+apply (rule while_succ_in_while_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon6_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon6_LoopDone)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon5_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopHead:
+shows "(mods_contained_in (set [1]) while_succ_in_while_before_cfg_to_dag_prog.block_3)"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_3_def while_succ_in_while_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body [1,0] [] while_succ_in_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_3)
+apply (rule while_succ_in_while_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon6_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon6_LoopHead)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon5_LoopBody:
+shows "(mods_contained_in (set [1,0]) while_succ_in_while_before_cfg_to_dag_prog.block_2)"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_2_def while_succ_in_while_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body [1,0] [] while_succ_in_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_2)
+apply (rule while_succ_in_while_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon5_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon5_LoopBody)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon5_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_8_def while_succ_in_while_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_8)
+apply (rule while_succ_in_while_before_passive_prog.node_6)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon4)
+apply assumption+
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.outEdges_8)
+apply (rule while_succ_in_while_before_passive_prog.outEdges_6)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_7_def while_succ_in_while_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_7)
+apply (rule while_succ_in_while_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon5_LoopDone)
+apply (assumption+)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_7))
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_7))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5_LoopHead:
+shows "(mods_contained_in (set [1,0]) while_succ_in_while_before_cfg_to_dag_prog.block_1)"
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_1_def while_succ_in_while_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_y(1)))
+apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_1)
+apply (rule while_succ_in_while_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon5_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon5_LoopHead)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_9 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_succ_in_while_before_cfg_to_dag_prog.block_0_def while_succ_in_while_before_passive_prog.block_9_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_0)
+apply (rule while_succ_in_while_before_passive_prog.node_9)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=8])
+apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_10))
+by ((simp add:while_succ_in_while_before_passive_prog.node_10 while_succ_in_while_before_passive_prog.block_10_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_succ_in_while_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule while_succ_in_while_before_passive_prog.node_11)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding while_succ_in_while_before_passive_prog.block_11_def
+apply (rule assume_pres_normal[where ?es=while_succ_in_while_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding while_succ_in_while_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule while_succ_in_while_before_passive_prog.outEdges_11)
+apply ((simp add:while_succ_in_while_before_passive_prog.node_10 while_succ_in_while_before_passive_prog.block_10_def))
+apply (rule while_succ_in_while_before_passive_prog.outEdges_10)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A while_succ_in_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) while_succ_in_while_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_succ_in_while_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule while_succ_in_while_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passification_proof.thy
new file mode 100644
index 0000000..21eb5d0
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passification_proof.thy
@@ -0,0 +1,385 @@
+theory while_succ_in_while_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util while_succ_in_while_before_ast_to_cfg_prog while_succ_in_while_passive_prog Boogie_Lang.PassificationML while_succ_in_while_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_succ_in_while_before_passive_prog.block_0_def while_succ_in_while_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(1,(Inl 8))]) R_old while_succ_in_while_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_succ_in_while_before_passive_prog.block_1_def while_succ_in_while_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_y(2) while_succ_in_while_passive_prog.l_y_3(2)))
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_succ_in_while_before_passive_prog.block_2_def while_succ_in_while_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_succ_in_while_before_passive_prog.block_3_def while_succ_in_while_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(1,(Inl 7))]) R_old while_succ_in_while_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_succ_in_while_before_passive_prog.block_4_def while_succ_in_while_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_y(2) while_succ_in_while_passive_prog.l_y_2(2)))
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old while_succ_in_while_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_succ_in_while_before_passive_prog.block_5_def while_succ_in_while_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_x(2) while_succ_in_while_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_succ_in_while_before_passive_prog.block_6_def while_succ_in_while_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_succ_in_while_before_passive_prog.block_7_def while_succ_in_while_passive_prog.block_7_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4,5] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4,5])) (update_nstate_rel R [(1,(Inl 4)),(0,(Inl 5))]) R_old while_succ_in_while_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_succ_in_while_before_passive_prog.block_8_def while_succ_in_while_passive_prog.block_8_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_y(2) while_succ_in_while_passive_prog.l_y_1(2)))
+apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_x(2) while_succ_in_while_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old while_succ_in_while_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_succ_in_while_before_passive_prog.block_9_def while_succ_in_while_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_x(2) while_succ_in_while_passive_prog.l_x_0(2)))
+apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_y(2) while_succ_in_while_passive_prog.l_y_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_10 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_10 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_succ_in_while_before_passive_prog.block_10_def while_succ_in_while_passive_prog.block_10_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_11 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_11 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_succ_in_while_before_passive_prog.block_11_def while_succ_in_while_passive_prog.block_11_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_0},@{thm while_succ_in_while_before_passive_prog.outEdges_0}) (@{thm while_succ_in_while_passive_prog.node_0},@{thm while_succ_in_while_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_succ_in_while_before_passive_prog.node_1},@{thm while_succ_in_while_before_passive_prog.outEdges_1}) (@{thm while_succ_in_while_passive_prog.node_1},@{thm while_succ_in_while_passive_prog.outEdges_1}) @{thm block_anon6_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_2},@{thm while_succ_in_while_before_passive_prog.outEdges_2}) (@{thm while_succ_in_while_passive_prog.node_2},@{thm while_succ_in_while_passive_prog.outEdges_2}) @{thm block_anon3} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_succ_in_while_before_passive_prog.node_3},@{thm while_succ_in_while_before_passive_prog.outEdges_3}) (@{thm while_succ_in_while_passive_prog.node_3},@{thm while_succ_in_while_passive_prog.outEdges_3}) @{thm block_anon6_LoopDone} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_4},@{thm while_succ_in_while_before_passive_prog.outEdges_4}) (@{thm while_succ_in_while_passive_prog.node_4},@{thm while_succ_in_while_passive_prog.outEdges_4}) @{thm block_anon6_LoopHead} [
+@{thm cfg_block_anon6_LoopDone}, 
+@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_succ_in_while_before_passive_prog.node_5},@{thm while_succ_in_while_before_passive_prog.outEdges_5}) (@{thm while_succ_in_while_passive_prog.node_5},@{thm while_succ_in_while_passive_prog.outEdges_5}) @{thm block_anon5_LoopBody} [
+@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_succ_in_while_before_passive_prog.node_6},@{thm while_succ_in_while_before_passive_prog.outEdges_6}) (@{thm while_succ_in_while_passive_prog.node_6},@{thm while_succ_in_while_passive_prog.outEdges_6}) @{thm block_anon4} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_succ_in_while_before_passive_prog.node_7},@{thm while_succ_in_while_before_passive_prog.outEdges_7}) (@{thm while_succ_in_while_passive_prog.node_7},@{thm while_succ_in_while_passive_prog.outEdges_7}) @{thm block_anon5_LoopDone} [
+@{thm cfg_block_anon4}] 1\<close>))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_8},@{thm while_succ_in_while_before_passive_prog.outEdges_8}) (@{thm while_succ_in_while_passive_prog.node_8},@{thm while_succ_in_while_passive_prog.outEdges_8}) @{thm block_anon5_LoopHead} [
+@{thm cfg_block_anon5_LoopDone}, 
+@{thm cfg_block_anon5_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_9},@{thm while_succ_in_while_before_passive_prog.outEdges_9}) (@{thm while_succ_in_while_passive_prog.node_9},@{thm while_succ_in_while_passive_prog.outEdges_9}) @{thm block_anon0} [
+@{thm cfg_block_anon5_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_10},@{thm while_succ_in_while_before_passive_prog.outEdges_10}) (@{thm while_succ_in_while_passive_prog.node_10},@{thm while_succ_in_while_passive_prog.outEdges_10}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 11)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_11},@{thm while_succ_in_while_before_passive_prog.outEdges_11}) (@{thm while_succ_in_while_passive_prog.node_11},@{thm while_succ_in_while_passive_prog.outEdges_11}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 11),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A while_succ_in_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls ns while_succ_in_while_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv while_succ_in_while_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding while_succ_in_while_passive_prog.params_vdecls_def while_succ_in_while_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using while_succ_in_while_before_passive_prog.globals_locals_disj apply auto[1]
+using while_succ_in_while_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] while_succ_in_while_passive_prog.proc_body u (Inl 11)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range while_succ_in_while_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] while_succ_in_while_passive_prog.proc_body ((Inl 11),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from while_succ_in_while_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passive_prog.thy
new file mode 100644
index 0000000..bce6ab9
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passive_prog.thy
@@ -0,0 +1,248 @@
+theory while_succ_in_while_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util while_succ_in_while_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 7) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 8) Eq (BinOp (Var 7) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 7)))]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 5) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 6) Eq (BinOp (Var 5) Sub (Lit (LInt 1)))))]"
+definition block_6
+  where
+    "block_6  = [(Assert (BinOp (Var 5) Eq (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 5)))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[3,1],[4],[0],[6],[7,5],[8],[9],[10]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 11,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding while_succ_in_while_passive_prog.params_vdecls_def while_succ_in_while_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)))) = {})"
+unfolding while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_3:
+shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_3:
+shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_vcphase_proof.thy
new file mode 100644
index 0000000..2455790
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_vcphase_proof.thy
@@ -0,0 +1,423 @@
+theory while_succ_in_while_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML while_succ_in_while_passive_prog while_succ_in_while_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon6_LoopBody
+  where
+    "vc_anon6_LoopBody  = True"
+definition vc_anon3
+  where
+    "vc_anon3  = True"
+definition vc_anon6_LoopDone
+  where
+    "vc_anon6_LoopDone y_2 = (((0::int) \<ge> y_2) \<longrightarrow> (vc_anon3 ))"
+definition vc_anon5_LoopBody
+  where
+    "vc_anon5_LoopBody x_1 x_2 y_2 = (((x_1 > (0::int)) \<and> (x_2 = (x_1 - (1::int)))) \<longrightarrow> ((vc_anon6_LoopDone y_2) \<and> (vc_anon6_LoopBody )))"
+definition vc_anon4
+  where
+    "vc_anon4 x_1 = (x_1 = (0::int))"
+definition vc_anon5_LoopDone
+  where
+    "vc_anon5_LoopDone x_1 = (((0::int) \<ge> x_1) \<longrightarrow> (vc_anon4 x_1))"
+definition vc_anon0
+  where
+    "vc_anon0 x_1 x_2 y_2 = ((vc_anon5_LoopDone x_1) \<and> (vc_anon5_LoopBody x_1 x_2 y_2))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_y_2 :: "int" and vc_y_3 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_1)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_1)))" and 
+G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_2)))" and 
+G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_2)))" and 
+G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_y_3)))" and 
+G9: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9
+lemmas forall_poly_thm = forall_vc_type[OF G9]
+lemmas exists_poly_thm = exists_vc_type[OF G9]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding while_succ_in_while_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon6_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon6_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody ) \<Longrightarrow> (s' = Magic)))"
+unfolding while_succ_in_while_passive_prog.block_1_def vc.vc_anon6_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon3_hints = [
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon3AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 ) \<Longrightarrow> (s' = Magic)))"
+unfolding while_succ_in_while_passive_prog.block_2_def vc.vc_anon3_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon6_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 )))))))"
+unfolding while_succ_in_while_passive_prog.block_3_def vc.vc_anon6_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon6_LoopDone vc_y_2) \<and> (vc.vc_anon6_LoopBody ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_y_2) \<and> (vc.vc_anon6_LoopBody ))))))"
+using assms
+unfolding while_succ_in_while_passive_prog.block_4_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon5_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_y_2) \<and> (vc.vc_anon6_LoopBody ))))))))"
+unfolding while_succ_in_while_passive_prog.block_5_def vc.vc_anon5_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon4AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding while_succ_in_while_passive_prog.block_6_def vc.vc_anon4_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_1)))))))"
+unfolding while_succ_in_while_passive_prog.block_7_def vc.vc_anon5_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_8 (Normal n_s) s')" and 
+"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))))))"
+using assms
+unfolding while_succ_in_while_passive_prog.block_8_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_9 (Normal n_s) s')" and 
+"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))))))"
+using assms
+unfolding while_succ_in_while_passive_prog.block_9_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_10 (Normal n_s) s')" and 
+"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))))))"
+using assms
+unfolding while_succ_in_while_passive_prog.block_10_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_11 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding while_succ_in_while_passive_prog.block_11_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) while_succ_in_while_passive_prog.node_0 while_succ_in_while_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopBody )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) while_succ_in_while_passive_prog.node_1])
+by (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) while_succ_in_while_passive_prog.node_2])
+by (erule block_anon3AA0[OF _ assms(2)])
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopDone vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_3])
+apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:while_succ_in_while_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon6_LoopDone vc_y_2) \<and> (vc.vc_anon6_LoopBody ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_4])
+apply (erule block_anon6_LoopHead[OF _ assms(2)])
+apply ((simp add:while_succ_in_while_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_5])
+apply (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:while_succ_in_while_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) while_succ_in_while_passive_prog.node_6])
+apply (erule block_anon4AA0[OF _ assms(2)])
+apply ((simp add:while_succ_in_while_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopDone vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_7])
+apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:while_succ_in_while_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_8])
+apply (erule block_anon5_LoopHead[OF _ assms(2)])
+apply ((simp add:while_succ_in_while_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_9])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:while_succ_in_while_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_10])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:while_succ_in_while_passive_prog.outEdges_10))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_11])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:while_succ_in_while_passive_prog.outEdges_11))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) \<Gamma> [] while_succ_in_while_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A while_succ_in_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) while_succ_in_while_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_x])
+apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_y])
+apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_3:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_y_3])
+apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_y_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (rule HOL.conjunct1[OF sc_y_3])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/ROOT
new file mode 100644
index 0000000..7aa5836
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/ROOT
@@ -0,0 +1,12 @@
+session consecutive_ifs_proofs = Boogie_Lang + 
+directories consecutive_ifs_proofs
+theories
+global_data
+"consecutive_ifs_proofs/consecutive_ifs_passive_prog"
+"consecutive_ifs_proofs/consecutive_ifs_before_passive_prog"
+"consecutive_ifs_proofs/consecutive_ifs_vcphase_proof"
+"consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog"
+"consecutive_ifs_proofs/consecutive_ifs_before_ast_to_cfg_prog"
+"consecutive_ifs_proofs/consecutive_ifs_passification_proof"
+"consecutive_ifs_proofs/consecutive_ifs_asttocfg_proof"
+"consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_asttocfg_proof.thy
new file mode 100644
index 0000000..5fec503
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_asttocfg_proof.thy
@@ -0,0 +1,449 @@
+theory consecutive_ifs_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_ifs_before_ast_to_cfg_prog consecutive_ifs_before_cfg_to_dag_prog consecutive_ifs_cfgtodag_proof consecutive_ifs_passification_proof consecutive_ifs_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A consecutive_ifs_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_5 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_5_def consecutive_ifs_before_cfg_to_dag_prog.block_5_def)
+apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.block_5_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.block_5_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_5_def)+)
+done
+
+
+lemma global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_ifs_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (simp)
+apply (rule cont_5_def)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_5)
+apply (rule disjI1)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.block_5_def)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_5)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_5)
+apply (rule rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_5)
+apply assumption+
+
+done
+qed
+
+lemma rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_4_def consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_4_def)+)
+done
+
+
+lemma global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_ifs_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (simp)
+apply (rule cont_4_def)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_4)
+apply (rule disjI1)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_4)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_4)
+apply (rule rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_4)
+apply assumption+
+
+done
+qed
+
+lemma global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_ifs_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Invs[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_3_def)
+
+apply (rule astTrace)
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_3_def)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_3)
+apply (rule disjI1)
+
+
+
+apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+
+
+
+
+
+
+apply (rule disjE, simp)
+apply ((erule allE[where x = 4])+)
+apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply blast+
+
+
+
+
+
+
+apply ((erule allE[where x = 5])+)
+apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_5)
+apply (simp add: cont_3_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_ifs_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_2_def)
+
+apply (rule astTrace)
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_2)
+
+
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
+unfolding consecutive_ifs_before_cfg_to_dag_prog.block_1_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_1_def)
+apply ((simp add: assms(3) consecutive_ifs_before_ast_to_cfg_prog.bigblock_1_def)+)
+done
+
+
+lemma global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_ifs_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_1_def)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_1)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.block_1_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_1_def)
+apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_1)
+apply (rule rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_1)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_0_def consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_ifs_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_0 _ consecutive_ifs_before_cfg_to_dag_prog.block_0])
+apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_0)
+apply (rule rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 2])+)
+apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_0_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (consecutive_ifs_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_ifs_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_ifs_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_ifs_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.pres_def consecutive_ifs_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.pres_def consecutive_ifs_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (consecutive_ifs_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) consecutive_ifs_before_ast_to_cfg_prog.fdecls consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls consecutive_ifs_before_ast_to_cfg_prog.axioms consecutive_ifs_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding consecutive_ifs_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 consecutive_ifs_before_ast_to_cfg_prog.ast_proc_def consecutive_ifs_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..43f39d1
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_to_cfg_prog.thy
@@ -0,0 +1,135 @@
+theory consecutive_ifs_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BigBlock (None ) [(Assign 0 (Lit (LInt 5)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [(Assign 0 (Lit (LInt 5)))] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedIf (None ) [(BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))] [(BigBlock (None ) [(Assign 0 (UnOp UMinus (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [(Assign 0 (UnOp UMinus (Lit (LInt 1))))] (None ) (None ))"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_4
+  where
+    "cont_4  = KStop"
+definition cont_5
+  where
+    "cont_5  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KSeq bigblock_3 cont_3)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = consecutive_ifs_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_ifs_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_ifs_before_ast_to_cfg_prog.post),proc_body = (Some (consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls,consecutive_ifs_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy
similarity index 55%
rename from BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy
index 2698501..5cbb7e9 100644
--- a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy
@@ -6,22 +6,22 @@ definition block_0
     "block_0  = [(Havoc 0)]"
 definition block_1
   where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (Lit (LInt 5)))]"
 definition block_2
   where
-    "block_2  = []"
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
 definition block_3
   where
-    "block_3  = [(Assign 0 (UnOp UMinus (Lit (LInt 1))))]"
+    "block_3  = []"
 definition block_4
   where
     "block_4  = [(Assign 0 (Lit (LInt 1)))]"
 definition block_5
   where
-    "block_5  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (Lit (LInt 5)))]"
+    "block_5  = [(Assign 0 (UnOp UMinus (Lit (LInt 1))))]"
 definition outEdges
   where
-    "outEdges  = [[5,1],[2],[4,3],[],[],[2]]"
+    "outEdges  = [[1,2],[3],[3],[4,5],[],[]]"
 definition node_to_blocks
   where
     "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
@@ -53,19 +53,19 @@ shows "((nth (node_to_block proc_body) 5) = block_5)"
 by (simp add:proc_body_def node_to_blocks_def)
 
 lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [5,1])"
+shows "((nth (out_edges proc_body) 0) = [1,2])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [2])"
+shows "((nth (out_edges proc_body) 1) = [3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [4,3])"
+shows "((nth (out_edges proc_body) 2) = [3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [])"
+shows "((nth (out_edges proc_body) 3) = [4,5])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_4:
@@ -73,7 +73,7 @@ shows "((nth (out_edges proc_body) 4) = [])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [2])"
+shows "((nth (out_edges proc_body) 5) = [])"
 by (simp add:proc_body_def outEdges_def)
 
 definition pres
@@ -88,6 +88,28 @@ definition params_vdecls :: "(vdecls)"
 definition locals_vdecls :: "(vdecls)"
   where
     "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
 lemma locals_min_aux:
 shows "(((map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
 unfolding consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def
@@ -99,18 +121,23 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
 by simp
 
 lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls_def
 by simp
 
 lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls_def
 by simp
 
 lemma params_wf:
@@ -124,7 +151,7 @@ unfolding consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
 apply (rule lookup_ty_pred_2)
 by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
 
@@ -133,11 +160,11 @@ shows "((map_of (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls con
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-definition proc :: "(procedure)"
+definition proc :: "(mbodyCFG procedure)"
   where
     "proc  = (|proc_ty_args = 0,proc_args = consecutive_ifs_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_ifs_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_ifs_before_cfg_to_dag_prog.post),proc_body = (Some (consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls,consecutive_ifs_before_cfg_to_dag_prog.proc_body))|)"
 
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy
similarity index 77%
rename from BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy
index 7a08b52..0d4ebc5 100644
--- a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy
@@ -1,5 +1,5 @@
 theory consecutive_ifs_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_ifs_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_ifs_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -110,18 +110,18 @@ shows "((nth (out_edges proc_body) 8) = [7])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy
similarity index 82%
rename from BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy
index e68ce40..5fb1496 100644
--- a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy
@@ -1,23 +1,23 @@
 theory consecutive_ifs_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_ifs_before_cfg_to_dag_prog consecutive_ifs_before_passive_prog consecutive_ifs_passification_proof consecutive_ifs_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_ifs_before_ast_to_cfg_prog consecutive_ifs_before_cfg_to_dag_prog consecutive_ifs_before_passive_prog consecutive_ifs_passification_proof consecutive_ifs_vcphase_proof
 begin
 locale cfg_to_dag_lemmas = 
 fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
 assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+Wf_Fun: "(fun_interp_wf A consecutive_ifs_before_ast_to_cfg_prog.fdecls \<Gamma>)"
 begin
 
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls))"
 declare Nat.One_nat_def[simp del]
 
 lemma cfg_block_GeneratedUnifiedExit:
 assumes 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_ifs_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def consecutive_ifs_before_cfg_to_dag_prog.post_def 
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_ifs_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def consecutive_ifs_before_ast_to_cfg_prog.post_def 
 apply (rule cfg_dag_rel_post_invs_3)
 apply (erule assms(1))
 apply (rule consecutive_ifs_before_passive_prog.node_0)
@@ -44,7 +44,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
 apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_4)
 apply (rule consecutive_ifs_before_passive_prog.node_1)
@@ -60,13 +60,13 @@ by assumption
 
 lemma block_anon7_Else:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_2 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_ifs_before_cfg_to_dag_prog.block_3_def consecutive_ifs_before_passive_prog.block_2_def
+unfolding consecutive_ifs_before_cfg_to_dag_prog.block_5_def consecutive_ifs_before_passive_prog.block_2_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -74,18 +74,18 @@ done
 
 lemma cfg_block_anon7_Else:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_3)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_5)
 apply (rule consecutive_ifs_before_passive_prog.node_2)
 apply (erule DagVerifies)
 apply (rule DagAssms)
 apply (erule block_anon7_Else)
 apply assumption+
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_3)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_5)
 apply (rule consecutive_ifs_before_passive_prog.outEdges_2)
 apply (erule cfg_block_GeneratedUnifiedExit)
 by assumption
@@ -93,13 +93,13 @@ by assumption
 
 lemma block_anon3:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_3 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_ifs_before_cfg_to_dag_prog.block_2_def consecutive_ifs_before_passive_prog.block_3_def
+unfolding consecutive_ifs_before_cfg_to_dag_prog.block_3_def consecutive_ifs_before_passive_prog.block_3_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -107,18 +107,18 @@ done
 
 lemma cfg_block_anon3:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_2)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_3)
 apply (rule consecutive_ifs_before_passive_prog.node_3)
 apply (assumption+)
 apply (rule block_anon3)
 apply (assumption+)
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_3))
 apply (erule member_elim)
 apply simp
 apply (erule allE[where x=1])
@@ -152,13 +152,13 @@ by (simp add: member_rec(2))
 
 lemma block_anon6_Then:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_4 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_ifs_before_cfg_to_dag_prog.block_5_def consecutive_ifs_before_passive_prog.block_4_def
+unfolding consecutive_ifs_before_cfg_to_dag_prog.block_1_def consecutive_ifs_before_passive_prog.block_4_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -166,18 +166,18 @@ done
 
 lemma cfg_block_anon6_Then:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_5)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_1)
 apply (rule consecutive_ifs_before_passive_prog.node_4)
 apply (assumption+)
 apply (rule block_anon6_Then)
 apply (assumption+)
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_1))
 apply (erule member_elim)
 apply simp
 apply (erule allE[where x=3])
@@ -197,13 +197,13 @@ by (simp add: member_rec(2))
 
 lemma block_anon6_Else:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_5 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_ifs_before_cfg_to_dag_prog.block_1_def consecutive_ifs_before_passive_prog.block_5_def
+unfolding consecutive_ifs_before_cfg_to_dag_prog.block_2_def consecutive_ifs_before_passive_prog.block_5_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -211,18 +211,18 @@ done
 
 lemma cfg_block_anon6_Else:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_1)
+apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_2)
 apply (rule consecutive_ifs_before_passive_prog.node_5)
 apply (assumption+)
 apply (rule block_anon6_Else)
 apply (assumption+)
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2))
 apply (erule member_elim)
 apply simp
 apply (erule allE[where x=3])
@@ -259,7 +259,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_0)
 apply (rule consecutive_ifs_before_passive_prog.node_6)
@@ -318,16 +318,16 @@ assumes
 "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_ifs_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_ifs_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_entry)
 apply (rule consecutive_ifs_before_passive_prog.node_8)
 apply (erule assms(3))
 apply (rule assms(2))
 unfolding consecutive_ifs_before_passive_prog.block_8_def
-apply (rule assume_pres_normal[where ?es=consecutive_ifs_before_cfg_to_dag_prog.pres])
+apply (rule assume_pres_normal[where ?es=consecutive_ifs_before_ast_to_cfg_prog.pres])
 apply (rule assms(4))
-unfolding consecutive_ifs_before_cfg_to_dag_prog.pres_def
+unfolding consecutive_ifs_before_ast_to_cfg_prog.pres_def
 apply simp
 apply (rule consecutive_ifs_before_passive_prog.outEdges_8)
 apply ((simp add:consecutive_ifs_before_passive_prog.node_7 consecutive_ifs_before_passive_prog.block_7_def))
@@ -339,23 +339,23 @@ end
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls))"
 lemma end_to_end_theorem_aux:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_ifs_before_cfg_to_dag_prog.pres)" and 
+FInterp: "(fun_interp_wf A consecutive_ifs_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_ifs_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_ifs_before_ast_to_cfg_prog.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
 proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
 show ?thesis
 apply (rule cfg_to_dag_lemmas.entry_lemma)
@@ -387,13 +387,5 @@ done
 qed
 
 
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms consecutive_ifs_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 consecutive_ifs_before_cfg_to_dag_prog.proc_def consecutive_ifs_before_cfg_to_dag_prog.proc_body_def)
-
 
 end
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy
similarity index 90%
rename from BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy
index f7080ba..ff5edd5 100644
--- a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy
@@ -1,5 +1,5 @@
 theory consecutive_ifs_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_ifs_before_passive_prog consecutive_ifs_passive_prog Boogie_Lang.PassificationML consecutive_ifs_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_ifs_before_ast_to_cfg_prog consecutive_ifs_passive_prog Boogie_Lang.PassificationML consecutive_ifs_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,10 +9,10 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_GeneratedUnifiedExit:
@@ -46,7 +46,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding consecutive_ifs_before_passive_prog.block_2_def consecutive_ifs_passive_prog.block_2_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.l_x(2) consecutive_ifs_passive_prog.l_x_1(2)))
+apply ((simp add:consecutive_ifs_before_ast_to_cfg_prog.l_x(2) consecutive_ifs_passive_prog.l_x_1(2)))
 by simp
 
 lemma block_anon3:
@@ -93,7 +93,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding consecutive_ifs_before_passive_prog.block_6_def consecutive_ifs_passive_prog.block_6_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.l_x(2) consecutive_ifs_passive_prog.l_x_0(2)))
+apply ((simp add:consecutive_ifs_before_ast_to_cfg_prog.l_x(2) consecutive_ifs_passive_prog.l_x_0(2)))
 by simp
 
 lemma block_0:
@@ -194,14 +194,14 @@ by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} []
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 8),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 8),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A consecutive_ifs_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls ns consecutive_ifs_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -255,7 +255,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding consecutive_ifs_passive_prog.params_vdecls_def consecutive_ifs_passive_prog.locals_vdecls_def
 by simp
@@ -293,7 +293,7 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range consecutive_ifs_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy
similarity index 70%
rename from BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy
index ba80e73..19d0f85 100644
--- a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy
@@ -1,5 +1,5 @@
 theory consecutive_ifs_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_ifs_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_ifs_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -126,8 +126,8 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)))) = {})"
+unfolding consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 lemma m_x:
@@ -143,17 +143,17 @@ shows "((map_of (append consecutive_ifs_passive_prog.params_vdecls consecutive_i
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_x_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x_1
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
diff --git a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy
similarity index 91%
rename from BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy
index 9979abc..dfde2fa 100644
--- a/BoogieLang/generated_example_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy
@@ -252,19 +252,19 @@ declare One_nat_def[simp del]
 
 lemma end_to_end:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+FInterp: "(fun_interp_wf A consecutive_ifs_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) consecutive_ifs_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls))"
 shows "(s' \<noteq> Failure)"
 proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+let ?n_s_c = "(nstate_global_restriction n_s consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
 from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_ifs_passive_prog.m_x])
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/nested_loop_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/ROOT
new file mode 100644
index 0000000..917e282
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/ROOT
@@ -0,0 +1,12 @@
+session consecutive_loops_in_loop_2_proofs = Boogie_Lang + 
+directories consecutive_loops_in_loop_2_proofs
+theories
+global_data
+"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_vcphase_proof"
+"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_cfg_to_dag_prog"
+"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passification_proof"
+"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_asttocfg_proof"
+"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_passive_prog"
+"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_cfgtodag_proof"
+"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passive_prog"
+"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_ast_to_cfg_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_asttocfg_proof.thy
new file mode 100644
index 0000000..063a02e
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_asttocfg_proof.thy
@@ -0,0 +1,774 @@
+theory consecutive_loops_in_loop_2_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_loops_in_loop_2_before_ast_to_cfg_prog consecutive_loops_in_loop_2_before_cfg_to_dag_prog consecutive_loops_in_loop_2_cfgtodag_proof consecutive_loops_in_loop_2_passification_proof consecutive_loops_in_loop_2_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_9:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9])
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12_def)
+apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_9:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9,cont_9,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 12),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 12),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9])
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9_def)
+apply (simp)
+apply (simp)
+apply (rule cont_9_def)
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_12)
+apply (rule disjI1)
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12_def)
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_12)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_12)
+apply (rule rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_9)
+apply assumption+
+
+done
+qed
+
+lemma rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_8:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8])
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10_def)
+apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_8:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8])
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8_def)
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_10)
+apply (rule disjI1)
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_8_def)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_10)
+apply (rule rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_8)
+apply assumption
+apply (simp)
+apply ((erule allE[where x=1])+)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_10)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_7:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 1))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7])
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8_def)
+apply ((simp add: assms(3) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_7:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 1))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6 cont_6 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 7 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7])
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7_def)
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_8)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_7_def)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_8)
+apply (rule rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_7)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=7])+)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_8)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_6_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6 _ _ _ consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7])
+apply (simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6])
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6_def)+)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_7)+)
+apply (rule cont_6_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 8])+)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_7)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_7)
+apply (simp add: cont_6_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_6_def cont_7_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 9])+)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_7)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_8)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_9)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_9_def)
+apply (rule neg_lt)
+apply (simp)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_9)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_9)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_9_def)
+apply (rule neg_lt)
+apply (simp)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_9)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_5_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_6)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6_def cont_5_def cont_6_def)
+apply (rule correctness_propagates_through_empty)
+using assms(2)
+apply blast
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_6)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_6_def)
+
+
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_6)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_empty2)
+using assms(3)
+apply blast
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_6)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_6_def)
+
+
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_6)
+apply (simp add: member_rec)
+apply ((simp)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule strictly_smaller_helper2)
+apply ((simp)+)
+done
+
+lemma rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: assms(3) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3 cont_3 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 3 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_4)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_4_def)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_4)
+apply (rule rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_4)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=3])+)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3 _ _ _ consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3])
+apply (simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3])
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3_def)+)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_3)+)
+apply (rule cont_3_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_3_def cont_4_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 5])+)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_5)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_5)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_5)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: assms(3) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def)
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_2)
+
+apply (rule disjI2)
+apply (rule disjI1)
+
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (simp)
+
+
+apply (rule guardHint)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_2)
+apply (rule rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def)
+apply ((simp)+)
+apply (rule guardHint)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1 _ _ _ consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1])
+apply (simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def cont_2_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_5_def cont_5_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8_def cont_8_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 11])+)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_9)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_11)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_11_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_11)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_11)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_11_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_11)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0 _ consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0])
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_0)
+apply (rule rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_x_6::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_9] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_9_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_x_6::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.axioms consecutive_loops_in_loop_2_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.ast_proc_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..036e986
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_ast_to_cfg_prog.thy
@@ -0,0 +1,168 @@
+theory consecutive_loops_in_loop_2_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 1),(Havoc 0)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 1) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 1) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 1) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_7
+  where
+    "bigblock_7  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_8
+  where
+    "bigblock_8  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))] (None ) (None ))"
+definition bigblock_9
+  where
+    "bigblock_9  = (BigBlock (None ) [(Assert (BinOp (Var 1) Eq (Lit (LInt 0))))] (None ) (None ))"
+definition cont_9
+  where
+    "cont_9  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_9 cont_9)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_9 cont_9 ))"
+definition cont_8
+  where
+    "cont_8  = (KSeq bigblock_1 cont_1)"
+definition cont_5
+  where
+    "cont_5  = (KSeq bigblock_8 cont_8)"
+definition cont_6
+  where
+    "cont_6  = (KEndBlock (KSeq bigblock_8 cont_8 ))"
+definition cont_7
+  where
+    "cont_7  = (KSeq bigblock_6 cont_6)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_5 cont_5)"
+definition cont_3
+  where
+    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_9]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post),proc_body = (Some (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls,consecutive_loops_in_loop_2_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..96b1709
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_cfg_to_dag_prog.thy
@@ -0,0 +1,257 @@
+theory consecutive_loops_in_loop_2_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 1),(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 0)))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = [(Assert (BinOp (Var 0) Le (Lit (LInt 1))))]"
+definition block_8
+  where
+    "block_8  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
+definition block_9
+  where
+    "block_9  = [(Assume (BinOp (Lit (LInt 1)) Le (Var 0)))]"
+definition block_10
+  where
+    "block_10  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))]"
+definition block_11
+  where
+    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_12
+  where
+    "block_12  = [(Assert (BinOp (Var 1) Eq (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[11,2],[3],[5,4],[3],[6],[7],[9,8],[7],[10],[1],[12],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [11,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [5,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [9,8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_loops_in_loop_2_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_loops_in_loop_2_before_cfg_to_dag_prog.post),proc_body = (Some (consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls,consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_passive_prog.thy
new file mode 100644
index 0000000..11ed748
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_passive_prog.thy
@@ -0,0 +1,205 @@
+theory consecutive_loops_in_loop_2_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_in_loop_2_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 1)) Le (Var 0)))]"
+definition block_5
+  where
+    "block_5  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Lit (LInt 1))))]"
+definition block_6
+  where
+    "block_6  = [(Assert (BinOp (Var 0) Le (Lit (LInt 1))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 0)))]"
+definition block_8
+  where
+    "block_8  = [(Havoc 0)]"
+definition block_9
+  where
+    "block_9  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
+definition block_10
+  where
+    "block_10  = [(Assert (BinOp (Var 1) Eq (Lit (LInt 0))))]"
+definition block_11
+  where
+    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_12
+  where
+    "block_12  = [(Havoc 1),(Havoc 0)]"
+definition block_13
+  where
+    "block_13  = [(Havoc 1),(Havoc 0)]"
+definition block_14
+  where
+    "block_14  = []"
+definition block_15
+  where
+    "block_15  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[0],[10],[11,9],[12],[13],[14]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14,block_15]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 15,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_13:
+shows "((nth (node_to_block proc_body) 13) = block_13)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_14:
+shows "((nth (node_to_block proc_body) 14) = block_14)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_15:
+shows "((nth (node_to_block proc_body) 15) = block_15)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11,9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_13:
+shows "((nth (out_edges proc_body) 13) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_14:
+shows "((nth (out_edges proc_body) 14) = [13])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_15:
+shows "((nth (out_edges proc_body) 15) = [14])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_cfgtodag_proof.thy
new file mode 100644
index 0000000..749c4ab
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_cfgtodag_proof.thy
@@ -0,0 +1,900 @@
+theory consecutive_loops_in_loop_2_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_loops_in_loop_2_before_ast_to_cfg_prog consecutive_loops_in_loop_2_before_cfg_to_dag_prog consecutive_loops_in_loop_2_before_passive_prog consecutive_loops_in_loop_2_passification_proof consecutive_loops_in_loop_2_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_0)
+apply simp
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma Mods_anon8_LoopBody:
+shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4)"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_1 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4_def consecutive_loops_in_loop_2_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_4)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon8_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon8_LoopBody)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon8_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon9_LoopBody:
+shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8)"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8_def
+by simp
+
+lemma block_anon9_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 1)))] consecutive_loops_in_loop_2_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8_def consecutive_loops_in_loop_2_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun consecutive_loops_in_loop_2_before_ast_to_cfg_prog.funcs_wf consecutive_loops_in_loop_2_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon9_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon9_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Lit (LInt 1)))] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 7 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_8)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon9_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon9_LoopBody)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_8))
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_8))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon9_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5:
+shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10)"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10_def
+by simp
+
+lemma block_anon5:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_3 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10_def consecutive_loops_in_loop_2_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_10)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon5)
+apply (assumption+)
+apply (rule Mods_anon5)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_10))
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_10))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon7_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon9_LoopDone:
+shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_9)"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_9_def
+by simp
+
+lemma block_anon9_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_9_def consecutive_loops_in_loop_2_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon9_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_9)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon9_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon9_LoopDone)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_9))
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_9))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon9_LoopHead:
+shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7)"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7_def
+by simp
+
+lemma block_anon9_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 1)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7_def consecutive_loops_in_loop_2_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon9_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 1)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_7)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon9_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon9_LoopHead)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_7))
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_7))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon9_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon9_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon3:
+shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_6)"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_6_def
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 1)))] consecutive_loops_in_loop_2_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_6_def consecutive_loops_in_loop_2_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun consecutive_loops_in_loop_2_before_ast_to_cfg_prog.funcs_wf consecutive_loops_in_loop_2_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_6)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon3)
+apply (assumption+)
+apply (rule Mods_anon3)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_6))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon9_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_LoopDone:
+shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_5)"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_5_def consecutive_loops_in_loop_2_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_5)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon8_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon8_LoopDone)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_LoopHead:
+shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3)"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3_def consecutive_loops_in_loop_2_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_3)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon8_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon8_LoopHead)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon7_LoopBody:
+shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2)"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_9 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def consecutive_loops_in_loop_2_before_passive_prog.block_9_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_2)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_9)
+apply (assumption+)
+apply (rule block_anon7_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon7_LoopBody)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=8])
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma block_anon6:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_10 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12_def consecutive_loops_in_loop_2_before_passive_prog.block_10_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 12),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_12)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_10)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon6)
+apply assumption+
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_12)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.outEdges_10)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_11 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_11 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_11 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_11_def consecutive_loops_in_loop_2_before_passive_prog.block_11_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_11)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_11)
+apply (assumption+)
+apply (rule block_anon7_LoopDone)
+apply (assumption+)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_11))
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_11))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=10])
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_11))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_LoopHead:
+shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1)"
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_12 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_12 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1_def consecutive_loops_in_loop_2_before_passive_prog.block_12_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_y(1)))
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_1)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_12)
+apply (assumption+)
+apply (rule block_anon7_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon7_LoopHead)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=11])
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_12))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=9])
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_12))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_13 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_13 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def consecutive_loops_in_loop_2_before_passive_prog.block_13_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_0)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_13)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=12])
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_13))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 14),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_14))
+by ((simp add:consecutive_loops_in_loop_2_before_passive_prog.node_14 consecutive_loops_in_loop_2_before_passive_prog.block_14_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 15),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_15)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_15_def
+apply (rule assume_pres_normal[where ?es=consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.outEdges_15)
+apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.node_14 consecutive_loops_in_loop_2_before_passive_prog.block_14_def))
+apply (rule consecutive_loops_in_loop_2_before_passive_prog.outEdges_14)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_x_6::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule consecutive_loops_in_loop_2_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passification_proof.thy
new file mode 100644
index 0000000..dffc9b0
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passification_proof.thy
@@ -0,0 +1,485 @@
+theory consecutive_loops_in_loop_2_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_in_loop_2_before_ast_to_cfg_prog consecutive_loops_in_loop_2_passive_prog Boogie_Lang.PassificationML consecutive_loops_in_loop_2_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_0_def consecutive_loops_in_loop_2_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9])) (update_nstate_rel R [(0,(Inl 9))]) R_old consecutive_loops_in_loop_2_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_1_def consecutive_loops_in_loop_2_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_4(2)))
+by simp
+
+lemma block_anon9_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [10] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [10])) (update_nstate_rel R [(0,(Inl 10))]) R_old consecutive_loops_in_loop_2_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_2_def consecutive_loops_in_loop_2_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_6(2)))
+by simp
+
+lemma block_anon5:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [11] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 8)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [11])) (update_nstate_rel R [(1,(Inl 11))]) R_old consecutive_loops_in_loop_2_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_3_def consecutive_loops_in_loop_2_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_y(2) consecutive_loops_in_loop_2_passive_prog.l_y_2(2)))
+by simp
+
+lemma block_anon9_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 8)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_4_def consecutive_loops_in_loop_2_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon9_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old consecutive_loops_in_loop_2_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_5_def consecutive_loops_in_loop_2_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_5(2)))
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_6_def consecutive_loops_in_loop_2_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_7_def consecutive_loops_in_loop_2_passive_prog.block_7_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(0,(Inl 7))]) R_old consecutive_loops_in_loop_2_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_8_def consecutive_loops_in_loop_2_passive_prog.block_8_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_3(2)))
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old consecutive_loops_in_loop_2_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_9_def consecutive_loops_in_loop_2_passive_prog.block_9_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon6:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_10 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_10 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_10_def consecutive_loops_in_loop_2_passive_prog.block_10_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_11 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_11 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_11_def consecutive_loops_in_loop_2_passive_prog.block_11_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_12 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4,5] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4,5])) (update_nstate_rel R [(1,(Inl 4)),(0,(Inl 5))]) R_old consecutive_loops_in_loop_2_passive_prog.block_12 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_12_def consecutive_loops_in_loop_2_passive_prog.block_12_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_y(2) consecutive_loops_in_loop_2_passive_prog.l_y_1(2)))
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_13 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(1,(Inl 2)),(0,(Inl 3))]) R_old consecutive_loops_in_loop_2_passive_prog.block_13 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_13_def consecutive_loops_in_loop_2_passive_prog.block_13_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_y(2) consecutive_loops_in_loop_2_passive_prog.l_y_0(2)))
+apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_14 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_14 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_14_def consecutive_loops_in_loop_2_passive_prog.block_14_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_15 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_15 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_2_before_passive_prog.block_15_def consecutive_loops_in_loop_2_passive_prog.block_15_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_0},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_0}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_0},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_1},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_1}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_1},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_1}) @{thm block_anon8_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon9_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 10 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_2},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_2}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_2},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_2}) @{thm block_anon9_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 8)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_3},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_3}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_3},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_3}) @{thm block_anon5} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon9_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 8)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_4},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_4}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_4},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_4}) @{thm block_anon9_LoopDone} [
+@{thm cfg_block_anon5}] 1\<close>))
+
+lemma cfg_block_anon9_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_5},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_5}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_5},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_5}) @{thm block_anon9_LoopHead} [
+@{thm cfg_block_anon9_LoopDone}, 
+@{thm cfg_block_anon9_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_6},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_6}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_6},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_6}) @{thm block_anon3} [
+@{thm cfg_block_anon9_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_7},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_7}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_7},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_7}) @{thm block_anon8_LoopDone} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_8},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_8}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_8},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_8}) @{thm block_anon8_LoopHead} [
+@{thm cfg_block_anon8_LoopDone}, 
+@{thm cfg_block_anon8_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_9},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_9}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_9},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_9}) @{thm block_anon7_LoopBody} [
+@{thm cfg_block_anon8_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon6:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_10},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_10}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_10},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_10}) @{thm block_anon6} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 11)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_11},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_11}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_11},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_11}) @{thm block_anon7_LoopDone} [
+@{thm cfg_block_anon6}] 1\<close>))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 12)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_12},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_12}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_12},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_12}) @{thm block_anon7_LoopHead} [
+@{thm cfg_block_anon7_LoopDone}, 
+@{thm cfg_block_anon7_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 13)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_13},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_13}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_13},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_13}) @{thm block_anon0} [
+@{thm cfg_block_anon7_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 14)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_14},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_14}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_14},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_14}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 15),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 15)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_15},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_15}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_15},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_15}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 15),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_x_6::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls ns consecutive_loops_in_loop_2_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv consecutive_loops_in_loop_2_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding consecutive_loops_in_loop_2_passive_prog.params_vdecls_def consecutive_loops_in_loop_2_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using consecutive_loops_in_loop_2_before_passive_prog.globals_locals_disj apply auto[1]
+using consecutive_loops_in_loop_2_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 15)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 15),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from consecutive_loops_in_loop_2_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passive_prog.thy
new file mode 100644
index 0000000..51b8006
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passive_prog.thy
@@ -0,0 +1,319 @@
+theory consecutive_loops_in_loop_2_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_in_loop_2_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 7) Gt (Lit (LInt 1)))),(Assume (BinOp (Var 9) Eq (BinOp (Var 7) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 8) Lt (Lit (LInt 1)))),(Assume (BinOp (Var 10) Eq (BinOp (Var 8) Add (Lit (LInt 1))))),(Assert (BinOp (Var 10) Le (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assert (BinOp (Var 8) Eq (Lit (LInt 1)))),(Assume (BinOp (Var 11) Eq (BinOp (Var 4) Sub (Var 8)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 1)) Le (Var 8)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 8) Le (Lit (LInt 1))))]"
+definition block_6
+  where
+    "block_6  = [(Assert (BinOp (Var 7) Le (Lit (LInt 1))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 7)))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 6) Eq (BinOp (Var 4) Sub (Lit (LInt 1)))))]"
+definition block_10
+  where
+    "block_10  = [(Assert (BinOp (Var 4) Eq (Lit (LInt 0))))]"
+definition block_11
+  where
+    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4)))]"
+definition block_12
+  where
+    "block_12  = []"
+definition block_13
+  where
+    "block_13  = []"
+definition block_14
+  where
+    "block_14  = []"
+definition block_15
+  where
+    "block_15  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[0],[10],[11,9],[12],[13],[14]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14,block_15]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 15,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_13:
+shows "((nth (node_to_block proc_body) 13) = block_13)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_14:
+shows "((nth (node_to_block proc_body) 14) = block_14)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_15:
+shows "((nth (node_to_block proc_body) 15) = block_15)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11,9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_13:
+shows "((nth (out_edges proc_body) 13) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_14:
+shows "((nth (out_edges proc_body) 14) = [13])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_15:
+shows "((nth (out_edges proc_body) 15) = [14])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(10,(TPrim TInt),(None )),(11,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_loops_in_loop_2_passive_prog.params_vdecls_def consecutive_loops_in_loop_2_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)))) = {})"
+unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_3:
+shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_4:
+shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_5:
+shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_6:
+shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 11) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_3:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_4:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_4
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_5:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_5
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_6:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_6
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 11) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 11) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_vcphase_proof.thy
new file mode 100644
index 0000000..4e20db9
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_vcphase_proof.thy
@@ -0,0 +1,551 @@
+theory consecutive_loops_in_loop_2_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML consecutive_loops_in_loop_2_passive_prog consecutive_loops_in_loop_2_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon8_LoopBody
+  where
+    "vc_anon8_LoopBody  = True"
+definition vc_anon9_LoopBody
+  where
+    "vc_anon9_LoopBody x_5 x_6 = (((x_5 < (1::int)) \<and> (x_6 = (x_5 + (1::int)))) \<longrightarrow> (x_6 \<le> (1::int)))"
+definition vc_anon5
+  where
+    "vc_anon5 x_5 = (x_5 = (1::int))"
+definition vc_anon9_LoopDone
+  where
+    "vc_anon9_LoopDone x_5 = (((1::int) \<le> x_5) \<longrightarrow> (vc_anon5 x_5))"
+definition vc_anon9_LoopHead
+  where
+    "vc_anon9_LoopHead x_5 x_6 = ((x_5 \<le> (1::int)) \<longrightarrow> ((vc_anon9_LoopDone x_5) \<and> (vc_anon9_LoopBody x_5 x_6)))"
+definition vc_anon3
+  where
+    "vc_anon3 x_3 x_5 x_6 = ((x_3 \<le> (1::int)) \<and> ((x_3 \<le> (1::int)) \<longrightarrow> (vc_anon9_LoopHead x_5 x_6)))"
+definition vc_anon8_LoopDone
+  where
+    "vc_anon8_LoopDone x_3 x_5 x_6 = (((1::int) \<ge> x_3) \<longrightarrow> (vc_anon3 x_3 x_5 x_6))"
+definition vc_anon7_LoopBody
+  where
+    "vc_anon7_LoopBody y_1 x_2 x_3 x_5 x_6 = (((y_1 > (0::int)) \<and> (x_2 = (y_1 - (1::int)))) \<longrightarrow> ((vc_anon8_LoopDone x_3 x_5 x_6) \<and> (vc_anon8_LoopBody )))"
+definition vc_anon6
+  where
+    "vc_anon6 y_1 = (y_1 = (0::int))"
+definition vc_anon7_LoopDone
+  where
+    "vc_anon7_LoopDone y_1 = (((0::int) \<ge> y_1) \<longrightarrow> (vc_anon6 y_1))"
+definition vc_anon0
+  where
+    "vc_anon0 y_1 x_2 x_3 x_5 x_6 = ((vc_anon7_LoopDone y_1) \<and> (vc_anon7_LoopBody y_1 x_2 x_3 x_5 x_6))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_y_0 :: "int" and vc_x_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int" and vc_x_5 :: "int" and vc_x_6 :: "int" and vc_y_2 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_y_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_1)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_1)))" and 
+G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_2)))" and 
+G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_x_3)))" and 
+G8: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_x_4)))" and 
+G9: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_5)))" and 
+G10: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_x_6)))" and 
+G11: "((lookup_var \<Lambda> n_s 11) = (Some (IntV vc_y_2)))" and 
+G12: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11 G12
+lemmas forall_poly_thm = forall_vc_type[OF G12]
+lemmas exists_poly_thm = exists_vc_type[OF G12]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding consecutive_loops_in_loop_2_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon8_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon8_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopBody ) \<Longrightarrow> (s' = Magic)))"
+unfolding consecutive_loops_in_loop_2_passive_prog.block_1_def vc.vc_anon8_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon9_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon9_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon9_LoopBody vc_x_5 vc_x_6) \<Longrightarrow> (s' = Magic)))"
+unfolding consecutive_loops_in_loop_2_passive_prog.block_2_def vc.vc_anon9_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_hints = [
+(AssertNoConj,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon5AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5 vc_x_5) \<Longrightarrow> (s' = Magic)))"
+unfolding consecutive_loops_in_loop_2_passive_prog.block_3_def vc.vc_anon5_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon9_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon9_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon9_LoopDone vc_x_5) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5 vc_x_5)))))))"
+unfolding consecutive_loops_in_loop_2_passive_prog.block_4_def vc.vc_anon9_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon9_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon9_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon9_LoopHead vc_x_5 vc_x_6) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon9_LoopDone vc_x_5) \<and> (vc.vc_anon9_LoopBody vc_x_5 vc_x_6))))))))"
+unfolding consecutive_loops_in_loop_2_passive_prog.block_5_def vc.vc_anon9_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon3_hints = [
+(AssertSub,NONE)]
+\<close>
+lemma block_anon3AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_3 vc_x_5 vc_x_6) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon9_LoopHead vc_x_5 vc_x_6)))))))"
+unfolding consecutive_loops_in_loop_2_passive_prog.block_6_def vc.vc_anon3_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon8_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopDone vc_x_3 vc_x_5 vc_x_6) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_3 vc_x_5 vc_x_6)))))))"
+unfolding consecutive_loops_in_loop_2_passive_prog.block_7_def vc.vc_anon8_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_8 (Normal n_s) s')" and 
+"((vc.vc_anon8_LoopDone vc_x_3 vc_x_5 vc_x_6) \<and> (vc.vc_anon8_LoopBody ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_LoopDone vc_x_3 vc_x_5 vc_x_6) \<and> (vc.vc_anon8_LoopBody ))))))"
+using assms
+unfolding consecutive_loops_in_loop_2_passive_prog.block_8_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon7_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon7_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_LoopDone vc_x_3 vc_x_5 vc_x_6) \<and> (vc.vc_anon8_LoopBody ))))))))"
+unfolding consecutive_loops_in_loop_2_passive_prog.block_9_def vc.vc_anon7_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon6AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_10 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6 vc_y_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding consecutive_loops_in_loop_2_passive_prog.block_10_def vc.vc_anon6_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon7_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon7_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_11 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopDone vc_y_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6 vc_y_1)))))))"
+unfolding consecutive_loops_in_loop_2_passive_prog.block_11_def vc.vc_anon7_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_12 (Normal n_s) s')" and 
+"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))))))"
+using assms
+unfolding consecutive_loops_in_loop_2_passive_prog.block_12_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_13 (Normal n_s) s')" and 
+"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))))))"
+using assms
+unfolding consecutive_loops_in_loop_2_passive_prog.block_13_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_14 (Normal n_s) s')" and 
+"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))))))"
+using assms
+unfolding consecutive_loops_in_loop_2_passive_prog.block_14_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_15 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding consecutive_loops_in_loop_2_passive_prog.block_15_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_0 consecutive_loops_in_loop_2_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon8_LoopBody )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_1])
+by (erule block_anon8_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon9_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon9_LoopBody vc_x_5 vc_x_6)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_2])
+by (erule block_anon9_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon5:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5 vc_x_5)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_3])
+by (erule block_anon5AA0[OF _ assms(2)])
+
+lemma cfg_block_anon9_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon9_LoopDone vc_x_5)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_4])
+apply (erule block_anon9_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon9_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon9_LoopHead vc_x_5 vc_x_6)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_5])
+apply (erule block_anon9_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon9_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon9_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3 vc_x_3 vc_x_5 vc_x_6)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_6])
+apply (erule block_anon3AA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon9_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon8_LoopDone vc_x_3 vc_x_5 vc_x_6)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_7])
+apply (erule block_anon8_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon8_LoopDone vc_x_3 vc_x_5 vc_x_6) \<and> (vc.vc_anon8_LoopBody ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_8])
+apply (erule block_anon8_LoopHead[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_9])
+apply (erule block_anon7_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6 vc_y_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_10])
+apply (erule block_anon6AA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_10))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_LoopDone vc_y_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_11])
+apply (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_11))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_12])
+apply (erule block_anon7_LoopHead[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_12))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_13])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_13))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_14])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_14))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 15),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_15])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_15))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 15),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_x_6::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_y])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_3])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_4])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_4])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_5:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_5])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_5])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_6:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_6])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_6])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 11) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 11)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 11))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (rule HOL.conjunct1[OF sc_x_3])
+apply (rule HOL.conjunct1[OF sc_x_4])
+apply (rule HOL.conjunct1[OF sc_x_5])
+apply (rule HOL.conjunct1[OF sc_x_6])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/ROOT
new file mode 100644
index 0000000..1cf7a19
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/ROOT
@@ -0,0 +1,12 @@
+session consecutive_loops_in_loop_proofs = Boogie_Lang + 
+directories consecutive_loops_in_loop_proofs
+theories
+global_data
+"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_vcphase_proof"
+"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_cfgtodag_proof"
+"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passification_proof"
+"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_asttocfg_proof"
+"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_cfg_to_dag_prog"
+"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passive_prog"
+"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_passive_prog"
+"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_ast_to_cfg_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_asttocfg_proof.thy
new file mode 100644
index 0000000..5f02b83
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_asttocfg_proof.thy
@@ -0,0 +1,746 @@
+theory consecutive_loops_in_loop_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_loops_in_loop_before_ast_to_cfg_prog consecutive_loops_in_loop_before_cfg_to_dag_prog consecutive_loops_in_loop_cfgtodag_proof consecutive_loops_in_loop_passification_proof consecutive_loops_in_loop_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_9:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9])
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12_def)
+apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_9:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9,cont_9,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 12),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 12),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9])
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9_def)
+apply (simp)
+apply (simp)
+apply (rule cont_9_def)
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_12)
+apply (rule disjI1)
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12_def)
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_12)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_12)
+apply (rule rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_9)
+apply assumption+
+
+done
+qed
+
+lemma rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_8:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8])
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10_def)
+apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_8:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8])
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8_def)
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_10)
+apply (rule disjI1)
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_8_def)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_10)
+apply (rule rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_8)
+apply assumption
+apply (simp)
+apply ((erule allE[where x=1])+)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_10)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_7:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 1))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7])
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8_def)
+apply ((simp add: assms(3) consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_7:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 1))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6 cont_6 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 7 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7])
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7_def)
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_8)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_7_def)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_8)
+apply (rule rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_7)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=7])+)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_8)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_6_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6 _ _ _ consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7])
+apply (simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6])
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6_def)+)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7_def consecutive_loops_in_loop_before_cfg_to_dag_prog.node_7)+)
+apply (rule cont_6_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 8])+)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_7)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_7)
+apply (simp add: cont_6_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_6_def cont_7_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 9])+)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_7)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_8)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_9)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_9_def)
+apply (rule neg_lt)
+apply (simp)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_9)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_9)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_9_def)
+apply (rule neg_lt)
+apply (simp)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_9)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_5_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_6)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6_def cont_5_def cont_6_def)
+apply (rule correctness_propagates_through_empty)
+using assms(2)
+apply blast
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_6)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_6_def)
+
+
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_6)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_empty2)
+using assms(3)
+apply blast
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_6)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_6_def)
+
+
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_6)
+apply (simp add: member_rec)
+apply ((simp)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule strictly_smaller_helper2)
+apply ((simp)+)
+done
+
+lemma rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: assms(3) consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3 cont_3 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 3 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_4)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_4_def)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_4)
+apply (rule rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_4)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=3])+)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3 _ _ _ consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3])
+apply (simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3])
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3_def)+)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3_def consecutive_loops_in_loop_before_cfg_to_dag_prog.node_3)+)
+apply (rule cont_3_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_3_def cont_4_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 5])+)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_5)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_5)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_5)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
+apply (rule correctness_propagates_through_assumption2)
+using assms(2)
+apply blast
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_2)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_2_def)
+
+apply (rule guardHint)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_assumption4)
+using assms(3)
+apply blast
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_2)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_2_def)
+
+apply (rule guardHint)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec)
+apply ((simp)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule strictly_smaller_helper2)
+apply ((simp)+)
+done
+
+lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1 _ _ _ consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1])
+apply (simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1_def consecutive_loops_in_loop_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_2_def cont_2_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_5_def cont_5_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8_def cont_8_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 11])+)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_9)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_11)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_11_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_11)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_11)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_11_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_11)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0 _ consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0])
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_0)
+apply (rule rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_loops_in_loop_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_loops_in_loop_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.pres_def consecutive_loops_in_loop_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.pres_def consecutive_loops_in_loop_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_9] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_9_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.axioms consecutive_loops_in_loop_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 consecutive_loops_in_loop_before_ast_to_cfg_prog.ast_proc_def consecutive_loops_in_loop_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..129c0be
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_ast_to_cfg_prog.thy
@@ -0,0 +1,168 @@
+theory consecutive_loops_in_loop_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 1),(Havoc 0)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_7
+  where
+    "bigblock_7  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_8
+  where
+    "bigblock_8  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))] (None ) (None ))"
+definition bigblock_9
+  where
+    "bigblock_9  = (BigBlock (None ) [(Assert (BinOp (Var 1) Eq (Lit (LInt 0))))] (None ) (None ))"
+definition cont_9
+  where
+    "cont_9  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_9 cont_9)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_9 cont_9 ))"
+definition cont_8
+  where
+    "cont_8  = (KSeq bigblock_1 cont_1)"
+definition cont_5
+  where
+    "cont_5  = (KSeq bigblock_8 cont_8)"
+definition cont_6
+  where
+    "cont_6  = (KEndBlock (KSeq bigblock_8 cont_8 ))"
+definition cont_7
+  where
+    "cont_7  = (KSeq bigblock_6 cont_6)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_5 cont_5)"
+definition cont_3
+  where
+    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_9]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_loops_in_loop_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_loops_in_loop_before_ast_to_cfg_prog.post),proc_body = (Some (consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls,consecutive_loops_in_loop_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..0e5d701
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_cfg_to_dag_prog.thy
@@ -0,0 +1,257 @@
+theory consecutive_loops_in_loop_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 1),(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 0)))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = [(Assert (BinOp (Var 0) Le (Lit (LInt 1))))]"
+definition block_8
+  where
+    "block_8  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
+definition block_9
+  where
+    "block_9  = [(Assume (BinOp (Lit (LInt 1)) Le (Var 0)))]"
+definition block_10
+  where
+    "block_10  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))]"
+definition block_11
+  where
+    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_12
+  where
+    "block_12  = [(Assert (BinOp (Var 1) Eq (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[11,2],[3],[5,4],[3],[6],[7],[9,8],[7],[10],[1],[12],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [11,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [5,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [9,8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_loops_in_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_loops_in_loop_before_cfg_to_dag_prog.post),proc_body = (Some (consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls,consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_passive_prog.thy
new file mode 100644
index 0000000..1bec7f3
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_passive_prog.thy
@@ -0,0 +1,205 @@
+theory consecutive_loops_in_loop_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_in_loop_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 1)) Le (Var 0)))]"
+definition block_5
+  where
+    "block_5  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Lit (LInt 1))))]"
+definition block_6
+  where
+    "block_6  = [(Assert (BinOp (Var 0) Le (Lit (LInt 1))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 0)))]"
+definition block_8
+  where
+    "block_8  = [(Havoc 0)]"
+definition block_9
+  where
+    "block_9  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
+definition block_10
+  where
+    "block_10  = [(Assert (BinOp (Var 1) Eq (Lit (LInt 0))))]"
+definition block_11
+  where
+    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_12
+  where
+    "block_12  = [(Havoc 1),(Havoc 0)]"
+definition block_13
+  where
+    "block_13  = [(Havoc 1),(Havoc 0)]"
+definition block_14
+  where
+    "block_14  = []"
+definition block_15
+  where
+    "block_15  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[0],[10],[11,9],[12],[13],[14]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14,block_15]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 15,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_13:
+shows "((nth (node_to_block proc_body) 13) = block_13)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_14:
+shows "((nth (node_to_block proc_body) 14) = block_14)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_15:
+shows "((nth (node_to_block proc_body) 15) = block_15)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11,9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_13:
+shows "((nth (out_edges proc_body) 13) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_14:
+shows "((nth (out_edges proc_body) 14) = [13])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_15:
+shows "((nth (out_edges proc_body) 15) = [14])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_cfgtodag_proof.thy
new file mode 100644
index 0000000..1b4468a
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_cfgtodag_proof.thy
@@ -0,0 +1,900 @@
+theory consecutive_loops_in_loop_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_loops_in_loop_before_ast_to_cfg_prog consecutive_loops_in_loop_before_cfg_to_dag_prog consecutive_loops_in_loop_before_passive_prog consecutive_loops_in_loop_passification_proof consecutive_loops_in_loop_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_loops_in_loop_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def consecutive_loops_in_loop_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_0)
+apply simp
+unfolding consecutive_loops_in_loop_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma Mods_anon8_LoopBody:
+shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4)"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_1 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4_def consecutive_loops_in_loop_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_4)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon8_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon8_LoopBody)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon8_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon9_LoopBody:
+shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8)"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8_def
+by simp
+
+lemma block_anon9_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 1)))] consecutive_loops_in_loop_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8_def consecutive_loops_in_loop_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun consecutive_loops_in_loop_before_ast_to_cfg_prog.funcs_wf consecutive_loops_in_loop_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon9_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon9_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Lit (LInt 1)))] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 7 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_8)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon9_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon9_LoopBody)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_8))
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_8))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon9_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5:
+shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10)"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10_def
+by simp
+
+lemma block_anon5:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_3 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10_def consecutive_loops_in_loop_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_10)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon5)
+apply (assumption+)
+apply (rule Mods_anon5)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_10))
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_10))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon7_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon9_LoopDone:
+shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_9)"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_9_def
+by simp
+
+lemma block_anon9_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_9_def consecutive_loops_in_loop_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon9_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_9)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon9_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon9_LoopDone)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_9))
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_9))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon9_LoopHead:
+shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7)"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7_def
+by simp
+
+lemma block_anon9_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 1)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7_def consecutive_loops_in_loop_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon9_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 1)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_7)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon9_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon9_LoopHead)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_7))
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_7))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon9_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon9_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon3:
+shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_6)"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_6_def
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 1)))] consecutive_loops_in_loop_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_6_def consecutive_loops_in_loop_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun consecutive_loops_in_loop_before_ast_to_cfg_prog.funcs_wf consecutive_loops_in_loop_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_6)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon3)
+apply (assumption+)
+apply (rule Mods_anon3)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_6))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon9_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_LoopDone:
+shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_5)"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_5_def consecutive_loops_in_loop_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_5)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon8_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon8_LoopDone)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_LoopHead:
+shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3)"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3_def consecutive_loops_in_loop_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_3)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon8_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon8_LoopHead)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon7_LoopBody:
+shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_2)"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_9 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_2_def consecutive_loops_in_loop_before_passive_prog.block_9_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_2)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_9)
+apply (assumption+)
+apply (rule block_anon7_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon7_LoopBody)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=8])
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma block_anon6:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_10 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12_def consecutive_loops_in_loop_before_passive_prog.block_10_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 12),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_12)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_10)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon6)
+apply assumption+
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_12)
+apply (rule consecutive_loops_in_loop_before_passive_prog.outEdges_10)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_11 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_11 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_11 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_11_def consecutive_loops_in_loop_before_passive_prog.block_11_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_11)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_11)
+apply (assumption+)
+apply (rule block_anon7_LoopDone)
+apply (assumption+)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_11))
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_11))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=10])
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_11))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_LoopHead:
+shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1)"
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_12 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_12 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1_def consecutive_loops_in_loop_before_passive_prog.block_12_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_y(1)))
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_1)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_12)
+apply (assumption+)
+apply (rule block_anon7_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon7_LoopHead)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=11])
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_12))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=9])
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_12))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_13 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_13 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def consecutive_loops_in_loop_before_passive_prog.block_13_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_0)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_13)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=12])
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_13))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 14),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_14))
+by ((simp add:consecutive_loops_in_loop_before_passive_prog.node_14 consecutive_loops_in_loop_before_passive_prog.block_14_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 15),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_loops_in_loop_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule consecutive_loops_in_loop_before_passive_prog.node_15)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding consecutive_loops_in_loop_before_passive_prog.block_15_def
+apply (rule assume_pres_normal[where ?es=consecutive_loops_in_loop_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule consecutive_loops_in_loop_before_passive_prog.outEdges_15)
+apply ((simp add:consecutive_loops_in_loop_before_passive_prog.node_14 consecutive_loops_in_loop_before_passive_prog.block_14_def))
+apply (rule consecutive_loops_in_loop_before_passive_prog.outEdges_14)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_loops_in_loop_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_loops_in_loop_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule consecutive_loops_in_loop_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passification_proof.thy
new file mode 100644
index 0000000..ebac7f0
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passification_proof.thy
@@ -0,0 +1,484 @@
+theory consecutive_loops_in_loop_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_in_loop_before_ast_to_cfg_prog consecutive_loops_in_loop_passive_prog Boogie_Lang.PassificationML consecutive_loops_in_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_0_def consecutive_loops_in_loop_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old consecutive_loops_in_loop_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_1_def consecutive_loops_in_loop_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_passive_prog.l_x_3(2)))
+by simp
+
+lemma block_anon9_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9])) (update_nstate_rel R [(0,(Inl 9))]) R_old consecutive_loops_in_loop_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_2_def consecutive_loops_in_loop_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_passive_prog.l_x_5(2)))
+by simp
+
+lemma block_anon5:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [10] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [10])) (update_nstate_rel R [(1,(Inl 10))]) R_old consecutive_loops_in_loop_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_3_def consecutive_loops_in_loop_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_y(2) consecutive_loops_in_loop_passive_prog.l_y_2(2)))
+by simp
+
+lemma block_anon9_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_4_def consecutive_loops_in_loop_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon9_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(0,(Inl 7))]) R_old consecutive_loops_in_loop_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_5_def consecutive_loops_in_loop_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_passive_prog.l_x_4(2)))
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_6_def consecutive_loops_in_loop_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_7_def consecutive_loops_in_loop_passive_prog.block_7_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old consecutive_loops_in_loop_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_8_def consecutive_loops_in_loop_passive_prog.block_8_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_9_def consecutive_loops_in_loop_passive_prog.block_9_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_10 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_10 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_10_def consecutive_loops_in_loop_passive_prog.block_10_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_11 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_11 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_11_def consecutive_loops_in_loop_passive_prog.block_11_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_12 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4,5] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4,5])) (update_nstate_rel R [(1,(Inl 4)),(0,(Inl 5))]) R_old consecutive_loops_in_loop_passive_prog.block_12 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_12_def consecutive_loops_in_loop_passive_prog.block_12_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_y(2) consecutive_loops_in_loop_passive_prog.l_y_1(2)))
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_13 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(1,(Inl 2)),(0,(Inl 3))]) R_old consecutive_loops_in_loop_passive_prog.block_13 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_13_def consecutive_loops_in_loop_passive_prog.block_13_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_y(2) consecutive_loops_in_loop_passive_prog.l_y_0(2)))
+apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_14 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_14 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_14_def consecutive_loops_in_loop_passive_prog.block_14_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_15 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_15 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_in_loop_before_passive_prog.block_15_def consecutive_loops_in_loop_passive_prog.block_15_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_before_passive_prog.node_0},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_0}) (@{thm consecutive_loops_in_loop_passive_prog.node_0},@{thm consecutive_loops_in_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_1},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_1}) (@{thm consecutive_loops_in_loop_passive_prog.node_1},@{thm consecutive_loops_in_loop_passive_prog.outEdges_1}) @{thm block_anon8_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon9_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_2},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_2}) (@{thm consecutive_loops_in_loop_passive_prog.node_2},@{thm consecutive_loops_in_loop_passive_prog.outEdges_2}) @{thm block_anon9_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 10 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_3},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_3}) (@{thm consecutive_loops_in_loop_passive_prog.node_3},@{thm consecutive_loops_in_loop_passive_prog.outEdges_3}) @{thm block_anon5} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon9_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 10 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_4},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_4}) (@{thm consecutive_loops_in_loop_passive_prog.node_4},@{thm consecutive_loops_in_loop_passive_prog.outEdges_4}) @{thm block_anon9_LoopDone} [
+@{thm cfg_block_anon5}] 1\<close>))
+
+lemma cfg_block_anon9_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_5},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_5}) (@{thm consecutive_loops_in_loop_passive_prog.node_5},@{thm consecutive_loops_in_loop_passive_prog.outEdges_5}) @{thm block_anon9_LoopHead} [
+@{thm cfg_block_anon9_LoopDone}, 
+@{thm cfg_block_anon9_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_6},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_6}) (@{thm consecutive_loops_in_loop_passive_prog.node_6},@{thm consecutive_loops_in_loop_passive_prog.outEdges_6}) @{thm block_anon3} [
+@{thm cfg_block_anon9_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))" and 
+"((R 0) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_7},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_7}) (@{thm consecutive_loops_in_loop_passive_prog.node_7},@{thm consecutive_loops_in_loop_passive_prog.outEdges_7}) @{thm block_anon8_LoopDone} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_8},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_8}) (@{thm consecutive_loops_in_loop_passive_prog.node_8},@{thm consecutive_loops_in_loop_passive_prog.outEdges_8}) @{thm block_anon8_LoopHead} [
+@{thm cfg_block_anon8_LoopDone}, 
+@{thm cfg_block_anon8_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_9},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_9}) (@{thm consecutive_loops_in_loop_passive_prog.node_9},@{thm consecutive_loops_in_loop_passive_prog.outEdges_9}) @{thm block_anon7_LoopBody} [
+@{thm cfg_block_anon8_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon6:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_10},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_10}) (@{thm consecutive_loops_in_loop_passive_prog.node_10},@{thm consecutive_loops_in_loop_passive_prog.outEdges_10}) @{thm block_anon6} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 11)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_11},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_11}) (@{thm consecutive_loops_in_loop_passive_prog.node_11},@{thm consecutive_loops_in_loop_passive_prog.outEdges_11}) @{thm block_anon7_LoopDone} [
+@{thm cfg_block_anon6}] 1\<close>))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 12)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_before_passive_prog.node_12},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_12}) (@{thm consecutive_loops_in_loop_passive_prog.node_12},@{thm consecutive_loops_in_loop_passive_prog.outEdges_12}) @{thm block_anon7_LoopHead} [
+@{thm cfg_block_anon7_LoopDone}, 
+@{thm cfg_block_anon7_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 13)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_before_passive_prog.node_13},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_13}) (@{thm consecutive_loops_in_loop_passive_prog.node_13},@{thm consecutive_loops_in_loop_passive_prog.outEdges_13}) @{thm block_anon0} [
+@{thm cfg_block_anon7_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 14)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_before_passive_prog.node_14},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_14}) (@{thm consecutive_loops_in_loop_passive_prog.node_14},@{thm consecutive_loops_in_loop_passive_prog.outEdges_14}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 15),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 15)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_before_passive_prog.node_15},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_15}) (@{thm consecutive_loops_in_loop_passive_prog.node_15},@{thm consecutive_loops_in_loop_passive_prog.outEdges_15}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 15),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls ns consecutive_loops_in_loop_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv consecutive_loops_in_loop_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding consecutive_loops_in_loop_passive_prog.params_vdecls_def consecutive_loops_in_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using consecutive_loops_in_loop_before_passive_prog.globals_locals_disj apply auto[1]
+using consecutive_loops_in_loop_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] consecutive_loops_in_loop_passive_prog.proc_body u (Inl 15)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] consecutive_loops_in_loop_passive_prog.proc_body ((Inl 15),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from consecutive_loops_in_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passive_prog.thy
new file mode 100644
index 0000000..a5b6f00
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passive_prog.thy
@@ -0,0 +1,310 @@
+theory consecutive_loops_in_loop_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_in_loop_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 6) Gt (Lit (LInt 1)))),(Assume (BinOp (Var 8) Eq (BinOp (Var 6) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 7) Lt (Lit (LInt 1)))),(Assume (BinOp (Var 9) Eq (BinOp (Var 7) Add (Lit (LInt 1))))),(Assert (BinOp (Var 9) Le (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assert (BinOp (Var 7) Eq (Lit (LInt 1)))),(Assume (BinOp (Var 10) Eq (BinOp (Var 4) Sub (Var 7)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 1)) Le (Var 7)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 7) Le (Lit (LInt 1))))]"
+definition block_6
+  where
+    "block_6  = [(Assert (BinOp (Var 6) Le (Lit (LInt 1))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 6)))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0))))]"
+definition block_10
+  where
+    "block_10  = [(Assert (BinOp (Var 4) Eq (Lit (LInt 0))))]"
+definition block_11
+  where
+    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4)))]"
+definition block_12
+  where
+    "block_12  = []"
+definition block_13
+  where
+    "block_13  = []"
+definition block_14
+  where
+    "block_14  = []"
+definition block_15
+  where
+    "block_15  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[0],[10],[11,9],[12],[13],[14]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14,block_15]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 15,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_13:
+shows "((nth (node_to_block proc_body) 13) = block_13)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_14:
+shows "((nth (node_to_block proc_body) 14) = block_14)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_15:
+shows "((nth (node_to_block proc_body) 15) = block_15)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11,9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_13:
+shows "((nth (out_edges proc_body) 13) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_14:
+shows "((nth (out_edges proc_body) 14) = [13])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_15:
+shows "((nth (out_edges proc_body) 15) = [14])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(10,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_loops_in_loop_passive_prog.params_vdecls_def consecutive_loops_in_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)))) = {})"
+unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_3:
+shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_4:
+shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_5:
+shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_3:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_4:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_4
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_5:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_5
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_vcphase_proof.thy
new file mode 100644
index 0000000..c71a81c
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_vcphase_proof.thy
@@ -0,0 +1,543 @@
+theory consecutive_loops_in_loop_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML consecutive_loops_in_loop_passive_prog consecutive_loops_in_loop_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon8_LoopBody
+  where
+    "vc_anon8_LoopBody  = True"
+definition vc_anon9_LoopBody
+  where
+    "vc_anon9_LoopBody x_4 x_5 = (((x_4 < (1::int)) \<and> (x_5 = (x_4 + (1::int)))) \<longrightarrow> (x_5 \<le> (1::int)))"
+definition vc_anon5
+  where
+    "vc_anon5 x_4 = (x_4 = (1::int))"
+definition vc_anon9_LoopDone
+  where
+    "vc_anon9_LoopDone x_4 = (((1::int) \<le> x_4) \<longrightarrow> (vc_anon5 x_4))"
+definition vc_anon9_LoopHead
+  where
+    "vc_anon9_LoopHead x_4 x_5 = ((x_4 \<le> (1::int)) \<longrightarrow> ((vc_anon9_LoopDone x_4) \<and> (vc_anon9_LoopBody x_4 x_5)))"
+definition vc_anon3
+  where
+    "vc_anon3 x_2 x_4 x_5 = ((x_2 \<le> (1::int)) \<and> ((x_2 \<le> (1::int)) \<longrightarrow> (vc_anon9_LoopHead x_4 x_5)))"
+definition vc_anon8_LoopDone
+  where
+    "vc_anon8_LoopDone x_2 x_4 x_5 = (((1::int) \<ge> x_2) \<longrightarrow> (vc_anon3 x_2 x_4 x_5))"
+definition vc_anon7_LoopBody
+  where
+    "vc_anon7_LoopBody y_1 x_2 x_4 x_5 = ((y_1 > (0::int)) \<longrightarrow> ((vc_anon8_LoopDone x_2 x_4 x_5) \<and> (vc_anon8_LoopBody )))"
+definition vc_anon6
+  where
+    "vc_anon6 y_1 = (y_1 = (0::int))"
+definition vc_anon7_LoopDone
+  where
+    "vc_anon7_LoopDone y_1 = (((0::int) \<ge> y_1) \<longrightarrow> (vc_anon6 y_1))"
+definition vc_anon0
+  where
+    "vc_anon0 y_1 x_2 x_4 x_5 = ((vc_anon7_LoopDone y_1) \<and> (vc_anon7_LoopBody y_1 x_2 x_4 x_5))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_y_0 :: "int" and vc_x_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int" and vc_x_5 :: "int" and vc_y_2 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_y_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_1)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_1)))" and 
+G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_2)))" and 
+G7: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_3)))" and 
+G8: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_x_4)))" and 
+G9: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_x_5)))" and 
+G10: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_y_2)))" and 
+G11: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11
+lemmas forall_poly_thm = forall_vc_type[OF G11]
+lemmas exists_poly_thm = exists_vc_type[OF G11]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding consecutive_loops_in_loop_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon8_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon8_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopBody ) \<Longrightarrow> (s' = Magic)))"
+unfolding consecutive_loops_in_loop_passive_prog.block_1_def vc.vc_anon8_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon9_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon9_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon9_LoopBody vc_x_4 vc_x_5) \<Longrightarrow> (s' = Magic)))"
+unfolding consecutive_loops_in_loop_passive_prog.block_2_def vc.vc_anon9_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_hints = [
+(AssertNoConj,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon5AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5 vc_x_4) \<Longrightarrow> (s' = Magic)))"
+unfolding consecutive_loops_in_loop_passive_prog.block_3_def vc.vc_anon5_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon9_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon9_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon9_LoopDone vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5 vc_x_4)))))))"
+unfolding consecutive_loops_in_loop_passive_prog.block_4_def vc.vc_anon9_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon9_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon9_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon9_LoopHead vc_x_4 vc_x_5) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon9_LoopDone vc_x_4) \<and> (vc.vc_anon9_LoopBody vc_x_4 vc_x_5))))))))"
+unfolding consecutive_loops_in_loop_passive_prog.block_5_def vc.vc_anon9_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon3_hints = [
+(AssertSub,NONE)]
+\<close>
+lemma block_anon3AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_2 vc_x_4 vc_x_5) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon9_LoopHead vc_x_4 vc_x_5)))))))"
+unfolding consecutive_loops_in_loop_passive_prog.block_6_def vc.vc_anon3_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon8_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopDone vc_x_2 vc_x_4 vc_x_5) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_2 vc_x_4 vc_x_5)))))))"
+unfolding consecutive_loops_in_loop_passive_prog.block_7_def vc.vc_anon8_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_8 (Normal n_s) s')" and 
+"((vc.vc_anon8_LoopDone vc_x_2 vc_x_4 vc_x_5) \<and> (vc.vc_anon8_LoopBody ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_LoopDone vc_x_2 vc_x_4 vc_x_5) \<and> (vc.vc_anon8_LoopBody ))))))"
+using assms
+unfolding consecutive_loops_in_loop_passive_prog.block_8_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon7_LoopBody_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon7_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_LoopDone vc_x_2 vc_x_4 vc_x_5) \<and> (vc.vc_anon8_LoopBody ))))))))"
+unfolding consecutive_loops_in_loop_passive_prog.block_9_def vc.vc_anon7_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon6AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_10 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6 vc_y_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding consecutive_loops_in_loop_passive_prog.block_10_def vc.vc_anon6_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon7_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon7_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_11 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopDone vc_y_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6 vc_y_1)))))))"
+unfolding consecutive_loops_in_loop_passive_prog.block_11_def vc.vc_anon7_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_12 (Normal n_s) s')" and 
+"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))))))"
+using assms
+unfolding consecutive_loops_in_loop_passive_prog.block_12_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_13 (Normal n_s) s')" and 
+"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))))))"
+using assms
+unfolding consecutive_loops_in_loop_passive_prog.block_13_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_14 (Normal n_s) s')" and 
+"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))))))"
+using assms
+unfolding consecutive_loops_in_loop_passive_prog.block_14_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_15 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding consecutive_loops_in_loop_passive_prog.block_15_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) consecutive_loops_in_loop_passive_prog.node_0 consecutive_loops_in_loop_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon8_LoopBody )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_in_loop_passive_prog.node_1])
+by (erule block_anon8_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon9_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon9_LoopBody vc_x_4 vc_x_5)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_in_loop_passive_prog.node_2])
+by (erule block_anon9_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon5:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5 vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_in_loop_passive_prog.node_3])
+by (erule block_anon5AA0[OF _ assms(2)])
+
+lemma cfg_block_anon9_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon9_LoopDone vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_4])
+apply (erule block_anon9_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon9_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon9_LoopHead vc_x_4 vc_x_5)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_5])
+apply (erule block_anon9_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon9_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon9_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3 vc_x_2 vc_x_4 vc_x_5)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_6])
+apply (erule block_anon3AA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon9_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon8_LoopDone vc_x_2 vc_x_4 vc_x_5)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_7])
+apply (erule block_anon8_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon8_LoopDone vc_x_2 vc_x_4 vc_x_5) \<and> (vc.vc_anon8_LoopBody ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_8])
+apply (erule block_anon8_LoopHead[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_9])
+apply (erule block_anon7_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6 vc_y_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) consecutive_loops_in_loop_passive_prog.node_10])
+apply (erule block_anon6AA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_10))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_LoopDone vc_y_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_11])
+apply (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_11))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_12])
+apply (erule block_anon7_LoopHead[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_12))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_13])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_13))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_14])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_14))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 15),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_15])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_15))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_passive_prog.proc_body ((Inl 15),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) consecutive_loops_in_loop_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_y])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x_3])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x_4])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x_4])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_5:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x_5])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x_5])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (rule HOL.conjunct1[OF sc_x_3])
+apply (rule HOL.conjunct1[OF sc_x_4])
+apply (rule HOL.conjunct1[OF sc_x_5])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/no_guard_if_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/ROOT
new file mode 100644
index 0000000..c24baea
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/ROOT
@@ -0,0 +1,12 @@
+session consecutive_loops_proofs = Boogie_Lang + 
+directories consecutive_loops_proofs
+theories
+global_data
+"consecutive_loops_proofs/consecutive_loops_before_ast_to_cfg_prog"
+"consecutive_loops_proofs/consecutive_loops_asttocfg_proof"
+"consecutive_loops_proofs/consecutive_loops_before_cfg_to_dag_prog"
+"consecutive_loops_proofs/consecutive_loops_before_passive_prog"
+"consecutive_loops_proofs/consecutive_loops_passification_proof"
+"consecutive_loops_proofs/consecutive_loops_cfgtodag_proof"
+"consecutive_loops_proofs/consecutive_loops_passive_prog"
+"consecutive_loops_proofs/consecutive_loops_vcphase_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_asttocfg_proof.thy
new file mode 100644
index 0000000..67fb4b8
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_asttocfg_proof.thy
@@ -0,0 +1,537 @@
+theory consecutive_loops_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_loops_before_ast_to_cfg_prog consecutive_loops_before_cfg_to_dag_prog consecutive_loops_cfgtodag_proof consecutive_loops_passification_proof consecutive_loops_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A consecutive_loops_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_6_def consecutive_loops_before_cfg_to_dag_prog.block_8_def)
+apply ((simp add: consecutive_loops_before_cfg_to_dag_prog.block_8_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: consecutive_loops_before_cfg_to_dag_prog.block_8_def consecutive_loops_before_ast_to_cfg_prog.bigblock_6_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (simp)
+apply (rule cont_6_def)
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_8)
+apply (rule disjI1)
+apply (rule consecutive_loops_before_cfg_to_dag_prog.block_8_def)
+apply (rule consecutive_loops_before_cfg_to_dag_prog.outEdges_8)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_8)
+apply (rule rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_6)
+apply assumption+
+
+done
+qed
+
+lemma rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_6_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_6_def)
+apply ((simp add: assms(3) consecutive_loops_before_ast_to_cfg_prog.bigblock_5_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_before_ast_to_cfg_prog.bigblock_4 cont_4 consecutive_loops_before_cfg_to_dag_prog.proc_body 5 consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_5_def)
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_6)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule consecutive_loops_before_cfg_to_dag_prog.block_6_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_5_def)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_6)
+apply (rule rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_5)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=5])+)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_6)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_4_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of consecutive_loops_before_ast_to_cfg_prog.bigblock_4 _ _ _ consecutive_loops_before_cfg_to_dag_prog.block_5])
+apply (simp add:consecutive_loops_before_ast_to_cfg_prog.bigblock_4_def consecutive_loops_before_cfg_to_dag_prog.block_5_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:consecutive_loops_before_ast_to_cfg_prog.bigblock_4_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of consecutive_loops_before_ast_to_cfg_prog.bigblock_4])
+apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.bigblock_4_def)+)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.block_5_def consecutive_loops_before_cfg_to_dag_prog.node_5)+)
+apply (rule cont_4_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 6])+)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_5)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_5)
+apply (simp add: cont_4_def consecutive_loops_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_4_def cont_5_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 7])+)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_5)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_6)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_7)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_7_def)
+apply (rule neg_lt)
+apply (simp)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_7)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_7)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_7_def)
+apply (rule neg_lt)
+apply (simp)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_7)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_3_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_4_def cont_3_def cont_4_def)
+apply (rule correctness_propagates_through_empty)
+using assms(2)
+apply blast
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_4)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_4_def)
+
+
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_empty2)
+using assms(3)
+apply blast
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_4)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_4_def)
+
+
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec)
+apply ((simp)+)
+done
+
+lemma rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: assms(3) consecutive_loops_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule consecutive_loops_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_2)
+apply (rule rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_2)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=1])+)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of consecutive_loops_before_ast_to_cfg_prog.bigblock_1 _ _ _ consecutive_loops_before_cfg_to_dag_prog.block_1])
+apply (simp add:consecutive_loops_before_ast_to_cfg_prog.bigblock_1_def consecutive_loops_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:consecutive_loops_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of consecutive_loops_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.block_1_def consecutive_loops_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def consecutive_loops_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_3)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_3)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_3_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_3)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_3)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_3_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_3)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: consecutive_loops_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: consecutive_loops_before_cfg_to_dag_prog.block_0_def consecutive_loops_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_0 _ consecutive_loops_before_cfg_to_dag_prog.block_0])
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_0_def)
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_0)
+apply (rule rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (consecutive_loops_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_loops_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_loops_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_loops_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_loops_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def consecutive_loops_before_ast_to_cfg_prog.pres_def consecutive_loops_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def consecutive_loops_before_ast_to_cfg_prog.pres_def consecutive_loops_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3,bigblock_6] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (consecutive_loops_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def cont_6_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) consecutive_loops_before_ast_to_cfg_prog.fdecls consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls consecutive_loops_before_ast_to_cfg_prog.axioms consecutive_loops_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding consecutive_loops_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 consecutive_loops_before_ast_to_cfg_prog.ast_proc_def consecutive_loops_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..f552fbb
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_ast_to_cfg_prog.thy
@@ -0,0 +1,141 @@
+theory consecutive_loops_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) [(BinOp (Var 0) Le (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) [(BinOp (Var 0) Le (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] (None ) (None ))"
+definition cont_6
+  where
+    "cont_6  = KStop"
+definition cont_3
+  where
+    "cont_3  = (KSeq bigblock_6 cont_6)"
+definition cont_4
+  where
+    "cont_4  = (KEndBlock (KSeq bigblock_6 cont_6 ))"
+definition cont_5
+  where
+    "cont_5  = (KSeq bigblock_4 cont_4)"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_1 cont_1)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3,bigblock_6]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding consecutive_loops_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding consecutive_loops_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding consecutive_loops_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding consecutive_loops_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = consecutive_loops_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_loops_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_loops_before_ast_to_cfg_prog.post),proc_body = (Some (consecutive_loops_before_ast_to_cfg_prog.locals_vdecls,consecutive_loops_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..a20892f
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_cfg_to_dag_prog.thy
@@ -0,0 +1,204 @@
+theory consecutive_loops_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = [(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0)))]"
+definition block_8
+  where
+    "block_8  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[3,2],[1],[4],[5],[7,6],[5],[8],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [7,6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding consecutive_loops_before_cfg_to_dag_prog.constants_vdecls_def consecutive_loops_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding consecutive_loops_before_cfg_to_dag_prog.constants_vdecls_def consecutive_loops_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding consecutive_loops_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding consecutive_loops_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = consecutive_loops_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_loops_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_loops_before_cfg_to_dag_prog.post),proc_body = (Some (consecutive_loops_before_cfg_to_dag_prog.locals_vdecls,consecutive_loops_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_passive_prog.thy
new file mode 100644
index 0000000..0693818
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_passive_prog.thy
@@ -0,0 +1,161 @@
+theory consecutive_loops_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0)))]"
+definition block_5
+  where
+    "block_5  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_8
+  where
+    "block_8  = [(Havoc 0)]"
+definition block_9
+  where
+    "block_9  = [(Havoc 0)]"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[9],[10]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 11,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding consecutive_loops_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_cfgtodag_proof.thy
new file mode 100644
index 0000000..8f51f95
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_cfgtodag_proof.thy
@@ -0,0 +1,608 @@
+theory consecutive_loops_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_loops_before_ast_to_cfg_prog consecutive_loops_before_cfg_to_dag_prog consecutive_loops_before_passive_prog consecutive_loops_passification_proof consecutive_loops_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A consecutive_loops_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_loops_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def consecutive_loops_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule consecutive_loops_before_passive_prog.node_0)
+apply simp
+unfolding consecutive_loops_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma Mods_anon5_LoopBody:
+shows "(mods_contained_in (set [0]) consecutive_loops_before_cfg_to_dag_prog.block_2)"
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_1 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_2_def consecutive_loops_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body [0] [] consecutive_loops_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_2)
+apply (rule consecutive_loops_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon5_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon5_LoopBody)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon5_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopBody:
+shows "(mods_contained_in (set [0]) consecutive_loops_before_cfg_to_dag_prog.block_6)"
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_6_def
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 0)))] consecutive_loops_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_6_def consecutive_loops_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun consecutive_loops_before_ast_to_cfg_prog.funcs_wf consecutive_loops_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms consecutive_loops_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] consecutive_loops_before_ast_to_cfg_prog.post ns1 s' 5 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_6)
+apply (rule consecutive_loops_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon6_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon6_LoopBody)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_6))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_8_def consecutive_loops_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_8)
+apply (rule consecutive_loops_before_passive_prog.node_3)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon4)
+apply assumption+
+apply (rule consecutive_loops_before_cfg_to_dag_prog.outEdges_8)
+apply (rule consecutive_loops_before_passive_prog.outEdges_3)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_7_def consecutive_loops_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_7)
+apply (rule consecutive_loops_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon6_LoopDone)
+apply (assumption+)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_7))
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_7))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:consecutive_loops_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopHead:
+shows "(mods_contained_in (set [0]) consecutive_loops_before_cfg_to_dag_prog.block_5)"
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_5_def consecutive_loops_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_5)
+apply (rule consecutive_loops_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon6_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon6_LoopHead)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:consecutive_loops_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:consecutive_loops_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon2:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 0)))] consecutive_loops_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_4_def consecutive_loops_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun consecutive_loops_before_ast_to_cfg_prog.funcs_wf consecutive_loops_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms consecutive_loops_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon2:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_4)
+apply (rule consecutive_loops_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon2)
+apply (assumption+)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:consecutive_loops_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_3_def consecutive_loops_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_3)
+apply (rule consecutive_loops_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon5_LoopDone)
+apply (assumption+)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:consecutive_loops_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5_LoopHead:
+shows "(mods_contained_in (set [0]) consecutive_loops_before_cfg_to_dag_prog.block_1)"
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_1_def consecutive_loops_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_1)
+apply (rule consecutive_loops_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon5_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon5_LoopHead)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:consecutive_loops_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:consecutive_loops_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_9 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding consecutive_loops_before_cfg_to_dag_prog.block_0_def consecutive_loops_before_passive_prog.block_9_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule consecutive_loops_before_cfg_to_dag_prog.node_0)
+apply (rule consecutive_loops_before_passive_prog.node_9)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=8])
+apply ((simp add:consecutive_loops_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:consecutive_loops_before_passive_prog.outEdges_10))
+by ((simp add:consecutive_loops_before_passive_prog.node_10 consecutive_loops_before_passive_prog.block_10_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_loops_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule consecutive_loops_before_passive_prog.node_11)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding consecutive_loops_before_passive_prog.block_11_def
+apply (rule assume_pres_normal[where ?es=consecutive_loops_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding consecutive_loops_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule consecutive_loops_before_passive_prog.outEdges_11)
+apply ((simp add:consecutive_loops_before_passive_prog.node_10 consecutive_loops_before_passive_prog.block_10_def))
+apply (rule consecutive_loops_before_passive_prog.outEdges_10)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_loops_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_loops_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_loops_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_loops_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule consecutive_loops_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passification_proof.thy
new file mode 100644
index 0000000..4991a82
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passification_proof.thy
@@ -0,0 +1,385 @@
+theory consecutive_loops_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_before_ast_to_cfg_prog consecutive_loops_passive_prog Boogie_Lang.PassificationML consecutive_loops_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_before_passive_prog.block_0_def consecutive_loops_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(0,(Inl 4))]) R_old consecutive_loops_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_before_passive_prog.block_1_def consecutive_loops_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(2) consecutive_loops_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(0,(Inl 5))]) R_old consecutive_loops_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_before_passive_prog.block_2_def consecutive_loops_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(2) consecutive_loops_passive_prog.l_x_4(2)))
+by simp
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_before_passive_prog.block_3_def consecutive_loops_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_before_passive_prog.block_4_def consecutive_loops_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old consecutive_loops_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_before_passive_prog.block_5_def consecutive_loops_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(2) consecutive_loops_passive_prog.l_x_3(2)))
+by simp
+
+lemma block_anon2:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_before_passive_prog.block_6_def consecutive_loops_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_before_passive_prog.block_7_def consecutive_loops_passive_prog.block_7_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old consecutive_loops_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_before_passive_prog.block_8_def consecutive_loops_passive_prog.block_8_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(2) consecutive_loops_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old consecutive_loops_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_before_passive_prog.block_9_def consecutive_loops_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(2) consecutive_loops_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_10 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_10 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_before_passive_prog.block_10_def consecutive_loops_passive_prog.block_10_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_11 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_11 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding consecutive_loops_before_passive_prog.block_11_def consecutive_loops_passive_prog.block_11_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_before_passive_prog.node_0},@{thm consecutive_loops_before_passive_prog.outEdges_0}) (@{thm consecutive_loops_passive_prog.node_0},@{thm consecutive_loops_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_before_passive_prog.node_1},@{thm consecutive_loops_before_passive_prog.outEdges_1}) (@{thm consecutive_loops_passive_prog.node_1},@{thm consecutive_loops_passive_prog.outEdges_1}) @{thm block_anon5_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_before_passive_prog.node_2},@{thm consecutive_loops_before_passive_prog.outEdges_2}) (@{thm consecutive_loops_passive_prog.node_2},@{thm consecutive_loops_passive_prog.outEdges_2}) @{thm block_anon6_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_before_passive_prog.node_3},@{thm consecutive_loops_before_passive_prog.outEdges_3}) (@{thm consecutive_loops_passive_prog.node_3},@{thm consecutive_loops_passive_prog.outEdges_3}) @{thm block_anon4} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_before_passive_prog.node_4},@{thm consecutive_loops_before_passive_prog.outEdges_4}) (@{thm consecutive_loops_passive_prog.node_4},@{thm consecutive_loops_passive_prog.outEdges_4}) @{thm block_anon6_LoopDone} [
+@{thm cfg_block_anon4}] 1\<close>))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_before_passive_prog.node_5},@{thm consecutive_loops_before_passive_prog.outEdges_5}) (@{thm consecutive_loops_passive_prog.node_5},@{thm consecutive_loops_passive_prog.outEdges_5}) @{thm block_anon6_LoopHead} [
+@{thm cfg_block_anon6_LoopDone}, 
+@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon2:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_before_passive_prog.node_6},@{thm consecutive_loops_before_passive_prog.outEdges_6}) (@{thm consecutive_loops_passive_prog.node_6},@{thm consecutive_loops_passive_prog.outEdges_6}) @{thm block_anon2} [
+@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_before_passive_prog.node_7},@{thm consecutive_loops_before_passive_prog.outEdges_7}) (@{thm consecutive_loops_passive_prog.node_7},@{thm consecutive_loops_passive_prog.outEdges_7}) @{thm block_anon5_LoopDone} [
+@{thm cfg_block_anon2}] 1\<close>))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_before_passive_prog.node_8},@{thm consecutive_loops_before_passive_prog.outEdges_8}) (@{thm consecutive_loops_passive_prog.node_8},@{thm consecutive_loops_passive_prog.outEdges_8}) @{thm block_anon5_LoopHead} [
+@{thm cfg_block_anon5_LoopDone}, 
+@{thm cfg_block_anon5_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_before_passive_prog.node_9},@{thm consecutive_loops_before_passive_prog.outEdges_9}) (@{thm consecutive_loops_passive_prog.node_9},@{thm consecutive_loops_passive_prog.outEdges_9}) @{thm block_anon0} [
+@{thm cfg_block_anon5_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_before_passive_prog.node_10},@{thm consecutive_loops_before_passive_prog.outEdges_10}) (@{thm consecutive_loops_passive_prog.node_10},@{thm consecutive_loops_passive_prog.outEdges_10}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 11)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_before_passive_prog.node_11},@{thm consecutive_loops_before_passive_prog.outEdges_11}) (@{thm consecutive_loops_passive_prog.node_11},@{thm consecutive_loops_passive_prog.outEdges_11}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 11),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_loops_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_loops_before_ast_to_cfg_prog.constants_vdecls ns consecutive_loops_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv consecutive_loops_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding consecutive_loops_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding consecutive_loops_passive_prog.params_vdecls_def consecutive_loops_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using consecutive_loops_before_passive_prog.globals_locals_disj apply auto[1]
+using consecutive_loops_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] consecutive_loops_passive_prog.proc_body u (Inl 11)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range consecutive_loops_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] consecutive_loops_passive_prog.proc_body ((Inl 11),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from consecutive_loops_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passive_prog.thy
new file mode 100644
index 0000000..05ddc29
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passive_prog.thy
@@ -0,0 +1,221 @@
+theory consecutive_loops_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 4) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 3) Lt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 3) Add (Lit (LInt 1))))),(Assert (BinOp (Var 5) Le (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assert (BinOp (Var 3) Eq (Lit (LInt 0))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 3)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 3) Le (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assert (BinOp (Var 2) Le (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[9],[10]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 11,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(5,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding consecutive_loops_passive_prog.params_vdecls_def consecutive_loops_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)))) = {})"
+unfolding consecutive_loops_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_3:
+shows "((map_of (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_4:
+shows "((map_of (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_3:
+shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_4:
+shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_4
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_vcphase_proof.thy
new file mode 100644
index 0000000..d9a7bc9
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_vcphase_proof.thy
@@ -0,0 +1,407 @@
+theory consecutive_loops_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML consecutive_loops_passive_prog consecutive_loops_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon5_LoopBody
+  where
+    "vc_anon5_LoopBody  = True"
+definition vc_anon6_LoopBody
+  where
+    "vc_anon6_LoopBody x_3 x_4 = (((x_3 < (0::int)) \<and> (x_4 = (x_3 + (1::int)))) \<longrightarrow> (x_4 \<le> (0::int)))"
+definition vc_anon4
+  where
+    "vc_anon4 x_3 = (x_3 = (0::int))"
+definition vc_anon6_LoopDone
+  where
+    "vc_anon6_LoopDone x_3 = (((0::int) \<le> x_3) \<longrightarrow> (vc_anon4 x_3))"
+definition vc_anon6_LoopHead
+  where
+    "vc_anon6_LoopHead x_3 x_4 = ((x_3 \<le> (0::int)) \<longrightarrow> ((vc_anon6_LoopDone x_3) \<and> (vc_anon6_LoopBody x_3 x_4)))"
+definition vc_anon2
+  where
+    "vc_anon2 x_1 x_3 x_4 = ((x_1 \<le> (0::int)) \<and> ((x_1 \<le> (0::int)) \<longrightarrow> (vc_anon6_LoopHead x_3 x_4)))"
+definition vc_anon5_LoopDone
+  where
+    "vc_anon5_LoopDone x_1 x_3 x_4 = (((0::int) \<ge> x_1) \<longrightarrow> (vc_anon2 x_1 x_3 x_4))"
+definition vc_anon0
+  where
+    "vc_anon0 x_1 x_3 x_4 = ((vc_anon5_LoopDone x_1 x_3 x_4) \<and> (vc_anon5_LoopBody ))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_2)))" and 
+G4: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_3)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_4)))" and 
+G6: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6
+lemmas forall_poly_thm = forall_vc_type[OF G6]
+lemmas exists_poly_thm = exists_vc_type[OF G6]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding consecutive_loops_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon5_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon5_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody ) \<Longrightarrow> (s' = Magic)))"
+unfolding consecutive_loops_passive_prog.block_1_def vc.vc_anon5_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon6_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_x_3 vc_x_4) \<Longrightarrow> (s' = Magic)))"
+unfolding consecutive_loops_passive_prog.block_2_def vc.vc_anon6_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon4AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding consecutive_loops_passive_prog.block_3_def vc.vc_anon4_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon6_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_x_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_3)))))))"
+unfolding consecutive_loops_passive_prog.block_4_def vc.vc_anon6_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon6_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopHead vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_3) \<and> (vc.vc_anon6_LoopBody vc_x_3 vc_x_4))))))))"
+unfolding consecutive_loops_passive_prog.block_5_def vc.vc_anon6_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon2_hints = [
+(AssertSub,NONE)]
+\<close>
+lemma block_anon2AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2 vc_x_1 vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6_LoopHead vc_x_3 vc_x_4)))))))"
+unfolding consecutive_loops_passive_prog.block_6_def vc.vc_anon2_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon2 vc_x_1 vc_x_3 vc_x_4)))))))"
+unfolding consecutive_loops_passive_prog.block_7_def vc.vc_anon5_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_8 (Normal n_s) s')" and 
+"((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))))))"
+using assms
+unfolding consecutive_loops_passive_prog.block_8_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_9 (Normal n_s) s')" and 
+"((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))))))"
+using assms
+unfolding consecutive_loops_passive_prog.block_9_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_10 (Normal n_s) s')" and 
+"((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))))))"
+using assms
+unfolding consecutive_loops_passive_prog.block_10_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_11 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding consecutive_loops_passive_prog.block_11_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) consecutive_loops_passive_prog.node_0 consecutive_loops_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopBody )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_passive_prog.node_1])
+by (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopBody vc_x_3 vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_passive_prog.node_2])
+by (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4 vc_x_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) consecutive_loops_passive_prog.node_3])
+apply (erule block_anon4AA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopDone vc_x_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_4])
+apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopHead vc_x_3 vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_5])
+apply (erule block_anon6_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon2:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon2 vc_x_1 vc_x_3 vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_6])
+apply (erule block_anon2AA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_7])
+apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_8])
+apply (erule block_anon5_LoopHead[OF _ assms(2)])
+apply ((simp add:consecutive_loops_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_9])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_10])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_passive_prog.outEdges_10))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_11])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:consecutive_loops_passive_prog.outEdges_11))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A consecutive_loops_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> consecutive_loops_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) consecutive_loops_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s consecutive_loops_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((consecutive_loops_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_passive_prog.m_x])
+apply (subst lookup_var_local[OF consecutive_loops_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF consecutive_loops_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF consecutive_loops_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF consecutive_loops_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_passive_prog.m_x_3])
+apply (subst lookup_var_local[OF consecutive_loops_passive_prog.m_x_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_passive_prog.m_x_4])
+apply (subst lookup_var_local[OF consecutive_loops_passive_prog.m_x_4])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (rule HOL.conjunct1[OF sc_x_3])
+apply (rule HOL.conjunct1[OF sc_x_4])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/no_inv_loop_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/ROOT
new file mode 100644
index 0000000..38ab999
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/ROOT
@@ -0,0 +1,12 @@
+session empty_branch_if_proofs = Boogie_Lang + 
+directories empty_branch_if_proofs
+theories
+global_data
+"empty_branch_if_proofs/empty_branch_if_passification_proof"
+"empty_branch_if_proofs/empty_branch_if_passive_prog"
+"empty_branch_if_proofs/empty_branch_if_asttocfg_proof"
+"empty_branch_if_proofs/empty_branch_if_before_ast_to_cfg_prog"
+"empty_branch_if_proofs/empty_branch_if_before_passive_prog"
+"empty_branch_if_proofs/empty_branch_if_vcphase_proof"
+"empty_branch_if_proofs/empty_branch_if_cfgtodag_proof"
+"empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_asttocfg_proof.thy
new file mode 100644
index 0000000..2568dc3
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_asttocfg_proof.thy
@@ -0,0 +1,341 @@
+theory empty_branch_if_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_branch_if_before_ast_to_cfg_prog empty_branch_if_before_cfg_to_dag_prog empty_branch_if_cfgtodag_proof empty_branch_if_passification_proof empty_branch_if_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of empty_branch_if_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_3_def empty_branch_if_before_cfg_to_dag_prog.block_3_def)
+apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.block_3_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.block_3_def empty_branch_if_before_ast_to_cfg_prog.bigblock_3_def)+)
+done
+
+
+lemma global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_branch_if_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of empty_branch_if_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+apply (rule cont_3_def)
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_3)
+apply (rule disjI1)
+apply (rule empty_branch_if_before_cfg_to_dag_prog.block_3_def)
+apply (rule empty_branch_if_before_cfg_to_dag_prog.outEdges_3)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_3)
+apply (rule rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_3)
+apply assumption+
+
+done
+qed
+
+lemma rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV False))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding empty_branch_if_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_fails_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of empty_branch_if_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_2_def)
+apply (rule push_through_assumption1)
+apply (simp)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply ((simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)+)
+apply (rule neg_gt)
+apply (rule guardHint)
+done
+
+
+lemma global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_branch_if_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of empty_branch_if_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule empty_branch_if_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_2)
+apply (rule rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_2)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_branch_if_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of empty_branch_if_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def)
+
+apply (rule astTrace)
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def)
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_1)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule empty_branch_if_before_cfg_to_dag_prog.block_1_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_1_def)
+apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_1)
+
+
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of empty_branch_if_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_branch_if_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of empty_branch_if_before_ast_to_cfg_prog.bigblock_0 _ empty_branch_if_before_cfg_to_dag_prog.block_0])
+apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_0)
+apply (rule rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 2])+)
+apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_0_def empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> empty_branch_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_branch_if_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def empty_branch_if_before_ast_to_cfg_prog.pres_def empty_branch_if_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def empty_branch_if_before_ast_to_cfg_prog.pres_def empty_branch_if_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) empty_branch_if_before_ast_to_cfg_prog.fdecls empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls empty_branch_if_before_ast_to_cfg_prog.axioms empty_branch_if_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding empty_branch_if_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 empty_branch_if_before_ast_to_cfg_prog.ast_proc_def empty_branch_if_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..68330b0
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_to_cfg_prog.thy
@@ -0,0 +1,123 @@
+theory empty_branch_if_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) [(BigBlock (None ) [] (None ) (None ))] [(BigBlock (None ) [(Assign 0 (Lit (LInt 6)))] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (Lit (LInt 6)))] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))] (None ) (None ))"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KSeq bigblock_3 cont_3)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_ast_to_cfg_prog.post),proc_body = (Some (empty_branch_if_before_ast_to_cfg_prog.locals_vdecls,empty_branch_if_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
similarity index 52%
rename from BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
index 41c064e..b4c593a 100644
--- a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
@@ -6,16 +6,16 @@ definition block_0
     "block_0  = [(Havoc 0)]"
 definition block_1
   where
-    "block_1  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]"
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]"
 definition block_2
   where
-    "block_2  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))]"
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]"
 definition block_3
   where
-    "block_3  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]"
+    "block_3  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))]"
 definition outEdges
   where
-    "outEdges  = [[3,1],[2],[],[2]]"
+    "outEdges  = [[1,2],[3],[3],[]]"
 definition node_to_blocks
   where
     "node_to_blocks  = [block_0,block_1,block_2,block_3]"
@@ -39,19 +39,19 @@ shows "((nth (node_to_block proc_body) 3) = block_3)"
 by (simp add:proc_body_def node_to_blocks_def)
 
 lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [3,1])"
+shows "((nth (out_edges proc_body) 0) = [1,2])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [2])"
+shows "((nth (out_edges proc_body) 1) = [3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
+shows "((nth (out_edges proc_body) 2) = [3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
+shows "((nth (out_edges proc_body) 3) = [])"
 by (simp add:proc_body_def outEdges_def)
 
 definition pres
@@ -66,6 +66,28 @@ definition params_vdecls :: "(vdecls)"
 definition locals_vdecls :: "(vdecls)"
   where
     "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding empty_branch_if_before_cfg_to_dag_prog.constants_vdecls_def empty_branch_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
 lemma locals_min_aux:
 shows "(((map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
 unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
@@ -77,18 +99,23 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding empty_branch_if_before_cfg_to_dag_prog.constants_vdecls_def empty_branch_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
 by simp
 
 lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding empty_branch_if_before_cfg_to_dag_prog.constants_vdecls_def
 by simp
 
 lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding empty_branch_if_before_cfg_to_dag_prog.globals_vdecls_def
 by simp
 
 lemma params_wf:
@@ -102,7 +129,7 @@ unfolding empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
 apply (rule lookup_ty_pred_2)
 by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
 
@@ -111,11 +138,11 @@ shows "((map_of (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls emp
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-definition proc :: "(procedure)"
+definition proc :: "(mbodyCFG procedure)"
   where
     "proc  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_cfg_to_dag_prog.post),proc_body = (Some (empty_branch_if_before_cfg_to_dag_prog.locals_vdecls,empty_branch_if_before_cfg_to_dag_prog.proc_body))|)"
 
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
similarity index 72%
rename from BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
index 2d6d7db..14d7289 100644
--- a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
@@ -1,5 +1,5 @@
 theory empty_branch_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -77,18 +77,18 @@ shows "((nth (out_edges proc_body) 5) = [4])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
similarity index 78%
rename from BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
index a3919c0..037d49d 100644
--- a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
@@ -1,26 +1,26 @@
 theory empty_branch_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_branch_if_before_cfg_to_dag_prog empty_branch_if_before_passive_prog empty_branch_if_passification_proof empty_branch_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_branch_if_before_ast_to_cfg_prog empty_branch_if_before_cfg_to_dag_prog empty_branch_if_before_passive_prog empty_branch_if_passification_proof empty_branch_if_vcphase_proof
 begin
 locale cfg_to_dag_lemmas = 
 fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
 assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+Wf_Fun: "(fun_interp_wf A empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
 begin
 
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
 declare Nat.One_nat_def[simp del]
 
 lemma block_anon3:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_0 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_branch_if_before_cfg_to_dag_prog.block_2_def empty_branch_if_before_passive_prog.block_0_def
+unfolding empty_branch_if_before_cfg_to_dag_prog.block_3_def empty_branch_if_before_passive_prog.block_0_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -28,30 +28,30 @@ done
 
 lemma cfg_block_anon3:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_3)
 apply (rule empty_branch_if_before_passive_prog.node_0)
 apply (erule DagVerifies)
 apply (rule DagAssms)
-unfolding empty_branch_if_before_cfg_to_dag_prog.post_def
+unfolding empty_branch_if_before_ast_to_cfg_prog.post_def
 apply (rule block_anon3)
 apply assumption+
-by (rule empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
+by (rule empty_branch_if_before_cfg_to_dag_prog.outEdges_3)
 
 
 lemma block_anon4_Then:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_1 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_branch_if_before_cfg_to_dag_prog.block_3_def empty_branch_if_before_passive_prog.block_1_def
+unfolding empty_branch_if_before_cfg_to_dag_prog.block_1_def empty_branch_if_before_passive_prog.block_1_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -59,18 +59,18 @@ done
 
 lemma cfg_block_anon4_Then:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_3)
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_1)
 apply (rule empty_branch_if_before_passive_prog.node_1)
 apply (assumption+)
 apply (rule block_anon4_Then)
 apply (assumption+)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_1))
 apply (erule member_elim)
 apply simp
 apply (erule allE[where x=0])
@@ -90,13 +90,13 @@ by (simp add: member_rec(2))
 
 lemma block_anon4_Else:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_2 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_branch_if_before_cfg_to_dag_prog.block_1_def empty_branch_if_before_passive_prog.block_2_def
+unfolding empty_branch_if_before_cfg_to_dag_prog.block_2_def empty_branch_if_before_passive_prog.block_2_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -104,18 +104,18 @@ done
 
 lemma cfg_block_anon4_Else:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_1)
+apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
 apply (rule empty_branch_if_before_passive_prog.node_2)
 apply (assumption+)
 apply (rule block_anon4_Else)
 apply (assumption+)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_2))
 apply (erule member_elim)
 apply simp
 apply (erule allE[where x=0])
@@ -152,7 +152,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
 apply (rule empty_branch_if_before_passive_prog.node_3)
@@ -211,16 +211,16 @@ assumes
 "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 empty_branch_if_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 empty_branch_if_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_entry)
 apply (rule empty_branch_if_before_passive_prog.node_5)
 apply (erule assms(3))
 apply (rule assms(2))
 unfolding empty_branch_if_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=empty_branch_if_before_cfg_to_dag_prog.pres])
+apply (rule assume_pres_normal[where ?es=empty_branch_if_before_ast_to_cfg_prog.pres])
 apply (rule assms(4))
-unfolding empty_branch_if_before_cfg_to_dag_prog.pres_def
+unfolding empty_branch_if_before_ast_to_cfg_prog.pres_def
 apply simp
 apply (rule empty_branch_if_before_passive_prog.outEdges_5)
 apply ((simp add:empty_branch_if_before_passive_prog.node_4 empty_branch_if_before_passive_prog.block_4_def))
@@ -232,23 +232,23 @@ end
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
 lemma end_to_end_theorem_aux:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_branch_if_before_cfg_to_dag_prog.pres)" and 
+FInterp: "(fun_interp_wf A empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> empty_branch_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_branch_if_before_ast_to_cfg_prog.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post m' s')"
 proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
 show ?thesis
 apply (rule cfg_to_dag_lemmas.entry_lemma)
@@ -280,13 +280,5 @@ done
 qed
 
 
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms empty_branch_if_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 empty_branch_if_before_cfg_to_dag_prog.proc_def empty_branch_if_before_cfg_to_dag_prog.proc_body_def)
-
 
 end
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
similarity index 88%
rename from BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
index f80e262..3af9ef0 100644
--- a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
@@ -1,5 +1,5 @@
 theory empty_branch_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_passive_prog empty_branch_if_passive_prog Boogie_Lang.PassificationML empty_branch_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_ast_to_cfg_prog empty_branch_if_passive_prog Boogie_Lang.PassificationML empty_branch_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,10 +9,10 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_anon3:
@@ -37,7 +37,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding empty_branch_if_before_passive_prog.block_1_def empty_branch_if_passive_prog.block_1_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.l_x(2) empty_branch_if_passive_prog.l_x_1(2)))
+apply ((simp add:empty_branch_if_before_ast_to_cfg_prog.l_x(2) empty_branch_if_passive_prog.l_x_1(2)))
 by simp
 
 lemma block_anon4_Else:
@@ -50,7 +50,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding empty_branch_if_before_passive_prog.block_2_def empty_branch_if_passive_prog.block_2_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.l_x(2) empty_branch_if_passive_prog.l_x_1(2)))
+apply ((simp add:empty_branch_if_before_ast_to_cfg_prog.l_x(2) empty_branch_if_passive_prog.l_x_1(2)))
 by simp
 
 lemma block_anon0:
@@ -62,7 +62,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding empty_branch_if_before_passive_prog.block_3_def empty_branch_if_passive_prog.block_3_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.l_x(2) empty_branch_if_passive_prog.l_x_0(2)))
+apply ((simp add:empty_branch_if_before_ast_to_cfg_prog.l_x(2) empty_branch_if_passive_prog.l_x_0(2)))
 by simp
 
 lemma block_0:
@@ -139,14 +139,14 @@ by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} []
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> empty_branch_if_before_ast_to_cfg_prog.constants_vdecls ns empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -200,7 +200,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding empty_branch_if_passive_prog.params_vdecls_def empty_branch_if_passive_prog.locals_vdecls_def
 by simp
@@ -238,7 +238,7 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range empty_branch_if_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
similarity index 67%
rename from BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
index 78928d4..d439534 100644
--- a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
@@ -1,5 +1,5 @@
 theory empty_branch_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -93,8 +93,8 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) = {})"
+unfolding empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 lemma m_x:
@@ -110,17 +110,17 @@ shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_x_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x_1
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
diff --git a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
similarity index 90%
rename from BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
index 0958308..c15de25 100644
--- a/BoogieLang/generated_example_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
@@ -196,19 +196,19 @@ declare One_nat_def[simp del]
 
 lemma end_to_end:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+FInterp: "(fun_interp_wf A empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> empty_branch_if_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))"
 shows "(s' \<noteq> Failure)"
 proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+let ?n_s_c = "(nstate_global_restriction n_s empty_branch_if_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((empty_branch_if_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
 from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x])
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/triangle_example_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/ROOT
new file mode 100644
index 0000000..373e371
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/ROOT
@@ -0,0 +1,12 @@
+session empty_generic_block_proofs = Boogie_Lang + 
+directories empty_generic_block_proofs
+theories
+global_data
+"empty_generic_block_proofs/empty_generic_block_vcphase_proof"
+"empty_generic_block_proofs/empty_generic_block_passive_prog"
+"empty_generic_block_proofs/empty_generic_block_before_ast_to_cfg_prog"
+"empty_generic_block_proofs/empty_generic_block_passification_proof"
+"empty_generic_block_proofs/empty_generic_block_before_passive_prog"
+"empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog"
+"empty_generic_block_proofs/empty_generic_block_cfgtodag_proof"
+"empty_generic_block_proofs/empty_generic_block_asttocfg_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_asttocfg_proof.thy
new file mode 100644
index 0000000..b154cfa
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_asttocfg_proof.thy
@@ -0,0 +1,233 @@
+theory empty_generic_block_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_generic_block_before_ast_to_cfg_prog empty_generic_block_before_cfg_to_dag_prog empty_generic_block_cfgtodag_proof empty_generic_block_passification_proof empty_generic_block_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A empty_generic_block_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (empty_generic_block_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of empty_generic_block_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_2_def empty_generic_block_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: empty_generic_block_before_cfg_to_dag_prog.block_2_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: empty_generic_block_before_cfg_to_dag_prog.block_2_def empty_generic_block_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_generic_block_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_generic_block_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of empty_generic_block_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (simp)
+apply (rule cont_2_def)
+apply (rule empty_generic_block_before_cfg_to_dag_prog.node_2)
+apply (rule disjI1)
+apply (rule empty_generic_block_before_cfg_to_dag_prog.block_2_def)
+apply (rule empty_generic_block_before_cfg_to_dag_prog.outEdges_2)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: empty_generic_block_before_cfg_to_dag_prog.node_2)
+apply (rule rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_2)
+apply assumption+
+
+done
+qed
+
+lemma global_rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_generic_block_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_generic_block_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of empty_generic_block_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_1_def)
+
+apply (rule astTrace)
+apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_1_def)
+apply (rule empty_generic_block_before_cfg_to_dag_prog.node_1)
+apply (rule disjI1)
+apply (rule empty_generic_block_before_cfg_to_dag_prog.block_1_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_1_def)
+apply (simp add: empty_generic_block_before_cfg_to_dag_prog.node_1)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add: empty_generic_block_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_2)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (empty_generic_block_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of empty_generic_block_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_0_def empty_generic_block_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: empty_generic_block_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: empty_generic_block_before_cfg_to_dag_prog.block_0_def empty_generic_block_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_generic_block_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_generic_block_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of empty_generic_block_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule empty_generic_block_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+apply (rule empty_generic_block_before_cfg_to_dag_prog.block_0_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_0_def)
+apply (simp add: empty_generic_block_before_cfg_to_dag_prog.node_0)
+apply (rule rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_0)
+apply assumption
+apply (simp)
+apply ((erule allE[where x = 1])+)
+apply ((simp add: empty_generic_block_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_1)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (empty_generic_block_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A empty_generic_block_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> empty_generic_block_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) empty_generic_block_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_generic_block_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (empty_generic_block_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def empty_generic_block_before_ast_to_cfg_prog.pres_def empty_generic_block_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def empty_generic_block_before_ast_to_cfg_prog.pres_def empty_generic_block_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_1,bigblock_2] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (empty_generic_block_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_1_def cont_2_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) empty_generic_block_before_ast_to_cfg_prog.fdecls empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls empty_generic_block_before_ast_to_cfg_prog.axioms empty_generic_block_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding empty_generic_block_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 empty_generic_block_before_ast_to_cfg_prog.ast_proc_def empty_generic_block_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..cb770da
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_to_cfg_prog.thy
@@ -0,0 +1,117 @@
+theory empty_generic_block_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0)))] (None ) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (Some ''label1'') [] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (Some ''label2'') [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] (None ) (None ))"
+definition cont_2
+  where
+    "cont_2  = KStop"
+definition cont_1
+  where
+    "cont_1  = (KSeq bigblock_2 cont_2)"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_1 cont_1)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_1,bigblock_2]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding empty_generic_block_before_ast_to_cfg_prog.constants_vdecls_def empty_generic_block_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding empty_generic_block_before_ast_to_cfg_prog.constants_vdecls_def empty_generic_block_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding empty_generic_block_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding empty_generic_block_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = empty_generic_block_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_generic_block_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_generic_block_before_ast_to_cfg_prog.post),proc_body = (Some (empty_generic_block_before_ast_to_cfg_prog.locals_vdecls,empty_generic_block_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..59623f2
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy
@@ -0,0 +1,138 @@
+theory empty_generic_block_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 0)))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[2],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding empty_generic_block_before_cfg_to_dag_prog.constants_vdecls_def empty_generic_block_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding empty_generic_block_before_cfg_to_dag_prog.constants_vdecls_def empty_generic_block_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding empty_generic_block_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding empty_generic_block_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = empty_generic_block_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_generic_block_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_generic_block_before_cfg_to_dag_prog.post),proc_body = (Some (empty_generic_block_before_cfg_to_dag_prog.locals_vdecls,empty_generic_block_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy
new file mode 100644
index 0000000..43a6a6a
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy
@@ -0,0 +1,84 @@
+theory empty_generic_block_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_generic_block_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assign 0 (Lit (LInt 0)))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1],[2],[3]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 4,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding empty_generic_block_before_ast_to_cfg_prog.constants_vdecls_def empty_generic_block_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy
new file mode 100644
index 0000000..1cc87b2
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy
@@ -0,0 +1,225 @@
+theory empty_generic_block_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_generic_block_before_ast_to_cfg_prog empty_generic_block_before_cfg_to_dag_prog empty_generic_block_before_passive_prog empty_generic_block_passification_proof empty_generic_block_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A empty_generic_block_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_label2:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_generic_block_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding empty_generic_block_before_cfg_to_dag_prog.block_2_def empty_generic_block_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_label2:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule empty_generic_block_before_cfg_to_dag_prog.node_2)
+apply (rule empty_generic_block_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding empty_generic_block_before_ast_to_cfg_prog.post_def
+apply (rule block_label2)
+apply assumption+
+by (rule empty_generic_block_before_cfg_to_dag_prog.outEdges_2)
+
+
+lemma block_label1:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_generic_block_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding empty_generic_block_before_cfg_to_dag_prog.block_1_def empty_generic_block_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_label1:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule empty_generic_block_before_cfg_to_dag_prog.node_1)
+apply (rule empty_generic_block_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_label1)
+apply (assumption+)
+apply ((simp add:empty_generic_block_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:empty_generic_block_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:empty_generic_block_before_passive_prog.outEdges_1))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_label2)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_generic_block_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding empty_generic_block_before_cfg_to_dag_prog.block_0_def empty_generic_block_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule empty_generic_block_before_cfg_to_dag_prog.node_0)
+apply (rule empty_generic_block_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:empty_generic_block_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:empty_generic_block_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:empty_generic_block_before_passive_prog.outEdges_2))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_label1)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:empty_generic_block_before_passive_prog.outEdges_3))
+by ((simp add:empty_generic_block_before_passive_prog.node_3 empty_generic_block_before_passive_prog.block_3_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 empty_generic_block_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule empty_generic_block_before_passive_prog.node_4)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding empty_generic_block_before_passive_prog.block_4_def
+apply (rule assume_pres_normal[where ?es=empty_generic_block_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding empty_generic_block_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule empty_generic_block_before_passive_prog.outEdges_4)
+apply ((simp add:empty_generic_block_before_passive_prog.node_3 empty_generic_block_before_passive_prog.block_3_def))
+apply (rule empty_generic_block_before_passive_prog.outEdges_3)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A empty_generic_block_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> empty_generic_block_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) empty_generic_block_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_generic_block_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule empty_generic_block_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy
similarity index 59%
rename from BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy
index 619977f..66125a9 100644
--- a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy
@@ -1,5 +1,5 @@
 theory empty_generic_block_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_generic_block_before_passive_prog empty_generic_block_passive_prog Boogie_Lang.PassificationML empty_generic_block_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_generic_block_before_ast_to_cfg_prog empty_generic_block_passive_prog Boogie_Lang.PassificationML empty_generic_block_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,77 +9,119 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
-lemma block_anon0:
+lemma block_label2:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old empty_generic_block_passive_prog.block_0 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inr (LInt 0))))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_generic_block_passive_prog.block_0 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding empty_generic_block_before_passive_prog.block_0_def empty_generic_block_passive_prog.block_0_def
-apply (passive_rel_tac)
+apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_0:
+lemma block_label1:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inr (LInt 0))))"
 shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_generic_block_passive_prog.block_1 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding empty_generic_block_before_passive_prog.block_1_def empty_generic_block_passive_prog.block_1_def
-apply (passive_rel_tac)
+apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_PreconditionGeneratedEntry:
+lemma block_anon0:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_2 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_generic_block_passive_prog.block_2 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old empty_generic_block_passive_prog.block_2 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding empty_generic_block_before_passive_prog.block_2_def empty_generic_block_passive_prog.block_2_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma cfg_block_anon0:
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_generic_block_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_generic_block_before_passive_prog.block_3_def empty_generic_block_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_generic_block_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding empty_generic_block_before_passive_prog.block_4_def empty_generic_block_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_label2:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inr (LInt 0))))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_generic_block_before_passive_prog.node_0},@{thm empty_generic_block_before_passive_prog.outEdges_0}) (@{thm empty_generic_block_passive_prog.node_0},@{thm empty_generic_block_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_generic_block_before_passive_prog.node_0},@{thm empty_generic_block_before_passive_prog.outEdges_0}) (@{thm empty_generic_block_passive_prog.node_0},@{thm empty_generic_block_passive_prog.outEdges_0}) @{thm block_label2} [] 1\<close>))
 
-lemma cfg_block_0:
+lemma cfg_block_label1:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inr (LInt 0))))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_generic_block_before_passive_prog.node_1},@{thm empty_generic_block_before_passive_prog.outEdges_1}) (@{thm empty_generic_block_passive_prog.node_1},@{thm empty_generic_block_passive_prog.outEdges_1}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_generic_block_before_passive_prog.node_1},@{thm empty_generic_block_before_passive_prog.outEdges_1}) (@{thm empty_generic_block_passive_prog.node_1},@{thm empty_generic_block_passive_prog.outEdges_1}) @{thm block_label1} [
+@{thm cfg_block_label2}] 1\<close>))
 
-lemma cfg_block_PreconditionGeneratedEntry:
+lemma cfg_block_anon0:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_generic_block_before_passive_prog.node_2},@{thm empty_generic_block_before_passive_prog.outEdges_2}) (@{thm empty_generic_block_passive_prog.node_2},@{thm empty_generic_block_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_generic_block_before_passive_prog.node_2},@{thm empty_generic_block_before_passive_prog.outEdges_2}) (@{thm empty_generic_block_passive_prog.node_2},@{thm empty_generic_block_passive_prog.outEdges_2}) @{thm block_anon0} [
+@{thm cfg_block_label1}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_generic_block_before_passive_prog.node_3},@{thm empty_generic_block_before_passive_prog.outEdges_3}) (@{thm empty_generic_block_passive_prog.node_3},@{thm empty_generic_block_passive_prog.outEdges_3}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_generic_block_before_passive_prog.node_4},@{thm empty_generic_block_before_passive_prog.outEdges_4}) (@{thm empty_generic_block_passive_prog.node_4},@{thm empty_generic_block_passive_prog.outEdges_4}) @{thm block_PreconditionGeneratedEntry} [
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
+Red: "(red_cfg_multi A M ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 4),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A empty_generic_block_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> empty_generic_block_before_ast_to_cfg_prog.constants_vdecls ns empty_generic_block_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -133,7 +175,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding empty_generic_block_before_ast_to_cfg_prog.constants_vdecls_def empty_generic_block_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding empty_generic_block_passive_prog.params_vdecls_def empty_generic_block_passive_prog.locals_vdecls_def
 by simp
@@ -163,7 +205,7 @@ lemma end_to_end:
 shows "(s' \<noteq> Failure)"
 proof
 assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] empty_generic_block_passive_prog.proc_body u (Inl 2)))))"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] empty_generic_block_passive_prog.proc_body u (Inl 4)))))"
 apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
 unfolding passive_lemma_assms_2_def
 apply (intro conjI)?
@@ -171,11 +213,11 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range empty_generic_block_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] empty_generic_block_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] empty_generic_block_passive_prog.proc_body ((Inl 4),(Normal u)) (mp',Failure))"
 by (auto simp add: passive_sim_cfg_fail_def)
 from empty_generic_block_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
  apply rule
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy
similarity index 57%
rename from BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy
index bda2aa5..8b72020 100644
--- a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy
@@ -1,5 +1,5 @@
 theory empty_generic_block_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_generic_block_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util empty_generic_block_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -10,15 +10,21 @@ definition block_1
 definition block_2
   where
     "block_2  = []"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
 definition outEdges
   where
-    "outEdges  = [[],[0],[1]]"
+    "outEdges  = [[],[0],[1],[2],[3]]"
 definition node_to_blocks
   where
-    "node_to_blocks  = [block_0,block_1,block_2]"
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
 definition proc_body
   where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+    "proc_body  = (|entry = 4,out_edges = outEdges,node_to_block = node_to_blocks|)"
 lemma node_0:
 shows "((nth (node_to_block proc_body) 0) = block_0)"
 by (simp add:proc_body_def node_to_blocks_def)
@@ -31,6 +37,14 @@ lemma node_2:
 shows "((nth (node_to_block proc_body) 2) = block_2)"
 by (simp add:proc_body_def node_to_blocks_def)
 
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
 lemma outEdges_0:
 shows "((nth (out_edges proc_body) 0) = [])"
 by (simp add:proc_body_def outEdges_def)
@@ -43,6 +57,14 @@ lemma outEdges_2:
 shows "((nth (out_edges proc_body) 2) = [1])"
 by (simp add:proc_body_def outEdges_def)
 
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
 definition params_vdecls :: "(vdecls)"
   where
     "params_vdecls  = []"
@@ -60,8 +82,8 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)))) = {})"
+unfolding empty_generic_block_before_ast_to_cfg_prog.constants_vdecls_def empty_generic_block_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 lemma m_x:
@@ -69,7 +91,7 @@ shows "((map_of (append empty_generic_block_passive_prog.params_vdecls empty_gen
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
diff --git a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy
similarity index 53%
rename from BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy
index b5195ff..de30103 100644
--- a/BoogieLang/generated_example_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy
@@ -4,12 +4,12 @@ begin
 locale vc
 begin
 
-definition vc_anon0
+definition vc_label2
   where
-    "vc_anon0  = ((0::int) = (0::int))"
-definition vc_PreconditionGeneratedEntry
+    "vc_label2  = ((0::int) = (0::int))"
+definition vc_anon0
   where
-    "vc_PreconditionGeneratedEntry  = (vc_anon0 )"
+    "vc_anon0  = (vc_label2 )"
 
 end
 
@@ -26,65 +26,111 @@ lemmas exists_poly_thm = exists_vc_type[OF G1]
 declare Nat.One_nat_def[simp del]
 
 ML\<open>
-val block_anon0_hints = [
+val block_label2_hints = [
 (AssertNoConj,NONE)]
 \<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding empty_generic_block_passive_prog.block_0_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+lemma block_label2AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_label2 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding empty_generic_block_passive_prog.block_0_def vc.vc_label2_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_label2_hints \<close>)
 by (auto?)
 
-lemma block_0:
+lemma block_label1:
 assumes 
 "(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_1 (Normal n_s) s')" and 
-"(vc.vc_anon0 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
+"(vc.vc_label2 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_label2 )))))"
 using assms
 unfolding empty_generic_block_passive_prog.block_1_def
 apply cases
 by auto
 
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_2 (Normal n_s) s')" and 
+"(vc.vc_label2 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_label2 )))))"
+using assms
+unfolding empty_generic_block_passive_prog.block_2_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_3 (Normal n_s) s')" and 
+"(vc.vc_label2 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_label2 )))))"
+using assms
+unfolding empty_generic_block_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_label2 )))))))"
 apply (erule red_cmd_list.cases)
 using global_assms
-unfolding empty_generic_block_passive_prog.block_2_def vc.vc_PreconditionGeneratedEntry_def
+unfolding empty_generic_block_passive_prog.block_4_def vc.vc_anon0_def
 apply (handle_cmd_list_full?)
 by (auto?)
 
-lemma cfg_block_anon0:
+lemma cfg_block_label2:
 assumes 
 "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
+"(vc.vc_label2 )"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
 apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) empty_generic_block_passive_prog.node_0 empty_generic_block_passive_prog.outEdges_0])
-using block_anon0AA0[OF _ assms(2)] by blast
+using block_label2AA0[OF _ assms(2)] by blast
 
-lemma cfg_block_0:
+lemma cfg_block_label1:
 assumes 
 "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
+"(vc.vc_label2 )"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
 apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_generic_block_passive_prog.node_1])
-apply (erule block_0[OF _ assms(2)])
+apply (erule block_label1[OF _ assms(2)])
 apply ((simp add:empty_generic_block_passive_prog.outEdges_1))
 apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
+apply (erule cfg_block_label2, simp?)
 by (simp add: member_rec(2))
 
-lemma cfg_PreconditionGeneratedEntry:
+lemma cfg_block_anon0:
 assumes 
 "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry )"
+"(vc.vc_label2 )"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
 apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_generic_block_passive_prog.node_2])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply (erule block_anon0[OF _ assms(2)])
 apply ((simp add:empty_generic_block_passive_prog.outEdges_2))
 apply (erule member_elim, simp)
+apply (erule cfg_block_label1, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_label2 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_generic_block_passive_prog.node_3])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:empty_generic_block_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_generic_block_passive_prog.node_4])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:empty_generic_block_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
 apply (erule cfg_block_0, simp?)
 by (simp add: member_rec(2))
 
@@ -115,19 +161,19 @@ declare One_nat_def[simp del]
 
 lemma end_to_end:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
+Red: "(red_cfg_multi A M ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+FInterp: "(fun_interp_wf A empty_generic_block_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> empty_generic_block_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) empty_generic_block_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls))"
 shows "(s' \<noteq> Failure)"
 proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+let ?n_s_c = "(nstate_global_restriction n_s empty_generic_block_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((empty_generic_block_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
 from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_generic_block_passive_prog.m_x])
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/while_example2_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/ROOT
new file mode 100644
index 0000000..236f6e6
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/ROOT
@@ -0,0 +1,12 @@
+session empty_loop_proofs = Boogie_Lang + 
+directories p_proofs
+theories
+global_data
+"p_proofs/p_passification_proof"
+"p_proofs/p_vcphase_proof"
+"p_proofs/p_cfgtodag_proof"
+"p_proofs/p_passive_prog"
+"p_proofs/p_before_passive_prog"
+"p_proofs/p_asttocfg_proof"
+"p_proofs/p_before_ast_to_cfg_prog"
+"p_proofs/p_before_cfg_to_dag_prog"
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/global_data.thy
similarity index 100%
rename from BoogieLang/generated_example_proofs/while_example_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/global_data.thy
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_asttocfg_proof.thy
new file mode 100644
index 0000000..c15a69c
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_asttocfg_proof.thy
@@ -0,0 +1,333 @@
+theory p_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_ast_to_cfg_prog p_before_cfg_to_dag_prog p_cfgtodag_proof p_passification_proof p_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_p_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_3_def p_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: p_before_cfg_to_dag_prog.block_4_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: p_before_cfg_to_dag_prog.block_4_def p_before_ast_to_cfg_prog.bigblock_3_def)+)
+done
+
+
+lemma global_rel_p_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end p_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+apply (rule cont_3_def)
+apply (rule p_before_cfg_to_dag_prog.node_4)
+apply (rule disjI1)
+apply (rule p_before_cfg_to_dag_prog.block_4_def)
+apply (rule p_before_cfg_to_dag_prog.outEdges_4)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: p_before_cfg_to_dag_prog.node_4)
+apply (rule rel_p_before_ast_to_cfg_prog_bigblock_3)
+apply assumption+
+
+done
+qed
+
+lemma global_rel_p_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end p_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T p_before_ast_to_cfg_prog.bigblock_1 cont_1 p_before_cfg_to_dag_prog.proc_body 1 p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of p_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_2_def)
+
+apply (rule astTrace)
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule p_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule p_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: p_before_cfg_to_dag_prog.node_2)
+
+
+
+
+apply ((erule allE[where x=1])+)
+apply (simp add: p_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_p_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end p_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of p_before_ast_to_cfg_prog.bigblock_1 _ _ _ p_before_cfg_to_dag_prog.block_1])
+apply (simp add:p_before_ast_to_cfg_prog.bigblock_1_def p_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:p_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of p_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:p_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:p_before_cfg_to_dag_prog.block_1_def p_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_p_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def p_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_p_before_ast_to_cfg_prog_bigblock_3)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: p_before_cfg_to_dag_prog.node_3)
+apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: p_before_cfg_to_dag_prog.node_3)
+apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_p_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def p_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: p_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: p_before_cfg_to_dag_prog.block_0_def p_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_p_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end p_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_0 _ p_before_cfg_to_dag_prog.block_0])
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def p_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def p_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def p_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
+apply (rule p_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: p_before_cfg_to_dag_prog.node_0)
+apply (rule rel_p_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: p_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_p_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_p_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_ast_to_cfg_prog.pres_def p_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_ast_to_cfg_prog.pres_def p_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) p_before_ast_to_cfg_prog.fdecls p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls p_before_ast_to_cfg_prog.axioms p_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding p_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_ast_to_cfg_prog.ast_proc_def p_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..a645853
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
@@ -0,0 +1,123 @@
+theory p_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] (None ) (None ))"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_1 cont_1)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding p_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding p_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding p_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = p_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_ast_to_cfg_prog.post),proc_body = (Some (p_before_ast_to_cfg_prog.locals_vdecls,p_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
similarity index 58%
rename from BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
index 1af34bd..17f29c7 100644
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
@@ -3,31 +3,25 @@ imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global
 begin
 definition block_0
   where
-    "block_0  = [(Havoc 0)]"
+    "block_0  = [(Assign 0 (Lit (LInt 0)))]"
 definition block_1
   where
     "block_1  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
 definition block_2
   where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
 definition block_3
   where
     "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
 definition block_4
   where
-    "block_4  = [(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+    "block_4  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
 definition outEdges
   where
-    "outEdges  = [[1],[3,2],[1],[4],[6,5],[4],[]]"
+    "outEdges  = [[1],[3,2],[1],[4],[]]"
 definition node_to_blocks
   where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
 definition proc_body
   where
     "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
@@ -51,14 +45,6 @@ lemma node_4:
 shows "((nth (node_to_block proc_body) 4) = block_4)"
 by (simp add:proc_body_def node_to_blocks_def)
 
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
 lemma outEdges_0:
 shows "((nth (out_edges proc_body) 0) = [1])"
 by (simp add:proc_body_def outEdges_def)
@@ -76,15 +62,7 @@ shows "((nth (out_edges proc_body) 3) = [4])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [6,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [])"
+shows "((nth (out_edges proc_body) 4) = [])"
 by (simp add:proc_body_def outEdges_def)
 
 definition pres
@@ -99,6 +77,28 @@ definition params_vdecls :: "(vdecls)"
 definition locals_vdecls :: "(vdecls)"
   where
     "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
 lemma locals_min_aux:
 shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
 unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
@@ -110,18 +110,23 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
 by simp
 
 lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.constants_vdecls_def
 by simp
 
 lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.globals_vdecls_def
 by simp
 
 lemma params_wf:
@@ -135,7 +140,7 @@ unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
 apply (rule lookup_ty_pred_2)
 by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
 
@@ -144,11 +149,11 @@ shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_d
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-definition proc :: "(procedure)"
+definition proc :: "(mbodyCFG procedure)"
   where
     "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
 
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_passive_prog.thy
new file mode 100644
index 0000000..e08d121
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_passive_prog.thy
@@ -0,0 +1,117 @@
+theory p_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[3,1],[4],[5],[6]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_cfgtodag_proof.thy
similarity index 50%
rename from BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_cfgtodag_proof.thy
index 3bf8e12..374ba90 100644
--- a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_cfgtodag_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_cfgtodag_proof.thy
@@ -1,82 +1,149 @@
 theory p_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_ast_to_cfg_prog p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
 begin
 locale cfg_to_dag_lemmas = 
 fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
 assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+Wf_Fun: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)"
 begin
 
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
 declare Nat.One_nat_def[simp del]
 
-lemma block_anon3:
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def p_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule p_before_passive_prog.node_0)
+apply simp
+unfolding p_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma Mods_anon3_LoopBody:
+shows "(mods_contained_in (set []) p_before_cfg_to_dag_prog.block_2)"
+unfolding p_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon3_LoopBody:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_0 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_passive_prog.block_1 ns2 s' True)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_2_def p_before_passive_prog.block_0_def
+unfolding p_before_cfg_to_dag_prog.block_2_def p_before_passive_prog.block_1_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun p_before_ast_to_cfg_prog.funcs_wf p_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
+
 done
 
-lemma cfg_block_anon3:
+lemma cfg_block_anon3_LoopBody:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon3_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
 apply (rule p_before_cfg_to_dag_prog.node_2)
-apply (rule p_before_passive_prog.node_0)
+apply (rule p_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon3_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon3_LoopBody)
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:p_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon3_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma block_anon2:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_4_def p_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon2:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule p_before_cfg_to_dag_prog.node_4)
+apply (rule p_before_passive_prog.node_2)
 apply (erule DagVerifies)
 apply (rule DagAssms)
-unfolding p_before_cfg_to_dag_prog.post_def
-apply (rule block_anon3)
+apply (erule block_anon2)
 apply assumption+
-by (rule p_before_cfg_to_dag_prog.outEdges_2)
+apply (rule p_before_cfg_to_dag_prog.outEdges_4)
+apply (rule p_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
 
 
-lemma block_anon4_Then:
+lemma block_anon3_LoopDone:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_1 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_3 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_3_def p_before_passive_prog.block_1_def
+unfolding p_before_cfg_to_dag_prog.block_3_def p_before_passive_prog.block_3_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
 done
 
-lemma cfg_block_anon4_Then:
+lemma cfg_block_anon3_LoopDone:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule p_before_cfg_to_dag_prog.node_3)
-apply (rule p_before_passive_prog.node_1)
+apply (rule p_before_passive_prog.node_3)
 apply (assumption+)
-apply (rule block_anon4_Then)
+apply (rule block_anon3_LoopDone)
 apply (assumption+)
 apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
 apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=0])
-apply ((simp add:p_before_passive_prog.outEdges_1))
+apply (erule allE[where x=2])
+apply ((simp add:p_before_passive_prog.outEdges_3))
 apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
+apply (rule cfg_block_anon2)
 apply simp
 unfolding dag_lemma_assms_def
 apply (intro conjI)
@@ -88,40 +155,71 @@ apply (simp)
 by (simp add: member_rec(2))
 
 
-lemma block_anon4_Else:
+lemma Mods_anon3_LoopHead:
+shows "(mods_contained_in (set []) p_before_cfg_to_dag_prog.block_1)"
+unfolding p_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon3_LoopHead:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_2 ns2 s' False)"
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_4 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_1_def p_before_passive_prog.block_2_def
+unfolding p_before_cfg_to_dag_prog.block_1_def p_before_passive_prog.block_4_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
 done
 
-lemma cfg_block_anon4_Else:
+lemma cfg_block_anon3_LoopHead:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set []))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
 apply (rule p_before_cfg_to_dag_prog.node_1)
-apply (rule p_before_passive_prog.node_2)
+apply (rule p_before_passive_prog.node_4)
 apply (assumption+)
-apply (rule block_anon4_Else)
+apply (rule block_anon3_LoopHead)
 apply (assumption+)
+apply (rule Mods_anon3_LoopHead)
 apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
 apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=0])
-apply ((simp add:p_before_passive_prog.outEdges_2))
+apply (erule allE[where x=3])
+apply ((simp add:p_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:p_before_passive_prog.outEdges_4))
 apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
+apply (rule cfg_block_anon3_LoopBody)
 apply simp
 unfolding dag_lemma_assms_def
 apply (intro conjI)
@@ -130,32 +228,46 @@ apply simp
 apply (fastforce)
 apply (simp)
 apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
 by (simp add: member_rec(2))
+qed
+qed
 
 
 lemma block_anon0:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_3 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_passive_prog.block_5 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_3_def
+unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_5_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun p_before_ast_to_cfg_prog.funcs_wf p_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
+
 done
 
 lemma cfg_block_anon0:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule p_before_cfg_to_dag_prog.node_0)
-apply (rule p_before_passive_prog.node_3)
+apply (rule p_before_passive_prog.node_5)
 apply (assumption+)
 apply (rule block_anon0)
 apply (assumption+)
@@ -163,29 +275,15 @@ apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
 apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=1])
-apply ((simp add:p_before_passive_prog.outEdges_3))
+apply (erule allE[where x=4])
+apply ((simp add:p_before_passive_prog.outEdges_5))
 apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Then)
+apply (rule cfg_block_anon3_LoopHead)
 apply simp
 unfolding dag_lemma_assms_def
 apply (intro conjI)
 apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:p_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
+apply (erule nstate_same_on_empty_subset)
 apply (fastforce)
 apply (simp)
 apply (simp)
@@ -194,37 +292,37 @@ by (simp add: member_rec(2))
 
 lemma cfg_block_0:
 assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
 "(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
 "(state_well_typed A \<Lambda>1 [] ns1)" and 
 "(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
 shows "R"
 using assms
 apply (rule cfg_dag_empty_propagate_helper)
 apply (assumption, simp)
-apply ((simp add:p_before_passive_prog.outEdges_4))
-by ((simp add:p_before_passive_prog.node_4 p_before_passive_prog.block_4_def))
+apply ((simp add:p_before_passive_prog.outEdges_6))
+by ((simp add:p_before_passive_prog.node_6 p_before_passive_prog.block_6_def))
 
 lemma entry_lemma:
 assumes 
 "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_entry)
-apply (rule p_before_passive_prog.node_5)
+apply (rule p_before_passive_prog.node_7)
 apply (erule assms(3))
 apply (rule assms(2))
-unfolding p_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=p_before_cfg_to_dag_prog.pres])
+unfolding p_before_passive_prog.block_7_def
+apply (rule assume_pres_normal[where ?es=p_before_ast_to_cfg_prog.pres])
 apply (rule assms(4))
-unfolding p_before_cfg_to_dag_prog.pres_def
+unfolding p_before_ast_to_cfg_prog.pres_def
 apply simp
-apply (rule p_before_passive_prog.outEdges_5)
-apply ((simp add:p_before_passive_prog.node_4 p_before_passive_prog.block_4_def))
-apply (rule p_before_passive_prog.outEdges_4)
+apply (rule p_before_passive_prog.outEdges_7)
+apply ((simp add:p_before_passive_prog.node_6 p_before_passive_prog.block_6_def))
+apply (rule p_before_passive_prog.outEdges_6)
 by (rule cfg_block_anon0[OF assms(1-2)])
 
 
@@ -232,23 +330,23 @@ end
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
 lemma end_to_end_theorem_aux:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_cfg_to_dag_prog.pres)" and 
+FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_ast_to_cfg_prog.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] p_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
 proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
 show ?thesis
 apply (rule cfg_to_dag_lemmas.entry_lemma)
@@ -280,13 +378,5 @@ done
 qed
 
 
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms p_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_cfg_to_dag_prog.proc_def p_before_cfg_to_dag_prog.proc_body_def)
-
 
 end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passification_proof.thy
similarity index 65%
rename from BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passification_proof.thy
index 2b99185..8f482ce 100644
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passification_proof.thy
@@ -1,5 +1,5 @@
 theory p_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd while_example2_before_ast_cfg
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,10 +9,10 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_GeneratedUnifiedExit:
@@ -26,24 +26,23 @@ apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_anon5_LoopBody:
+lemma block_anon3_LoopBody:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(0,(Inl 4))]) R_old p_passive_prog.block_1 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inr (LInt 0))))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_1 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_example2_before_ast_cfg.l_x(2) p_passive_prog.l_x_2(2)))
 by simp
 
-lemma block_anon6_LoopDone:
+lemma block_anon2:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_2 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
+"((R 0) = (Some (Inr (LInt 0))))"
 shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_2 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding p_before_passive_prog.block_2_def p_passive_prog.block_2_def
@@ -51,85 +50,59 @@ apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_anon6_LoopBody:
+lemma block_anon3_LoopDone:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(0,(Inl 5))]) R_old p_passive_prog.block_3 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inr (LInt 0))))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_3 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding p_before_passive_prog.block_3_def p_passive_prog.block_3_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_example2_before_ast_cfg.l_x(2) p_passive_prog.l_x_4(2)))
 by simp
 
-lemma block_anon6_LoopHead:
+lemma block_anon3_LoopHead:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old p_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_4_def p_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_example2_before_ast_cfg.l_x(2) p_passive_prog.l_x_3(2)))
-by simp
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_5 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_5 s')"
+"((R 0) = (Some (Inr (LInt 0))))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_4 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_5_def p_passive_prog.block_5_def
+unfolding p_before_passive_prog.block_4_def p_passive_prog.block_4_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old p_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_6_def p_passive_prog.block_6_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_example2_before_ast_cfg.l_x(2) p_passive_prog.l_x_1(2)))
-by simp
-
 lemma block_anon0:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old p_passive_prog.block_7 s')"
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old p_passive_prog.block_5 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_7_def p_passive_prog.block_7_def
+unfolding p_before_passive_prog.block_5_def p_passive_prog.block_5_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_example2_before_ast_cfg.l_x(2) p_passive_prog.l_x_0(2)))
 by simp
 
 lemma block_0:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_6 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_8 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_6 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_8_def p_passive_prog.block_8_def
+unfolding p_before_passive_prog.block_6_def p_passive_prog.block_6_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
 lemma block_PreconditionGeneratedEntry:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_7 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_9 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_7 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_9_def p_passive_prog.block_9_def
+unfolding p_before_passive_prog.block_7_def p_passive_prog.block_7_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
@@ -141,93 +114,76 @@ assumes
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 0)))))"
 by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
 
-lemma cfg_block_anon5_LoopBody:
+lemma cfg_block_anon3_LoopBody:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inr (LInt 0))))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_anon5_LoopBody} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_anon3_LoopBody} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon6_LoopDone:
+lemma cfg_block_anon2:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
+"((R 0) = (Some (Inr (LInt 0))))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_anon6_LoopDone} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_anon2} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon6_LoopBody:
+lemma cfg_block_anon3_LoopDone:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inr (LInt 0))))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_3},@{thm p_before_passive_prog.outEdges_3}) (@{thm p_passive_prog.node_3},@{thm p_passive_prog.outEdges_3}) @{thm block_anon6_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_3},@{thm p_before_passive_prog.outEdges_3}) (@{thm p_passive_prog.node_3},@{thm p_passive_prog.outEdges_3}) @{thm block_anon3_LoopDone} [
+@{thm cfg_block_anon2}] 1\<close>))
 
-lemma cfg_block_anon6_LoopHead:
+lemma cfg_block_anon3_LoopHead:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inr (LInt 0))))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_4},@{thm p_before_passive_prog.outEdges_4}) (@{thm p_passive_prog.node_4},@{thm p_passive_prog.outEdges_4}) @{thm block_anon6_LoopHead} [
-@{thm cfg_block_anon6_LoopDone}, 
-@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_4},@{thm p_before_passive_prog.outEdges_4}) (@{thm p_passive_prog.node_4},@{thm p_passive_prog.outEdges_4}) @{thm block_anon3_LoopHead} [
+@{thm cfg_block_anon3_LoopDone}, 
+@{thm cfg_block_anon3_LoopBody}] 1\<close>))
 
-lemma cfg_block_anon5_LoopDone:
+lemma cfg_block_anon0:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_5},@{thm p_before_passive_prog.outEdges_5}) (@{thm p_passive_prog.node_5},@{thm p_passive_prog.outEdges_5}) @{thm block_anon5_LoopDone} [
-@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_5},@{thm p_before_passive_prog.outEdges_5}) (@{thm p_passive_prog.node_5},@{thm p_passive_prog.outEdges_5}) @{thm block_anon0} [
+@{thm cfg_block_anon3_LoopHead}] 1\<close>))
 
-lemma cfg_block_anon5_LoopHead:
+lemma cfg_block_0:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_6},@{thm p_before_passive_prog.outEdges_6}) (@{thm p_passive_prog.node_6},@{thm p_passive_prog.outEdges_6}) @{thm block_anon5_LoopHead} [
-@{thm cfg_block_anon5_LoopDone}, 
-@{thm cfg_block_anon5_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_7},@{thm p_before_passive_prog.outEdges_7}) (@{thm p_passive_prog.node_7},@{thm p_passive_prog.outEdges_7}) @{thm block_anon0} [
-@{thm cfg_block_anon5_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_8},@{thm p_before_passive_prog.outEdges_8}) (@{thm p_passive_prog.node_8},@{thm p_passive_prog.outEdges_8}) @{thm block_0} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_6},@{thm p_before_passive_prog.outEdges_6}) (@{thm p_passive_prog.node_6},@{thm p_passive_prog.outEdges_6}) @{thm block_0} [
 @{thm cfg_block_anon0}] 1\<close>))
 
 lemma cfg_block_PreconditionGeneratedEntry:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_9},@{thm p_before_passive_prog.outEdges_9}) (@{thm p_passive_prog.node_9},@{thm p_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_7},@{thm p_before_passive_prog.outEdges_7}) (@{thm p_passive_prog.node_7},@{thm p_passive_prog.outEdges_7}) @{thm block_PreconditionGeneratedEntry} [
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append while_example2_before_ast_cfg.params_vdecls while_example2_before_ast_cfg.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_x_1 vc_x_3 vc_x_4 vc_x_2))" and 
+Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls ns p_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -268,9 +224,7 @@ by ((simp add:BinderNs))
 lemma U0_ns_old_rel:
 shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
 apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-    apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
-  unfolding while_example2_before_ast_cfg.params_vdecls_def while_example2_before_ast_cfg.locals_vdecls_def constants_vdecls_def globals_vdecls_def
-  apply simp
+apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
 apply (rule convert_fun_to_list[OF R_old_def])
 unfolding R_old_list_def 
 apply simp
@@ -283,7 +237,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
 by simp
@@ -298,8 +252,7 @@ apply (rule R_wt)
 apply (rule inj_R_rel)
 apply simp
 apply (rule ConstsGlobal)
-  using R_well_formed apply fastforce
-  unfolding constants_vdecls_def globals_vdecls_def
+using R_well_formed apply fastforce
 using p_before_passive_prog.globals_locals_disj apply auto[1]
 using p_passive_prog.globals_locals_disj apply auto[1]
 done
@@ -314,7 +267,7 @@ lemma end_to_end:
 shows "(s' \<noteq> Failure)"
 proof
 assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 9)))))"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 7)))))"
 apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
 unfolding passive_lemma_assms_2_def
 apply (intro conjI)?
@@ -322,11 +275,11 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range p_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 7),(Normal u)) (mp',Failure))"
 by (auto simp add: passive_sim_cfg_fail_def)
 from p_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
  apply rule
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passive_prog.thy
new file mode 100644
index 0000000..c0d8cfe
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passive_prog.thy
@@ -0,0 +1,132 @@
+theory p_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Gt (Lit (LInt 0)))),(Assert (BinOp (Lit (LInt 0)) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assert (BinOp (Lit (LInt 0)) Eq (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Lit (LInt 0))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assert (BinOp (Lit (LInt 0)) Ge (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[3,1],[4],[5],[6]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_vcphase_proof.thy
new file mode 100644
index 0000000..a6aa0b3
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_vcphase_proof.thy
@@ -0,0 +1,273 @@
+theory p_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon3_LoopBody
+  where
+    "vc_anon3_LoopBody  = (((0::int) > (0::int)) \<longrightarrow> ((0::int) \<ge> (0::int)))"
+definition vc_anon2
+  where
+    "vc_anon2  = ((0::int) = (0::int))"
+definition vc_anon3_LoopDone
+  where
+    "vc_anon3_LoopDone  = (((0::int) \<ge> (0::int)) \<longrightarrow> (vc_anon2 ))"
+definition vc_anon3_LoopHead
+  where
+    "vc_anon3_LoopHead  = (((0::int) \<ge> (0::int)) \<longrightarrow> ((vc_anon3_LoopDone ) \<and> (vc_anon3_LoopBody )))"
+definition vc_anon0
+  where
+    "vc_anon0  = (((0::int) \<ge> (0::int)) \<and> (((0::int) \<ge> (0::int)) \<longrightarrow> (vc_anon3_LoopHead )))"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry  = (vc_anon0 )"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1
+lemmas forall_poly_thm = forall_vc_type[OF G1]
+lemmas exists_poly_thm = exists_vc_type[OF G1]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding p_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon3_LoopBody_hints = [
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon3_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopBody ) \<Longrightarrow> (s' = Magic)))"
+unfolding p_passive_prog.block_1_def vc.vc_anon3_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon2_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon2AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding p_passive_prog.block_2_def vc.vc_anon2_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon3_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon3_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopDone ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon2 )))))))"
+unfolding p_passive_prog.block_3_def vc.vc_anon3_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon3_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon3_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopHead ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_LoopDone ) \<and> (vc.vc_anon3_LoopBody ))))))))"
+unfolding p_passive_prog.block_4_def vc.vc_anon3_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon0_hints = [
+(AssertSub,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3_LoopHead )))))))"
+unfolding p_passive_prog.block_5_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_6 (Normal n_s) s')" and 
+"(vc.vc_anon0 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
+using assms
+unfolding p_passive_prog.block_6_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding p_passive_prog.block_7_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon3_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3_LoopBody )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) p_passive_prog.node_1])
+by (erule block_anon3_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon2:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon2 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) p_passive_prog.node_2])
+apply (erule block_anon2AA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3_LoopDone )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_3])
+apply (erule block_anon3_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3_LoopHead )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_4])
+apply (erule block_anon3_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_6])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_7])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s p_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((p_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
+apply (subst lookup_var_local[OF p_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/ROOT
new file mode 100644
index 0000000..df0bed0
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/ROOT
@@ -0,0 +1,12 @@
+session globals_proofs = Boogie_Lang + 
+directories p_proofs
+theories
+global_data
+"p_proofs/p_passification_proof"
+"p_proofs/p_vcphase_proof"
+"p_proofs/p_cfgtodag_proof"
+"p_proofs/p_passive_prog"
+"p_proofs/p_before_passive_prog"
+"p_proofs/p_asttocfg_proof"
+"p_proofs/p_before_ast_to_cfg_prog"
+"p_proofs/p_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/global_data.thy
new file mode 100644
index 0000000..7453e2c
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/global_data.thy
@@ -0,0 +1,48 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = [(''f'',0,[(TPrim TInt)],(TPrim TBool)),(''g'',0,[(TPrim TBool)],(TPrim TBool))]"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TBool),(None ))]"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 1))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 1)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma mfun_f:
+shows "((map_of fdecls ''f'') = (Some (0,[(TPrim TInt)],(TPrim TBool))))"
+by (simp add:fdecls_def)
+
+lemma mfun_g:
+shows "((map_of fdecls ''g'') = (Some (0,[(TPrim TBool)],(TPrim TBool))))"
+by (simp add:fdecls_def)
+
+lemma m_a:
+shows "((map_of (append global_data.constants_vdecls global_data.globals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:global_data.constants_vdecls_def global_data.globals_vdecls_def)
+
+lemma m_b:
+shows "((map_of (append global_data.constants_vdecls global_data.globals_vdecls) 1) = (Some ((TPrim TBool),(None ))))"
+by (simp add:global_data.constants_vdecls_def global_data.globals_vdecls_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_asttocfg_proof.thy
new file mode 100644
index 0000000..635c201
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_asttocfg_proof.thy
@@ -0,0 +1,138 @@
+theory p_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_ast_to_cfg_prog p_before_cfg_to_dag_prog p_cfgtodag_proof p_passification_proof p_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_p_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def p_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: p_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: p_before_cfg_to_dag_prog.block_0_def p_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_p_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end p_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp)
+apply (simp)
+apply (rule cont_0_def)
+apply (rule p_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+apply (rule p_before_cfg_to_dag_prog.block_0_def)
+apply (rule p_before_cfg_to_dag_prog.outEdges_0)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: p_before_cfg_to_dag_prog.node_0)
+apply (rule rel_p_before_ast_to_cfg_prog_bigblock_0)
+apply assumption+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_a::int) (vc_b::bool) (vc_x::int) (vc_f::(int => bool)) (vc_g::(bool => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_p_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_ast_to_cfg_prog.pres_def p_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_ast_to_cfg_prog.pres_def p_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_a::int) (vc_b::bool) (vc_x::int) (vc_f::(int => bool)) (vc_g::(bool => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) p_before_ast_to_cfg_prog.fdecls p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls p_before_ast_to_cfg_prog.axioms p_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding p_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_ast_to_cfg_prog.ast_proc_def p_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..5bbfb29
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
@@ -0,0 +1,131 @@
+theory p_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assume (FunExp ''f'' [] [(Var 0)])),(Assume (FunExp ''g'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 0)])),(Assert (FunExp ''g'' [] [(Var 1)]))] (None ) (None ))"
+definition cont_0
+  where
+    "cont_0  = KStop"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = [(2,(TPrim TInt),(None ))]"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = []"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = [(''f'',0,[(TPrim TInt)],(TPrim TBool)),(''g'',0,[(TPrim TBool)],(TPrim TBool))]"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TBool),(None ))]"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 1))"
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 1)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 2))"
+unfolding p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 2)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+using p_before_ast_to_cfg_prog.locals_min p_before_ast_to_cfg_prog.globals_max
+by fastforce
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding p_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding p_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding p_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma mfun_f:
+shows "((map_of fdecls ''f'') = (Some (0,[(TPrim TInt)],(TPrim TBool))))"
+by (simp add:fdecls_def)
+
+lemma mfun_g:
+shows "((map_of fdecls ''g'') = (Some (0,[(TPrim TBool)],(TPrim TBool))))"
+by (simp add:fdecls_def)
+
+lemma m_a:
+shows "((map_of (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def)
+
+lemma m_b:
+shows "((map_of (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls) 1) = (Some ((TPrim TBool),(None ))))"
+by (simp add:p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_a:
+shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_a
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_b:
+shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TBool),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TBool)))"
+using globals_locals_disj m_b
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = p_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_ast_to_cfg_prog.post),proc_body = (Some (p_before_ast_to_cfg_prog.locals_vdecls,p_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..bcc4c51
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
@@ -0,0 +1,142 @@
+theory p_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assume (FunExp ''f'' [] [(Var 0)])),(Assume (FunExp ''g'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 0)])),(Assert (FunExp ''g'' [] [(Var 1)]))]"
+definition outEdges
+  where
+    "outEdges  = [[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = [(2,(TPrim TInt),(None ))]"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = []"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = [(''f'',0,[(TPrim TInt)],(TPrim TBool)),(''g'',0,[(TPrim TBool)],(TPrim TBool))]"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TBool),(None ))]"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 1))"
+unfolding p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 1)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 2))"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 2)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+using p_before_cfg_to_dag_prog.locals_min p_before_cfg_to_dag_prog.globals_max
+by fastforce
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma mfun_f:
+shows "((map_of fdecls ''f'') = (Some (0,[(TPrim TInt)],(TPrim TBool))))"
+by (simp add:fdecls_def)
+
+lemma mfun_g:
+shows "((map_of fdecls ''g'') = (Some (0,[(TPrim TBool)],(TPrim TBool))))"
+by (simp add:fdecls_def)
+
+lemma m_a:
+shows "((map_of (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def)
+
+lemma m_b:
+shows "((map_of (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls) 1) = (Some ((TPrim TBool),(None ))))"
+by (simp add:p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_a:
+shows "((lookup_var_decl ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_a
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_b:
+shows "((lookup_var_decl ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TBool),(None ))))" and "((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TBool)))"
+using globals_locals_disj m_b
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_passive_prog.thy
new file mode 100644
index 0000000..b23d295
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_passive_prog.thy
@@ -0,0 +1,62 @@
+theory p_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assume (FunExp ''f'' [] [(Var 0)])),(Assume (FunExp ''g'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 0)])),(Assert (FunExp ''g'' [] [(Var 1)]))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 2))"
+unfolding p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 2)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+using p_before_ast_to_cfg_prog.locals_min p_before_ast_to_cfg_prog.globals_max
+by fastforce
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_cfgtodag_proof.thy
new file mode 100644
index 0000000..37c6ded
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_cfgtodag_proof.thy
@@ -0,0 +1,135 @@
+theory p_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_ast_to_cfg_prog p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule p_before_cfg_to_dag_prog.node_0)
+apply (rule p_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding p_before_ast_to_cfg_prog.post_def
+apply (rule block_anon0)
+apply assumption+
+by (rule p_before_cfg_to_dag_prog.outEdges_0)
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:p_before_passive_prog.outEdges_1))
+by ((simp add:p_before_passive_prog.node_1 p_before_passive_prog.block_1_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule p_before_passive_prog.node_2)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding p_before_passive_prog.block_2_def
+apply (rule assume_pres_normal[where ?es=p_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding p_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule p_before_passive_prog.outEdges_2)
+apply ((simp add:p_before_passive_prog.node_1 p_before_passive_prog.block_1_def))
+apply (rule p_before_passive_prog.outEdges_1)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_a::int) (vc_b::bool) (vc_x::int) (vc_f::(int => bool)) (vc_g::(bool => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule p_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passification_proof.thy
similarity index 54%
rename from BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passification_proof.thy
index a455b9b..f073e04 100644
--- a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passification_proof.thy
@@ -1,5 +1,5 @@
 theory p_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_passive_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,17 +9,18 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
-lemma block_anon3:
+lemma block_anon0:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_0 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
 shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_0 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding p_before_passive_prog.block_0_def p_passive_prog.block_0_def
@@ -27,126 +28,70 @@ apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_anon4_Then:
+lemma block_0:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 10))),(0,(Inl 2))]) R_old p_passive_prog.block_1 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_1 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_1(2)))
 by simp
 
-lemma block_anon4_Else:
+lemma block_PreconditionGeneratedEntry:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 1))),(0,(Inl 2))]) R_old p_passive_prog.block_2 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_2 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding p_before_passive_prog.block_2_def p_passive_prog.block_2_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old p_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_3_def p_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:p_before_cfg_to_dag_prog.l_x(2) p_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_4_def p_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_5_def p_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon3:
+lemma cfg_block_anon0:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
 
-lemma cfg_block_anon4_Then:
+lemma cfg_block_0:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_3},@{thm p_before_passive_prog.outEdges_3}) (@{thm p_passive_prog.node_3},@{thm p_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon4_Then}, 
-@{thm cfg_block_anon4_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_4},@{thm p_before_passive_prog.outEdges_4}) (@{thm p_passive_prog.node_4},@{thm p_passive_prog.outEdges_4}) @{thm block_0} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_0} [
 @{thm cfg_block_anon0}] 1\<close>))
 
 lemma cfg_block_PreconditionGeneratedEntry:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_5},@{thm p_before_passive_prog.outEdges_5}) (@{thm p_passive_prog.node_5},@{thm p_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_a::int) (vc_b::bool) (vc_x::int) (vc_f::(int => bool)) (vc_g::(bool => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls ns p_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -155,7 +100,7 @@ begin
 
 definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
-    "R_list  = []"
+    "R_list  = [(0,(Inl 0)),(1,(Inl 1))]"
 definition R_rel
   where
     "R_rel  = (map_of R_list)"
@@ -169,6 +114,8 @@ shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x
 apply (rule convert_fun_to_list[OF R_rel_def])
 apply ((simp add:R_list_def))
 apply ((intro conjI)?)
+apply ((simp add:p_before_ast_to_cfg_prog.l_a(2) p_passive_prog.l_a(2)))
+apply ((simp add:p_before_ast_to_cfg_prog.l_b(2) p_passive_prog.l_b(2)))
 done
 
 lemma R_wt:
@@ -200,7 +147,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
 by simp
@@ -221,7 +168,7 @@ using p_passive_prog.globals_locals_disj apply auto[1]
 done
 
 lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 1)))"
  apply (rule rel_range_fun_to_list)
 apply ((simp add:R_rel_def))
 by ((simp add:R_list_def))
@@ -230,7 +177,7 @@ lemma end_to_end:
 shows "(s' \<noteq> Failure)"
 proof
 assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 5)))))"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 2)))))"
 apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
 unfolding passive_lemma_assms_2_def
 apply (intro conjI)?
@@ -238,11 +185,11 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range p_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
 by (auto simp add: passive_sim_cfg_fail_def)
 from p_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
  apply rule
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passive_prog.thy
new file mode 100644
index 0000000..0a47d9a
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passive_prog.thy
@@ -0,0 +1,87 @@
+theory p_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assume (FunExp ''f'' [] [(Var 0)])),(Assume (FunExp ''g'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 0)])),(Assert (FunExp ''g'' [] [(Var 1)]))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = [(2,(TPrim TInt),(None ))]"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = []"
+lemma locals_min_aux:
+shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 2))"
+unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 2)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
+using p_passive_prog.locals_min p_before_ast_to_cfg_prog.globals_max
+by fastforce
+
+lemma m_x:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_a:
+shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj p_before_ast_to_cfg_prog.m_a
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_b:
+shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TBool),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some (TPrim TBool)))"
+using globals_locals_disj p_before_ast_to_cfg_prog.m_b
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_vcphase_proof.thy
new file mode 100644
index 0000000..89f9a42
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_vcphase_proof.thy
@@ -0,0 +1,228 @@
+theory p_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
+begin
+locale vc = 
+fixes f :: "(int => bool)" and g :: "(bool => bool)"
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0 a b = (((f a) \<and> (g b)) \<longrightarrow> ((f a) \<and> ((f a) \<longrightarrow> (g b))))"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry a b = (vc_anon0 a b)"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and f :: "(((ty)list) => (((('a)val)list) => ((('a)val)option)))" and vc_f :: "(int => bool)" and g :: "(((ty)list) => (((('a)val)list) => ((('a)val)option)))" and vc_g :: "(bool => bool)" and vc_a :: "int" and vc_b :: "bool" and vc_x :: "int"
+assumes 
+G0: "((\<Gamma> ''f'') = (Some f))" and 
+G1: "(\<And> farg0. ((f [] [(IntV farg0)]) = (Some (BoolV (vc_f farg0)))))" and 
+G2: "((\<Gamma> ''g'') = (Some g))" and 
+G3: "(\<And> farg0. ((g [] [(BoolV farg0)]) = (Some (BoolV (vc_g farg0)))))" and 
+G4: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_a)))" and 
+G5: "((lookup_var \<Lambda> n_s 1) = (Some (BoolV vc_b)))" and 
+G6: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x)))" and 
+G7: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7
+lemmas forall_poly_thm = forall_vc_type[OF G7]
+lemmas exists_poly_thm = exists_vc_type[OF G7]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon0_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertSub,NONE), 
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_f vc_g vc_a vc_b) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding p_passive_prog.block_0_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s')" and 
+"(vc.vc_anon0 vc_f vc_g vc_a vc_b)"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_f vc_g vc_a vc_b)))))"
+using assms
+unfolding p_passive_prog.block_1_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_f vc_g vc_a vc_b)))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding p_passive_prog.block_2_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_f vc_g vc_a vc_b)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
+using block_anon0AA0[OF _ assms(2)] by blast
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_f vc_g vc_a vc_b)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_1])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_2])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and f :: "(((ty)list) => (((('a)val)list) => ((('a)val)option)))" and vc_f :: "(int => bool)" and g :: "(((ty)list) => (((('a)val)list) => ((('a)val)option)))" and vc_g :: "(bool => bool)"
+assumes 
+G0: "((\<Gamma> ''f'') = (Some f))" and 
+G1: "(\<And> farg0. ((f [] [(IntV farg0)]) = (Some (BoolV (vc_f farg0)))))" and 
+G2: "((\<Gamma> ''g'') = (Some g))" and 
+G3: "(\<And> farg0. ((g [] [(BoolV farg0)]) = (Some (BoolV (vc_g farg0)))))" and 
+G4: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4
+lemmas forall_poly_thm = forall_vc_type[OF G4]
+lemmas exists_poly_thm = exists_vc_type[OF G4]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+fun vc_fun_f
+  where
+    "vc_fun_f A f a = (case (f [] [(IntV a)]) of 
+(Some res) \<Rightarrow> (convert_val_to_bool res)
+|(None ) \<Rightarrow> (convert_val_to_bool (val_of_closed_type A (TPrimC TBool)))
+)"
+fun vc_fun_g
+  where
+    "vc_fun_g A g b = (case (g [] [(BoolV b)]) of 
+(Some res) \<Rightarrow> (convert_val_to_bool res)
+|(None ) \<Rightarrow> (convert_val_to_bool (val_of_closed_type A (TPrimC TBool)))
+)"
+lemma vc_f_corres:
+assumes 
+FInterp: "(fun_interp_single_wf A (0,[(TPrim TInt)],(TPrim TBool)) f)"
+shows "((f [] [(IntV a)]) = (Some (BoolV (vc_fun_f A f a))))"
+proof -
+from  FInterp obtain z where W:"((f [] [(IntV a)]) = (Some (BoolV z)))"
+  apply (simp only: fun_interp_single_wf.simps) 
+  apply (erule allE[where ?x="[]"])
+  apply (simp add: )
+  apply (erule allE[where ?x="[(IntV a)]"])?
+using tbool_boolv by auto
+from this  show ?thesis 
+by (simp add: W) qed
+
+lemma vc_g_corres:
+assumes 
+FInterp: "(fun_interp_single_wf A (0,[(TPrim TBool)],(TPrim TBool)) g)"
+shows "((g [] [(BoolV b)]) = (Some (BoolV (vc_fun_g A g b))))"
+proof -
+from  FInterp obtain z where W:"((g [] [(BoolV b)]) = (Some (BoolV z)))"
+  apply (simp only: fun_interp_single_wf.simps) 
+  apply (erule allE[where ?x="[]"])
+  apply (simp add: )
+  apply (erule allE[where ?x="[(BoolV b)]"])?
+using tbool_boolv by auto
+from this  show ?thesis 
+by (simp add: W) qed
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_a::int) (vc_b::bool) (vc_x::int) (vc_f::(int => bool)) (vc_g::(bool => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s p_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((p_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+let ?f = "opaque_comp the \<Gamma> ''f''"
+have im_f:"((\<Gamma> ''f'') = (Some ?f))"
+apply (simp only:opaque_comp_def)
+by (rule finterp_member[OF FInterp p_before_ast_to_cfg_prog.mfun_f])
+let ?g = "opaque_comp the \<Gamma> ''g''"
+have im_g:"((\<Gamma> ''g'') = (Some ?g))"
+apply (simp only:opaque_comp_def)
+by (rule finterp_member[OF FInterp p_before_ast_to_cfg_prog.mfun_g])
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
+apply (subst lookup_var_local[OF p_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ConstsGlobal have sc_a:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_before_ast_to_cfg_prog.m_a])
+apply (subst lookup_var_global_disj[OF p_passive_prog.globals_locals_disj p_before_ast_to_cfg_prog.m_a])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ConstsGlobal have sc_b:"(((lookup_var ?\<Lambda> n_s 1) = (Some (BoolV (convert_val_to_bool (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TBool)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_before_ast_to_cfg_prog.m_b])
+apply (subst lookup_var_global_disj[OF p_passive_prog.globals_locals_disj p_before_ast_to_cfg_prog.m_b])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (simp add:im_f)
+apply ((rule allI | rule impI)+)?
+apply ((tactic \<open> vc_fun_corres_tac @{context} @{thm vc_f_corres} @{thm FInterp} @{thm p_before_ast_to_cfg_prog.mfun_f} @{thm im_f} 1\<close>))
+apply (simp add:im_g)
+apply ((rule allI | rule impI)+)?
+apply ((tactic \<open> vc_fun_corres_tac @{context} @{thm vc_g_corres} @{thm FInterp} @{thm p_before_ast_to_cfg_prog.mfun_g} @{thm im_g} 1\<close>))
+apply (rule HOL.conjunct1[OF sc_a])
+apply (rule HOL.conjunct1[OF sc_b])
+apply (rule HOL.conjunct1[OF sc_x])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/ROOT
new file mode 100644
index 0000000..5059ebc
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/ROOT
@@ -0,0 +1,12 @@
+session if_example_no_else_branch_proofs = Boogie_Lang + 
+directories if_example_no_else_branch_proofs
+theories
+global_data
+"if_example_no_else_branch_proofs/if_example_no_else_branch_vcphase_proof"
+"if_example_no_else_branch_proofs/if_example_no_else_branch_passification_proof"
+"if_example_no_else_branch_proofs/if_example_no_else_branch_before_ast_to_cfg_prog"
+"if_example_no_else_branch_proofs/if_example_no_else_branch_passive_prog"
+"if_example_no_else_branch_proofs/if_example_no_else_branch_before_passive_prog"
+"if_example_no_else_branch_proofs/if_example_no_else_branch_asttocfg_proof"
+"if_example_no_else_branch_proofs/if_example_no_else_branch_cfgtodag_proof"
+"if_example_no_else_branch_proofs/if_example_no_else_branch_before_cfg_to_dag_prog"
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/global_data.thy
similarity index 79%
rename from BoogieLang/generated_example_proofs/if_example_proofs/global_data.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/global_data.thy
index 51076b5..e09ac86 100644
--- a/BoogieLang/generated_example_proofs/if_example_proofs/global_data.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/global_data.thy
@@ -1,7 +1,5 @@
 theory global_data
-  imports "/home/alex/boogie_related/foundational_boogie/BoogieLang/Semantics" 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/TypeSafety" 
-          "/home/alex/boogie_related/foundational_boogie/BoogieLang/Util" 
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
 begin
 definition axioms
   where
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_asttocfg_proof.thy
new file mode 100644
index 0000000..9c00a55
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_asttocfg_proof.thy
@@ -0,0 +1,517 @@
+theory if_example_no_else_branch_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML if_example_no_else_branch_before_ast_to_cfg_prog if_example_no_else_branch_before_cfg_to_dag_prog if_example_no_else_branch_cfgtodag_proof if_example_no_else_branch_passification_proof if_example_no_else_branch_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A if_example_no_else_branch_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6_def if_example_no_else_branch_before_cfg_to_dag_prog.block_6_def)
+apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_6_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_6_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6_def)+)
+done
+
+
+lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (simp)
+apply (rule cont_6_def)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_6)
+apply (rule disjI1)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.block_6_def)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_6)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.node_6)
+apply (rule rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_6)
+apply assumption+
+
+done
+qed
+
+lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Le (Lit (LInt 5))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_5_def)
+
+apply (rule astTrace)
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_5_def)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_5)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.block_5_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_le)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_5_def)
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.node_5)
+
+
+
+
+apply ((erule allE[where x = 6])+)
+apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_5)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_6)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Le (Lit (LInt 5))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_4_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: assms(3) if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4_def)+)
+done
+
+
+lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Le (Lit (LInt 5))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_4)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.block_4_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_4_def)
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.node_4)
+apply (rule rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_4)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x = 6])+)
+apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_4)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_6)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Invs[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_3_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_3_def)
+
+apply (rule astTrace)
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_3_def)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_3)
+apply (rule disjI1)
+
+
+
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_3_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+
+
+
+
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 5])+)
+apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_5)
+apply (simp add: cont_3_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_2_def)
+
+apply (rule astTrace)
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.node_2)
+
+
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_1_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_1_def)
+apply ((simp add: assms(3) if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1_def)+)
+done
+
+
+lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1_def)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_1)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.block_1_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_1_def)
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.node_1)
+apply (rule rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_1)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0_def if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0 _ if_example_no_else_branch_before_cfg_to_dag_prog.block_0])
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.node_0)
+apply (rule rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 2])+)
+apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_0_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A if_example_no_else_branch_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) if_example_no_else_branch_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_example_no_else_branch_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.pres_def if_example_no_else_branch_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.pres_def if_example_no_else_branch_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3,bigblock_6] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def cont_6_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) if_example_no_else_branch_before_ast_to_cfg_prog.fdecls if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.axioms if_example_no_else_branch_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 if_example_no_else_branch_before_ast_to_cfg_prog.ast_proc_def if_example_no_else_branch_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..04a1cfd
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_ast_to_cfg_prog.thy
@@ -0,0 +1,141 @@
+theory if_example_no_else_branch_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) [(BigBlock (None ) [(Assign 0 (Lit (LInt 10)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [(Assign 0 (Lit (LInt 10)))] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 0) Le (Lit (LInt 5)))) [(BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))] (None ) (None ))"
+definition cont_6
+  where
+    "cont_6  = KStop"
+definition cont_3
+  where
+    "cont_3  = (KSeq bigblock_6 cont_6)"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_6 cont_6)"
+definition cont_5
+  where
+    "cont_5  = (KSeq bigblock_6 cont_6)"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KSeq bigblock_3 cont_3)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3,bigblock_6]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_example_no_else_branch_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec if_example_no_else_branch_before_ast_to_cfg_prog.post),proc_body = (Some (if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls,if_example_no_else_branch_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..166f702
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_cfg_to_dag_prog.thy
@@ -0,0 +1,182 @@
+theory if_example_no_else_branch_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0)))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 0) Le (Lit (LInt 5)))),(Assign 0 (Lit (LInt 1)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 5)) Lt (Var 0)))]"
+definition block_6
+  where
+    "block_6  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1,2],[3],[3],[4,5],[6],[6],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [4,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls),(append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls),(append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls),(append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_example_no_else_branch_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec if_example_no_else_branch_before_cfg_to_dag_prog.post),proc_body = (Some (if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls,if_example_no_else_branch_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_passive_prog.thy
new file mode 100644
index 0000000..5502ba7
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_passive_prog.thy
@@ -0,0 +1,128 @@
+theory if_example_no_else_branch_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util if_example_no_else_branch_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Le (Lit (LInt 5)))),(Assign 0 (Lit (LInt 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Lt (Var 0)))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0)))]"
+definition block_6
+  where
+    "block_6  = [(Havoc 0)]"
+definition block_7
+  where
+    "block_7  = []"
+definition block_8
+  where
+    "block_8  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[3],[4,5],[6],[7]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 8,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [4,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_cfgtodag_proof.thy
new file mode 100644
index 0000000..bae361e
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_cfgtodag_proof.thy
@@ -0,0 +1,433 @@
+theory if_example_no_else_branch_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML if_example_no_else_branch_before_ast_to_cfg_prog if_example_no_else_branch_before_cfg_to_dag_prog if_example_no_else_branch_before_passive_prog if_example_no_else_branch_passification_proof if_example_no_else_branch_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A if_example_no_else_branch_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon6:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_6_def if_example_no_else_branch_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_6)
+apply (rule if_example_no_else_branch_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.post_def
+apply (rule block_anon6)
+apply assumption+
+by (rule if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_6)
+
+
+lemma block_anon8_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_4_def if_example_no_else_branch_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_4)
+apply (rule if_example_no_else_branch_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon8_Then)
+apply (assumption+)
+apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_1))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon8_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_5_def if_example_no_else_branch_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_5)
+apply (rule if_example_no_else_branch_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon8_Else)
+apply (assumption+)
+apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_2))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_3_def if_example_no_else_branch_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_3)
+apply (rule if_example_no_else_branch_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon3)
+apply (assumption+)
+apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon7_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_1_def if_example_no_else_branch_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_1)
+apply (rule if_example_no_else_branch_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon7_Then)
+apply (assumption+)
+apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon7_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_2_def if_example_no_else_branch_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_2)
+apply (rule if_example_no_else_branch_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon7_Else)
+apply (assumption+)
+apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def if_example_no_else_branch_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_0)
+apply (rule if_example_no_else_branch_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_7))
+by ((simp add:if_example_no_else_branch_before_passive_prog.node_7 if_example_no_else_branch_before_passive_prog.block_7_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 if_example_no_else_branch_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule if_example_no_else_branch_before_passive_prog.node_8)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding if_example_no_else_branch_before_passive_prog.block_8_def
+apply (rule assume_pres_normal[where ?es=if_example_no_else_branch_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule if_example_no_else_branch_before_passive_prog.outEdges_8)
+apply ((simp add:if_example_no_else_branch_before_passive_prog.node_7 if_example_no_else_branch_before_passive_prog.block_7_def))
+apply (rule if_example_no_else_branch_before_passive_prog.outEdges_7)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A if_example_no_else_branch_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) if_example_no_else_branch_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_example_no_else_branch_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule if_example_no_else_branch_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passification_proof.thy
new file mode 100644
index 0000000..23acd96
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passification_proof.thy
@@ -0,0 +1,328 @@
+theory if_example_no_else_branch_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util if_example_no_else_branch_before_ast_to_cfg_prog if_example_no_else_branch_passive_prog Boogie_Lang.PassificationML if_example_no_else_branch_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon6:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_no_else_branch_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_no_else_branch_before_passive_prog.block_0_def if_example_no_else_branch_passive_prog.block_0_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inr (LInt 1))),(0,(Inl 3))]) R_old if_example_no_else_branch_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_no_else_branch_before_passive_prog.block_1_def if_example_no_else_branch_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:if_example_no_else_branch_before_ast_to_cfg_prog.l_x(2) if_example_no_else_branch_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon8_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old if_example_no_else_branch_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_no_else_branch_before_passive_prog.block_2_def if_example_no_else_branch_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:if_example_no_else_branch_before_ast_to_cfg_prog.l_x(2) if_example_no_else_branch_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_no_else_branch_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_no_else_branch_before_passive_prog.block_3_def if_example_no_else_branch_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 10))),(0,(Inl 2))]) R_old if_example_no_else_branch_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_no_else_branch_before_passive_prog.block_4_def if_example_no_else_branch_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:if_example_no_else_branch_before_ast_to_cfg_prog.l_x(2) if_example_no_else_branch_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon7_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old if_example_no_else_branch_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_no_else_branch_before_passive_prog.block_5_def if_example_no_else_branch_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:if_example_no_else_branch_before_ast_to_cfg_prog.l_x(2) if_example_no_else_branch_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old if_example_no_else_branch_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_no_else_branch_before_passive_prog.block_6_def if_example_no_else_branch_passive_prog.block_6_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:if_example_no_else_branch_before_ast_to_cfg_prog.l_x(2) if_example_no_else_branch_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_no_else_branch_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_no_else_branch_before_passive_prog.block_7_def if_example_no_else_branch_passive_prog.block_7_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_no_else_branch_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_no_else_branch_before_passive_prog.block_8_def if_example_no_else_branch_passive_prog.block_8_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon6:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_no_else_branch_before_passive_prog.node_0},@{thm if_example_no_else_branch_before_passive_prog.outEdges_0}) (@{thm if_example_no_else_branch_passive_prog.node_0},@{thm if_example_no_else_branch_passive_prog.outEdges_0}) @{thm block_anon6} [] 1\<close>))
+
+lemma cfg_block_anon8_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_no_else_branch_before_passive_prog.node_1},@{thm if_example_no_else_branch_before_passive_prog.outEdges_1}) (@{thm if_example_no_else_branch_passive_prog.node_1},@{thm if_example_no_else_branch_passive_prog.outEdges_1}) @{thm block_anon8_Then} [
+@{thm cfg_block_anon6}] 1\<close>))
+
+lemma cfg_block_anon8_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_no_else_branch_before_passive_prog.node_2},@{thm if_example_no_else_branch_before_passive_prog.outEdges_2}) (@{thm if_example_no_else_branch_passive_prog.node_2},@{thm if_example_no_else_branch_passive_prog.outEdges_2}) @{thm block_anon8_Else} [
+@{thm cfg_block_anon6}] 1\<close>))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_no_else_branch_before_passive_prog.node_3},@{thm if_example_no_else_branch_before_passive_prog.outEdges_3}) (@{thm if_example_no_else_branch_passive_prog.node_3},@{thm if_example_no_else_branch_passive_prog.outEdges_3}) @{thm block_anon3} [
+@{thm cfg_block_anon8_Then}, 
+@{thm cfg_block_anon8_Else}] 1\<close>))
+
+lemma cfg_block_anon7_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_no_else_branch_before_passive_prog.node_4},@{thm if_example_no_else_branch_before_passive_prog.outEdges_4}) (@{thm if_example_no_else_branch_passive_prog.node_4},@{thm if_example_no_else_branch_passive_prog.outEdges_4}) @{thm block_anon7_Then} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon7_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_no_else_branch_before_passive_prog.node_5},@{thm if_example_no_else_branch_before_passive_prog.outEdges_5}) (@{thm if_example_no_else_branch_passive_prog.node_5},@{thm if_example_no_else_branch_passive_prog.outEdges_5}) @{thm block_anon7_Else} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_example_no_else_branch_before_passive_prog.node_6},@{thm if_example_no_else_branch_before_passive_prog.outEdges_6}) (@{thm if_example_no_else_branch_passive_prog.node_6},@{thm if_example_no_else_branch_passive_prog.outEdges_6}) @{thm block_anon0} [
+@{thm cfg_block_anon7_Then}, 
+@{thm cfg_block_anon7_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_example_no_else_branch_before_passive_prog.node_7},@{thm if_example_no_else_branch_before_passive_prog.outEdges_7}) (@{thm if_example_no_else_branch_passive_prog.node_7},@{thm if_example_no_else_branch_passive_prog.outEdges_7}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_example_no_else_branch_before_passive_prog.node_8},@{thm if_example_no_else_branch_before_passive_prog.outEdges_8}) (@{thm if_example_no_else_branch_passive_prog.node_8},@{thm if_example_no_else_branch_passive_prog.outEdges_8}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 8),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A if_example_no_else_branch_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls ns if_example_no_else_branch_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv if_example_no_else_branch_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding if_example_no_else_branch_passive_prog.params_vdecls_def if_example_no_else_branch_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using if_example_no_else_branch_before_passive_prog.globals_locals_disj apply auto[1]
+using if_example_no_else_branch_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] if_example_no_else_branch_passive_prog.proc_body u (Inl 8)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range if_example_no_else_branch_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] if_example_no_else_branch_passive_prog.proc_body ((Inl 8),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from if_example_no_else_branch_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passive_prog.thy
new file mode 100644
index 0000000..449fbbb
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passive_prog.thy
@@ -0,0 +1,170 @@
+theory if_example_no_else_branch_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util if_example_no_else_branch_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 3) Gt (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 2) Le (Lit (LInt 5)))),(Assume (BinOp (Var 3) Eq (Lit (LInt 1))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Lt (Var 2))),(Assume (BinOp (Var 3) Eq (Var 2)))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 5)))),(Assume (BinOp (Var 2) Eq (Lit (LInt 10))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 1))),(Assume (BinOp (Var 2) Eq (Var 1)))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = []"
+definition block_8
+  where
+    "block_8  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[3],[4,5],[6],[7]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 8,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [4,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding if_example_no_else_branch_passive_prog.params_vdecls_def if_example_no_else_branch_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)))) = {})"
+unfolding if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_vcphase_proof.thy
new file mode 100644
index 0000000..efd582d
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_vcphase_proof.thy
@@ -0,0 +1,327 @@
+theory if_example_no_else_branch_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML if_example_no_else_branch_passive_prog if_example_no_else_branch_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon6
+  where
+    "vc_anon6 x_2 = (x_2 > (0::int))"
+definition vc_anon8_Then
+  where
+    "vc_anon8_Then x_1 x_2 = (((x_1 \<le> (5::int)) \<and> (x_2 = (1::int))) \<longrightarrow> (vc_anon6 x_2))"
+definition vc_anon8_Else
+  where
+    "vc_anon8_Else x_1 x_2 = ((((5::int) < x_1) \<and> (x_2 = x_1)) \<longrightarrow> (vc_anon6 x_2))"
+definition vc_anon7_Then
+  where
+    "vc_anon7_Then x_0 x_1 x_2 = (((x_0 > (5::int)) \<and> (x_1 = (10::int))) \<longrightarrow> ((vc_anon8_Then x_1 x_2) \<and> (vc_anon8_Else x_1 x_2)))"
+definition vc_anon7_Else
+  where
+    "vc_anon7_Else x_0 x_1 x_2 = ((((5::int) \<ge> x_0) \<and> (x_1 = x_0)) \<longrightarrow> ((vc_anon8_Then x_1 x_2) \<and> (vc_anon8_Else x_1 x_2)))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 x_1 x_2 = ((vc_anon7_Then x_0 x_1 x_2) \<and> (vc_anon7_Else x_0 x_1 x_2))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_2)))" and 
+G4: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4
+lemmas forall_poly_thm = forall_vc_type[OF G4]
+lemmas exists_poly_thm = exists_vc_type[OF G4]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon6_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon6AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding if_example_no_else_branch_passive_prog.block_0_def vc.vc_anon6_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_Then_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon8_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_Then vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6 vc_x_2)))))))"
+unfolding if_example_no_else_branch_passive_prog.block_1_def vc.vc_anon8_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_Else_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon8_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_Else vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6 vc_x_2)))))))"
+unfolding if_example_no_else_branch_passive_prog.block_2_def vc.vc_anon8_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_3 (Normal n_s) s')" and 
+"((vc.vc_anon8_Then vc_x_1 vc_x_2) \<and> (vc.vc_anon8_Else vc_x_1 vc_x_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_Then vc_x_1 vc_x_2) \<and> (vc.vc_anon8_Else vc_x_1 vc_x_2))))))"
+using assms
+unfolding if_example_no_else_branch_passive_prog.block_3_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon7_Then_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon7_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_Then vc_x_1 vc_x_2) \<and> (vc.vc_anon8_Else vc_x_1 vc_x_2))))))))"
+unfolding if_example_no_else_branch_passive_prog.block_4_def vc.vc_anon7_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon7_Else_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon7_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_Then vc_x_1 vc_x_2) \<and> (vc.vc_anon8_Else vc_x_1 vc_x_2))))))))"
+unfolding if_example_no_else_branch_passive_prog.block_5_def vc.vc_anon7_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_6 (Normal n_s) s')" and 
+"((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))))))"
+using assms
+unfolding if_example_no_else_branch_passive_prog.block_6_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_7 (Normal n_s) s')" and 
+"((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))))))"
+using assms
+unfolding if_example_no_else_branch_passive_prog.block_7_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding if_example_no_else_branch_passive_prog.block_8_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon6:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) if_example_no_else_branch_passive_prog.node_0 if_example_no_else_branch_passive_prog.outEdges_0])
+using block_anon6AA0[OF _ assms(2)] by blast
+
+lemma cfg_block_anon8_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon8_Then vc_x_1 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_1])
+apply (erule block_anon8_ThenAA0[OF _ assms(2)])
+apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon8_Else vc_x_1 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_2])
+apply (erule block_anon8_ElseAA0[OF _ assms(2)])
+apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon8_Then vc_x_1 vc_x_2) \<and> (vc.vc_anon8_Else vc_x_1 vc_x_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_3])
+apply (erule block_anon3[OF _ assms(2)])
+apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_4])
+apply (erule block_anon7_ThenAA0[OF _ assms(2)])
+apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_5])
+apply (erule block_anon7_ElseAA0[OF _ assms(2)])
+apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_6])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_7])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_8])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) \<Gamma> [] if_example_no_else_branch_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A if_example_no_else_branch_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) if_example_no_else_branch_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_no_else_branch_passive_prog.m_x])
+apply (subst lookup_var_local[OF if_example_no_else_branch_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_no_else_branch_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF if_example_no_else_branch_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_no_else_branch_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF if_example_no_else_branch_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_no_else_branch_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF if_example_no_else_branch_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/ROOT
new file mode 100644
index 0000000..939a0b0
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/ROOT
@@ -0,0 +1,12 @@
+session if_example_proofs = Boogie_Lang + 
+directories if_example_test_2_proofs
+theories
+global_data
+"if_example_test_2_proofs/if_example_test_2_before_cfg_to_dag_prog"
+"if_example_test_2_proofs/if_example_test_2_passification_proof"
+"if_example_test_2_proofs/if_example_test_2_before_ast_to_cfg_prog"
+"if_example_test_2_proofs/if_example_test_2_cfgtodag_proof"
+"if_example_test_2_proofs/if_example_test_2_asttocfg_proof"
+"if_example_test_2_proofs/if_example_test_2_before_passive_prog"
+"if_example_test_2_proofs/if_example_test_2_vcphase_proof"
+"if_example_test_2_proofs/if_example_test_2_passive_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_asttocfg_proof.thy
new file mode 100644
index 0000000..bb83437
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_asttocfg_proof.thy
@@ -0,0 +1,360 @@
+theory if_example_test_2_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML if_example_test_2_before_ast_to_cfg_prog if_example_test_2_before_cfg_to_dag_prog if_example_test_2_cfgtodag_proof if_example_test_2_passification_proof if_example_test_2_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A if_example_test_2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_3_def if_example_test_2_before_cfg_to_dag_prog.block_3_def)
+apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.block_3_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.block_3_def if_example_test_2_before_ast_to_cfg_prog.bigblock_3_def)+)
+done
+
+
+lemma global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_test_2_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+apply (rule cont_3_def)
+apply (rule if_example_test_2_before_cfg_to_dag_prog.node_3)
+apply (rule disjI1)
+apply (rule if_example_test_2_before_cfg_to_dag_prog.block_3_def)
+apply (rule if_example_test_2_before_cfg_to_dag_prog.outEdges_3)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: if_example_test_2_before_cfg_to_dag_prog.node_3)
+apply (rule rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_3)
+apply assumption+
+
+done
+qed
+
+lemma rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV False))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding if_example_test_2_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_fails_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply (simp add: if_example_test_2_before_cfg_to_dag_prog.block_2_def)
+apply (rule push_through_assumption1)
+apply (simp)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply ((simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_2_def)+)
+apply (rule neg_gt)
+apply (rule guardHint)
+done
+
+
+lemma global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_test_2_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule if_example_test_2_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule if_example_test_2_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: if_example_test_2_before_cfg_to_dag_prog.node_2)
+apply (rule rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_2)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
+unfolding if_example_test_2_before_cfg_to_dag_prog.block_1_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: if_example_test_2_before_cfg_to_dag_prog.block_1_def)
+apply ((simp add: assms(3) if_example_test_2_before_ast_to_cfg_prog.bigblock_1_def)+)
+done
+
+
+lemma global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_test_2_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_1_def)
+apply (rule if_example_test_2_before_cfg_to_dag_prog.node_1)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule if_example_test_2_before_cfg_to_dag_prog.block_1_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_1_def)
+apply (simp add: if_example_test_2_before_cfg_to_dag_prog.node_1)
+apply (rule rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_1)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_3)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_0_def if_example_test_2_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.block_0_def if_example_test_2_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_test_2_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_0 _ if_example_test_2_before_cfg_to_dag_prog.block_0])
+apply (simp add: if_example_test_2_before_cfg_to_dag_prog.block_0_def if_example_test_2_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: if_example_test_2_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule if_example_test_2_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: if_example_test_2_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: if_example_test_2_before_cfg_to_dag_prog.node_0)
+apply (rule rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def if_example_test_2_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 2])+)
+apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_0_def if_example_test_2_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (if_example_test_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A if_example_test_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> if_example_test_2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) if_example_test_2_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_example_test_2_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def if_example_test_2_before_ast_to_cfg_prog.pres_def if_example_test_2_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def if_example_test_2_before_ast_to_cfg_prog.pres_def if_example_test_2_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (if_example_test_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) if_example_test_2_before_ast_to_cfg_prog.fdecls if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls if_example_test_2_before_ast_to_cfg_prog.axioms if_example_test_2_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding if_example_test_2_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 if_example_test_2_before_ast_to_cfg_prog.ast_proc_def if_example_test_2_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..78fef09
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_ast_to_cfg_prog.thy
@@ -0,0 +1,123 @@
+theory if_example_test_2_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) [(BigBlock (None ) [(Assign 0 (Lit (LInt 10)))] (None ) (None ))] [(BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [(Assign 0 (Lit (LInt 10)))] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))] (None ) (None ))"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KSeq bigblock_3 cont_3)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding if_example_test_2_before_ast_to_cfg_prog.constants_vdecls_def if_example_test_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding if_example_test_2_before_ast_to_cfg_prog.constants_vdecls_def if_example_test_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding if_example_test_2_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding if_example_test_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = if_example_test_2_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_example_test_2_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec if_example_test_2_before_ast_to_cfg_prog.post),proc_body = (Some (if_example_test_2_before_ast_to_cfg_prog.locals_vdecls,if_example_test_2_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..8e67200
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_cfg_to_dag_prog.thy
@@ -0,0 +1,149 @@
+theory if_example_test_2_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]"
+definition block_3
+  where
+    "block_3  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1,2],[3],[3],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding if_example_test_2_before_cfg_to_dag_prog.constants_vdecls_def if_example_test_2_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding if_example_test_2_before_cfg_to_dag_prog.constants_vdecls_def if_example_test_2_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding if_example_test_2_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding if_example_test_2_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls),(append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls),(append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls),(append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = if_example_test_2_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_example_test_2_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec if_example_test_2_before_cfg_to_dag_prog.post),proc_body = (Some (if_example_test_2_before_cfg_to_dag_prog.locals_vdecls,if_example_test_2_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_passive_prog.thy
similarity index 64%
rename from BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_passive_prog.thy
index 414667a..7bff80d 100644
--- a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_passive_prog.thy
@@ -1,5 +1,5 @@
-theory p_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_cfg_to_dag_prog
+theory if_example_test_2_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util if_example_test_2_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -77,18 +77,18 @@ shows "((nth (out_edges proc_body) 5) = [4])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding if_example_test_2_before_ast_to_cfg_prog.constants_vdecls_def if_example_test_2_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_cfgtodag_proof.thy
new file mode 100644
index 0000000..271e527
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_cfgtodag_proof.thy
@@ -0,0 +1,284 @@
+theory if_example_test_2_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML if_example_test_2_before_ast_to_cfg_prog if_example_test_2_before_cfg_to_dag_prog if_example_test_2_before_passive_prog if_example_test_2_passification_proof if_example_test_2_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A if_example_test_2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_test_2_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_example_test_2_before_cfg_to_dag_prog.block_3_def if_example_test_2_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule if_example_test_2_before_cfg_to_dag_prog.node_3)
+apply (rule if_example_test_2_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding if_example_test_2_before_ast_to_cfg_prog.post_def
+apply (rule block_anon3)
+apply assumption+
+by (rule if_example_test_2_before_cfg_to_dag_prog.outEdges_3)
+
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_test_2_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_example_test_2_before_cfg_to_dag_prog.block_1_def if_example_test_2_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_example_test_2_before_cfg_to_dag_prog.node_1)
+apply (rule if_example_test_2_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon4_Then)
+apply (assumption+)
+apply ((simp add:if_example_test_2_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:if_example_test_2_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:if_example_test_2_before_passive_prog.outEdges_1))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_test_2_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_example_test_2_before_cfg_to_dag_prog.block_2_def if_example_test_2_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_example_test_2_before_cfg_to_dag_prog.node_2)
+apply (rule if_example_test_2_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon4_Else)
+apply (assumption+)
+apply ((simp add:if_example_test_2_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:if_example_test_2_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=0])
+apply ((simp add:if_example_test_2_before_passive_prog.outEdges_2))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_test_2_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_example_test_2_before_cfg_to_dag_prog.block_0_def if_example_test_2_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_example_test_2_before_cfg_to_dag_prog.node_0)
+apply (rule if_example_test_2_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:if_example_test_2_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:if_example_test_2_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:if_example_test_2_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:if_example_test_2_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:if_example_test_2_before_passive_prog.outEdges_4))
+by ((simp add:if_example_test_2_before_passive_prog.node_4 if_example_test_2_before_passive_prog.block_4_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 if_example_test_2_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule if_example_test_2_before_passive_prog.node_5)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding if_example_test_2_before_passive_prog.block_5_def
+apply (rule assume_pres_normal[where ?es=if_example_test_2_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding if_example_test_2_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule if_example_test_2_before_passive_prog.outEdges_5)
+apply ((simp add:if_example_test_2_before_passive_prog.node_4 if_example_test_2_before_passive_prog.block_4_def))
+apply (rule if_example_test_2_before_passive_prog.outEdges_4)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A if_example_test_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> if_example_test_2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) if_example_test_2_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_example_test_2_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule if_example_test_2_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passification_proof.thy
new file mode 100644
index 0000000..daed1f0
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passification_proof.thy
@@ -0,0 +1,262 @@
+theory if_example_test_2_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util if_example_test_2_before_ast_to_cfg_prog if_example_test_2_passive_prog Boogie_Lang.PassificationML if_example_test_2_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_test_2_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_test_2_before_passive_prog.block_0_def if_example_test_2_passive_prog.block_0_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 10))),(0,(Inl 2))]) R_old if_example_test_2_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_test_2_before_passive_prog.block_1_def if_example_test_2_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:if_example_test_2_before_ast_to_cfg_prog.l_x(2) if_example_test_2_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon4_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 1))),(0,(Inl 2))]) R_old if_example_test_2_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_test_2_before_passive_prog.block_2_def if_example_test_2_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:if_example_test_2_before_ast_to_cfg_prog.l_x(2) if_example_test_2_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old if_example_test_2_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_test_2_before_passive_prog.block_3_def if_example_test_2_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:if_example_test_2_before_ast_to_cfg_prog.l_x(2) if_example_test_2_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_test_2_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_test_2_before_passive_prog.block_4_def if_example_test_2_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_test_2_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_example_test_2_before_passive_prog.block_5_def if_example_test_2_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_test_2_before_passive_prog.node_0},@{thm if_example_test_2_before_passive_prog.outEdges_0}) (@{thm if_example_test_2_passive_prog.node_0},@{thm if_example_test_2_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
+
+lemma cfg_block_anon4_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_test_2_before_passive_prog.node_1},@{thm if_example_test_2_before_passive_prog.outEdges_1}) (@{thm if_example_test_2_passive_prog.node_1},@{thm if_example_test_2_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon4_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_test_2_before_passive_prog.node_2},@{thm if_example_test_2_before_passive_prog.outEdges_2}) (@{thm if_example_test_2_passive_prog.node_2},@{thm if_example_test_2_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_example_test_2_before_passive_prog.node_3},@{thm if_example_test_2_before_passive_prog.outEdges_3}) (@{thm if_example_test_2_passive_prog.node_3},@{thm if_example_test_2_passive_prog.outEdges_3}) @{thm block_anon0} [
+@{thm cfg_block_anon4_Then}, 
+@{thm cfg_block_anon4_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_example_test_2_before_passive_prog.node_4},@{thm if_example_test_2_before_passive_prog.outEdges_4}) (@{thm if_example_test_2_passive_prog.node_4},@{thm if_example_test_2_passive_prog.outEdges_4}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_example_test_2_before_passive_prog.node_5},@{thm if_example_test_2_before_passive_prog.outEdges_5}) (@{thm if_example_test_2_passive_prog.node_5},@{thm if_example_test_2_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A if_example_test_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> if_example_test_2_before_ast_to_cfg_prog.constants_vdecls ns if_example_test_2_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv if_example_test_2_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding if_example_test_2_before_ast_to_cfg_prog.constants_vdecls_def if_example_test_2_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding if_example_test_2_passive_prog.params_vdecls_def if_example_test_2_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using if_example_test_2_before_passive_prog.globals_locals_disj apply auto[1]
+using if_example_test_2_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] if_example_test_2_passive_prog.proc_body u (Inl 5)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range if_example_test_2_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] if_example_test_2_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from if_example_test_2_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passive_prog.thy
new file mode 100644
index 0000000..e717c53
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passive_prog.thy
@@ -0,0 +1,128 @@
+theory if_example_test_2_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util if_example_test_2_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (BinOp (Var 2) Gt (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 5)))),(Assume (BinOp (Var 2) Eq (Lit (LInt 10))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 1))),(Assume (BinOp (Var 2) Eq (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding if_example_test_2_passive_prog.params_vdecls_def if_example_test_2_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)))) = {})"
+unfolding if_example_test_2_before_ast_to_cfg_prog.constants_vdecls_def if_example_test_2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_vcphase_proof.thy
similarity index 55%
rename from BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_vcphase_proof.thy
index baa46e7..c29b279 100644
--- a/BoogieLang/generated_example_proofs/if_example_proofs/p_proofs/p_vcphase_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_vcphase_proof.thy
@@ -1,5 +1,5 @@
-theory p_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
+theory if_example_test_2_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML if_example_test_2_passive_prog if_example_test_2_before_passive_prog
 begin
 locale vc
 begin
@@ -38,8 +38,8 @@ val block_anon3_hints = [
 (AssertNoConj,NONE)]
 \<close>
 lemma block_anon3AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding p_passive_prog.block_0_def vc.vc_anon3_def
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding if_example_test_2_passive_prog.block_0_def vc.vc_anon3_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
 by (auto?)
 
@@ -49,8 +49,8 @@ val block_anon4_Then_hints = [
 (AssumeConjR 0,NONE)]
 \<close>
 lemma block_anon4_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
-unfolding p_passive_prog.block_1_def vc.vc_anon4_Then_def
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
+unfolding if_example_test_2_passive_prog.block_1_def vc.vc_anon4_Then_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
 by (auto?)
 
@@ -60,83 +60,83 @@ val block_anon4_Else_hints = [
 (AssumeConjR 0,NONE)]
 \<close>
 lemma block_anon4_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
-unfolding p_passive_prog.block_2_def vc.vc_anon4_Else_def
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
+unfolding if_example_test_2_passive_prog.block_2_def vc.vc_anon4_Else_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
 by (auto?)
 
 lemma block_anon0:
 assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_3 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.block_3 (Normal n_s) s')" and 
 "((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
 shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
 using assms
-unfolding p_passive_prog.block_3_def
+unfolding if_example_test_2_passive_prog.block_3_def
 apply cases
 by auto
 
 lemma block_0:
 assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_4 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.block_4 (Normal n_s) s')" and 
 "((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
 shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
 using assms
-unfolding p_passive_prog.block_4_def
+unfolding if_example_test_2_passive_prog.block_4_def
 apply cases
 by auto
 
 lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))))"
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))))"
 apply (erule red_cmd_list.cases)
 using global_assms
-unfolding p_passive_prog.block_5_def vc.vc_anon0_def
+unfolding if_example_test_2_passive_prog.block_5_def vc.vc_anon0_def
 apply (handle_cmd_list_full?)
 by (auto?)
 
 lemma cfg_block_anon3:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon3 vc_x_1)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) if_example_test_2_passive_prog.node_0 if_example_test_2_passive_prog.outEdges_0])
 using block_anon3AA0[OF _ assms(2)] by blast
 
 lemma cfg_block_anon4_Then:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon4_Then vc_x_0 vc_x_1)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_1])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_test_2_passive_prog.node_1])
 apply (erule block_anon4_ThenAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_1))
+apply ((simp add:if_example_test_2_passive_prog.outEdges_1))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon3, simp?)
 by (simp add: member_rec(2))
 
 lemma cfg_block_anon4_Else:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon4_Else vc_x_0 vc_x_1)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_2])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_test_2_passive_prog.node_2])
 apply (erule block_anon4_ElseAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_2))
+apply ((simp add:if_example_test_2_passive_prog.outEdges_2))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon3, simp?)
 by (simp add: member_rec(2))
 
 lemma cfg_block_anon0:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
 "((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_3])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_test_2_passive_prog.node_3])
 apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_3))
+apply ((simp add:if_example_test_2_passive_prog.outEdges_3))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon4_Then, simp?)
 apply (erule member_elim, simp)
@@ -145,26 +145,26 @@ by (simp add: member_rec(2))
 
 lemma cfg_block_0:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
 "((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_4])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_test_2_passive_prog.node_4])
 apply (erule block_0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_4))
+apply ((simp add:if_example_test_2_passive_prog.outEdges_4))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon0, simp?)
 by (simp add: member_rec(2))
 
 lemma cfg_PreconditionGeneratedEntry:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon0 vc_x_0 vc_x_1)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_5])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_test_2_passive_prog.node_5])
 apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_5))
+apply ((simp add:if_example_test_2_passive_prog.outEdges_5))
 apply (erule member_elim, simp)
 apply (erule cfg_block_0, simp?)
 by (simp add: member_rec(2))
@@ -196,33 +196,33 @@ declare One_nat_def[simp del]
 
 lemma end_to_end:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) \<Gamma> [] if_example_test_2_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+FInterp: "(fun_interp_wf A if_example_test_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> if_example_test_2_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) if_example_test_2_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls))"
 shows "(s' \<noteq> Failure)"
 proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+let ?n_s_c = "(nstate_global_restriction n_s if_example_test_2_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((if_example_test_2_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
 from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
-apply (subst lookup_var_local[OF p_passive_prog.m_x])+
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_test_2_passive_prog.m_x])
+apply (subst lookup_var_local[OF if_example_test_2_passive_prog.m_x])+
 by (fastforce dest: tint_intv tbool_boolv)
 from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_0])+
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_test_2_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF if_example_test_2_passive_prog.m_x_0])+
 by (fastforce dest: tint_intv tbool_boolv)
 from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF p_passive_prog.m_x_1])+
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_test_2_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF if_example_test_2_passive_prog.m_x_1])+
 by (fastforce dest: tint_intv tbool_boolv)
 show "(s' \<noteq> Failure)"
 apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/ROOT
new file mode 100644
index 0000000..6cafaa5
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/ROOT
@@ -0,0 +1,12 @@
+session if_inside_loop_proofs = Boogie_Lang + 
+directories if_inside_while_proofs
+theories
+global_data
+"if_inside_while_proofs/if_inside_while_passive_prog"
+"if_inside_while_proofs/if_inside_while_vcphase_proof"
+"if_inside_while_proofs/if_inside_while_before_ast_to_cfg_prog"
+"if_inside_while_proofs/if_inside_while_cfgtodag_proof"
+"if_inside_while_proofs/if_inside_while_before_passive_prog"
+"if_inside_while_proofs/if_inside_while_passification_proof"
+"if_inside_while_proofs/if_inside_while_asttocfg_proof"
+"if_inside_while_proofs/if_inside_while_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_asttocfg_proof.thy
new file mode 100644
index 0000000..743942d
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_asttocfg_proof.thy
@@ -0,0 +1,510 @@
+theory if_inside_while_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML if_inside_while_before_ast_to_cfg_prog if_inside_while_before_cfg_to_dag_prog if_inside_while_cfgtodag_proof if_inside_while_passification_proof if_inside_while_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A if_inside_while_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_if_inside_while_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_5_def if_inside_while_before_cfg_to_dag_prog.block_6_def)
+apply ((simp add: if_inside_while_before_cfg_to_dag_prog.block_6_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: if_inside_while_before_cfg_to_dag_prog.block_6_def if_inside_while_before_ast_to_cfg_prog.bigblock_5_def)+)
+done
+
+
+lemma global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_inside_while_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (simp)
+apply (rule cont_5_def)
+apply (rule if_inside_while_before_cfg_to_dag_prog.node_6)
+apply (rule disjI1)
+apply (rule if_inside_while_before_cfg_to_dag_prog.block_6_def)
+apply (rule if_inside_while_before_cfg_to_dag_prog.outEdges_6)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_6)
+apply (rule rel_if_inside_while_before_ast_to_cfg_prog_bigblock_5)
+apply assumption+
+
+done
+qed
+
+lemma rel_if_inside_while_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV False))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+unfolding if_inside_while_before_cfg_to_dag_prog.block_4_def
+apply (rule guard_fails_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_4_def)
+apply (rule push_through_assumption1)
+apply (simp)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply ((simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_4_def)+)
+apply (rule neg_gt)
+apply (rule guardHint)
+done
+
+
+lemma global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_inside_while_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV False))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T if_inside_while_before_ast_to_cfg_prog.bigblock_1 cont_1 if_inside_while_before_cfg_to_dag_prog.proc_body 1 if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule if_inside_while_before_cfg_to_dag_prog.node_4)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule if_inside_while_before_cfg_to_dag_prog.block_4_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_4_def)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_4)
+apply (rule rel_if_inside_while_before_ast_to_cfg_prog_bigblock_4)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=1])+)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_if_inside_while_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
+unfolding if_inside_while_before_cfg_to_dag_prog.block_3_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_3_def)
+apply ((simp add: assms(3) if_inside_while_before_ast_to_cfg_prog.bigblock_3_def)+)
+done
+
+
+lemma global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_inside_while_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T if_inside_while_before_ast_to_cfg_prog.bigblock_1 cont_1 if_inside_while_before_cfg_to_dag_prog.proc_body 1 if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_3_def)
+apply (rule if_inside_while_before_cfg_to_dag_prog.node_3)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule if_inside_while_before_cfg_to_dag_prog.block_3_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_3_def)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_3)
+apply (rule rel_if_inside_while_before_ast_to_cfg_prog_bigblock_3)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=1])+)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_3)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_if_inside_while_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding if_inside_while_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: assms(3) if_inside_while_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_inside_while_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T if_inside_while_before_ast_to_cfg_prog.bigblock_1 cont_1 if_inside_while_before_cfg_to_dag_prog.proc_body 1 if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_2_def if_inside_while_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_2_def)
+apply (rule astTrace)
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule if_inside_while_before_cfg_to_dag_prog.node_2)
+
+apply (rule disjI2)
+apply (rule disjI1)
+
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (simp)
+
+
+apply (rule guardHint)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_2)
+apply (rule rel_if_inside_while_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_2_def)
+apply ((simp)+)
+apply (rule guardHint)
+apply (erule disjE)
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: cont_2_def if_inside_while_before_ast_to_cfg_prog.bigblock_3_def cont_3_def )
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_2_def if_inside_while_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_inside_while_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of if_inside_while_before_ast_to_cfg_prog.bigblock_1 _ _ _ if_inside_while_before_cfg_to_dag_prog.block_1])
+apply (simp add:if_inside_while_before_ast_to_cfg_prog.bigblock_1_def if_inside_while_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:if_inside_while_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of if_inside_while_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:if_inside_while_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.block_1_def if_inside_while_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def if_inside_while_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 5])+)
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_5)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_5)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_5)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_if_inside_while_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_0_def if_inside_while_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: if_inside_while_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: if_inside_while_before_cfg_to_dag_prog.block_0_def if_inside_while_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_inside_while_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_0 _ if_inside_while_before_cfg_to_dag_prog.block_0])
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_0_def if_inside_while_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_0_def if_inside_while_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_0_def if_inside_while_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_0_def)
+apply (rule if_inside_while_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_0)
+apply (rule rel_if_inside_while_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (if_inside_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_1 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A if_inside_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> if_inside_while_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) if_inside_while_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_inside_while_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def if_inside_while_before_ast_to_cfg_prog.pres_def if_inside_while_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def if_inside_while_before_ast_to_cfg_prog.pres_def if_inside_while_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_5] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (if_inside_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_5_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_1 vc_x_2))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) if_inside_while_before_ast_to_cfg_prog.fdecls if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls if_inside_while_before_ast_to_cfg_prog.axioms if_inside_while_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding if_inside_while_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 if_inside_while_before_ast_to_cfg_prog.ast_proc_def if_inside_while_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..17f5c2a
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_ast_to_cfg_prog.thy
@@ -0,0 +1,144 @@
+theory if_inside_while_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [(BigBlock (None ) [(Assign 1 (Lit (LInt 10)))] (None ) (None ))] [(BigBlock (None ) [(Assign 1 (Lit (LInt 20)))] (None ) (None ))])) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [(BigBlock (None ) [(Assign 1 (Lit (LInt 10)))] (None ) (None ))] [(BigBlock (None ) [(Assign 1 (Lit (LInt 20)))] (None ) (None ))])) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [(BigBlock (None ) [(Assign 1 (Lit (LInt 10)))] (None ) (None ))] [(BigBlock (None ) [(Assign 1 (Lit (LInt 20)))] (None ) (None ))])) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [(Assign 1 (Lit (LInt 10)))] (None ) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [(Assign 1 (Lit (LInt 20)))] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] (None ) (None ))"
+definition cont_5
+  where
+    "cont_5  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_5 cont_5)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_1 cont_1)"
+definition cont_3
+  where
+    "cont_3  = (KSeq bigblock_1 cont_1)"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_1 cont_1)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_5]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding if_inside_while_before_ast_to_cfg_prog.constants_vdecls_def if_inside_while_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding if_inside_while_before_ast_to_cfg_prog.constants_vdecls_def if_inside_while_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding if_inside_while_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding if_inside_while_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding if_inside_while_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = if_inside_while_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_inside_while_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec if_inside_while_before_ast_to_cfg_prog.post),proc_body = (Some (if_inside_while_before_ast_to_cfg_prog.locals_vdecls,if_inside_while_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..6bb2bd2
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_cfg_to_dag_prog.thy
@@ -0,0 +1,191 @@
+theory if_inside_while_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 1)))),(Assign 1 (Lit (LInt 10)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 0))),(Assign 1 (Lit (LInt 20)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_6
+  where
+    "block_6  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[5,2],[3,4],[1],[1],[6],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [5,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding if_inside_while_before_cfg_to_dag_prog.constants_vdecls_def if_inside_while_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding if_inside_while_before_cfg_to_dag_prog.constants_vdecls_def if_inside_while_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding if_inside_while_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding if_inside_while_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding if_inside_while_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls),(append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls),(append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls),(append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls),(append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls),(append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = if_inside_while_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_inside_while_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec if_inside_while_before_cfg_to_dag_prog.post),proc_body = (Some (if_inside_while_before_cfg_to_dag_prog.locals_vdecls,if_inside_while_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_passive_prog.thy
similarity index 59%
rename from BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_passive_prog.thy
index fae5e63..c82e03f 100644
--- a/BoogieLang/generated_example_proofs/while_example2_proofs/p_proofs/p_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_passive_prog.thy
@@ -1,30 +1,30 @@
-theory p_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_cfg_to_dag_prog
+theory if_inside_while_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util if_inside_while_before_ast_to_cfg_prog
 begin
 definition block_0
   where
     "block_0  = []"
 definition block_1
   where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 1)))),(Assign 1 (Lit (LInt 10))),(Assume (Lit (LBool False)))]"
 definition block_2
   where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+    "block_2  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 0))),(Assign 1 (Lit (LInt 20))),(Assume (Lit (LBool False)))]"
 definition block_3
   where
-    "block_3  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_3  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
 definition block_4
   where
-    "block_4  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Lit (LInt 0))))]"
+    "block_4  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
 definition block_5
   where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0))),(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
 definition block_6
   where
-    "block_6  = [(Havoc 0),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+    "block_6  = [(Havoc 1),(Havoc 0)]"
 definition block_7
   where
-    "block_7  = [(Havoc 0),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+    "block_7  = [(Havoc 0)]"
 definition block_8
   where
     "block_8  = []"
@@ -33,7 +33,7 @@ definition block_9
     "block_9  = []"
 definition outEdges
   where
-    "outEdges  = [[],[0],[0],[0],[2,3],[4],[5,1],[6],[7],[8]]"
+    "outEdges  = [[],[0],[0],[1,2],[0],[4],[5,3],[6],[7],[8]]"
 definition node_to_blocks
   where
     "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
@@ -93,11 +93,11 @@ shows "((nth (out_edges proc_body) 2) = [0])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
+shows "((nth (out_edges proc_body) 3) = [1,2])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2,3])"
+shows "((nth (out_edges proc_body) 4) = [0])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_5:
@@ -105,7 +105,7 @@ shows "((nth (out_edges proc_body) 5) = [4])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5,1])"
+shows "((nth (out_edges proc_body) 6) = [5,3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_7:
@@ -121,18 +121,18 @@ shows "((nth (out_edges proc_body) 9) = [8])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding if_inside_while_before_ast_to_cfg_prog.constants_vdecls_def if_inside_while_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_cfgtodag_proof.thy
new file mode 100644
index 0000000..2eeb816
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_cfgtodag_proof.thy
@@ -0,0 +1,498 @@
+theory if_inside_while_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML if_inside_while_before_ast_to_cfg_prog if_inside_while_before_cfg_to_dag_prog if_inside_while_before_passive_prog if_inside_while_passification_proof if_inside_while_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A if_inside_while_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 if_inside_while_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def if_inside_while_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule if_inside_while_before_passive_prog.node_0)
+apply simp
+unfolding if_inside_while_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma Mods_anon6_Then:
+shows "(mods_contained_in (set [1,0]) if_inside_while_before_cfg_to_dag_prog.block_3)"
+unfolding if_inside_while_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon6_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_1 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_inside_while_before_cfg_to_dag_prog.block_3_def if_inside_while_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body [1,0] [] if_inside_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_inside_while_before_cfg_to_dag_prog.node_3)
+apply (rule if_inside_while_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon6_Then)
+apply (assumption+)
+apply (rule Mods_anon6_Then)
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon5_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_Else:
+shows "(mods_contained_in (set [1,0]) if_inside_while_before_cfg_to_dag_prog.block_4)"
+unfolding if_inside_while_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon6_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_inside_while_before_cfg_to_dag_prog.block_4_def if_inside_while_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body [1,0] [] if_inside_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_inside_while_before_cfg_to_dag_prog.node_4)
+apply (rule if_inside_while_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon6_Else)
+apply (assumption+)
+apply (rule Mods_anon6_Else)
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon5_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5_LoopBody:
+shows "(mods_contained_in (set [1,0]) if_inside_while_before_cfg_to_dag_prog.block_2)"
+unfolding if_inside_while_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_inside_while_before_cfg_to_dag_prog.block_2_def if_inside_while_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body [1,0] [] if_inside_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_inside_while_before_cfg_to_dag_prog.node_2)
+apply (rule if_inside_while_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon5_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon5_LoopBody)
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:if_inside_while_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon5_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:if_inside_while_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon5_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_inside_while_before_cfg_to_dag_prog.block_6_def if_inside_while_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule if_inside_while_before_cfg_to_dag_prog.node_6)
+apply (rule if_inside_while_before_passive_prog.node_4)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon4)
+apply assumption+
+apply (rule if_inside_while_before_cfg_to_dag_prog.outEdges_6)
+apply (rule if_inside_while_before_passive_prog.outEdges_4)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_inside_while_before_cfg_to_dag_prog.block_5_def if_inside_while_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_inside_while_before_cfg_to_dag_prog.node_5)
+apply (rule if_inside_while_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon5_LoopDone)
+apply (assumption+)
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:if_inside_while_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5_LoopHead:
+shows "(mods_contained_in (set [1,0]) if_inside_while_before_cfg_to_dag_prog.block_1)"
+unfolding if_inside_while_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_inside_while_before_cfg_to_dag_prog.block_1_def if_inside_while_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:if_inside_while_before_ast_to_cfg_prog.l_y(1)))
+apply ((simp add:if_inside_while_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule if_inside_while_before_cfg_to_dag_prog.node_1)
+apply (rule if_inside_while_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon5_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon5_LoopHead)
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:if_inside_while_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:if_inside_while_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding if_inside_while_before_cfg_to_dag_prog.block_0_def if_inside_while_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule if_inside_while_before_cfg_to_dag_prog.node_0)
+apply (rule if_inside_while_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:if_inside_while_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:if_inside_while_before_passive_prog.outEdges_8))
+by ((simp add:if_inside_while_before_passive_prog.node_8 if_inside_while_before_passive_prog.block_8_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 if_inside_while_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule if_inside_while_before_passive_prog.node_9)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding if_inside_while_before_passive_prog.block_9_def
+apply (rule assume_pres_normal[where ?es=if_inside_while_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding if_inside_while_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule if_inside_while_before_passive_prog.outEdges_9)
+apply ((simp add:if_inside_while_before_passive_prog.node_8 if_inside_while_before_passive_prog.block_8_def))
+apply (rule if_inside_while_before_passive_prog.outEdges_8)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_1 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A if_inside_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> if_inside_while_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) if_inside_while_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_inside_while_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule if_inside_while_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passification_proof.thy
new file mode 100644
index 0000000..b6d5e5d
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passification_proof.thy
@@ -0,0 +1,344 @@
+theory if_inside_while_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util if_inside_while_before_ast_to_cfg_prog if_inside_while_passive_prog Boogie_Lang.PassificationML if_inside_while_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_inside_while_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_inside_while_before_passive_prog.block_0_def if_inside_while_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(1,(Inr (LInt 10)))]) R_old if_inside_while_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_inside_while_before_passive_prog.block_1_def if_inside_while_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(1,(Inr (LInt 20)))]) R_old if_inside_while_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_inside_while_before_passive_prog.block_2_def if_inside_while_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(0,(Inl 5))]) R_old if_inside_while_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_inside_while_before_passive_prog.block_3_def if_inside_while_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:if_inside_while_before_ast_to_cfg_prog.l_x(2) if_inside_while_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_inside_while_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_inside_while_before_passive_prog.block_4_def if_inside_while_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_inside_while_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_inside_while_before_passive_prog.block_5_def if_inside_while_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4])) (update_nstate_rel R [(1,(Inl 3)),(0,(Inl 4))]) R_old if_inside_while_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_inside_while_before_passive_prog.block_6_def if_inside_while_passive_prog.block_6_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:if_inside_while_before_ast_to_cfg_prog.l_y(2) if_inside_while_passive_prog.l_y_0(2)))
+apply ((simp add:if_inside_while_before_ast_to_cfg_prog.l_x(2) if_inside_while_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old if_inside_while_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_inside_while_before_passive_prog.block_7_def if_inside_while_passive_prog.block_7_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:if_inside_while_before_ast_to_cfg_prog.l_x(2) if_inside_while_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_inside_while_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_inside_while_before_passive_prog.block_8_def if_inside_while_passive_prog.block_8_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_inside_while_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding if_inside_while_before_passive_prog.block_9_def if_inside_while_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_inside_while_before_passive_prog.node_0},@{thm if_inside_while_before_passive_prog.outEdges_0}) (@{thm if_inside_while_passive_prog.node_0},@{thm if_inside_while_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon6_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_inside_while_before_passive_prog.node_1},@{thm if_inside_while_before_passive_prog.outEdges_1}) (@{thm if_inside_while_passive_prog.node_1},@{thm if_inside_while_passive_prog.outEdges_1}) @{thm block_anon6_Then} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_inside_while_before_passive_prog.node_2},@{thm if_inside_while_before_passive_prog.outEdges_2}) (@{thm if_inside_while_passive_prog.node_2},@{thm if_inside_while_passive_prog.outEdges_2}) @{thm block_anon6_Else} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_inside_while_before_passive_prog.node_3},@{thm if_inside_while_before_passive_prog.outEdges_3}) (@{thm if_inside_while_passive_prog.node_3},@{thm if_inside_while_passive_prog.outEdges_3}) @{thm block_anon5_LoopBody} [
+@{thm cfg_block_anon6_Then}, 
+@{thm cfg_block_anon6_Else}] 1\<close>))
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_inside_while_before_passive_prog.node_4},@{thm if_inside_while_before_passive_prog.outEdges_4}) (@{thm if_inside_while_passive_prog.node_4},@{thm if_inside_while_passive_prog.outEdges_4}) @{thm block_anon4} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_inside_while_before_passive_prog.node_5},@{thm if_inside_while_before_passive_prog.outEdges_5}) (@{thm if_inside_while_passive_prog.node_5},@{thm if_inside_while_passive_prog.outEdges_5}) @{thm block_anon5_LoopDone} [
+@{thm cfg_block_anon4}] 1\<close>))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_inside_while_before_passive_prog.node_6},@{thm if_inside_while_before_passive_prog.outEdges_6}) (@{thm if_inside_while_passive_prog.node_6},@{thm if_inside_while_passive_prog.outEdges_6}) @{thm block_anon5_LoopHead} [
+@{thm cfg_block_anon5_LoopDone}, 
+@{thm cfg_block_anon5_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_inside_while_before_passive_prog.node_7},@{thm if_inside_while_before_passive_prog.outEdges_7}) (@{thm if_inside_while_passive_prog.node_7},@{thm if_inside_while_passive_prog.outEdges_7}) @{thm block_anon0} [
+@{thm cfg_block_anon5_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_inside_while_before_passive_prog.node_8},@{thm if_inside_while_before_passive_prog.outEdges_8}) (@{thm if_inside_while_passive_prog.node_8},@{thm if_inside_while_passive_prog.outEdges_8}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_inside_while_before_passive_prog.node_9},@{thm if_inside_while_before_passive_prog.outEdges_9}) (@{thm if_inside_while_passive_prog.node_9},@{thm if_inside_while_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_1 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A if_inside_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> if_inside_while_before_ast_to_cfg_prog.constants_vdecls ns if_inside_while_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv if_inside_while_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding if_inside_while_before_ast_to_cfg_prog.constants_vdecls_def if_inside_while_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding if_inside_while_passive_prog.params_vdecls_def if_inside_while_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using if_inside_while_before_passive_prog.globals_locals_disj apply auto[1]
+using if_inside_while_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] if_inside_while_passive_prog.proc_body u (Inl 9)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range if_inside_while_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] if_inside_while_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from if_inside_while_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passive_prog.thy
new file mode 100644
index 0000000..94585db
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passive_prog.thy
@@ -0,0 +1,199 @@
+theory if_inside_while_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util if_inside_while_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 5) Gt (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 5))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 4) Sub (Lit (LInt 1)))))]"
+definition block_4
+  where
+    "block_4  = [(Assert (BinOp (Var 4) Eq (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4)))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = []"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[0],[4],[5,3],[6],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding if_inside_while_passive_prog.params_vdecls_def if_inside_while_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)))) = {})"
+unfolding if_inside_while_before_ast_to_cfg_prog.constants_vdecls_def if_inside_while_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_vcphase_proof.thy
new file mode 100644
index 0000000..c40f194
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_vcphase_proof.thy
@@ -0,0 +1,353 @@
+theory if_inside_while_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML if_inside_while_passive_prog if_inside_while_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon6_Then
+  where
+    "vc_anon6_Then  = True"
+definition vc_anon6_Else
+  where
+    "vc_anon6_Else  = True"
+definition vc_anon5_LoopBody
+  where
+    "vc_anon5_LoopBody x_1 x_2 = (((x_1 > (0::int)) \<and> (x_2 = (x_1 - (1::int)))) \<longrightarrow> ((vc_anon6_Then ) \<and> (vc_anon6_Else )))"
+definition vc_anon4
+  where
+    "vc_anon4 x_1 = (x_1 = (0::int))"
+definition vc_anon5_LoopDone
+  where
+    "vc_anon5_LoopDone x_1 = (((0::int) \<ge> x_1) \<longrightarrow> (vc_anon4 x_1))"
+definition vc_anon0
+  where
+    "vc_anon0 x_1 x_2 = ((vc_anon5_LoopDone x_1) \<and> (vc_anon5_LoopBody x_1 x_2))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_1)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_2)))" and 
+G6: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6
+lemmas forall_poly_thm = forall_vc_type[OF G6]
+lemmas exists_poly_thm = exists_vc_type[OF G6]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding if_inside_while_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon6_Then_hints = [
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon6_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_Then ) \<Longrightarrow> (s' = Magic)))"
+unfolding if_inside_while_passive_prog.block_1_def vc.vc_anon6_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_Else_hints = [
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon6_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_Else ) \<Longrightarrow> (s' = Magic)))"
+unfolding if_inside_while_passive_prog.block_2_def vc.vc_anon6_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_Else_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_Then ) \<and> (vc.vc_anon6_Else ))))))))"
+unfolding if_inside_while_passive_prog.block_3_def vc.vc_anon5_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon4AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding if_inside_while_passive_prog.block_4_def vc.vc_anon4_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_1)))))))"
+unfolding if_inside_while_passive_prog.block_5_def vc.vc_anon5_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_6 (Normal n_s) s')" and 
+"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))))))"
+using assms
+unfolding if_inside_while_passive_prog.block_6_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_7 (Normal n_s) s')" and 
+"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))))))"
+using assms
+unfolding if_inside_while_passive_prog.block_7_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_8 (Normal n_s) s')" and 
+"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))))))"
+using assms
+unfolding if_inside_while_passive_prog.block_8_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding if_inside_while_passive_prog.block_9_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) if_inside_while_passive_prog.node_0 if_inside_while_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon6_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_Then )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) if_inside_while_passive_prog.node_1])
+by (erule block_anon6_ThenAA0[OF _ assms(2)])
+
+lemma cfg_block_anon6_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_Else )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) if_inside_while_passive_prog.node_2])
+by (erule block_anon6_ElseAA0[OF _ assms(2)])
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopBody vc_x_1 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_inside_while_passive_prog.node_3])
+apply (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:if_inside_while_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) if_inside_while_passive_prog.node_4])
+apply (erule block_anon4AA0[OF _ assms(2)])
+apply ((simp add:if_inside_while_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopDone vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_inside_while_passive_prog.node_5])
+apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:if_inside_while_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_inside_while_passive_prog.node_6])
+apply (erule block_anon5_LoopHead[OF _ assms(2)])
+apply ((simp add:if_inside_while_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_inside_while_passive_prog.node_7])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:if_inside_while_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_inside_while_passive_prog.node_8])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:if_inside_while_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_1 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) if_inside_while_passive_prog.node_9])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:if_inside_while_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) \<Gamma> [] if_inside_while_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_1 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A if_inside_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> if_inside_while_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) if_inside_while_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s if_inside_while_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((if_inside_while_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_inside_while_passive_prog.m_x])
+apply (subst lookup_var_local[OF if_inside_while_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_inside_while_passive_prog.m_y])
+apply (subst lookup_var_local[OF if_inside_while_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_inside_while_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF if_inside_while_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_inside_while_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF if_inside_while_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_inside_while_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF if_inside_while_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_inside_while_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF if_inside_while_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/ROOT
new file mode 100644
index 0000000..a70eed0
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/ROOT
@@ -0,0 +1,12 @@
+session loop_example_no_inv_proofs = Boogie_Lang + 
+directories m_proofs
+theories
+global_data
+"m_proofs/m_asttocfg_proof"
+"m_proofs/m_before_cfg_to_dag_prog"
+"m_proofs/m_passification_proof"
+"m_proofs/m_vcphase_proof"
+"m_proofs/m_before_passive_prog"
+"m_proofs/m_passive_prog"
+"m_proofs/m_cfgtodag_proof"
+"m_proofs/m_before_ast_to_cfg_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_asttocfg_proof.thy
new file mode 100644
index 0000000..88ccfc3
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_asttocfg_proof.thy
@@ -0,0 +1,352 @@
+theory m_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML m_before_ast_to_cfg_prog m_before_cfg_to_dag_prog m_cfgtodag_proof m_passification_proof m_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_m_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_3_def m_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: m_before_cfg_to_dag_prog.block_4_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: m_before_cfg_to_dag_prog.block_4_def m_before_ast_to_cfg_prog.bigblock_3_def)+)
+done
+
+
+lemma global_rel_m_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+apply (rule cont_3_def)
+apply (rule m_before_cfg_to_dag_prog.node_4)
+apply (rule disjI1)
+apply (rule m_before_cfg_to_dag_prog.block_4_def)
+apply (rule m_before_cfg_to_dag_prog.outEdges_4)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: m_before_cfg_to_dag_prog.node_4)
+apply (rule rel_m_before_ast_to_cfg_prog_bigblock_3)
+apply assumption+
+
+done
+qed
+
+lemma rel_m_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Var 1)) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding m_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: m_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: assms(3) m_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_m_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Var 1)) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T m_before_ast_to_cfg_prog.bigblock_1 cont_1 m_before_cfg_to_dag_prog.proc_body 1 m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule m_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule m_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: m_before_cfg_to_dag_prog.node_2)
+apply (rule rel_m_before_ast_to_cfg_prog_bigblock_2)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=1])+)
+apply (simp add: m_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_m_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of m_before_ast_to_cfg_prog.bigblock_1 _ _ _ m_before_cfg_to_dag_prog.block_1])
+apply (simp add:m_before_ast_to_cfg_prog.bigblock_1_def m_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:m_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of m_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:m_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:m_before_cfg_to_dag_prog.block_1_def m_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_m_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def m_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_m_before_ast_to_cfg_prog_bigblock_3)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: m_before_cfg_to_dag_prog.node_3)
+apply (simp add: m_before_cfg_to_dag_prog.block_3_def)
+apply (rule neg_lt)
+apply (simp)
+apply (simp add: m_before_cfg_to_dag_prog.outEdges_3)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: m_before_cfg_to_dag_prog.node_3)
+apply (simp add: m_before_cfg_to_dag_prog.block_3_def)
+apply (rule neg_lt)
+apply (simp)
+apply (simp add: m_before_cfg_to_dag_prog.outEdges_3)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_m_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: m_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: m_before_cfg_to_dag_prog.block_0_def m_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_m_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_0 _ m_before_cfg_to_dag_prog.block_0])
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: m_before_cfg_to_dag_prog.block_0_def)
+apply (rule m_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: m_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: m_before_cfg_to_dag_prog.node_0)
+apply (rule rel_m_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: m_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_m_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) m_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns m_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_m_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def m_before_ast_to_cfg_prog.pres_def m_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def m_before_ast_to_cfg_prog.pres_def m_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) m_before_ast_to_cfg_prog.fdecls m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls m_before_ast_to_cfg_prog.axioms m_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding m_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 m_before_ast_to_cfg_prog.ast_proc_def m_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..61078eb
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_ast_to_cfg_prog.thy
@@ -0,0 +1,132 @@
+theory m_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Var 1))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Var 1))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [(Assert (BinOp (Var 0) Ge (Var 1)))] (None ) (None ))"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_1 cont_1)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding m_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding m_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding m_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding m_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_i:
+shows "((map_of (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_n:
+shows "((map_of (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_i:
+shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_i
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_n:
+shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = m_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec m_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec m_before_ast_to_cfg_prog.post),proc_body = (Some (m_before_ast_to_cfg_prog.locals_vdecls,m_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..905eaaa
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
@@ -0,0 +1,169 @@
+theory m_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Lt (Var 1))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 1) Le (Var 0)))]"
+definition block_4
+  where
+    "block_4  = [(Assert (BinOp (Var 0) Ge (Var 1)))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[3,2],[1],[4],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding m_before_cfg_to_dag_prog.constants_vdecls_def m_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding m_before_cfg_to_dag_prog.constants_vdecls_def m_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding m_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding m_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding m_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding m_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_i:
+shows "((map_of (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_n:
+shows "((map_of (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_i:
+shows "((lookup_var_decl ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_i
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_n:
+shows "((lookup_var_decl ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = m_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec m_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec m_before_cfg_to_dag_prog.post),proc_body = (Some (m_before_cfg_to_dag_prog.locals_vdecls,m_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_passive_prog.thy
new file mode 100644
index 0000000..714a490
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_passive_prog.thy
@@ -0,0 +1,117 @@
+theory m_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Lt (Var 1))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assert (BinOp (Var 0) Ge (Var 1)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 1) Le (Var 0)))]"
+definition block_4
+  where
+    "block_4  = [(Havoc 0)]"
+definition block_5
+  where
+    "block_5  = [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[3,1],[4],[5],[6]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_cfgtodag_proof.thy
new file mode 100644
index 0000000..6d10f17
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_cfgtodag_proof.thy
@@ -0,0 +1,375 @@
+theory m_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML m_before_ast_to_cfg_prog m_before_cfg_to_dag_prog m_before_passive_prog m_passification_proof m_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 m_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def m_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule m_before_passive_prog.node_0)
+apply simp
+unfolding m_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma Mods_anon3_LoopBody:
+shows "(mods_contained_in (set [0]) m_before_cfg_to_dag_prog.block_2)"
+unfolding m_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon3_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_1 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding m_before_cfg_to_dag_prog.block_2_def m_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon3_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body [0] [] m_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule m_before_cfg_to_dag_prog.node_2)
+apply (rule m_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon3_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon3_LoopBody)
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon3_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma block_anon2:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding m_before_cfg_to_dag_prog.block_4_def m_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon2:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule m_before_cfg_to_dag_prog.node_4)
+apply (rule m_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon2)
+apply assumption+
+apply (rule m_before_cfg_to_dag_prog.outEdges_4)
+apply (rule m_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon3_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding m_before_cfg_to_dag_prog.block_3_def m_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule m_before_cfg_to_dag_prog.node_3)
+apply (rule m_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon3_LoopDone)
+apply (assumption+)
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:m_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon3_LoopHead:
+shows "(mods_contained_in (set [0]) m_before_cfg_to_dag_prog.block_1)"
+unfolding m_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon3_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding m_before_cfg_to_dag_prog.block_1_def m_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:m_before_ast_to_cfg_prog.l_i(1)))
+apply simp
+done
+
+lemma cfg_block_anon3_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule m_before_cfg_to_dag_prog.node_1)
+apply (rule m_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon3_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon3_LoopHead)
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:m_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:m_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding m_before_cfg_to_dag_prog.block_0_def m_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule m_before_cfg_to_dag_prog.node_0)
+apply (rule m_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:m_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:m_before_passive_prog.outEdges_6))
+by ((simp add:m_before_passive_prog.node_6 m_before_passive_prog.block_6_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 m_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule m_before_passive_prog.node_7)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding m_before_passive_prog.block_7_def
+apply (rule assume_pres_normal[where ?es=m_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding m_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule m_before_passive_prog.outEdges_7)
+apply ((simp add:m_before_passive_prog.node_6 m_before_passive_prog.block_6_def))
+apply (rule m_before_passive_prog.outEdges_6)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) m_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns m_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule m_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passification_proof.thy
new file mode 100644
index 0000000..7730eca
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passification_proof.thy
@@ -0,0 +1,314 @@
+theory m_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_ast_to_cfg_prog m_passive_prog Boogie_Lang.PassificationML m_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_0_def m_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old m_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_1_def m_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:m_before_ast_to_cfg_prog.l_i(2) m_passive_prog.l_i_1(2)))
+by simp
+
+lemma block_anon2:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_2_def m_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_3_def m_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old m_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_4_def m_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:m_before_ast_to_cfg_prog.l_i(2) m_passive_prog.l_i_0(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old m_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_5_def m_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_6_def m_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_7_def m_passive_prog.block_7_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm m_before_passive_prog.node_0},@{thm m_before_passive_prog.outEdges_0}) (@{thm m_passive_prog.node_0},@{thm m_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon3_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_1},@{thm m_before_passive_prog.outEdges_1}) (@{thm m_passive_prog.node_1},@{thm m_passive_prog.outEdges_1}) @{thm block_anon3_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon2:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_2},@{thm m_before_passive_prog.outEdges_2}) (@{thm m_passive_prog.node_2},@{thm m_passive_prog.outEdges_2}) @{thm block_anon2} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon3_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_3},@{thm m_before_passive_prog.outEdges_3}) (@{thm m_passive_prog.node_3},@{thm m_passive_prog.outEdges_3}) @{thm block_anon3_LoopDone} [
+@{thm cfg_block_anon2}] 1\<close>))
+
+lemma cfg_block_anon3_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_4},@{thm m_before_passive_prog.outEdges_4}) (@{thm m_passive_prog.node_4},@{thm m_passive_prog.outEdges_4}) @{thm block_anon3_LoopHead} [
+@{thm cfg_block_anon3_LoopDone}, 
+@{thm cfg_block_anon3_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_5},@{thm m_before_passive_prog.outEdges_5}) (@{thm m_passive_prog.node_5},@{thm m_passive_prog.outEdges_5}) @{thm block_anon0} [
+@{thm cfg_block_anon3_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_6},@{thm m_before_passive_prog.outEdges_6}) (@{thm m_passive_prog.node_6},@{thm m_passive_prog.outEdges_6}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_7},@{thm m_before_passive_prog.outEdges_7}) (@{thm m_passive_prog.node_7},@{thm m_passive_prog.outEdges_7}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] m_before_passive_prog.proc_body ((Inl 7),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls ns m_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = [(1,(Inl 1))]"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+apply ((simp add:m_before_ast_to_cfg_prog.l_n(2) m_passive_prog.l_n(2)))
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv m_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding m_passive_prog.params_vdecls_def m_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using m_before_passive_prog.globals_locals_disj apply auto[1]
+using m_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 1)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] m_passive_prog.proc_body u (Inl 7)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range m_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] m_passive_prog.proc_body ((Inl 7),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from m_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passive_prog.thy
new file mode 100644
index 0000000..562a3a2
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passive_prog.thy
@@ -0,0 +1,159 @@
+theory m_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 2) Lt (Var 1))),(Assume (BinOp (Var 3) Eq (BinOp (Var 2) Add (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assert (BinOp (Var 2) Ge (Var 1)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 1) Le (Var 2)))]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[3,1],[4],[5],[6]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding m_passive_prog.params_vdecls_def m_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) = {})"
+unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_i:
+shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_n:
+shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_i_0:
+shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_i_1:
+shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_i:
+shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_i
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_n:
+shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_i_0:
+shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_i_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_i_1:
+shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_i_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_vcphase_proof.thy
new file mode 100644
index 0000000..afb76d1
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_vcphase_proof.thy
@@ -0,0 +1,291 @@
+theory m_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML m_passive_prog m_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon3_LoopBody
+  where
+    "vc_anon3_LoopBody  = True"
+definition vc_anon2
+  where
+    "vc_anon2 i_0 n = (i_0 \<ge> n)"
+definition vc_anon3_LoopDone
+  where
+    "vc_anon3_LoopDone n i_0 = ((n \<le> i_0) \<longrightarrow> (vc_anon2 i_0 n))"
+definition vc_anon0
+  where
+    "vc_anon0 n i_0 = ((n > (0::int)) \<longrightarrow> ((vc_anon3_LoopDone n i_0) \<and> (vc_anon3_LoopBody )))"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry n i_0 = (vc_anon0 n i_0)"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_i :: "int" and vc_n :: "int" and vc_i_0 :: "int" and vc_i_1 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_i)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_n)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_i_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_i_1)))" and 
+G4: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4
+lemmas forall_poly_thm = forall_vc_type[OF G4]
+lemmas exists_poly_thm = exists_vc_type[OF G4]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding m_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon3_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon3_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopBody ) \<Longrightarrow> (s' = Magic)))"
+unfolding m_passive_prog.block_1_def vc.vc_anon3_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon2_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon2AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2 vc_i_0 vc_n) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding m_passive_prog.block_2_def vc.vc_anon2_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon3_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon3_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon2 vc_i_0 vc_n)))))))"
+unfolding m_passive_prog.block_3_def vc.vc_anon3_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon3_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon3_LoopDone vc_n vc_i_0) \<and> (vc.vc_anon3_LoopBody ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<and> (vc.vc_anon3_LoopBody ))))))"
+using assms
+unfolding m_passive_prog.block_4_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon0_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_n vc_i_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<and> (vc.vc_anon3_LoopBody ))))))))"
+unfolding m_passive_prog.block_5_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_6 (Normal n_s) s')" and 
+"(vc.vc_anon0 vc_n vc_i_0)"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_i_0)))))"
+using assms
+unfolding m_passive_prog.block_6_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_n vc_i_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_i_0)))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding m_passive_prog.block_7_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) m_passive_prog.node_0 m_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon3_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3_LoopBody )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) m_passive_prog.node_1])
+by (erule block_anon3_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon2:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon2 vc_i_0 vc_n)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) m_passive_prog.node_2])
+apply (erule block_anon2AA0[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3_LoopDone vc_n vc_i_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_3])
+apply (erule block_anon3_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon3_LoopDone vc_n vc_i_0) \<and> (vc.vc_anon3_LoopBody ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_4])
+apply (erule block_anon3_LoopHead[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_n vc_i_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_5])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_n vc_i_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_6])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry vc_n vc_i_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_7])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) \<Gamma> [] m_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) m_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s m_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((m_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_i:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i])
+apply (subst lookup_var_local[OF m_passive_prog.m_i])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_n:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_n])
+apply (subst lookup_var_local[OF m_passive_prog.m_n])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_i_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i_0])
+apply (subst lookup_var_local[OF m_passive_prog.m_i_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_i_1:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i_1])
+apply (subst lookup_var_local[OF m_passive_prog.m_i_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_i])
+apply (rule HOL.conjunct1[OF sc_n])
+apply (rule HOL.conjunct1[OF sc_i_0])
+apply (rule HOL.conjunct1[OF sc_i_1])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/ROOT
new file mode 100644
index 0000000..4a63813
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/ROOT
@@ -0,0 +1,12 @@
+session loop_example_proofs = Boogie_Lang + 
+directories m_proofs
+theories
+global_data
+"m_proofs/m_asttocfg_proof"
+"m_proofs/m_before_cfg_to_dag_prog"
+"m_proofs/m_passification_proof"
+"m_proofs/m_vcphase_proof"
+"m_proofs/m_before_passive_prog"
+"m_proofs/m_passive_prog"
+"m_proofs/m_cfgtodag_proof"
+"m_proofs/m_before_ast_to_cfg_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_asttocfg_proof.thy
new file mode 100644
index 0000000..f74f3cf
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_asttocfg_proof.thy
@@ -0,0 +1,352 @@
+theory m_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML m_before_ast_to_cfg_prog m_before_cfg_to_dag_prog m_cfgtodag_proof m_passification_proof m_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_m_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_3_def m_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: m_before_cfg_to_dag_prog.block_4_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: m_before_cfg_to_dag_prog.block_4_def m_before_ast_to_cfg_prog.bigblock_3_def)+)
+done
+
+
+lemma global_rel_m_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+apply (rule cont_3_def)
+apply (rule m_before_cfg_to_dag_prog.node_4)
+apply (rule disjI1)
+apply (rule m_before_cfg_to_dag_prog.block_4_def)
+apply (rule m_before_cfg_to_dag_prog.outEdges_4)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: m_before_cfg_to_dag_prog.node_4)
+apply (rule rel_m_before_ast_to_cfg_prog_bigblock_3)
+apply assumption+
+
+done
+qed
+
+lemma rel_m_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Var 1)) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding m_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: m_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: assms(3) m_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_m_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Var 1)) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T m_before_ast_to_cfg_prog.bigblock_1 cont_1 m_before_cfg_to_dag_prog.proc_body 1 m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule m_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule m_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: m_before_cfg_to_dag_prog.node_2)
+apply (rule rel_m_before_ast_to_cfg_prog_bigblock_2)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=1])+)
+apply (simp add: m_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_m_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of m_before_ast_to_cfg_prog.bigblock_1 _ _ _ m_before_cfg_to_dag_prog.block_1])
+apply (simp add:m_before_ast_to_cfg_prog.bigblock_1_def m_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:m_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of m_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:m_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:m_before_cfg_to_dag_prog.block_1_def m_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_m_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def m_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_m_before_ast_to_cfg_prog_bigblock_3)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: m_before_cfg_to_dag_prog.node_3)
+apply (simp add: m_before_cfg_to_dag_prog.block_3_def)
+apply (rule neg_lt)
+apply (simp)
+apply (simp add: m_before_cfg_to_dag_prog.outEdges_3)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: m_before_cfg_to_dag_prog.node_3)
+apply (simp add: m_before_cfg_to_dag_prog.block_3_def)
+apply (rule neg_lt)
+apply (simp)
+apply (simp add: m_before_cfg_to_dag_prog.outEdges_3)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_m_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: m_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: m_before_cfg_to_dag_prog.block_0_def m_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_m_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_0 _ m_before_cfg_to_dag_prog.block_0])
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: m_before_cfg_to_dag_prog.block_0_def)
+apply (rule m_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: m_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: m_before_cfg_to_dag_prog.node_0)
+apply (rule rel_m_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: m_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_m_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: m_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) m_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns m_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_m_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def m_before_ast_to_cfg_prog.pres_def m_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def m_before_ast_to_cfg_prog.pres_def m_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) m_before_ast_to_cfg_prog.fdecls m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls m_before_ast_to_cfg_prog.axioms m_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding m_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 m_before_ast_to_cfg_prog.ast_proc_def m_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..fcf6444
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_ast_to_cfg_prog.thy
@@ -0,0 +1,132 @@
+theory m_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Var 1))) [(BinOp (Var 0) Le (Var 1))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Var 1))) [(BinOp (Var 0) Le (Var 1))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [(Assert (BinOp (Var 0) Ge (Var 1)))] (None ) (None ))"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_1 cont_1)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding m_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding m_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding m_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding m_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_i:
+shows "((map_of (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_n:
+shows "((map_of (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_i:
+shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_i
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_n:
+shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = m_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec m_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec m_before_ast_to_cfg_prog.post),proc_body = (Some (m_before_ast_to_cfg_prog.locals_vdecls,m_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
similarity index 53%
rename from BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
index 7e2363b..fa002c2 100644
--- a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
@@ -12,13 +12,16 @@ definition block_2
     "block_2  = [(Assume (BinOp (Var 0) Lt (Var 1))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
 definition block_3
   where
-    "block_3  = [(Assume (BinOp (Var 1) Le (Var 0))),(Assert (BinOp (Var 0) Ge (Var 1)))]"
+    "block_3  = [(Assume (BinOp (Var 1) Le (Var 0)))]"
+definition block_4
+  where
+    "block_4  = [(Assert (BinOp (Var 0) Ge (Var 1)))]"
 definition outEdges
   where
-    "outEdges  = [[1],[3,2],[1],[]]"
+    "outEdges  = [[1],[3,2],[1],[4],[]]"
 definition node_to_blocks
   where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
 definition proc_body
   where
     "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
@@ -38,6 +41,10 @@ lemma node_3:
 shows "((nth (node_to_block proc_body) 3) = block_3)"
 by (simp add:proc_body_def node_to_blocks_def)
 
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
 lemma outEdges_0:
 shows "((nth (out_edges proc_body) 0) = [1])"
 by (simp add:proc_body_def outEdges_def)
@@ -51,7 +58,11 @@ shows "((nth (out_edges proc_body) 2) = [1])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [])"
+shows "((nth (out_edges proc_body) 3) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [])"
 by (simp add:proc_body_def outEdges_def)
 
 definition pres
@@ -66,6 +77,28 @@ definition params_vdecls :: "(vdecls)"
 definition locals_vdecls :: "(vdecls)"
   where
     "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding m_before_cfg_to_dag_prog.constants_vdecls_def m_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
 lemma locals_min_aux:
 shows "(((map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
 unfolding m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def
@@ -77,18 +110,23 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding m_before_cfg_to_dag_prog.constants_vdecls_def m_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
 by simp
 
 lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding m_before_cfg_to_dag_prog.constants_vdecls_def
 by simp
 
 lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding m_before_cfg_to_dag_prog.globals_vdecls_def
 by simp
 
 lemma params_wf:
@@ -102,7 +140,7 @@ unfolding m_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
 apply (rule lookup_ty_pred_2)
 by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
 
@@ -115,16 +153,16 @@ shows "((map_of (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_d
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_i:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_i
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_n:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_n
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-definition proc :: "(procedure)"
+definition proc :: "(mbodyCFG procedure)"
   where
     "proc  = (|proc_ty_args = 0,proc_args = m_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec m_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec m_before_cfg_to_dag_prog.post),proc_body = (Some (m_before_cfg_to_dag_prog.locals_vdecls,m_before_cfg_to_dag_prog.proc_body))|)"
 
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_passive_prog.thy
new file mode 100644
index 0000000..6b18296
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_passive_prog.thy
@@ -0,0 +1,117 @@
+theory m_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Lt (Var 1))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Var 1))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assert (BinOp (Var 0) Ge (Var 1)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 1) Le (Var 0)))]"
+definition block_4
+  where
+    "block_4  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Var 1)))]"
+definition block_5
+  where
+    "block_5  = [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 0) Le (Var 1)))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[3,1],[4],[5],[6]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_cfgtodag_proof.thy
similarity index 67%
rename from BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_cfgtodag_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_cfgtodag_proof.thy
index 9c04d95..2577575 100644
--- a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_cfgtodag_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_cfgtodag_proof.thy
@@ -1,23 +1,23 @@
 theory m_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML m_before_cfg_to_dag_prog m_before_passive_prog m_passification_proof m_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML m_before_ast_to_cfg_prog m_before_cfg_to_dag_prog m_before_passive_prog m_passification_proof m_vcphase_proof
 begin
 locale cfg_to_dag_lemmas = 
 fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
 assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+Wf_Fun: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)"
 begin
 
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
 declare Nat.One_nat_def[simp del]
 
 lemma cfg_block_GeneratedUnifiedExit:
 assumes 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 m_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def m_before_cfg_to_dag_prog.post_def 
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 m_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def m_before_ast_to_cfg_prog.post_def 
 apply (rule cfg_dag_rel_post_invs_3)
 apply (erule assms(1))
 apply (rule m_before_passive_prog.node_0)
@@ -25,39 +25,6 @@ apply simp
 unfolding m_before_passive_prog.block_0_def
 by cfg_dag_rel_tac_single+
 
-lemma block_anon3_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_3_def m_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule m_before_cfg_to_dag_prog.node_3)
-apply (rule m_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_LoopDone)
-apply assumption+
-apply (rule m_before_cfg_to_dag_prog.outEdges_3)
-apply (rule m_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
 lemma Mods_anon3_LoopBody:
 shows "(mods_contained_in (set [0]) m_before_cfg_to_dag_prog.block_2)"
 unfolding m_before_cfg_to_dag_prog.block_2_def
@@ -66,18 +33,18 @@ by simp
 lemma block_anon3_LoopBody:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Var 1))] m_before_passive_prog.block_2 ns2 s' True)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Var 1))] m_before_passive_prog.block_1 ns2 s' True)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_2_def m_before_passive_prog.block_2_def
+unfolding m_before_cfg_to_dag_prog.block_2_def m_before_passive_prog.block_1_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf m_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun m_before_ast_to_cfg_prog.funcs_wf m_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms m_before_cfg_to_dag_prog.l_i(2) m_before_cfg_to_dag_prog.l_n(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms m_before_ast_to_cfg_prog.l_i(2) m_before_ast_to_cfg_prog.l_n(2)} [] 1\<close>))
 
 done
 
@@ -85,12 +52,12 @@ lemma cfg_block_anon3_LoopBody:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon3_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Var 1))] m_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon3_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Var 1))] m_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
 apply (rule m_before_cfg_to_dag_prog.node_2)
-apply (rule m_before_passive_prog.node_2)
+apply (rule m_before_passive_prog.node_1)
 apply (assumption+)
 apply (rule block_anon3_LoopBody)
 apply (assumption+)
@@ -110,6 +77,84 @@ apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
 by (simp add: member_rec(2))
 
 
+lemma block_anon2:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding m_before_cfg_to_dag_prog.block_4_def m_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon2:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule m_before_cfg_to_dag_prog.node_4)
+apply (rule m_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon2)
+apply assumption+
+apply (rule m_before_cfg_to_dag_prog.outEdges_4)
+apply (rule m_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon3_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding m_before_cfg_to_dag_prog.block_3_def m_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule m_before_cfg_to_dag_prog.node_3)
+apply (rule m_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon3_LoopDone)
+apply (assumption+)
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:m_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:m_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
 lemma Mods_anon3_LoopHead:
 shows "(mods_contained_in (set [0]) m_before_cfg_to_dag_prog.block_1)"
 unfolding m_before_cfg_to_dag_prog.block_1_def
@@ -118,15 +163,15 @@ by simp
 lemma block_anon3_LoopHead:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Var 1))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_3 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_4 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_1_def m_before_passive_prog.block_3_def
+unfolding m_before_cfg_to_dag_prog.block_1_def m_before_passive_prog.block_4_def
 apply cfg_dag_rel_tac_single+
 apply simp
-apply ((simp add:m_before_cfg_to_dag_prog.l_i(1)))
+apply ((simp add:m_before_ast_to_cfg_prog.l_i(1)))
 apply simp
 done
 
@@ -134,14 +179,14 @@ lemma cfg_block_anon3_LoopHead:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Var 1))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
 using Red DagAssms
 proof (induction j arbitrary: ns1 rule: less_induct)
 case (less j)
 show ?case
 proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
 next
 case (Suc j')
 from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
@@ -149,7 +194,7 @@ from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add:
 show ?thesis
 apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
 apply (rule m_before_cfg_to_dag_prog.node_1)
-apply (rule m_before_passive_prog.node_3)
+apply (rule m_before_passive_prog.node_4)
 apply (assumption+)
 apply (rule block_anon3_LoopHead)
 apply (assumption+)
@@ -158,8 +203,8 @@ apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1))
 apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1))
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=1])
-apply ((simp add:m_before_passive_prog.outEdges_3))
+apply (erule allE[where x=3])
+apply ((simp add:m_before_passive_prog.outEdges_4))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon3_LoopDone)
 apply simp
@@ -172,8 +217,8 @@ apply (simp)
 apply (simp)
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=2])
-apply ((simp add:m_before_passive_prog.outEdges_3))
+apply (erule allE[where x=1])
+apply ((simp add:m_before_passive_prog.outEdges_4))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon3_LoopBody)
 apply simp
@@ -200,18 +245,18 @@ qed
 lemma block_anon0:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Var 1))] m_before_passive_prog.block_4 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Var 1))] m_before_passive_prog.block_5 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_0_def m_before_passive_prog.block_4_def
+unfolding m_before_cfg_to_dag_prog.block_0_def m_before_passive_prog.block_5_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf m_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun m_before_ast_to_cfg_prog.funcs_wf m_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms m_before_cfg_to_dag_prog.l_i(2) m_before_cfg_to_dag_prog.l_n(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms m_before_ast_to_cfg_prog.l_i(2) m_before_ast_to_cfg_prog.l_n(2)} [] 1\<close>))
 
 done
 
@@ -219,11 +264,11 @@ lemma cfg_block_anon0:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule m_before_cfg_to_dag_prog.node_0)
-apply (rule m_before_passive_prog.node_4)
+apply (rule m_before_passive_prog.node_5)
 apply (assumption+)
 apply (rule block_anon0)
 apply (assumption+)
@@ -231,8 +276,8 @@ apply ((simp add:m_before_cfg_to_dag_prog.outEdges_0))
 apply ((simp add:m_before_cfg_to_dag_prog.outEdges_0))
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=3])
-apply ((simp add:m_before_passive_prog.outEdges_4))
+apply (erule allE[where x=4])
+apply ((simp add:m_before_passive_prog.outEdges_5))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon3_LoopHead)
 apply simp
@@ -248,37 +293,37 @@ by (simp add: member_rec(2))
 
 lemma cfg_block_0:
 assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
 "(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
 "(state_well_typed A \<Lambda>1 [] ns1)" and 
 "(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
 shows "R"
 using assms
 apply (rule cfg_dag_empty_propagate_helper)
 apply (assumption, simp)
-apply ((simp add:m_before_passive_prog.outEdges_5))
-by ((simp add:m_before_passive_prog.node_5 m_before_passive_prog.block_5_def))
+apply ((simp add:m_before_passive_prog.outEdges_6))
+by ((simp add:m_before_passive_prog.node_6 m_before_passive_prog.block_6_def))
 
 lemma entry_lemma:
 assumes 
 "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 m_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.post m' s')"
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 m_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_entry)
-apply (rule m_before_passive_prog.node_6)
+apply (rule m_before_passive_prog.node_7)
 apply (erule assms(3))
 apply (rule assms(2))
-unfolding m_before_passive_prog.block_6_def
-apply (rule assume_pres_normal[where ?es=m_before_cfg_to_dag_prog.pres])
+unfolding m_before_passive_prog.block_7_def
+apply (rule assume_pres_normal[where ?es=m_before_ast_to_cfg_prog.pres])
 apply (rule assms(4))
-unfolding m_before_cfg_to_dag_prog.pres_def
+unfolding m_before_ast_to_cfg_prog.pres_def
 apply simp
+apply (rule m_before_passive_prog.outEdges_7)
+apply ((simp add:m_before_passive_prog.node_6 m_before_passive_prog.block_6_def))
 apply (rule m_before_passive_prog.outEdges_6)
-apply ((simp add:m_before_passive_prog.node_5 m_before_passive_prog.block_5_def))
-apply (rule m_before_passive_prog.outEdges_5)
 by (rule cfg_block_anon0[OF assms(1-2)])
 
 
@@ -286,23 +331,23 @@ end
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
 lemma end_to_end_theorem_aux:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns m_before_cfg_to_dag_prog.pres)" and 
+FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) m_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns m_before_ast_to_cfg_prog.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] m_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
 proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
 show ?thesis
 apply (rule cfg_to_dag_lemmas.entry_lemma)
@@ -334,13 +379,5 @@ done
 qed
 
 
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms m_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 m_before_cfg_to_dag_prog.proc_def m_before_cfg_to_dag_prog.proc_body_def)
-
 
 end
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passification_proof.thy
similarity index 79%
rename from BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passification_proof.thy
index 41c28c7..bc659c1 100644
--- a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passification_proof.thy
@@ -1,5 +1,5 @@
 theory m_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_passive_prog m_passive_prog Boogie_Lang.PassificationML m_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_ast_to_cfg_prog m_passive_prog Boogie_Lang.PassificationML m_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,10 +9,10 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_GeneratedUnifiedExit:
@@ -26,71 +26,72 @@ apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_anon3_LoopDone:
+lemma block_anon3_LoopBody:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
 "((R 0) = (Some (Inl 2)))" and 
 "((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_1 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old m_passive_prog.block_1 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding m_before_passive_prog.block_1_def m_passive_prog.block_1_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:m_before_ast_to_cfg_prog.l_i(2) m_passive_prog.l_i_1(2)))
 by simp
 
-lemma block_anon3_LoopBody:
+lemma block_anon2:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
 "((R 0) = (Some (Inl 2)))" and 
 "((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old m_passive_prog.block_2 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_2 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding m_before_passive_prog.block_2_def m_passive_prog.block_2_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:m_before_cfg_to_dag_prog.l_i(2) m_passive_prog.l_i_1(2)))
 by simp
 
-lemma block_anon3_LoopHead:
+lemma block_anon3_LoopDone:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
 "((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old m_passive_prog.block_3 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_3 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding m_before_passive_prog.block_3_def m_passive_prog.block_3_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:m_before_cfg_to_dag_prog.l_i(2) m_passive_prog.l_i_0(2)))
 by simp
 
-lemma block_anon0:
+lemma block_anon3_LoopHead:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
 "((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old m_passive_prog.block_4 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old m_passive_prog.block_4 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding m_before_passive_prog.block_4_def m_passive_prog.block_4_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:m_before_ast_to_cfg_prog.l_i(2) m_passive_prog.l_i_0(2)))
 by simp
 
-lemma block_0:
+lemma block_anon0:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_5 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
 "((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_5 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old m_passive_prog.block_5 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding m_before_passive_prog.block_5_def m_passive_prog.block_5_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_PreconditionGeneratedEntry:
+lemma block_0:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_6 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
@@ -102,6 +103,18 @@ apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding m_before_passive_prog.block_7_def m_passive_prog.block_7_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
 lemma cfg_block_GeneratedUnifiedExit:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
@@ -109,72 +122,82 @@ assumes
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 0)))))"
 by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm m_before_passive_prog.node_0},@{thm m_before_passive_prog.outEdges_0}) (@{thm m_passive_prog.node_0},@{thm m_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
 
-lemma cfg_block_anon3_LoopDone:
+lemma cfg_block_anon3_LoopBody:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
 "((R 0) = (Some (Inl 2)))" and 
 "((R 1) = (Some (Inl 1)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_1},@{thm m_before_passive_prog.outEdges_1}) (@{thm m_passive_prog.node_1},@{thm m_passive_prog.outEdges_1}) @{thm block_anon3_LoopDone} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_1},@{thm m_before_passive_prog.outEdges_1}) (@{thm m_passive_prog.node_1},@{thm m_passive_prog.outEdges_1}) @{thm block_anon3_LoopBody} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon3_LoopBody:
+lemma cfg_block_anon2:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
 "((R 0) = (Some (Inl 2)))" and 
 "((R 1) = (Some (Inl 1)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_2},@{thm m_before_passive_prog.outEdges_2}) (@{thm m_passive_prog.node_2},@{thm m_passive_prog.outEdges_2}) @{thm block_anon3_LoopBody} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_2},@{thm m_before_passive_prog.outEdges_2}) (@{thm m_passive_prog.node_2},@{thm m_passive_prog.outEdges_2}) @{thm block_anon2} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon3_LoopHead:
+lemma cfg_block_anon3_LoopDone:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
 "((R 1) = (Some (Inl 1)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_3},@{thm m_before_passive_prog.outEdges_3}) (@{thm m_passive_prog.node_3},@{thm m_passive_prog.outEdges_3}) @{thm block_anon3_LoopHead} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_3},@{thm m_before_passive_prog.outEdges_3}) (@{thm m_passive_prog.node_3},@{thm m_passive_prog.outEdges_3}) @{thm block_anon3_LoopDone} [
+@{thm cfg_block_anon2}] 1\<close>))
+
+lemma cfg_block_anon3_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_4},@{thm m_before_passive_prog.outEdges_4}) (@{thm m_passive_prog.node_4},@{thm m_passive_prog.outEdges_4}) @{thm block_anon3_LoopHead} [
 @{thm cfg_block_anon3_LoopDone}, 
 @{thm cfg_block_anon3_LoopBody}] 1\<close>))
 
 lemma cfg_block_anon0:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
 "((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_4},@{thm m_before_passive_prog.outEdges_4}) (@{thm m_passive_prog.node_4},@{thm m_passive_prog.outEdges_4}) @{thm block_anon0} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_5},@{thm m_before_passive_prog.outEdges_5}) (@{thm m_passive_prog.node_5},@{thm m_passive_prog.outEdges_5}) @{thm block_anon0} [
 @{thm cfg_block_anon3_LoopHead}] 1\<close>))
 
 lemma cfg_block_0:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
 "((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_5},@{thm m_before_passive_prog.outEdges_5}) (@{thm m_passive_prog.node_5},@{thm m_passive_prog.outEdges_5}) @{thm block_0} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_6},@{thm m_before_passive_prog.outEdges_6}) (@{thm m_passive_prog.node_6},@{thm m_passive_prog.outEdges_6}) @{thm block_0} [
 @{thm cfg_block_anon0}] 1\<close>))
 
 lemma cfg_block_PreconditionGeneratedEntry:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
 "((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_6},@{thm m_before_passive_prog.outEdges_6}) (@{thm m_passive_prog.node_6},@{thm m_passive_prog.outEdges_6}) @{thm block_PreconditionGeneratedEntry} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_7},@{thm m_before_passive_prog.outEdges_7}) (@{thm m_passive_prog.node_7},@{thm m_passive_prog.outEdges_7}) @{thm block_PreconditionGeneratedEntry} [
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] m_before_passive_prog.proc_body ((Inl 6),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] m_before_passive_prog.proc_body ((Inl 7),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls ns m_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -197,7 +220,7 @@ shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x
 apply (rule convert_fun_to_list[OF R_rel_def])
 apply ((simp add:R_list_def))
 apply ((intro conjI)?)
-apply ((simp add:m_before_cfg_to_dag_prog.l_n(2) m_passive_prog.l_n(2)))
+apply ((simp add:m_before_ast_to_cfg_prog.l_n(2) m_passive_prog.l_n(2)))
 done
 
 lemma R_wt:
@@ -229,7 +252,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding m_passive_prog.params_vdecls_def m_passive_prog.locals_vdecls_def
 by simp
@@ -259,7 +282,7 @@ lemma end_to_end:
 shows "(s' \<noteq> Failure)"
 proof
 assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] m_passive_prog.proc_body u (Inl 6)))))"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] m_passive_prog.proc_body u (Inl 7)))))"
 apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
 unfolding passive_lemma_assms_2_def
 apply (intro conjI)?
@@ -267,11 +290,11 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range m_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] m_passive_prog.proc_body ((Inl 6),(Normal u)) (mp',Failure))"
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] m_passive_prog.proc_body ((Inl 7),(Normal u)) (mp',Failure))"
 by (auto simp add: passive_sim_cfg_fail_def)
 from m_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
  apply rule
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passive_prog.thy
similarity index 59%
rename from BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passive_prog.thy
index 61a9be6..bb45bae 100644
--- a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passive_prog.thy
@@ -1,36 +1,39 @@
 theory m_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_ast_to_cfg_prog
 begin
 definition block_0
   where
     "block_0  = []"
 definition block_1
   where
-    "block_1  = [(Assume (BinOp (Var 1) Le (Var 2))),(Assert (BinOp (Var 2) Ge (Var 1)))]"
+    "block_1  = [(Assume (BinOp (Var 2) Lt (Var 1))),(Assume (BinOp (Var 3) Eq (BinOp (Var 2) Add (Lit (LInt 1))))),(Assert (BinOp (Var 3) Le (Var 1))),(Assume (Lit (LBool False)))]"
 definition block_2
   where
-    "block_2  = [(Assume (BinOp (Var 2) Lt (Var 1))),(Assume (BinOp (Var 3) Eq (BinOp (Var 2) Add (Lit (LInt 1))))),(Assert (BinOp (Var 3) Le (Var 1))),(Assume (Lit (LBool False)))]"
+    "block_2  = [(Assert (BinOp (Var 2) Ge (Var 1)))]"
 definition block_3
   where
-    "block_3  = [(Assume (BinOp (Var 2) Le (Var 1)))]"
+    "block_3  = [(Assume (BinOp (Var 1) Le (Var 2)))]"
 definition block_4
   where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assert (BinOp (Lit (LInt 0)) Le (Var 1)))]"
+    "block_4  = [(Assume (BinOp (Var 2) Le (Var 1)))]"
 definition block_5
   where
-    "block_5  = []"
+    "block_5  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assert (BinOp (Lit (LInt 0)) Le (Var 1)))]"
 definition block_6
   where
     "block_6  = []"
+definition block_7
+  where
+    "block_7  = []"
 definition outEdges
   where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
+    "outEdges  = [[],[0],[0],[2],[3,1],[4],[5],[6]]"
 definition node_to_blocks
   where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
 definition proc_body
   where
-    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
+    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
 lemma node_0:
 shows "((nth (node_to_block proc_body) 0) = block_0)"
 by (simp add:proc_body_def node_to_blocks_def)
@@ -59,6 +62,10 @@ lemma node_6:
 shows "((nth (node_to_block proc_body) 6) = block_6)"
 by (simp add:proc_body_def node_to_blocks_def)
 
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
 lemma outEdges_0:
 shows "((nth (out_edges proc_body) 0) = [])"
 by (simp add:proc_body_def outEdges_def)
@@ -72,11 +79,11 @@ shows "((nth (out_edges proc_body) 2) = [0])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
+shows "((nth (out_edges proc_body) 3) = [2])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
+shows "((nth (out_edges proc_body) 4) = [3,1])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_5:
@@ -87,6 +94,10 @@ lemma outEdges_6:
 shows "((nth (out_edges proc_body) 6) = [5])"
 by (simp add:proc_body_def outEdges_def)
 
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
 definition params_vdecls :: "(vdecls)"
   where
     "params_vdecls  = []"
@@ -104,8 +115,8 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) = {})"
+unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 lemma m_i:
@@ -125,22 +136,22 @@ shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecl
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_i:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_i
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_n:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_n
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_i_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
 using globals_locals_disj m_i_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_i_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
 using globals_locals_disj m_i_1
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_vcphase_proof.thy
similarity index 79%
rename from BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_vcphase_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_vcphase_proof.thy
index 8716396..c820d27 100644
--- a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_vcphase_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_vcphase_proof.thy
@@ -4,12 +4,15 @@ begin
 locale vc
 begin
 
-definition vc_anon3_LoopDone
-  where
-    "vc_anon3_LoopDone n i_0 = ((n \<le> i_0) \<longrightarrow> (i_0 \<ge> n))"
 definition vc_anon3_LoopBody
   where
     "vc_anon3_LoopBody i_0 n i_1 = (((i_0 < n) \<and> (i_1 = (i_0 + (1::int)))) \<longrightarrow> (i_1 \<le> n))"
+definition vc_anon2
+  where
+    "vc_anon2 i_0 n = (i_0 \<ge> n)"
+definition vc_anon3_LoopDone
+  where
+    "vc_anon3_LoopDone n i_0 = ((n \<le> i_0) \<longrightarrow> (vc_anon2 i_0 n))"
 definition vc_anon3_LoopHead
   where
     "vc_anon3_LoopHead i_0 n i_1 = ((i_0 \<le> n) \<longrightarrow> ((vc_anon3_LoopDone n i_0) \<and> (vc_anon3_LoopBody i_0 n i_1)))"
@@ -46,17 +49,6 @@ unfolding m_passive_prog.block_0_def
 apply cases
 by auto
 
-ML\<open>
-val block_anon3_LoopDone_hints = [
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon3_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding m_passive_prog.block_1_def vc.vc_anon3_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopDone_hints \<close>)
-by (auto?)
-
 ML\<open>
 val block_anon3_LoopBody_hints = [
 (AssumeConjR 1,NONE), 
@@ -65,18 +57,38 @@ val block_anon3_LoopBody_hints = [
 (AssumeFalse,NONE)]
 \<close>
 lemma block_anon3_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopBody vc_i_0 vc_n vc_i_1) \<Longrightarrow> (s' = Magic)))"
-unfolding m_passive_prog.block_2_def vc.vc_anon3_LoopBody_def
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopBody vc_i_0 vc_n vc_i_1) \<Longrightarrow> (s' = Magic)))"
+unfolding m_passive_prog.block_1_def vc.vc_anon3_LoopBody_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopBody_hints \<close>)
 by (auto?)
 
+ML\<open>
+val block_anon2_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon2AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2 vc_i_0 vc_n) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding m_passive_prog.block_2_def vc.vc_anon2_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon3_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon3_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon2 vc_i_0 vc_n)))))))"
+unfolding m_passive_prog.block_3_def vc.vc_anon3_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopDone_hints \<close>)
+by (auto?)
+
 ML\<open>
 val block_anon3_LoopHead_hints = [
 (AssumeConjR 0,NONE)]
 \<close>
 lemma block_anon3_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopHead vc_i_0 vc_n vc_i_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<and> (vc.vc_anon3_LoopBody vc_i_0 vc_n vc_i_1))))))))"
-unfolding m_passive_prog.block_3_def vc.vc_anon3_LoopHead_def
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopHead vc_i_0 vc_n vc_i_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<and> (vc.vc_anon3_LoopBody vc_i_0 vc_n vc_i_1))))))))"
+unfolding m_passive_prog.block_4_def vc.vc_anon3_LoopHead_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopHead_hints \<close>)
 by (auto?)
 
@@ -86,26 +98,26 @@ val block_anon0_hints = [
 (AssertSub,NONE)]
 \<close>
 lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_n vc_i_0 vc_i_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3_LoopHead vc_i_0 vc_n vc_i_1)))))))"
-unfolding m_passive_prog.block_4_def vc.vc_anon0_def
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_n vc_i_0 vc_i_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3_LoopHead vc_i_0 vc_n vc_i_1)))))))"
+unfolding m_passive_prog.block_5_def vc.vc_anon0_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
 by (auto?)
 
 lemma block_0:
 assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_5 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_6 (Normal n_s) s')" and 
 "(vc.vc_anon0 vc_n vc_i_0 vc_i_1)"
 shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_i_0 vc_i_1)))))"
 using assms
-unfolding m_passive_prog.block_5_def
+unfolding m_passive_prog.block_6_def
 apply cases
 by auto
 
 lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_i_0 vc_i_1)))))))"
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_i_0 vc_i_1)))))))"
 apply (erule red_cmd_list.cases)
 using global_assms
-unfolding m_passive_prog.block_6_def vc.vc_PreconditionGeneratedEntry_def
+unfolding m_passive_prog.block_7_def vc.vc_PreconditionGeneratedEntry_def
 apply (handle_cmd_list_full?)
 by (auto?)
 
@@ -117,37 +129,50 @@ apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
 apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) m_passive_prog.node_0 m_passive_prog.outEdges_0])
 using block_GeneratedUnifiedExit by blast
 
-lemma cfg_block_anon3_LoopDone:
+lemma cfg_block_anon3_LoopBody:
 assumes 
 "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3_LoopDone vc_n vc_i_0)"
+"(vc.vc_anon3_LoopBody vc_i_0 vc_n vc_i_1)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) m_passive_prog.node_1])
-apply (erule block_anon3_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_1))
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) m_passive_prog.node_1])
+by (erule block_anon3_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon2:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon2 vc_i_0 vc_n)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) m_passive_prog.node_2])
+apply (erule block_anon2AA0[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_2))
 apply (erule member_elim, simp)
 apply (erule cfg_block_GeneratedUnifiedExit, simp?)
 by (simp add: member_rec(2))
 
-lemma cfg_block_anon3_LoopBody:
+lemma cfg_block_anon3_LoopDone:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3_LoopBody vc_i_0 vc_n vc_i_1)"
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon3_LoopDone vc_n vc_i_0)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) m_passive_prog.node_2])
-by (erule block_anon3_LoopBodyAA0[OF _ assms(2)])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_3])
+apply (erule block_anon3_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:m_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2, simp?)
+by (simp add: member_rec(2))
 
 lemma cfg_block_anon3_LoopHead:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon3_LoopHead vc_i_0 vc_n vc_i_1)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_3])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_4])
 apply (erule block_anon3_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_3))
+apply ((simp add:m_passive_prog.outEdges_4))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon3_LoopDone, simp?)
 apply (erule member_elim, simp)
@@ -156,39 +181,39 @@ by (simp add: member_rec(2))
 
 lemma cfg_block_anon0:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon0 vc_n vc_i_0 vc_i_1)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_4])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_5])
 apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_4))
+apply ((simp add:m_passive_prog.outEdges_5))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon3_LoopHead, simp?)
 by (simp add: member_rec(2))
 
 lemma cfg_block_0:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon0 vc_n vc_i_0 vc_i_1)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_5])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_6])
 apply (erule block_0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_5))
+apply ((simp add:m_passive_prog.outEdges_6))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon0, simp?)
 by (simp add: member_rec(2))
 
 lemma cfg_PreconditionGeneratedEntry:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
 "(vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_6])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_7])
 apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_6))
+apply ((simp add:m_passive_prog.outEdges_7))
 apply (erule member_elim, simp)
 apply (erule cfg_block_0, simp?)
 by (simp add: member_rec(2))
@@ -220,19 +245,19 @@ declare One_nat_def[simp del]
 
 lemma end_to_end:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) \<Gamma> [] m_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) \<Gamma> [] m_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
 VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) m_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))"
 shows "(s' \<noteq> Failure)"
 proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+let ?n_s_c = "(nstate_global_restriction n_s m_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((m_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
 from ParamsLocal have sc_i:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i])
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/ROOT
new file mode 100644
index 0000000..fcc22e8
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/ROOT
@@ -0,0 +1,12 @@
+session loop_in_else_branch_proofs = Boogie_Lang + 
+directories while_in_if_true_proofs
+theories
+global_data
+"while_in_if_true_proofs/while_in_if_true_passive_prog"
+"while_in_if_true_proofs/while_in_if_true_asttocfg_proof"
+"while_in_if_true_proofs/while_in_if_true_before_passive_prog"
+"while_in_if_true_proofs/while_in_if_true_vcphase_proof"
+"while_in_if_true_proofs/while_in_if_true_cfgtodag_proof"
+"while_in_if_true_proofs/while_in_if_true_passification_proof"
+"while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog"
+"while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy
new file mode 100644
index 0000000..bb87e13
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy
@@ -0,0 +1,492 @@
+theory while_in_if_true_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML while_in_if_true_before_ast_to_cfg_prog while_in_if_true_before_cfg_to_dag_prog while_in_if_true_cfgtodag_proof while_in_if_true_passification_proof while_in_if_true_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def while_in_if_true_before_cfg_to_dag_prog.block_6_def)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_6_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_6_def while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def)+)
+done
+
+
+lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (simp)
+apply (rule cont_5_def)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_6)
+apply (rule disjI1)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.block_6_def)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.outEdges_6)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_6)
+apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5)
+apply assumption+
+
+done
+qed
+
+lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_4_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: assms(3) while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def)+)
+done
+
+
+lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T while_in_if_true_before_ast_to_cfg_prog.bigblock_3 cont_3 while_in_if_true_before_cfg_to_dag_prog.proc_body 3 while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_4)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.block_4_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_4_def)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_4)
+apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_4)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=3])+)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of while_in_if_true_before_ast_to_cfg_prog.bigblock_3 _ _ _ while_in_if_true_before_cfg_to_dag_prog.block_3])
+apply (simp add:while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def while_in_if_true_before_cfg_to_dag_prog.block_3_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of while_in_if_true_before_ast_to_cfg_prog.bigblock_3])
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def)+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.block_3_def while_in_if_true_before_cfg_to_dag_prog.node_3)+)
+apply (rule cont_3_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_3_def cont_4_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 5])+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_5)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_5)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_fails_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_2_def)
+apply (rule push_through_assumption1)
+apply (simp)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply ((simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def)+)
+apply (rule neg_gt)
+apply (rule guardHint)
+done
+
+
+lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def while_in_if_true_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def while_in_if_true_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def while_in_if_true_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_2_def)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_2)
+
+apply (rule disjI2)
+
+apply (rule disjI2)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_2)
+apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def)
+apply ((simp)+)
+apply (rule guardHint)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of while_in_if_true_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def)
+
+apply (rule astTrace)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_1)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.block_1_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_1_def)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_1)
+
+
+
+
+apply ((erule allE[where x = 6])+)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def while_in_if_true_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_0 _ while_in_if_true_before_cfg_to_dag_prog.block_0])
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_0)
+apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 2])+)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_y_2::int). (vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_in_if_true_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def while_in_if_true_before_ast_to_cfg_prog.pres_def while_in_if_true_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def while_in_if_true_before_ast_to_cfg_prog.pres_def while_in_if_true_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_5] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_5_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_y_2::int). (vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) while_in_if_true_before_ast_to_cfg_prog.fdecls while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls while_in_if_true_before_ast_to_cfg_prog.axioms while_in_if_true_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding while_in_if_true_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 while_in_if_true_before_ast_to_cfg_prog.ast_proc_def while_in_if_true_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..99b2a09
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy
@@ -0,0 +1,144 @@
+theory while_in_if_true_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BigBlock (None ) [] (None ) (None ))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [(Assert (BinOp (Var 0) Lt (Lit (LInt 0))))] (None ) (None ))"
+definition cont_5
+  where
+    "cont_5  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_5 cont_5)"
+definition cont_1
+  where
+    "cont_1  = (KSeq bigblock_5 cont_5)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_5 cont_5)"
+definition cont_3
+  where
+    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_5]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = while_in_if_true_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_in_if_true_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec while_in_if_true_before_ast_to_cfg_prog.post),proc_body = (Some (while_in_if_true_before_ast_to_cfg_prog.locals_vdecls,while_in_if_true_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..48961c3
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy
@@ -0,0 +1,191 @@
+theory while_in_if_true_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0),(Havoc 1)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_6
+  where
+    "block_6  = [(Assert (BinOp (Var 0) Lt (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1,2],[6],[3],[5,4],[3],[6],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [5,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding while_in_if_true_before_cfg_to_dag_prog.constants_vdecls_def while_in_if_true_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding while_in_if_true_before_cfg_to_dag_prog.constants_vdecls_def while_in_if_true_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding while_in_if_true_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding while_in_if_true_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = while_in_if_true_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_in_if_true_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec while_in_if_true_before_cfg_to_dag_prog.post),proc_body = (Some (while_in_if_true_before_cfg_to_dag_prog.locals_vdecls,while_in_if_true_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy
new file mode 100644
index 0000000..27f96bc
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy
@@ -0,0 +1,139 @@
+theory while_in_if_true_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util while_in_if_true_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assert (BinOp (Var 0) Lt (Lit (LInt 0))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_5
+  where
+    "block_5  = [(Havoc 1)]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_7
+  where
+    "block_7  = [(Havoc 0),(Havoc 1)]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1],[1],[0],[3,4],[5],[2,6],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [2,6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy
new file mode 100644
index 0000000..d5e1568
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy
@@ -0,0 +1,479 @@
+theory while_in_if_true_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML while_in_if_true_before_ast_to_cfg_prog while_in_if_true_before_cfg_to_dag_prog while_in_if_true_before_passive_prog while_in_if_true_passification_proof while_in_if_true_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_in_if_true_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def while_in_if_true_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule while_in_if_true_before_passive_prog.node_0)
+apply simp
+unfolding while_in_if_true_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_6_def while_in_if_true_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_6)
+apply (rule while_in_if_true_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon4)
+apply assumption+
+apply (rule while_in_if_true_before_cfg_to_dag_prog.outEdges_6)
+apply (rule while_in_if_true_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon5_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_1_def while_in_if_true_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_1)
+apply (rule while_in_if_true_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon5_Then)
+apply (assumption+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_2))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_5_def while_in_if_true_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_5)
+apply (rule while_in_if_true_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon6_LoopDone)
+apply (assumption+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopBody:
+shows "(mods_contained_in (set [1]) while_in_if_true_before_cfg_to_dag_prog.block_4)"
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_4 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_4_def while_in_if_true_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body [1] [] while_in_if_true_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_4)
+apply (rule while_in_if_true_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon6_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon6_LoopBody)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopHead:
+shows "(mods_contained_in (set [1]) while_in_if_true_before_cfg_to_dag_prog.block_3)"
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_3_def while_in_if_true_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_3)
+apply (rule while_in_if_true_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon6_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon6_LoopHead)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon5_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_2_def while_in_if_true_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_2)
+apply (rule while_in_if_true_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon5_Else)
+apply (assumption+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_0_def while_in_if_true_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_0)
+apply (rule while_in_if_true_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_8))
+by ((simp add:while_in_if_true_before_passive_prog.node_8 while_in_if_true_before_passive_prog.block_8_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_in_if_true_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule while_in_if_true_before_passive_prog.node_9)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding while_in_if_true_before_passive_prog.block_9_def
+apply (rule assume_pres_normal[where ?es=while_in_if_true_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding while_in_if_true_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule while_in_if_true_before_passive_prog.outEdges_9)
+apply ((simp add:while_in_if_true_before_passive_prog.node_8 while_in_if_true_before_passive_prog.block_8_def))
+apply (rule while_in_if_true_before_passive_prog.outEdges_8)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_y_2::int). (vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_in_if_true_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule while_in_if_true_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy
new file mode 100644
index 0000000..a882711
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy
@@ -0,0 +1,351 @@
+theory while_in_if_true_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util while_in_if_true_before_ast_to_cfg_prog while_in_if_true_passive_prog Boogie_Lang.PassificationML while_in_if_true_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_0_def while_in_if_true_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_1_def while_in_if_true_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old while_in_if_true_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_2_def while_in_if_true_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))" and 
+"((R 1) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old while_in_if_true_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_3_def while_in_if_true_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(1,(Inl 7))]) R_old while_in_if_true_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_4_def while_in_if_true_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(2) while_in_if_true_passive_prog.l_y_2(2)))
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(1,(Inl 5))]) R_old while_in_if_true_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_5_def while_in_if_true_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(2) while_in_if_true_passive_prog.l_y_1(2)))
+by simp
+
+lemma block_anon5_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(0,(Inl 4))]) R_old while_in_if_true_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_6_def while_in_if_true_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old while_in_if_true_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_7_def while_in_if_true_passive_prog.block_7_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_0(2)))
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(2) while_in_if_true_passive_prog.l_y_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_8_def while_in_if_true_passive_prog.block_8_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_9_def while_in_if_true_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_0},@{thm while_in_if_true_before_passive_prog.outEdges_0}) (@{thm while_in_if_true_passive_prog.node_0},@{thm while_in_if_true_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_1},@{thm while_in_if_true_before_passive_prog.outEdges_1}) (@{thm while_in_if_true_passive_prog.node_1},@{thm while_in_if_true_passive_prog.outEdges_1}) @{thm block_anon4} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_2},@{thm while_in_if_true_before_passive_prog.outEdges_2}) (@{thm while_in_if_true_passive_prog.node_2},@{thm while_in_if_true_passive_prog.outEdges_2}) @{thm block_anon5_Then} [
+@{thm cfg_block_anon4}] 1\<close>))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))" and 
+"((R 1) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_3},@{thm while_in_if_true_before_passive_prog.outEdges_3}) (@{thm while_in_if_true_passive_prog.node_3},@{thm while_in_if_true_passive_prog.outEdges_3}) @{thm block_anon6_LoopDone} [
+@{thm cfg_block_anon4}] 1\<close>))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_4},@{thm while_in_if_true_before_passive_prog.outEdges_4}) (@{thm while_in_if_true_passive_prog.node_4},@{thm while_in_if_true_passive_prog.outEdges_4}) @{thm block_anon6_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_5},@{thm while_in_if_true_before_passive_prog.outEdges_5}) (@{thm while_in_if_true_passive_prog.node_5},@{thm while_in_if_true_passive_prog.outEdges_5}) @{thm block_anon6_LoopHead} [
+@{thm cfg_block_anon6_LoopDone}, 
+@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon5_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_6},@{thm while_in_if_true_before_passive_prog.outEdges_6}) (@{thm while_in_if_true_passive_prog.node_6},@{thm while_in_if_true_passive_prog.outEdges_6}) @{thm block_anon5_Else} [
+@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_7},@{thm while_in_if_true_before_passive_prog.outEdges_7}) (@{thm while_in_if_true_passive_prog.node_7},@{thm while_in_if_true_passive_prog.outEdges_7}) @{thm block_anon0} [
+@{thm cfg_block_anon5_Then}, 
+@{thm cfg_block_anon5_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_8},@{thm while_in_if_true_before_passive_prog.outEdges_8}) (@{thm while_in_if_true_passive_prog.node_8},@{thm while_in_if_true_passive_prog.outEdges_8}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_9},@{thm while_in_if_true_before_passive_prog.outEdges_9}) (@{thm while_in_if_true_passive_prog.node_9},@{thm while_in_if_true_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_y_2::int). (vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls ns while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv while_in_if_true_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding while_in_if_true_passive_prog.params_vdecls_def while_in_if_true_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using while_in_if_true_before_passive_prog.globals_locals_disj apply auto[1]
+using while_in_if_true_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] while_in_if_true_passive_prog.proc_body u (Inl 9)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range while_in_if_true_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] while_in_if_true_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from while_in_if_true_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy
new file mode 100644
index 0000000..ae3c1bb
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy
@@ -0,0 +1,217 @@
+theory while_in_if_true_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util while_in_if_true_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assert (BinOp (Var 6) Lt (Lit (LInt 0))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 6) Eq (Var 2)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 5))),(Assume (BinOp (Var 6) Eq (Var 4)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 5) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 7) Eq (BinOp (Var 5) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2))),(Assume (BinOp (Var 4) Eq (BinOp (Var 2) Sub (Lit (LInt 1)))))]"
+definition block_7
+  where
+    "block_7  = []"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1],[1],[0],[3,4],[5],[2,6],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [2,6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding while_in_if_true_passive_prog.params_vdecls_def while_in_if_true_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)))) = {})"
+unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy
new file mode 100644
index 0000000..a29e095
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy
@@ -0,0 +1,373 @@
+theory while_in_if_true_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML while_in_if_true_passive_prog while_in_if_true_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon6_LoopBody
+  where
+    "vc_anon6_LoopBody  = True"
+definition vc_anon4
+  where
+    "vc_anon4 x_2 = (x_2 < (0::int))"
+definition vc_anon5_Then
+  where
+    "vc_anon5_Then x_0 x_2 = (((x_0 > (0::int)) \<and> (x_2 = x_0)) \<longrightarrow> (vc_anon4 x_2))"
+definition vc_anon6_LoopDone
+  where
+    "vc_anon6_LoopDone y_1 x_2 x_1 = ((((0::int) \<ge> y_1) \<and> (x_2 = x_1)) \<longrightarrow> (vc_anon4 x_2))"
+definition vc_anon5_Else
+  where
+    "vc_anon5_Else x_0 x_1 y_1 x_2 = ((((0::int) \<ge> x_0) \<and> (x_1 = (x_0 - (1::int)))) \<longrightarrow> ((vc_anon6_LoopDone y_1 x_2 x_1) \<and> (vc_anon6_LoopBody )))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 x_2 x_1 y_1 = ((vc_anon5_Then x_0 x_2) \<and> (vc_anon5_Else x_0 x_1 y_1 x_2))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_x_1 :: "int" and vc_y_1 :: "int" and vc_x_2 :: "int" and vc_y_2 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_1)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_1)))" and 
+G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_2)))" and 
+G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_2)))" and 
+G8: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8
+lemmas forall_poly_thm = forall_vc_type[OF G8]
+lemmas exists_poly_thm = exists_vc_type[OF G8]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding while_in_if_true_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon4_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon4AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding while_in_if_true_passive_prog.block_1_def vc.vc_anon4_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_Then_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_Then vc_x_0 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_2)))))))"
+unfolding while_in_if_true_passive_prog.block_2_def vc.vc_anon5_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopDone_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon6_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_2)))))))"
+unfolding while_in_if_true_passive_prog.block_3_def vc.vc_anon6_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon6_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody ) \<Longrightarrow> (s' = Magic)))"
+unfolding while_in_if_true_passive_prog.block_4_def vc.vc_anon6_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
+by (auto?)
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_5 (Normal n_s) s')" and 
+"((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))))))"
+using assms
+unfolding while_in_if_true_passive_prog.block_5_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon5_Else_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))))))))"
+unfolding while_in_if_true_passive_prog.block_6_def vc.vc_anon5_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_7 (Normal n_s) s')" and 
+"((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))))))"
+using assms
+unfolding while_in_if_true_passive_prog.block_7_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_8 (Normal n_s) s')" and 
+"((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))))))"
+using assms
+unfolding while_in_if_true_passive_prog.block_8_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding while_in_if_true_passive_prog.block_9_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) while_in_if_true_passive_prog.node_0 while_in_if_true_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) while_in_if_true_passive_prog.node_1])
+apply (erule block_anon4AA0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_Then vc_x_0 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_2])
+apply (erule block_anon5_ThenAA0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_3])
+apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopBody )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) while_in_if_true_passive_prog.node_4])
+by (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_5])
+apply (erule block_anon6_LoopHead[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_6])
+apply (erule block_anon5_ElseAA0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_7])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_8])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_9])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_y_2::int). (vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s while_in_if_true_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((while_in_if_true_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/ROOT
new file mode 100644
index 0000000..927fd96
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/ROOT
@@ -0,0 +1,12 @@
+session loop_in_then_branch_proofs = Boogie_Lang + 
+directories while_in_if_true_proofs
+theories
+global_data
+"while_in_if_true_proofs/while_in_if_true_passive_prog"
+"while_in_if_true_proofs/while_in_if_true_asttocfg_proof"
+"while_in_if_true_proofs/while_in_if_true_before_passive_prog"
+"while_in_if_true_proofs/while_in_if_true_vcphase_proof"
+"while_in_if_true_proofs/while_in_if_true_cfgtodag_proof"
+"while_in_if_true_proofs/while_in_if_true_passification_proof"
+"while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog"
+"while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy
new file mode 100644
index 0000000..69f2caa
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy
@@ -0,0 +1,488 @@
+theory while_in_if_true_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML while_in_if_true_before_ast_to_cfg_prog while_in_if_true_before_cfg_to_dag_prog while_in_if_true_cfgtodag_proof while_in_if_true_passification_proof while_in_if_true_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def while_in_if_true_before_cfg_to_dag_prog.block_6_def)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_6_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_6_def while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def)+)
+done
+
+
+lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (simp)
+apply (rule cont_5_def)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_6)
+apply (rule disjI1)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.block_6_def)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.outEdges_6)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_6)
+apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5)
+apply assumption+
+
+done
+qed
+
+lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of while_in_if_true_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def)
+
+apply (rule astTrace)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_5)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.block_5_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_4_def)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_5)
+
+
+
+
+apply ((erule allE[where x = 6])+)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_5)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5)
+apply (simp)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_3_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_3_def)
+apply ((simp add: assms(3) while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def)+)
+done
+
+
+lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T while_in_if_true_before_ast_to_cfg_prog.bigblock_2 cont_2 while_in_if_true_before_cfg_to_dag_prog.proc_body 2 while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_3)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.block_3_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_3_def)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_3)
+apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_3)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=2])+)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_3)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_2_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of while_in_if_true_before_ast_to_cfg_prog.bigblock_2 _ _ _ while_in_if_true_before_cfg_to_dag_prog.block_2])
+apply (simp add:while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def while_in_if_true_before_cfg_to_dag_prog.block_2_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of while_in_if_true_before_ast_to_cfg_prog.bigblock_2])
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def)+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.block_2_def while_in_if_true_before_cfg_to_dag_prog.node_2)+)
+apply (rule cont_2_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: cont_2_def while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def cont_3_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_2_def cont_3_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_4)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_4_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_4)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_4)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_4_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_4)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_1_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_1_def)
+apply ((simp add: assms(3) while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def)+)
+done
+
+
+lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def while_in_if_true_before_cfg_to_dag_prog.block_1_def)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def while_in_if_true_before_cfg_to_dag_prog.block_1_def)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def while_in_if_true_before_cfg_to_dag_prog.block_1_def)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_1_def)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_1)
+
+apply (rule disjI2)
+apply (rule disjI1)
+
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_1_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (simp)
+
+
+apply (rule guardHint)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_1)
+apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def)
+apply ((simp)+)
+apply (rule guardHint)
+apply ((erule allE[where x = 2])+)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def cont_1_def cont_2_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def while_in_if_true_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_0 _ while_in_if_true_before_cfg_to_dag_prog.block_0])
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_0)
+apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 5])+)
+apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_in_if_true_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def while_in_if_true_before_ast_to_cfg_prog.pres_def while_in_if_true_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def while_in_if_true_before_ast_to_cfg_prog.pres_def while_in_if_true_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_5] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_5_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) while_in_if_true_before_ast_to_cfg_prog.fdecls while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls while_in_if_true_before_ast_to_cfg_prog.axioms while_in_if_true_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding while_in_if_true_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 while_in_if_true_before_ast_to_cfg_prog.ast_proc_def while_in_if_true_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..742c956
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy
@@ -0,0 +1,144 @@
+theory while_in_if_true_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))] (None ) (None ))"
+definition cont_5
+  where
+    "cont_5  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_5 cont_5)"
+definition cont_1
+  where
+    "cont_1  = (KSeq bigblock_5 cont_5)"
+definition cont_2
+  where
+    "cont_2  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
+definition cont_3
+  where
+    "cont_3  = (KSeq bigblock_2 cont_2)"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_5 cont_5)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_5]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = while_in_if_true_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_in_if_true_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec while_in_if_true_before_ast_to_cfg_prog.post),proc_body = (Some (while_in_if_true_before_ast_to_cfg_prog.locals_vdecls,while_in_if_true_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..1095a15
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy
@@ -0,0 +1,191 @@
+theory while_in_if_true_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0),(Havoc 1)]"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_2
+  where
+    "block_2  = []"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_6
+  where
+    "block_6  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1,5],[2],[4,3],[2],[6],[6],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [4,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding while_in_if_true_before_cfg_to_dag_prog.constants_vdecls_def while_in_if_true_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding while_in_if_true_before_cfg_to_dag_prog.constants_vdecls_def while_in_if_true_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding while_in_if_true_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding while_in_if_true_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = while_in_if_true_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_in_if_true_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec while_in_if_true_before_cfg_to_dag_prog.post),proc_body = (Some (while_in_if_true_before_cfg_to_dag_prog.locals_vdecls,while_in_if_true_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy
new file mode 100644
index 0000000..8b7d6eb
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy
@@ -0,0 +1,139 @@
+theory while_in_if_true_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util while_in_if_true_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_5
+  where
+    "block_5  = [(Havoc 1)]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_7
+  where
+    "block_7  = [(Havoc 0),(Havoc 1)]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[2],[4,1],[5],[6,3],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy
new file mode 100644
index 0000000..0d136c4
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy
@@ -0,0 +1,479 @@
+theory while_in_if_true_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML while_in_if_true_before_ast_to_cfg_prog while_in_if_true_before_cfg_to_dag_prog while_in_if_true_before_passive_prog while_in_if_true_passification_proof while_in_if_true_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_in_if_true_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def while_in_if_true_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule while_in_if_true_before_passive_prog.node_0)
+apply simp
+unfolding while_in_if_true_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma Mods_anon6_LoopBody:
+shows "(mods_contained_in (set [1]) while_in_if_true_before_cfg_to_dag_prog.block_3)"
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_1 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_3_def while_in_if_true_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body [1] [] while_in_if_true_before_ast_to_cfg_prog.post ns1 s' 2 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_3)
+apply (rule while_in_if_true_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon6_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon6_LoopBody)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_6_def while_in_if_true_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_6)
+apply (rule while_in_if_true_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon4)
+apply assumption+
+apply (rule while_in_if_true_before_cfg_to_dag_prog.outEdges_6)
+apply (rule while_in_if_true_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon5_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_5_def while_in_if_true_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_5)
+apply (rule while_in_if_true_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon5_Else)
+apply (assumption+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_4_def while_in_if_true_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_4)
+apply (rule while_in_if_true_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon6_LoopDone)
+apply (assumption+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopHead:
+shows "(mods_contained_in (set [1]) while_in_if_true_before_cfg_to_dag_prog.block_2)"
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_2_def while_in_if_true_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_2)
+apply (rule while_in_if_true_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon6_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon6_LoopHead)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon5_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_1_def while_in_if_true_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_1)
+apply (rule while_in_if_true_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon5_Then)
+apply (assumption+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding while_in_if_true_before_cfg_to_dag_prog.block_0_def while_in_if_true_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule while_in_if_true_before_cfg_to_dag_prog.node_0)
+apply (rule while_in_if_true_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:while_in_if_true_before_passive_prog.outEdges_8))
+by ((simp add:while_in_if_true_before_passive_prog.node_8 while_in_if_true_before_passive_prog.block_8_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_in_if_true_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule while_in_if_true_before_passive_prog.node_9)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding while_in_if_true_before_passive_prog.block_9_def
+apply (rule assume_pres_normal[where ?es=while_in_if_true_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding while_in_if_true_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule while_in_if_true_before_passive_prog.outEdges_9)
+apply ((simp add:while_in_if_true_before_passive_prog.node_8 while_in_if_true_before_passive_prog.block_8_def))
+apply (rule while_in_if_true_before_passive_prog.outEdges_8)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_in_if_true_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule while_in_if_true_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy
new file mode 100644
index 0000000..70486eb
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy
@@ -0,0 +1,351 @@
+theory while_in_if_true_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util while_in_if_true_before_ast_to_cfg_prog while_in_if_true_passive_prog Boogie_Lang.PassificationML while_in_if_true_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_0_def while_in_if_true_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(1,(Inl 7))]) R_old while_in_if_true_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_1_def while_in_if_true_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(2) while_in_if_true_passive_prog.l_y_2(2)))
+by simp
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_2_def while_in_if_true_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old while_in_if_true_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_3_def while_in_if_true_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))" and 
+"((R 1) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old while_in_if_true_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_4_def while_in_if_true_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(1,(Inl 5))]) R_old while_in_if_true_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_5_def while_in_if_true_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(2) while_in_if_true_passive_prog.l_y_1(2)))
+by simp
+
+lemma block_anon5_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(0,(Inl 4))]) R_old while_in_if_true_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_6_def while_in_if_true_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old while_in_if_true_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_7_def while_in_if_true_passive_prog.block_7_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_0(2)))
+apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(2) while_in_if_true_passive_prog.l_y_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_8_def while_in_if_true_passive_prog.block_8_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding while_in_if_true_before_passive_prog.block_9_def while_in_if_true_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_0},@{thm while_in_if_true_before_passive_prog.outEdges_0}) (@{thm while_in_if_true_passive_prog.node_0},@{thm while_in_if_true_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_1},@{thm while_in_if_true_before_passive_prog.outEdges_1}) (@{thm while_in_if_true_passive_prog.node_1},@{thm while_in_if_true_passive_prog.outEdges_1}) @{thm block_anon6_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_2},@{thm while_in_if_true_before_passive_prog.outEdges_2}) (@{thm while_in_if_true_passive_prog.node_2},@{thm while_in_if_true_passive_prog.outEdges_2}) @{thm block_anon4} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon5_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_3},@{thm while_in_if_true_before_passive_prog.outEdges_3}) (@{thm while_in_if_true_passive_prog.node_3},@{thm while_in_if_true_passive_prog.outEdges_3}) @{thm block_anon5_Else} [
+@{thm cfg_block_anon4}] 1\<close>))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))" and 
+"((R 1) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_4},@{thm while_in_if_true_before_passive_prog.outEdges_4}) (@{thm while_in_if_true_passive_prog.node_4},@{thm while_in_if_true_passive_prog.outEdges_4}) @{thm block_anon6_LoopDone} [
+@{thm cfg_block_anon4}] 1\<close>))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_5},@{thm while_in_if_true_before_passive_prog.outEdges_5}) (@{thm while_in_if_true_passive_prog.node_5},@{thm while_in_if_true_passive_prog.outEdges_5}) @{thm block_anon6_LoopHead} [
+@{thm cfg_block_anon6_LoopDone}, 
+@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon5_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_6},@{thm while_in_if_true_before_passive_prog.outEdges_6}) (@{thm while_in_if_true_passive_prog.node_6},@{thm while_in_if_true_passive_prog.outEdges_6}) @{thm block_anon5_Then} [
+@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_7},@{thm while_in_if_true_before_passive_prog.outEdges_7}) (@{thm while_in_if_true_passive_prog.node_7},@{thm while_in_if_true_passive_prog.outEdges_7}) @{thm block_anon0} [
+@{thm cfg_block_anon5_Then}, 
+@{thm cfg_block_anon5_Else}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_8},@{thm while_in_if_true_before_passive_prog.outEdges_8}) (@{thm while_in_if_true_passive_prog.node_8},@{thm while_in_if_true_passive_prog.outEdges_8}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_9},@{thm while_in_if_true_before_passive_prog.outEdges_9}) (@{thm while_in_if_true_passive_prog.node_9},@{thm while_in_if_true_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls ns while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv while_in_if_true_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding while_in_if_true_passive_prog.params_vdecls_def while_in_if_true_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using while_in_if_true_before_passive_prog.globals_locals_disj apply auto[1]
+using while_in_if_true_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] while_in_if_true_passive_prog.proc_body u (Inl 9)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range while_in_if_true_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] while_in_if_true_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from while_in_if_true_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy
new file mode 100644
index 0000000..df4688e
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy
@@ -0,0 +1,217 @@
+theory while_in_if_true_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util while_in_if_true_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 5) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 7) Eq (BinOp (Var 5) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assert (BinOp (Var 6) Ge (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2))),(Assume (BinOp (Var 6) Eq (Var 2)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 5))),(Assume (BinOp (Var 6) Eq (Var 4)))]"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 4) Eq (BinOp (Var 2) Sub (Lit (LInt 1)))))]"
+definition block_7
+  where
+    "block_7  = []"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[2],[4,1],[5],[6,3],[7],[8]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(6,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding while_in_if_true_passive_prog.params_vdecls_def while_in_if_true_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)))) = {})"
+unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy
new file mode 100644
index 0000000..08b3d54
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy
@@ -0,0 +1,373 @@
+theory while_in_if_true_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML while_in_if_true_passive_prog while_in_if_true_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon4
+  where
+    "vc_anon4 x_2 = (x_2 \<ge> (0::int))"
+definition vc_anon5_Else
+  where
+    "vc_anon5_Else x_0 x_2 = ((((0::int) \<ge> x_0) \<and> (x_2 = x_0)) \<longrightarrow> (vc_anon4 x_2))"
+definition vc_anon6_LoopDone
+  where
+    "vc_anon6_LoopDone y_1 x_2 x_1 = ((((0::int) \<ge> y_1) \<and> (x_2 = x_1)) \<longrightarrow> (vc_anon4 x_2))"
+definition vc_anon6_LoopBody
+  where
+    "vc_anon6_LoopBody  = True"
+definition vc_anon5_Then
+  where
+    "vc_anon5_Then x_0 x_1 y_1 x_2 = (((x_0 > (0::int)) \<and> (x_1 = (x_0 - (1::int)))) \<longrightarrow> ((vc_anon6_LoopDone y_1 x_2 x_1) \<and> (vc_anon6_LoopBody )))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 x_1 y_1 x_2 = ((vc_anon5_Then x_0 x_1 y_1 x_2) \<and> (vc_anon5_Else x_0 x_2))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_x_1 :: "int" and vc_y_1 :: "int" and vc_y_2 :: "int" and vc_x_2 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_1)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_1)))" and 
+G6: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_2)))" and 
+G7: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_2)))" and 
+G8: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8
+lemmas forall_poly_thm = forall_vc_type[OF G8]
+lemmas exists_poly_thm = exists_vc_type[OF G8]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding while_in_if_true_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon6_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon6_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody ) \<Longrightarrow> (s' = Magic)))"
+unfolding while_in_if_true_passive_prog.block_1_def vc.vc_anon6_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon4AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding while_in_if_true_passive_prog.block_2_def vc.vc_anon4_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_Else_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_Else vc_x_0 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_2)))))))"
+unfolding while_in_if_true_passive_prog.block_3_def vc.vc_anon5_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_Else_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopDone_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon6_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_2)))))))"
+unfolding while_in_if_true_passive_prog.block_4_def vc.vc_anon6_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_5 (Normal n_s) s')" and 
+"((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))))))"
+using assms
+unfolding while_in_if_true_passive_prog.block_5_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon5_Then_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))))))))"
+unfolding while_in_if_true_passive_prog.block_6_def vc.vc_anon5_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_Then_hints \<close>)
+by (auto?)
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_7 (Normal n_s) s')" and 
+"((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))))))"
+using assms
+unfolding while_in_if_true_passive_prog.block_7_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_8 (Normal n_s) s')" and 
+"((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))))))"
+using assms
+unfolding while_in_if_true_passive_prog.block_8_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding while_in_if_true_passive_prog.block_9_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) while_in_if_true_passive_prog.node_0 while_in_if_true_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopBody )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) while_in_if_true_passive_prog.node_1])
+by (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) while_in_if_true_passive_prog.node_2])
+apply (erule block_anon4AA0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_Else vc_x_0 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_3])
+apply (erule block_anon5_ElseAA0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_4])
+apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_5])
+apply (erule block_anon6_LoopHead[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_6])
+apply (erule block_anon5_ThenAA0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_7])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_8])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_9])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:while_in_if_true_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s while_in_if_true_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((while_in_if_true_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/ROOT
new file mode 100644
index 0000000..2428332
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/ROOT
@@ -0,0 +1,12 @@
+session nested_if_proofs = Boogie_Lang + 
+directories nested_if_proofs
+theories
+global_data
+"nested_if_proofs/nested_if_vcphase_proof"
+"nested_if_proofs/nested_if_before_passive_prog"
+"nested_if_proofs/nested_if_before_cfg_to_dag_prog"
+"nested_if_proofs/nested_if_cfgtodag_proof"
+"nested_if_proofs/nested_if_passification_proof"
+"nested_if_proofs/nested_if_before_ast_to_cfg_prog"
+"nested_if_proofs/nested_if_asttocfg_proof"
+"nested_if_proofs/nested_if_passive_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_asttocfg_proof.thy
new file mode 100644
index 0000000..5af288c
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_asttocfg_proof.thy
@@ -0,0 +1,387 @@
+theory nested_if_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_if_before_ast_to_cfg_prog nested_if_before_cfg_to_dag_prog nested_if_cfgtodag_proof nested_if_passification_proof nested_if_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A nested_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma global_rel_nested_if_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_if_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of nested_if_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_4_def)
+
+apply (rule astTrace)
+apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (simp)
+apply (rule cont_4_def)
+apply (rule nested_if_before_cfg_to_dag_prog.node_4)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule nested_if_before_cfg_to_dag_prog.block_4_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply ( rule neg_gt)
+apply (rule guardHint)
+apply (rule nested_if_before_cfg_to_dag_prog.outEdges_4)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: nested_if_before_cfg_to_dag_prog.node_4)
+apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma rel_nested_if_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV False))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
+unfolding nested_if_before_cfg_to_dag_prog.block_3_def
+apply (rule guard_fails_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of nested_if_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply (simp add: nested_if_before_cfg_to_dag_prog.block_3_def)
+apply (rule push_through_assumption1)
+apply (simp)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply ((simp add: nested_if_before_ast_to_cfg_prog.bigblock_3_def)+)
+apply (rule neg_gt)
+apply (rule guardHint)
+done
+
+
+lemma global_rel_nested_if_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_if_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of nested_if_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+apply (rule cont_3_def)
+apply (rule nested_if_before_cfg_to_dag_prog.node_3)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule nested_if_before_cfg_to_dag_prog.block_3_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply ( rule neg_gt)
+apply (rule guardHint)
+apply (rule nested_if_before_cfg_to_dag_prog.outEdges_3)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: nested_if_before_cfg_to_dag_prog.node_3)
+apply (rule rel_nested_if_before_ast_to_cfg_prog_bigblock_3)
+apply assumption+
+apply (rule guardHint)
+done
+qed
+
+lemma rel_nested_if_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding nested_if_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of nested_if_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: nested_if_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: assms(3) nested_if_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_nested_if_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_if_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of nested_if_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (simp)
+apply (rule cont_2_def)
+apply (rule nested_if_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule nested_if_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule nested_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: nested_if_before_cfg_to_dag_prog.node_2)
+apply (rule rel_nested_if_before_ast_to_cfg_prog_bigblock_2)
+apply assumption+
+apply (rule guardHint)
+done
+qed
+
+lemma global_rel_nested_if_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_if_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Invs[of nested_if_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: nested_if_before_cfg_to_dag_prog.block_1_def nested_if_before_ast_to_cfg_prog.bigblock_1_def)
+
+apply (rule astTrace)
+apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_1_def)
+apply (rule nested_if_before_cfg_to_dag_prog.node_1)
+
+apply (rule disjI2)
+apply (rule disjI1)
+
+apply (simp add: nested_if_before_cfg_to_dag_prog.block_1_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (simp)
+
+
+apply (rule guardHint)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+
+
+
+
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add: nested_if_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_nested_if_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def nested_if_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: nested_if_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_nested_if_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: cont_1_def nested_if_before_ast_to_cfg_prog.bigblock_3_def cont_3_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+lemma global_rel_nested_if_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_if_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Invs[of nested_if_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: nested_if_before_cfg_to_dag_prog.block_0_def nested_if_before_ast_to_cfg_prog.bigblock_0_def)
+
+apply (rule astTrace)
+apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule nested_if_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: nested_if_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+
+
+
+
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: nested_if_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_nested_if_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def nested_if_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+apply (simp)
+apply ((erule allE[where x = 4])+)
+apply ((simp add: nested_if_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_nested_if_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_0_def nested_if_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (nested_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_m_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A nested_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_if_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_if_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_nested_if_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def nested_if_before_ast_to_cfg_prog.pres_def nested_if_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def nested_if_before_ast_to_cfg_prog.pres_def nested_if_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (nested_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_m_0::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) nested_if_before_ast_to_cfg_prog.fdecls nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls nested_if_before_ast_to_cfg_prog.axioms nested_if_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding nested_if_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_if_before_ast_to_cfg_prog.ast_proc_def nested_if_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..d5d245e
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_to_cfg_prog.thy
@@ -0,0 +1,138 @@
+theory nested_if_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Add (Var 0)))] (None ) (None ))] [(BigBlock (None ) [(Assign 1 (Var 0))] (None ) (None ))])) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Add (Var 0)))] (None ) (None ))] [(BigBlock (None ) [(Assign 1 (Var 0))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 1 (BinOp (Var 1) Add (Var 0)))] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [(Assign 1 (Var 0))] (None ) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [] (None ) (None ))"
+definition cont_0
+  where
+    "cont_0  = KStop"
+definition cont_1
+  where
+    "cont_1  = KStop"
+definition cont_2
+  where
+    "cont_2  = KStop"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_4
+  where
+    "cont_4  = KStop"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding nested_if_before_ast_to_cfg_prog.constants_vdecls_def nested_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding nested_if_before_ast_to_cfg_prog.constants_vdecls_def nested_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding nested_if_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding nested_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding nested_if_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding nested_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_n:
+shows "((map_of (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_m:
+shows "((map_of (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_n:
+shows "((lookup_var_decl ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_m:
+shows "((lookup_var_decl ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = nested_if_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_if_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_if_before_ast_to_cfg_prog.post),proc_body = (Some (nested_if_before_ast_to_cfg_prog.locals_vdecls,nested_if_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy
similarity index 54%
rename from BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy
index c1812a8..2160236 100644
--- a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy
@@ -3,22 +3,22 @@ imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global
 begin
 definition block_0
   where
-    "block_0  = [(Havoc 0),(Havoc 1)]"
+    "block_0  = []"
 definition block_1
   where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
 definition block_2
   where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Add (Var 0)))]"
 definition block_3
   where
     "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 1 (Var 0))]"
 definition block_4
   where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Add (Var 0)))]"
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
 definition outEdges
   where
-    "outEdges  = [[2,1],[],[4,3],[],[]]"
+    "outEdges  = [[1,4],[2,3],[],[],[]]"
 definition node_to_blocks
   where
     "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
@@ -46,15 +46,15 @@ shows "((nth (node_to_block proc_body) 4) = block_4)"
 by (simp add:proc_body_def node_to_blocks_def)
 
 lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [2,1])"
+shows "((nth (out_edges proc_body) 0) = [1,4])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [])"
+shows "((nth (out_edges proc_body) 1) = [2,3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [4,3])"
+shows "((nth (out_edges proc_body) 2) = [])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_3:
@@ -77,6 +77,28 @@ definition params_vdecls :: "(vdecls)"
 definition locals_vdecls :: "(vdecls)"
   where
     "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding nested_if_before_cfg_to_dag_prog.constants_vdecls_def nested_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
 lemma locals_min_aux:
 shows "(((map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
 unfolding nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def
@@ -88,18 +110,23 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding nested_if_before_cfg_to_dag_prog.constants_vdecls_def nested_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
 by simp
 
 lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding nested_if_before_cfg_to_dag_prog.constants_vdecls_def
 by simp
 
 lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding nested_if_before_cfg_to_dag_prog.globals_vdecls_def
 by simp
 
 lemma params_wf:
@@ -113,7 +140,7 @@ unfolding nested_if_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
 apply (rule lookup_ty_pred_2)
 by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
 
@@ -126,16 +153,16 @@ shows "((map_of (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_n:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_n
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_m:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_m
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-definition proc :: "(procedure)"
+definition proc :: "(mbodyCFG procedure)"
   where
     "proc  = (|proc_ty_args = 0,proc_args = nested_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_if_before_cfg_to_dag_prog.post),proc_body = (Some (nested_if_before_cfg_to_dag_prog.locals_vdecls,nested_if_before_cfg_to_dag_prog.proc_body))|)"
 
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy
similarity index 78%
rename from BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy
index 89d8146..4df1ce2 100644
--- a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy
@@ -1,5 +1,5 @@
 theory nested_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_if_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -18,7 +18,7 @@ definition block_4
     "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
 definition block_5
   where
-    "block_5  = [(Havoc 0),(Havoc 1)]"
+    "block_5  = []"
 definition block_6
   where
     "block_6  = []"
@@ -99,18 +99,18 @@ shows "((nth (out_edges proc_body) 7) = [6])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding nested_if_before_ast_to_cfg_prog.constants_vdecls_def nested_if_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy
similarity index 79%
rename from BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy
index 505cb25..cc5e02b 100644
--- a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy
@@ -1,23 +1,23 @@
 theory nested_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_if_before_cfg_to_dag_prog nested_if_before_passive_prog nested_if_passification_proof nested_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_if_before_ast_to_cfg_prog nested_if_before_cfg_to_dag_prog nested_if_before_passive_prog nested_if_passification_proof nested_if_vcphase_proof
 begin
 locale cfg_to_dag_lemmas = 
 fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
 assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+Wf_Fun: "(fun_interp_wf A nested_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
 begin
 
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls))"
 declare Nat.One_nat_def[simp del]
 
 lemma cfg_block_GeneratedUnifiedExit:
 assumes 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_if_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def nested_if_before_cfg_to_dag_prog.post_def 
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_if_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def nested_if_before_ast_to_cfg_prog.post_def 
 apply (rule cfg_dag_rel_post_invs_3)
 apply (erule assms(1))
 apply (rule nested_if_before_passive_prog.node_0)
@@ -27,13 +27,13 @@ by cfg_dag_rel_tac_single+
 
 lemma block_anon5_Else:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_1 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_if_before_cfg_to_dag_prog.block_1_def nested_if_before_passive_prog.block_1_def
+unfolding nested_if_before_cfg_to_dag_prog.block_4_def nested_if_before_passive_prog.block_1_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -41,18 +41,18 @@ done
 
 lemma cfg_block_anon5_Else:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule nested_if_before_cfg_to_dag_prog.node_1)
+apply (rule nested_if_before_cfg_to_dag_prog.node_4)
 apply (rule nested_if_before_passive_prog.node_1)
 apply (erule DagVerifies)
 apply (rule DagAssms)
 apply (erule block_anon5_Else)
 apply assumption+
-apply (rule nested_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule nested_if_before_cfg_to_dag_prog.outEdges_4)
 apply (rule nested_if_before_passive_prog.outEdges_1)
 apply (erule cfg_block_GeneratedUnifiedExit)
 by assumption
@@ -60,13 +60,13 @@ by assumption
 
 lemma block_anon6_Then:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_2 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_if_before_cfg_to_dag_prog.block_4_def nested_if_before_passive_prog.block_2_def
+unfolding nested_if_before_cfg_to_dag_prog.block_2_def nested_if_before_passive_prog.block_2_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -74,18 +74,18 @@ done
 
 lemma cfg_block_anon6_Then:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule nested_if_before_cfg_to_dag_prog.node_4)
+apply (rule nested_if_before_cfg_to_dag_prog.node_2)
 apply (rule nested_if_before_passive_prog.node_2)
 apply (erule DagVerifies)
 apply (rule DagAssms)
 apply (erule block_anon6_Then)
 apply assumption+
-apply (rule nested_if_before_cfg_to_dag_prog.outEdges_4)
+apply (rule nested_if_before_cfg_to_dag_prog.outEdges_2)
 apply (rule nested_if_before_passive_prog.outEdges_2)
 apply (erule cfg_block_GeneratedUnifiedExit)
 by assumption
@@ -110,7 +110,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
 apply (rule nested_if_before_cfg_to_dag_prog.node_3)
 apply (rule nested_if_before_passive_prog.node_3)
@@ -126,13 +126,13 @@ by assumption
 
 lemma block_anon5_Then:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_4 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_if_before_cfg_to_dag_prog.block_2_def nested_if_before_passive_prog.block_4_def
+unfolding nested_if_before_cfg_to_dag_prog.block_1_def nested_if_before_passive_prog.block_4_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -140,18 +140,18 @@ done
 
 lemma cfg_block_anon5_Then:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_if_before_cfg_to_dag_prog.node_2)
+apply (rule nested_if_before_cfg_to_dag_prog.node_1)
 apply (rule nested_if_before_passive_prog.node_4)
 apply (assumption+)
 apply (rule block_anon5_Then)
 apply (assumption+)
-apply ((simp add:nested_if_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:nested_if_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:nested_if_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:nested_if_before_cfg_to_dag_prog.outEdges_1))
 apply (erule member_elim)
 apply simp
 apply (erule allE[where x=2])
@@ -202,7 +202,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule nested_if_before_cfg_to_dag_prog.node_0)
 apply (rule nested_if_before_passive_prog.node_5)
@@ -261,16 +261,16 @@ assumes
 "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_if_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_if_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_entry)
 apply (rule nested_if_before_passive_prog.node_7)
 apply (erule assms(3))
 apply (rule assms(2))
 unfolding nested_if_before_passive_prog.block_7_def
-apply (rule assume_pres_normal[where ?es=nested_if_before_cfg_to_dag_prog.pres])
+apply (rule assume_pres_normal[where ?es=nested_if_before_ast_to_cfg_prog.pres])
 apply (rule assms(4))
-unfolding nested_if_before_cfg_to_dag_prog.pres_def
+unfolding nested_if_before_ast_to_cfg_prog.pres_def
 apply simp
 apply (rule nested_if_before_passive_prog.outEdges_7)
 apply ((simp add:nested_if_before_passive_prog.node_6 nested_if_before_passive_prog.block_6_def))
@@ -282,23 +282,23 @@ end
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls))"
 lemma end_to_end_theorem_aux:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_n_0::int) (vc_m_0::int) (vc_m_1::int). (vc.vc_anon0 ))" and 
+Red: "(red_cfg_multi A M ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_m_0::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_if_before_cfg_to_dag_prog.pres)" and 
+FInterp: "(fun_interp_wf A nested_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_if_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_if_before_ast_to_cfg_prog.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] nested_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
 proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
 show ?thesis
 apply (rule cfg_to_dag_lemmas.entry_lemma)
@@ -330,13 +330,5 @@ done
 qed
 
 
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_n_0::int) (vc_m_0::int) (vc_m_1::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms nested_if_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_if_before_cfg_to_dag_prog.proc_def nested_if_before_cfg_to_dag_prog.proc_body_def)
-
 
 end
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy
similarity index 77%
rename from BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy
index 9d4a7c2..2f7f1d9 100644
--- a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy
@@ -1,5 +1,5 @@
 theory nested_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_if_before_passive_prog nested_if_passive_prog Boogie_Lang.PassificationML nested_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_if_before_ast_to_cfg_prog nested_if_passive_prog Boogie_Lang.PassificationML nested_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,10 +9,10 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_GeneratedUnifiedExit:
@@ -30,7 +30,7 @@ lemma block_anon5_Else:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_1 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
+"((R 0) = (Some (Inl 0)))"
 shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_1 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_if_before_passive_prog.block_1_def nested_if_passive_prog.block_1_def
@@ -41,37 +41,37 @@ by simp
 lemma block_anon6_Then:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 3)))" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(1,(Inl 4))]) R_old nested_if_passive_prog.block_2 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(1,(Inl 2))]) R_old nested_if_passive_prog.block_2 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_if_before_passive_prog.block_2_def nested_if_passive_prog.block_2_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_if_before_cfg_to_dag_prog.l_m(2) nested_if_passive_prog.l_m_1(2)))
+apply ((simp add:nested_if_before_ast_to_cfg_prog.l_m(2) nested_if_passive_prog.l_m_0(2)))
 by simp
 
 lemma block_anon6_Else:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_3 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 3)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(1,(Inl 2))]) R_old nested_if_passive_prog.block_3 s')"
+"((R 0) = (Some (Inl 0)))" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(1,(Inl 0))]) R_old nested_if_passive_prog.block_3 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_if_before_passive_prog.block_3_def nested_if_passive_prog.block_3_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_if_before_cfg_to_dag_prog.l_m(2) nested_if_passive_prog.l_n_0(2)))
+apply ((simp add:nested_if_before_ast_to_cfg_prog.l_m(2) nested_if_passive_prog.l_n(2)))
 by simp
 
 lemma block_anon5_Then:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_4 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 3)))" and 
-"((R 0) = (Some (Inl 2)))"
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
 shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_4 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_if_before_passive_prog.block_4_def nested_if_passive_prog.block_4_def
@@ -82,35 +82,39 @@ by simp
 lemma block_anon0:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old nested_if_passive_prog.block_5 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_5 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_if_before_passive_prog.block_5_def nested_if_passive_prog.block_5_def
-apply (passive_rel_tac)
+apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_if_before_cfg_to_dag_prog.l_n(2) nested_if_passive_prog.l_n_0(2)))
-apply ((simp add:nested_if_before_cfg_to_dag_prog.l_m(2) nested_if_passive_prog.l_m_0(2)))
 by simp
 
 lemma block_0:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
 shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_6 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_if_before_passive_prog.block_6_def nested_if_passive_prog.block_6_def
-apply (passive_rel_tac)
+apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
 lemma block_PreconditionGeneratedEntry:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
 shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_7 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_if_before_passive_prog.block_7_def nested_if_passive_prog.block_7_def
-apply (passive_rel_tac)
+apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
@@ -125,7 +129,7 @@ lemma cfg_block_anon5_Else:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
+"((R 0) = (Some (Inl 0)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 1)))))"
 by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_1},@{thm nested_if_before_passive_prog.outEdges_1}) (@{thm nested_if_passive_prog.node_1},@{thm nested_if_passive_prog.outEdges_1}) @{thm block_anon5_Else} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
@@ -133,9 +137,9 @@ by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{t
 lemma cfg_block_anon6_Then:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 3)))" and 
-"((R 0) = (Some (Inl 2)))"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 2)))))"
 by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_2},@{thm nested_if_before_passive_prog.outEdges_2}) (@{thm nested_if_passive_prog.node_2},@{thm nested_if_passive_prog.outEdges_2}) @{thm block_anon6_Then} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
@@ -144,8 +148,8 @@ lemma cfg_block_anon6_Else:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 3)))"
+"((R 0) = (Some (Inl 0)))" and 
+"((R 1) = (Some (Inl 1)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 3)))))"
 by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_3},@{thm nested_if_before_passive_prog.outEdges_3}) (@{thm nested_if_passive_prog.node_3},@{thm nested_if_passive_prog.outEdges_3}) @{thm block_anon6_Else} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
@@ -153,9 +157,9 @@ by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{t
 lemma cfg_block_anon5_Then:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 3)))" and 
-"((R 0) = (Some (Inl 2)))"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 4)))))"
 by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_4},@{thm nested_if_before_passive_prog.outEdges_4}) (@{thm nested_if_passive_prog.node_4},@{thm nested_if_passive_prog.outEdges_4}) @{thm block_anon5_Then} [
 @{thm cfg_block_anon6_Then}, 
@@ -164,37 +168,43 @@ by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{t
 lemma cfg_block_anon0:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_if_before_passive_prog.node_5},@{thm nested_if_before_passive_prog.outEdges_5}) (@{thm nested_if_passive_prog.node_5},@{thm nested_if_passive_prog.outEdges_5}) @{thm block_anon0} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_5},@{thm nested_if_before_passive_prog.outEdges_5}) (@{thm nested_if_passive_prog.node_5},@{thm nested_if_passive_prog.outEdges_5}) @{thm block_anon0} [
 @{thm cfg_block_anon5_Then}, 
 @{thm cfg_block_anon5_Else}] 1\<close>))
 
 lemma cfg_block_0:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_if_before_passive_prog.node_6},@{thm nested_if_before_passive_prog.outEdges_6}) (@{thm nested_if_passive_prog.node_6},@{thm nested_if_passive_prog.outEdges_6}) @{thm block_0} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_6},@{thm nested_if_before_passive_prog.outEdges_6}) (@{thm nested_if_passive_prog.node_6},@{thm nested_if_passive_prog.outEdges_6}) @{thm block_0} [
 @{thm cfg_block_anon0}] 1\<close>))
 
 lemma cfg_block_PreconditionGeneratedEntry:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 0) = (Some (Inl 0)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_if_before_passive_prog.node_7},@{thm nested_if_before_passive_prog.outEdges_7}) (@{thm nested_if_passive_prog.node_7},@{thm nested_if_passive_prog.outEdges_7}) @{thm block_PreconditionGeneratedEntry} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_7},@{thm nested_if_before_passive_prog.outEdges_7}) (@{thm nested_if_passive_prog.node_7},@{thm nested_if_passive_prog.outEdges_7}) @{thm block_PreconditionGeneratedEntry} [
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 7),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_n_0::int) (vc_m_0::int) (vc_m_1::int). (vc.vc_anon0 ))" and 
+Red: "(red_cfg_multi A M ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 7),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_m_0::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A nested_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_if_before_ast_to_cfg_prog.constants_vdecls ns nested_if_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -203,7 +213,7 @@ begin
 
 definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
-    "R_list  = []"
+    "R_list  = [(0,(Inl 0)),(1,(Inl 1))]"
 definition R_rel
   where
     "R_rel  = (map_of R_list)"
@@ -217,6 +227,8 @@ shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x
 apply (rule convert_fun_to_list[OF R_rel_def])
 apply ((simp add:R_list_def))
 apply ((intro conjI)?)
+apply ((simp add:nested_if_before_ast_to_cfg_prog.l_n(2) nested_if_passive_prog.l_n(2)))
+apply ((simp add:nested_if_before_ast_to_cfg_prog.l_m(2) nested_if_passive_prog.l_m(2)))
 done
 
 lemma R_wt:
@@ -248,7 +260,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding nested_if_before_ast_to_cfg_prog.constants_vdecls_def nested_if_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding nested_if_passive_prog.params_vdecls_def nested_if_passive_prog.locals_vdecls_def
 by simp
@@ -269,7 +281,7 @@ using nested_if_passive_prog.globals_locals_disj apply auto[1]
 done
 
 lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 1)))"
  apply (rule rel_range_fun_to_list)
 apply ((simp add:R_rel_def))
 by ((simp add:R_list_def))
@@ -286,7 +298,7 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range nested_if_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy
similarity index 55%
rename from BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy
index 5f237e5..962924c 100644
--- a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy
@@ -1,21 +1,21 @@
 theory nested_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_if_before_ast_to_cfg_prog
 begin
 definition block_0
   where
     "block_0  = []"
 definition block_1
   where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
 definition block_2
   where
-    "block_2  = [(Assume (BinOp (Var 3) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 4) Eq (BinOp (Var 3) Add (Var 2))))]"
+    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 2) Eq (BinOp (Var 1) Add (Var 0))))]"
 definition block_3
   where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 3)))]"
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
 definition block_4
   where
-    "block_4  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0))))]"
+    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
 definition block_5
   where
     "block_5  = []"
@@ -103,7 +103,7 @@ definition params_vdecls :: "(vdecls)"
     "params_vdecls  = []"
 definition locals_vdecls :: "(vdecls)"
   where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None ))]"
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
 lemma locals_min_aux:
 shows "(((map fst (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)))) \<ge> 0))"
 unfolding nested_if_passive_prog.params_vdecls_def nested_if_passive_prog.locals_vdecls_def
@@ -115,8 +115,8 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)))) = {})"
+unfolding nested_if_before_ast_to_cfg_prog.constants_vdecls_def nested_if_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 lemma m_n:
@@ -127,42 +127,24 @@ lemma m_m:
 shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
 by (simp add:params_vdecls_def locals_vdecls_def)
 
-lemma m_n_0:
-shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
 lemma m_m_0:
-shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_m_1:
-shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_n:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_n
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_m:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_m
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-lemma l_n_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
 lemma l_m_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
 using globals_locals_disj m_m_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-lemma l_m_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
 
 end
diff --git a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy
similarity index 82%
rename from BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy
index d220be7..86ef802 100644
--- a/BoogieLang/generated_example_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy
@@ -11,19 +11,17 @@ definition vc_anon0
 end
 
 locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_n :: "int" and vc_m :: "int" and vc_n_0 :: "int" and vc_m_0 :: "int" and vc_m_1 :: "int"
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_n :: "int" and vc_m :: "int" and vc_m_0 :: "int"
 assumes 
 G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_n)))" and 
 G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_m)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_n_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_m_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_m_1)))" and 
-G5: "(\<And> v. (closed ((type_of_val A) v)))"
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_m_0)))" and 
+G3: "(\<And> v. (closed ((type_of_val A) v)))"
 begin
 
-lemmas global_assms = G0 G1 G2 G3 G4 G5
-lemmas forall_poly_thm = forall_vc_type[OF G5]
-lemmas exists_poly_thm = exists_vc_type[OF G5]
+lemmas global_assms = G0 G1 G2 G3
+lemmas forall_poly_thm = forall_vc_type[OF G3]
+lemmas exists_poly_thm = exists_vc_type[OF G3]
 declare Nat.One_nat_def[simp del]
 
 lemma block_GeneratedUnifiedExit:
@@ -234,19 +232,19 @@ declare One_nat_def[simp del]
 
 lemma end_to_end:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) \<Gamma> [] nested_if_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_n_0::int) (vc_m_0::int) (vc_m_1::int). (vc.vc_anon0 ))" and 
+Red: "(red_cfg_multi A M ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) \<Gamma> [] nested_if_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_m_0::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+FInterp: "(fun_interp_wf A nested_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_if_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) nested_if_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls))"
 shows "(s' \<noteq> Failure)"
 proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+let ?n_s_c = "(nstate_global_restriction n_s nested_if_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((nested_if_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
 from ParamsLocal have sc_n:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_n])
@@ -257,30 +255,18 @@ apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_m])
 apply (subst lookup_var_local[OF nested_if_passive_prog.m_m])+
 by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_n_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_n_0])
-apply (subst lookup_var_local[OF nested_if_passive_prog.m_n_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_m_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+from ParamsLocal have sc_m_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_m_0])
 apply (subst lookup_var_local[OF nested_if_passive_prog.m_m_0])+
 by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_m_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_m_1])
-apply (subst lookup_var_local[OF nested_if_passive_prog.m_m_1])+
-by (fastforce dest: tint_intv tbool_boolv)
 show "(s' \<noteq> Failure)"
 apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
 apply (simp only:passification_def)
 apply (intro conjI)?
 apply (rule HOL.conjunct1[OF sc_n])
 apply (rule HOL.conjunct1[OF sc_m])
-apply (rule HOL.conjunct1[OF sc_n_0])
 apply (rule HOL.conjunct1[OF sc_m_0])
-apply (rule HOL.conjunct1[OF sc_m_1])
 apply (simp add:Closed)
 apply (rule VC)
 done
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/ROOT
new file mode 100644
index 0000000..83a8da7
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/ROOT
@@ -0,0 +1,12 @@
+session nested_loop2_proofs = Boogie_Lang + 
+directories nested_loop3_proofs
+theories
+global_data
+"nested_loop3_proofs/nested_loop3_before_ast_to_cfg_prog"
+"nested_loop3_proofs/nested_loop3_cfgtodag_proof"
+"nested_loop3_proofs/nested_loop3_vcphase_proof"
+"nested_loop3_proofs/nested_loop3_passification_proof"
+"nested_loop3_proofs/nested_loop3_asttocfg_proof"
+"nested_loop3_proofs/nested_loop3_before_cfg_to_dag_prog"
+"nested_loop3_proofs/nested_loop3_before_passive_prog"
+"nested_loop3_proofs/nested_loop3_passive_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_asttocfg_proof.thy
new file mode 100644
index 0000000..5c0cc02
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_asttocfg_proof.thy
@@ -0,0 +1,713 @@
+theory nested_loop3_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop3_before_ast_to_cfg_prog nested_loop3_before_cfg_to_dag_prog nested_loop3_cfgtodag_proof nested_loop3_passification_proof nested_loop3_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A nested_loop3_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_9:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_9,cont_9,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 2) Gt (Lit (LInt 0))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_9])
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_9_def)
+
+apply (rule astTrace)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_9_def)
+apply (simp)
+apply (simp)
+apply (rule cont_9_def)
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_11)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule nested_loop3_before_cfg_to_dag_prog.block_11_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply ( rule neg_gt)
+apply (rule guardHint)
+apply (rule nested_loop3_before_cfg_to_dag_prog.outEdges_11)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_11)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_9_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_8:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop3_before_cfg_to_dag_prog.proc_body 1 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_8])
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_8_def)
+
+apply (rule astTrace)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_8_def)
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_10)
+apply (rule disjI1)
+apply (rule nested_loop3_before_cfg_to_dag_prog.block_10_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_8_def)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_10)
+
+
+
+apply ((erule allE[where x=1])+)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_10)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_nested_loop3_before_ast_to_cfg_prog_bigblock_7:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_7,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of nested_loop3_before_ast_to_cfg_prog.bigblock_7])
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_7_def nested_loop3_before_cfg_to_dag_prog.block_8_def)
+apply ((simp add: nested_loop3_before_cfg_to_dag_prog.block_8_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: nested_loop3_before_cfg_to_dag_prog.block_8_def nested_loop3_before_ast_to_cfg_prog.bigblock_7_def)+)
+done
+
+
+lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_7:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop3_before_cfg_to_dag_prog.proc_body 3 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of nested_loop3_before_ast_to_cfg_prog.bigblock_7])
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_7_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_7_def)
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_8)
+apply (rule disjI1)
+apply (rule nested_loop3_before_cfg_to_dag_prog.block_8_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_7_def)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_8)
+apply (rule rel_nested_loop3_before_ast_to_cfg_prog_bigblock_7)
+apply assumption
+apply (simp)
+apply ((erule allE[where x=3])+)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_8)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_nested_loop3_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
+unfolding nested_loop3_before_cfg_to_dag_prog.block_6_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of nested_loop3_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_6_def)
+apply ((simp add: assms(3) nested_loop3_before_ast_to_cfg_prog.bigblock_6_def)+)
+done
+
+
+lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_5 cont_5 nested_loop3_before_cfg_to_dag_prog.proc_body 5 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of nested_loop3_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_6_def)
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_6)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule nested_loop3_before_cfg_to_dag_prog.block_6_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_6_def)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_6)
+apply (rule rel_nested_loop3_before_ast_to_cfg_prog_bigblock_6)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=5])+)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_6)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop3_before_cfg_to_dag_prog.proc_body 3 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_5_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_5 _ _ _ nested_loop3_before_cfg_to_dag_prog.block_5])
+apply (simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_5_def nested_loop3_before_cfg_to_dag_prog.block_5_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_5_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_5])
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_5_def)+)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.block_5_def nested_loop3_before_cfg_to_dag_prog.node_5)+)
+apply (rule cont_5_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 6])+)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_5)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_6)
+apply (simp add: cont_5_def nested_loop3_before_ast_to_cfg_prog.bigblock_6_def cont_6_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_5_def cont_6_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 7])+)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_5)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_7)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_7)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_7_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_7)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_7)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_7_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_7)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop3_before_cfg_to_dag_prog.proc_body 3 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_5)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_5_def cont_4_def cont_5_def)
+apply (rule correctness_propagates_through_assumption2)
+using assms(2)
+apply blast
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_4)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_4_def)
+
+apply (rule guardHint)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_assumption4)
+using assms(3)
+apply blast
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_4)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_4_def)
+
+apply (rule guardHint)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec)
+apply ((simp)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule strictly_smaller_helper2)
+apply ((simp)+)
+done
+
+lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop3_before_cfg_to_dag_prog.proc_body 1 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_3 _ _ _ nested_loop3_before_cfg_to_dag_prog.block_3])
+apply (simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_3_def nested_loop3_before_cfg_to_dag_prog.block_3_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_3_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_3])
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_3_def)+)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.block_3_def nested_loop3_before_cfg_to_dag_prog.node_3)+)
+apply (rule cont_3_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def nested_loop3_before_ast_to_cfg_prog.bigblock_4_def cont_4_def nested_loop3_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_3_def cont_4_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 9])+)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_8)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_9)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_9_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_9)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_9)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_9_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_9)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 2) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop3_before_cfg_to_dag_prog.proc_body 1 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
+apply (rule correctness_propagates_through_assumption2)
+using assms(2)
+apply blast
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_2)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_2_def)
+
+apply (rule guardHint)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_assumption4)
+using assms(3)
+apply blast
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_2)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_2_def)
+
+apply (rule guardHint)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec)
+apply ((simp)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule strictly_smaller_helper2)
+apply ((simp)+)
+done
+
+lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_1 _ _ _ nested_loop3_before_cfg_to_dag_prog.block_1])
+apply (simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_1_def nested_loop3_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.block_1_def nested_loop3_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def nested_loop3_before_ast_to_cfg_prog.bigblock_2_def cont_2_def nested_loop3_before_ast_to_cfg_prog.bigblock_8_def cont_8_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 11])+)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_9)
+apply (blast)
+
+
+apply ((blast)+)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+done
+qed
+qed
+
+lemma rel_nested_loop3_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of nested_loop3_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_0_def nested_loop3_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: nested_loop3_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: nested_loop3_before_cfg_to_dag_prog.block_0_def nested_loop3_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of nested_loop3_before_ast_to_cfg_prog.bigblock_0 _ nested_loop3_before_cfg_to_dag_prog.block_0])
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_0_def nested_loop3_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_0_def nested_loop3_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_0_def nested_loop3_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_0_def)
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_0)
+apply (rule rel_nested_loop3_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (nested_loop3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_z_0::int) (vc_y_0::int) (vc_x_1::int) (vc_z_1::int) (vc_y_1::int) (vc_z_2::int) (vc_y_2::int) (vc_z_3::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A nested_loop3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_loop3_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_loop3_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop3_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def nested_loop3_before_ast_to_cfg_prog.pres_def nested_loop3_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def nested_loop3_before_ast_to_cfg_prog.pres_def nested_loop3_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_9] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (nested_loop3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_9_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_z_0::int) (vc_y_0::int) (vc_x_1::int) (vc_z_1::int) (vc_y_1::int) (vc_z_2::int) (vc_y_2::int) (vc_z_3::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) nested_loop3_before_ast_to_cfg_prog.fdecls nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls nested_loop3_before_ast_to_cfg_prog.axioms nested_loop3_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding nested_loop3_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_loop3_before_ast_to_cfg_prog.ast_proc_def nested_loop3_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..7d14cd7
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_ast_to_cfg_prog.thy
@@ -0,0 +1,177 @@
+theory nested_loop3_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10))),(Assign 2 (Lit (LInt 10)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 2) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 2) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_7
+  where
+    "bigblock_7  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_8
+  where
+    "bigblock_8  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_9
+  where
+    "bigblock_9  = (BigBlock (None ) [] (None ) (None ))"
+definition cont_9
+  where
+    "cont_9  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_9 cont_9)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_9 cont_9 ))"
+definition cont_8
+  where
+    "cont_8  = (KSeq bigblock_1 cont_1)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_8 cont_8)"
+definition cont_3
+  where
+    "cont_3  = (KEndBlock (KSeq bigblock_8 cont_8 ))"
+definition cont_7
+  where
+    "cont_7  = (KSeq bigblock_3 cont_3)"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_7 cont_7)"
+definition cont_5
+  where
+    "cont_5  = (KEndBlock (KSeq bigblock_7 cont_7 ))"
+definition cont_6
+  where
+    "cont_6  = (KSeq bigblock_5 cont_5)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_9]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding nested_loop3_before_ast_to_cfg_prog.constants_vdecls_def nested_loop3_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding nested_loop3_before_ast_to_cfg_prog.constants_vdecls_def nested_loop3_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding nested_loop3_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding nested_loop3_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding nested_loop3_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = nested_loop3_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop3_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop3_before_ast_to_cfg_prog.post),proc_body = (Some (nested_loop3_before_ast_to_cfg_prog.locals_vdecls,nested_loop3_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..7dc0629
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_cfg_to_dag_prog.thy
@@ -0,0 +1,255 @@
+theory nested_loop3_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10))),(Assign 2 (Lit (LInt 10)))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_8
+  where
+    "block_8  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_9
+  where
+    "block_9  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[11,2],[3],[9,4],[5],[7,6],[5],[8],[3],[10],[1],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [11,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [9,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [7,6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding nested_loop3_before_cfg_to_dag_prog.constants_vdecls_def nested_loop3_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding nested_loop3_before_cfg_to_dag_prog.constants_vdecls_def nested_loop3_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding nested_loop3_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding nested_loop3_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding nested_loop3_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = nested_loop3_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop3_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop3_before_cfg_to_dag_prog.post),proc_body = (Some (nested_loop3_before_cfg_to_dag_prog.locals_vdecls,nested_loop3_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_passive_prog.thy
new file mode 100644
index 0000000..816f478
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_passive_prog.thy
@@ -0,0 +1,194 @@
+theory nested_loop3_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop3_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_5
+  where
+    "block_5  = [(Havoc 2),(Havoc 1),(Assume (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (Lit (LBool False)))]"
+definition block_8
+  where
+    "block_8  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_9
+  where
+    "block_9  = [(Havoc 0),(Havoc 2),(Havoc 1),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_10
+  where
+    "block_10  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_11
+  where
+    "block_11  = [(Havoc 0),(Havoc 2),(Havoc 1)]"
+definition block_12
+  where
+    "block_12  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10))),(Assign 2 (Lit (LInt 10)))]"
+definition block_13
+  where
+    "block_13  = []"
+definition block_14
+  where
+    "block_14  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[0],[7],[8,6],[9],[1,10],[11],[12],[13]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 14,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_13:
+shows "((nth (node_to_block proc_body) 13) = block_13)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_14:
+shows "((nth (node_to_block proc_body) 14) = block_14)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8,6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [1,10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_13:
+shows "((nth (out_edges proc_body) 13) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_14:
+shows "((nth (out_edges proc_body) 14) = [13])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding nested_loop3_before_ast_to_cfg_prog.constants_vdecls_def nested_loop3_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_cfgtodag_proof.thy
new file mode 100644
index 0000000..7618ce6
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_cfgtodag_proof.thy
@@ -0,0 +1,867 @@
+theory nested_loop3_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop3_before_ast_to_cfg_prog nested_loop3_before_cfg_to_dag_prog nested_loop3_before_passive_prog nested_loop3_passification_proof nested_loop3_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A nested_loop3_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop3_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def nested_loop3_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule nested_loop3_before_passive_prog.node_0)
+apply simp
+unfolding nested_loop3_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_11 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop3_before_cfg_to_dag_prog.block_11_def nested_loop3_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_11)
+apply (rule nested_loop3_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon6_LoopDone)
+apply assumption+
+apply (rule nested_loop3_before_cfg_to_dag_prog.outEdges_11)
+apply (rule nested_loop3_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon8_LoopBody:
+shows "(mods_contained_in (set [2,1]) nested_loop3_before_cfg_to_dag_prog.block_6)"
+unfolding nested_loop3_before_cfg_to_dag_prog.block_6_def
+by simp
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop3_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop3_before_cfg_to_dag_prog.block_6_def nested_loop3_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop3_before_ast_to_cfg_prog.funcs_wf nested_loop3_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop3_before_ast_to_cfg_prog.l_y(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [2,1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 5 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_6)
+apply (rule nested_loop3_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon8_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon8_LoopBody)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_6))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon8_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon4:
+shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_8)"
+unfolding nested_loop3_before_cfg_to_dag_prog.block_8_def
+by simp
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop3_before_passive_prog.block_3 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop3_before_cfg_to_dag_prog.block_8_def nested_loop3_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop3_before_ast_to_cfg_prog.funcs_wf nested_loop3_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop3_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon4:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_8)
+apply (rule nested_loop3_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon4)
+apply (assumption+)
+apply (rule Mods_anon4)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_8))
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_8))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon7_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_LoopDone:
+shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_7)"
+unfolding nested_loop3_before_cfg_to_dag_prog.block_7_def
+by simp
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop3_before_cfg_to_dag_prog.block_7_def nested_loop3_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_7)
+apply (rule nested_loop3_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon8_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon8_LoopDone)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_7))
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_7))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:nested_loop3_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_LoopHead:
+shows "(mods_contained_in (set [2,1]) nested_loop3_before_cfg_to_dag_prog.block_5)"
+unfolding nested_loop3_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [2,1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop3_before_cfg_to_dag_prog.block_5_def nested_loop3_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(1)))
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [2,1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [2,1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_5)
+apply (rule nested_loop3_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon8_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon8_LoopHead)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:nested_loop3_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:nested_loop3_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon7_LoopBody:
+shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_4)"
+unfolding nested_loop3_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop3_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop3_before_cfg_to_dag_prog.block_4_def nested_loop3_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop3_before_ast_to_cfg_prog.funcs_wf nested_loop3_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop3_before_ast_to_cfg_prog.l_y(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_4)
+apply (rule nested_loop3_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon7_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon7_LoopBody)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:nested_loop3_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5:
+shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_10)"
+unfolding nested_loop3_before_cfg_to_dag_prog.block_10_def
+by simp
+
+lemma block_anon5:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_10 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_7 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop3_before_cfg_to_dag_prog.block_10_def nested_loop3_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_10)
+apply (rule nested_loop3_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon5)
+apply (assumption+)
+apply (rule Mods_anon5)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_10))
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_10))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_LoopDone:
+shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_9)"
+unfolding nested_loop3_before_cfg_to_dag_prog.block_9_def
+by simp
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop3_before_cfg_to_dag_prog.block_9_def nested_loop3_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_9)
+apply (rule nested_loop3_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon7_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon7_LoopDone)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_9))
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_9))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:nested_loop3_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon6_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_LoopHead:
+shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_3)"
+unfolding nested_loop3_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,2,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_9 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop3_before_cfg_to_dag_prog.block_3_def nested_loop3_before_passive_prog.block_9_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_x(1)))
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(1)))
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,2,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,2,1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_3)
+apply (rule nested_loop3_before_passive_prog.node_9)
+apply (assumption+)
+apply (rule block_anon7_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon7_LoopHead)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=8])
+apply ((simp add:nested_loop3_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:nested_loop3_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon6_LoopBody:
+shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_2)"
+unfolding nested_loop3_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop3_before_passive_prog.block_10 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop3_before_cfg_to_dag_prog.block_2_def nested_loop3_before_passive_prog.block_10_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop3_before_ast_to_cfg_prog.funcs_wf nested_loop3_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop3_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
+
+done
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_2)
+apply (rule nested_loop3_before_passive_prog.node_10)
+apply (assumption+)
+apply (rule block_anon6_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon6_LoopBody)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=9])
+apply ((simp add:nested_loop3_before_passive_prog.outEdges_10))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon6_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopHead:
+shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_1)"
+unfolding nested_loop3_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_11 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,2,1] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_11 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop3_before_cfg_to_dag_prog.block_1_def nested_loop3_before_passive_prog.block_11_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_x(1)))
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(1)))
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,2,1] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,2,1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_1)
+apply (rule nested_loop3_before_passive_prog.node_11)
+apply (assumption+)
+apply (rule block_anon6_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon6_LoopHead)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:nested_loop3_before_passive_prog.outEdges_11))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=10])
+apply ((simp add:nested_loop3_before_passive_prog.outEdges_11))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_12 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_12 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop3_before_cfg_to_dag_prog.block_0_def nested_loop3_before_passive_prog.block_12_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop3_before_cfg_to_dag_prog.node_0)
+apply (rule nested_loop3_before_passive_prog.node_12)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=11])
+apply ((simp add:nested_loop3_before_passive_prog.outEdges_12))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:nested_loop3_before_passive_prog.outEdges_13))
+by ((simp add:nested_loop3_before_passive_prog.node_13 nested_loop3_before_passive_prog.block_13_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 14),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop3_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule nested_loop3_before_passive_prog.node_14)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding nested_loop3_before_passive_prog.block_14_def
+apply (rule assume_pres_normal[where ?es=nested_loop3_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding nested_loop3_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule nested_loop3_before_passive_prog.outEdges_14)
+apply ((simp add:nested_loop3_before_passive_prog.node_13 nested_loop3_before_passive_prog.block_13_def))
+apply (rule nested_loop3_before_passive_prog.outEdges_13)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_z_0::int) (vc_y_0::int) (vc_x_1::int) (vc_z_1::int) (vc_y_1::int) (vc_z_2::int) (vc_y_2::int) (vc_z_3::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A nested_loop3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_loop3_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_loop3_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop3_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule nested_loop3_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passification_proof.thy
new file mode 100644
index 0000000..8b8c04f
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passification_proof.thy
@@ -0,0 +1,461 @@
+theory nested_loop3_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop3_before_ast_to_cfg_prog nested_loop3_passive_prog Boogie_Lang.PassificationML nested_loop3_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_0_def nested_loop3_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_1_def nested_loop3_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [11,12] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 10)))" and 
+"((R 2) = (Some (Inl 9)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [11,12])) (update_nstate_rel R [(2,(Inl 11)),(1,(Inl 12))]) R_old nested_loop3_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_2_def nested_loop3_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(2) nested_loop3_passive_prog.l_z_3(2)))
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(2) nested_loop3_passive_prog.l_y_3(2)))
+by simp
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [13] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [13])) (update_nstate_rel R [(0,(Inl 13))]) R_old nested_loop3_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_3_def nested_loop3_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_x(2) nested_loop3_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))" and 
+"((R 1) = (Some (Inl 10)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_4_def nested_loop3_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9,10] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9,10])) (update_nstate_rel R [(2,(Inl 9)),(1,(Inl 10))]) R_old nested_loop3_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_5_def nested_loop3_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(2) nested_loop3_passive_prog.l_z_2(2)))
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(2) nested_loop3_passive_prog.l_y_2(2)))
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))" and 
+"((R 1) = (Some (Inl 8)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_6_def nested_loop3_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_7_def nested_loop3_passive_prog.block_7_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_8_def nested_loop3_passive_prog.block_8_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6,7,8] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6,7,8])) (update_nstate_rel R [(0,(Inl 6)),(2,(Inl 7)),(1,(Inl 8))]) R_old nested_loop3_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_9_def nested_loop3_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_x(2) nested_loop3_passive_prog.l_x_1(2)))
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(2) nested_loop3_passive_prog.l_z_1(2)))
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(2) nested_loop3_passive_prog.l_y_1(2)))
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_10 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))" and 
+"((R 2) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_10 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_10_def nested_loop3_passive_prog.block_10_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_11 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4,5] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4,5])) (update_nstate_rel R [(0,(Inl 3)),(2,(Inl 4)),(1,(Inl 5))]) R_old nested_loop3_passive_prog.block_11 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_11_def nested_loop3_passive_prog.block_11_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_x(2) nested_loop3_passive_prog.l_x_0(2)))
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(2) nested_loop3_passive_prog.l_z_0(2)))
+apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(2) nested_loop3_passive_prog.l_y_0(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_12 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10))),(1,(Inr (LInt 10))),(2,(Inr (LInt 10)))]) R_old nested_loop3_passive_prog.block_12 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_12_def nested_loop3_passive_prog.block_12_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_13 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_13 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_13_def nested_loop3_passive_prog.block_13_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_14 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_14 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop3_before_passive_prog.block_14_def nested_loop3_passive_prog.block_14_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_0},@{thm nested_loop3_before_passive_prog.outEdges_0}) (@{thm nested_loop3_passive_prog.node_0},@{thm nested_loop3_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_1},@{thm nested_loop3_before_passive_prog.outEdges_1}) (@{thm nested_loop3_passive_prog.node_1},@{thm nested_loop3_passive_prog.outEdges_1}) @{thm block_anon6_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 10)))" and 
+"((R 2) = (Some (Inl 9)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_2},@{thm nested_loop3_before_passive_prog.outEdges_2}) (@{thm nested_loop3_passive_prog.node_2},@{thm nested_loop3_passive_prog.outEdges_2}) @{thm block_anon8_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 13 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_3},@{thm nested_loop3_before_passive_prog.outEdges_3}) (@{thm nested_loop3_passive_prog.node_3},@{thm nested_loop3_passive_prog.outEdges_3}) @{thm block_anon4} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 13 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))" and 
+"((R 1) = (Some (Inl 10)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_4},@{thm nested_loop3_before_passive_prog.outEdges_4}) (@{thm nested_loop3_passive_prog.node_4},@{thm nested_loop3_passive_prog.outEdges_4}) @{thm block_anon8_LoopDone} [
+@{thm cfg_block_anon4}] 1\<close>))
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_5},@{thm nested_loop3_before_passive_prog.outEdges_5}) (@{thm nested_loop3_passive_prog.node_5},@{thm nested_loop3_passive_prog.outEdges_5}) @{thm block_anon8_LoopHead} [
+@{thm cfg_block_anon8_LoopDone}, 
+@{thm cfg_block_anon8_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))" and 
+"((R 1) = (Some (Inl 8)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_6},@{thm nested_loop3_before_passive_prog.outEdges_6}) (@{thm nested_loop3_passive_prog.node_6},@{thm nested_loop3_passive_prog.outEdges_6}) @{thm block_anon7_LoopBody} [
+@{thm cfg_block_anon8_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon5:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_7},@{thm nested_loop3_before_passive_prog.outEdges_7}) (@{thm nested_loop3_passive_prog.node_7},@{thm nested_loop3_passive_prog.outEdges_7}) @{thm block_anon5} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_8},@{thm nested_loop3_before_passive_prog.outEdges_8}) (@{thm nested_loop3_passive_prog.node_8},@{thm nested_loop3_passive_prog.outEdges_8}) @{thm block_anon7_LoopDone} [
+@{thm cfg_block_anon5}] 1\<close>))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_9},@{thm nested_loop3_before_passive_prog.outEdges_9}) (@{thm nested_loop3_passive_prog.node_9},@{thm nested_loop3_passive_prog.outEdges_9}) @{thm block_anon7_LoopHead} [
+@{thm cfg_block_anon7_LoopDone}, 
+@{thm cfg_block_anon7_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 3)))" and 
+"((R 2) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_10},@{thm nested_loop3_before_passive_prog.outEdges_10}) (@{thm nested_loop3_passive_prog.node_10},@{thm nested_loop3_passive_prog.outEdges_10}) @{thm block_anon6_LoopBody} [
+@{thm cfg_block_anon7_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 11)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_11},@{thm nested_loop3_before_passive_prog.outEdges_11}) (@{thm nested_loop3_passive_prog.node_11},@{thm nested_loop3_passive_prog.outEdges_11}) @{thm block_anon6_LoopHead} [
+@{thm cfg_block_anon6_LoopDone}, 
+@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 12)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_12},@{thm nested_loop3_before_passive_prog.outEdges_12}) (@{thm nested_loop3_passive_prog.node_12},@{thm nested_loop3_passive_prog.outEdges_12}) @{thm block_anon0} [
+@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 13)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_13},@{thm nested_loop3_before_passive_prog.outEdges_13}) (@{thm nested_loop3_passive_prog.node_13},@{thm nested_loop3_passive_prog.outEdges_13}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 14)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_14},@{thm nested_loop3_before_passive_prog.outEdges_14}) (@{thm nested_loop3_passive_prog.node_14},@{thm nested_loop3_passive_prog.outEdges_14}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 14),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_z_0::int) (vc_y_0::int) (vc_x_1::int) (vc_z_1::int) (vc_y_1::int) (vc_z_2::int) (vc_y_2::int) (vc_z_3::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A nested_loop3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_loop3_before_ast_to_cfg_prog.constants_vdecls ns nested_loop3_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv nested_loop3_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding nested_loop3_before_ast_to_cfg_prog.constants_vdecls_def nested_loop3_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding nested_loop3_passive_prog.params_vdecls_def nested_loop3_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using nested_loop3_before_passive_prog.globals_locals_disj apply auto[1]
+using nested_loop3_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_loop3_passive_prog.proc_body u (Inl 14)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range nested_loop3_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_loop3_passive_prog.proc_body ((Inl 14),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from nested_loop3_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passive_prog.thy
new file mode 100644
index 0000000..d6625aa
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passive_prog.thy
@@ -0,0 +1,326 @@
+theory nested_loop3_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop3_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 10) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 11) Eq (BinOp (Var 9) Sub (Lit (LInt 1))))),(Assume (BinOp (Var 12) Eq (BinOp (Var 10) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 12) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 13) Eq (BinOp (Var 6) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 13) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 10)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Var 10) Ge (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 6) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 8) Ge (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (Lit (LBool False)))]"
+definition block_8
+  where
+    "block_8  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 6)))]"
+definition block_9
+  where
+    "block_9  = [(Assume (BinOp (Var 6) Ge (Lit (LInt 0))))]"
+definition block_10
+  where
+    "block_10  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 3) Ge (Lit (LInt 0))))]"
+definition block_11
+  where
+    "block_11  = []"
+definition block_12
+  where
+    "block_12  = []"
+definition block_13
+  where
+    "block_13  = []"
+definition block_14
+  where
+    "block_14  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[0],[7],[8,6],[9],[1,10],[11],[12],[13]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 14,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_13:
+shows "((nth (node_to_block proc_body) 13) = block_13)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_14:
+shows "((nth (node_to_block proc_body) 14) = block_14)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8,6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [1,10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_13:
+shows "((nth (out_edges proc_body) 13) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_14:
+shows "((nth (out_edges proc_body) 14) = [13])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(10,(TPrim TInt),(None )),(11,(TPrim TInt),(None )),(12,(TPrim TInt),(None )),(13,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop3_passive_prog.params_vdecls_def nested_loop3_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)))) = {})"
+unfolding nested_loop3_before_ast_to_cfg_prog.constants_vdecls_def nested_loop3_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z_0:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z_1:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z_2:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z_3:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 11) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_3:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 12) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 13) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z_0:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z_1:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z_2:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z_3:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 11) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 11) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_3:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 12) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 12) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 13) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 13) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_vcphase_proof.thy
new file mode 100644
index 0000000..e94f3dc
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_vcphase_proof.thy
@@ -0,0 +1,542 @@
+theory nested_loop3_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML nested_loop3_passive_prog nested_loop3_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon6_LoopDone
+  where
+    "vc_anon6_LoopDone  = True"
+definition vc_anon8_LoopBody
+  where
+    "vc_anon8_LoopBody y_2 z_3 z_2 y_3 = ((y_2 > (0::int)) \<longrightarrow> (((z_3 = (z_2 - (1::int))) \<and> (y_3 = (y_2 - (1::int)))) \<longrightarrow> (y_3 \<ge> (0::int))))"
+definition vc_anon4
+  where
+    "vc_anon4 x_2 x_1 = ((x_2 = (x_1 - (1::int))) \<longrightarrow> (x_2 \<ge> (0::int)))"
+definition vc_anon8_LoopDone
+  where
+    "vc_anon8_LoopDone y_2 x_2 x_1 = (((0::int) \<ge> y_2) \<longrightarrow> (vc_anon4 x_2 x_1))"
+definition vc_anon8_LoopHead
+  where
+    "vc_anon8_LoopHead y_2 x_2 x_1 z_3 z_2 y_3 = ((y_2 \<ge> (0::int)) \<longrightarrow> ((vc_anon8_LoopDone y_2 x_2 x_1) \<and> (vc_anon8_LoopBody y_2 z_3 z_2 y_3)))"
+definition vc_anon7_LoopBody
+  where
+    "vc_anon7_LoopBody x_1 y_1 y_2 x_2 z_3 z_2 y_3 = ((x_1 > (0::int)) \<longrightarrow> ((y_1 \<ge> (0::int)) \<and> ((y_1 \<ge> (0::int)) \<longrightarrow> (vc_anon8_LoopHead y_2 x_2 x_1 z_3 z_2 y_3))))"
+definition vc_anon5
+  where
+    "vc_anon5  = True"
+definition vc_anon7_LoopDone
+  where
+    "vc_anon7_LoopDone x_1 = (((0::int) \<ge> x_1) \<longrightarrow> (vc_anon5 ))"
+definition vc_anon7_LoopHead
+  where
+    "vc_anon7_LoopHead x_1 y_1 y_2 x_2 z_3 z_2 y_3 = ((x_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon7_LoopDone x_1) \<and> (vc_anon7_LoopBody x_1 y_1 y_2 x_2 z_3 z_2 y_3)))"
+definition vc_anon6_LoopBody
+  where
+    "vc_anon6_LoopBody z_0 x_0 x_1 y_1 y_2 x_2 z_3 z_2 y_3 = ((z_0 > (0::int)) \<longrightarrow> ((x_0 \<ge> (0::int)) \<and> ((x_0 \<ge> (0::int)) \<longrightarrow> (vc_anon7_LoopHead x_1 y_1 y_2 x_2 z_3 z_2 y_3))))"
+definition vc_anon0
+  where
+    "vc_anon0 z_0 x_0 x_1 y_1 y_2 x_2 z_3 z_2 y_3 = ((vc_anon6_LoopDone ) \<and> (vc_anon6_LoopBody z_0 x_0 x_1 y_1 y_2 x_2 z_3 z_2 y_3))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_z :: "int" and vc_x_0 :: "int" and vc_z_0 :: "int" and vc_y_0 :: "int" and vc_x_1 :: "int" and vc_z_1 :: "int" and vc_y_1 :: "int" and vc_z_2 :: "int" and vc_y_2 :: "int" and vc_z_3 :: "int" and vc_y_3 :: "int" and vc_x_2 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_z)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_z_0)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_0)))" and 
+G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_1)))" and 
+G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_z_1)))" and 
+G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_y_1)))" and 
+G9: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_z_2)))" and 
+G10: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_y_2)))" and 
+G11: "((lookup_var \<Lambda> n_s 11) = (Some (IntV vc_z_3)))" and 
+G12: "((lookup_var \<Lambda> n_s 12) = (Some (IntV vc_y_3)))" and 
+G13: "((lookup_var \<Lambda> n_s 13) = (Some (IntV vc_x_2)))" and 
+G14: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11 G12 G13 G14
+lemmas forall_poly_thm = forall_vc_type[OF G14]
+lemmas exists_poly_thm = exists_vc_type[OF G14]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding nested_loop3_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon6_LoopDone_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon6_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding nested_loop3_passive_prog.block_1_def vc.vc_anon6_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_LoopBody_hints = [
+(AssumeConjR 0,NONE), 
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon8_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopBody vc_y_2 vc_z_3 vc_z_2 vc_y_3) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop3_passive_prog.block_2_def vc.vc_anon8_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_hints = [
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon4AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_2 vc_x_1) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop3_passive_prog.block_3_def vc.vc_anon4_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon8_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_2 vc_x_1)))))))"
+unfolding nested_loop3_passive_prog.block_4_def vc.vc_anon8_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon8_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopHead vc_y_2 vc_x_2 vc_x_1 vc_z_3 vc_z_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1) \<and> (vc.vc_anon8_LoopBody vc_y_2 vc_z_3 vc_z_2 vc_y_3))))))))"
+unfolding nested_loop3_passive_prog.block_5_def vc.vc_anon8_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon7_LoopBody_hints = [
+(AssumeConjR 0,NONE), 
+(AssertSub,NONE)]
+\<close>
+lemma block_anon7_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon8_LoopHead vc_y_2 vc_x_2 vc_x_1 vc_z_3 vc_z_2 vc_y_3)))))))"
+unfolding nested_loop3_passive_prog.block_6_def vc.vc_anon7_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_hints = [
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon5AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5 ) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop3_passive_prog.block_7_def vc.vc_anon5_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon7_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon7_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopDone vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5 )))))))"
+unfolding nested_loop3_passive_prog.block_8_def vc.vc_anon7_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon7_LoopHead_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon7_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_x_1) \<and> (vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))))))))"
+unfolding nested_loop3_passive_prog.block_9_def vc.vc_anon7_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopHead_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopBody_hints = [
+(AssumeConjR 0,NONE), 
+(AssertSub,NONE)]
+\<close>
+lemma block_anon6_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_10 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3)))))))"
+unfolding nested_loop3_passive_prog.block_10_def vc.vc_anon6_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
+by (auto?)
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_11 (Normal n_s) s')" and 
+"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))))))"
+using assms
+unfolding nested_loop3_passive_prog.block_11_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_12 (Normal n_s) s')" and 
+"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))))))"
+using assms
+unfolding nested_loop3_passive_prog.block_12_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_13 (Normal n_s) s')" and 
+"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))))))"
+using assms
+unfolding nested_loop3_passive_prog.block_13_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_14 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding nested_loop3_passive_prog.block_14_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) nested_loop3_passive_prog.node_0 nested_loop3_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopDone )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_loop3_passive_prog.node_1])
+apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:nested_loop3_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon8_LoopBody vc_y_2 vc_z_3 vc_z_2 vc_y_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop3_passive_prog.node_2])
+by (erule block_anon8_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4 vc_x_2 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop3_passive_prog.node_3])
+by (erule block_anon4AA0[OF _ assms(2)])
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_4])
+apply (erule block_anon8_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:nested_loop3_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon8_LoopHead vc_y_2 vc_x_2 vc_x_1 vc_z_3 vc_z_2 vc_y_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_5])
+apply (erule block_anon8_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:nested_loop3_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_6])
+apply (erule block_anon7_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:nested_loop3_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop3_passive_prog.node_7])
+by (erule block_anon5AA0[OF _ assms(2)])
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_LoopDone vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_8])
+apply (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:nested_loop3_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_9])
+apply (erule block_anon7_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:nested_loop3_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_10])
+apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:nested_loop3_passive_prog.outEdges_10))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_11])
+apply (erule block_anon6_LoopHead[OF _ assms(2)])
+apply ((simp add:nested_loop3_passive_prog.outEdges_11))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_12])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:nested_loop3_passive_prog.outEdges_12))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_13])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:nested_loop3_passive_prog.outEdges_13))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_14])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:nested_loop3_passive_prog.outEdges_14))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) \<Gamma> [] nested_loop3_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_z_0::int) (vc_y_0::int) (vc_x_1::int) (vc_z_1::int) (vc_y_1::int) (vc_z_2::int) (vc_y_2::int) (vc_z_3::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A nested_loop3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_loop3_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) nested_loop3_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s nested_loop3_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((nested_loop3_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_x])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_y])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_z])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_z])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z_0:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_z_0])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_z_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z_1:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_z_1])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_z_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z_2:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_z_2])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_z_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z_3:"(((lookup_var ?\<Lambda> n_s 11) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 11)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 11))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_z_3])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_z_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_3:"(((lookup_var ?\<Lambda> n_s 12) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 12)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 12))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_y_3])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_y_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 13) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 13)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 13))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_z])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_z_0])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_z_1])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_z_2])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (rule HOL.conjunct1[OF sc_z_3])
+apply (rule HOL.conjunct1[OF sc_y_3])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/ROOT
new file mode 100644
index 0000000..7498038
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/ROOT
@@ -0,0 +1,12 @@
+session nested_loop_proofs = Boogie_Lang + 
+directories nested_loop_proofs
+theories
+global_data
+"nested_loop_proofs/nested_loop_asttocfg_proof"
+"nested_loop_proofs/nested_loop_cfgtodag_proof"
+"nested_loop_proofs/nested_loop_passive_prog"
+"nested_loop_proofs/nested_loop_before_passive_prog"
+"nested_loop_proofs/nested_loop_before_ast_to_cfg_prog"
+"nested_loop_proofs/nested_loop_before_cfg_to_dag_prog"
+"nested_loop_proofs/nested_loop_passification_proof"
+"nested_loop_proofs/nested_loop_vcphase_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_asttocfg_proof.thy
new file mode 100644
index 0000000..d8aa4d5
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_asttocfg_proof.thy
@@ -0,0 +1,536 @@
+theory nested_loop_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop_before_ast_to_cfg_prog nested_loop_before_cfg_to_dag_prog nested_loop_cfgtodag_proof nested_loop_passification_proof nested_loop_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A nested_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of nested_loop_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_6_def)
+
+apply (rule astTrace)
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (simp)
+apply (rule cont_6_def)
+apply (rule nested_loop_before_cfg_to_dag_prog.node_7)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule nested_loop_before_cfg_to_dag_prog.block_7_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply ( rule neg_gt)
+apply (rule guardHint)
+apply (rule nested_loop_before_cfg_to_dag_prog.outEdges_7)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.node_7)
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma rel_nested_loop_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of nested_loop_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_5_def nested_loop_before_cfg_to_dag_prog.block_6_def)
+apply ((simp add: nested_loop_before_cfg_to_dag_prog.block_6_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: nested_loop_before_cfg_to_dag_prog.block_6_def nested_loop_before_ast_to_cfg_prog.bigblock_5_def)+)
+done
+
+
+lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop_before_cfg_to_dag_prog.proc_body 1 nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of nested_loop_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_5_def)
+apply (rule nested_loop_before_cfg_to_dag_prog.node_6)
+apply (rule disjI1)
+apply (rule nested_loop_before_cfg_to_dag_prog.block_6_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_5_def)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.node_6)
+apply (rule rel_nested_loop_before_ast_to_cfg_prog_bigblock_5)
+apply assumption
+apply (simp)
+apply ((erule allE[where x=1])+)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_6)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_nested_loop_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+unfolding nested_loop_before_cfg_to_dag_prog.block_4_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of nested_loop_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: assms(3) nested_loop_before_ast_to_cfg_prog.bigblock_4_def)+)
+done
+
+
+lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop_before_cfg_to_dag_prog.proc_body 3 nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of nested_loop_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule nested_loop_before_cfg_to_dag_prog.node_4)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule nested_loop_before_cfg_to_dag_prog.block_4_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_4_def)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.node_4)
+apply (rule rel_nested_loop_before_ast_to_cfg_prog_bigblock_4)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=3])+)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop_before_cfg_to_dag_prog.proc_body 1 nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of nested_loop_before_ast_to_cfg_prog.bigblock_3 _ _ _ nested_loop_before_cfg_to_dag_prog.block_3])
+apply (simp add:nested_loop_before_ast_to_cfg_prog.bigblock_3_def nested_loop_before_cfg_to_dag_prog.block_3_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:nested_loop_before_ast_to_cfg_prog.bigblock_3_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of nested_loop_before_ast_to_cfg_prog.bigblock_3])
+apply ((simp add:nested_loop_before_ast_to_cfg_prog.bigblock_3_def)+)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.block_3_def nested_loop_before_cfg_to_dag_prog.node_3)+)
+apply (rule cont_3_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def nested_loop_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_3_def cont_4_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 5])+)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_5)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: nested_loop_before_cfg_to_dag_prog.node_5)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: nested_loop_before_cfg_to_dag_prog.node_5)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop_before_cfg_to_dag_prog.proc_body 1 nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
+apply (rule correctness_propagates_through_assumption2)
+using assms(2)
+apply blast
+apply (simp add: nested_loop_before_cfg_to_dag_prog.node_2)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.block_2_def)
+
+apply (rule guardHint)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_assumption4)
+using assms(3)
+apply blast
+apply (simp add: nested_loop_before_cfg_to_dag_prog.node_2)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.block_2_def)
+
+apply (rule guardHint)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec)
+apply ((simp)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule strictly_smaller_helper2)
+apply ((simp)+)
+done
+
+lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of nested_loop_before_ast_to_cfg_prog.bigblock_1 _ _ _ nested_loop_before_cfg_to_dag_prog.block_1])
+apply (simp add:nested_loop_before_ast_to_cfg_prog.bigblock_1_def nested_loop_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:nested_loop_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of nested_loop_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:nested_loop_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.block_1_def nested_loop_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def nested_loop_before_ast_to_cfg_prog.bigblock_2_def cont_2_def nested_loop_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 7])+)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_6)
+apply (blast)
+
+
+apply ((blast)+)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+done
+qed
+qed
+
+lemma rel_nested_loop_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of nested_loop_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: nested_loop_before_cfg_to_dag_prog.block_0_def nested_loop_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of nested_loop_before_ast_to_cfg_prog.bigblock_0 _ nested_loop_before_cfg_to_dag_prog.block_0])
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
+apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: nested_loop_before_cfg_to_dag_prog.node_0)
+apply (rule rel_nested_loop_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: nested_loop_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (nested_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_y_2::int) (vc_x_1::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A nested_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_loop_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def nested_loop_before_ast_to_cfg_prog.pres_def nested_loop_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def nested_loop_before_ast_to_cfg_prog.pres_def nested_loop_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_6] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (nested_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_6_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_y_2::int) (vc_x_1::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) nested_loop_before_ast_to_cfg_prog.fdecls nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls nested_loop_before_ast_to_cfg_prog.axioms nested_loop_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding nested_loop_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_loop_before_ast_to_cfg_prog.ast_proc_def nested_loop_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..358696b
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_to_cfg_prog.thy
@@ -0,0 +1,150 @@
+theory nested_loop_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [] (None ) (None ))"
+definition cont_6
+  where
+    "cont_6  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_6 cont_6)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_6 cont_6 ))"
+definition cont_5
+  where
+    "cont_5  = (KSeq bigblock_1 cont_1)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_5 cont_5)"
+definition cont_3
+  where
+    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_6]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding nested_loop_before_ast_to_cfg_prog.constants_vdecls_def nested_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding nested_loop_before_ast_to_cfg_prog.constants_vdecls_def nested_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding nested_loop_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding nested_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding nested_loop_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding nested_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = nested_loop_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop_before_ast_to_cfg_prog.post),proc_body = (Some (nested_loop_before_ast_to_cfg_prog.locals_vdecls,nested_loop_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
similarity index 56%
rename from BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
index dd2e91f..920919d 100644
--- a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
@@ -18,16 +18,19 @@ definition block_4
     "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
 definition block_5
   where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
 definition block_6
   where
-    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+    "block_6  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
 definition outEdges
   where
-    "outEdges  = [[1],[6,2],[3],[5,4],[3],[1],[]]"
+    "outEdges  = [[1],[7,2],[3],[5,4],[3],[6],[1],[]]"
 definition node_to_blocks
   where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
 definition proc_body
   where
     "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
@@ -59,12 +62,16 @@ lemma node_6:
 shows "((nth (node_to_block proc_body) 6) = block_6)"
 by (simp add:proc_body_def node_to_blocks_def)
 
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
 lemma outEdges_0:
 shows "((nth (out_edges proc_body) 0) = [1])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [6,2])"
+shows "((nth (out_edges proc_body) 1) = [7,2])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_2:
@@ -80,11 +87,15 @@ shows "((nth (out_edges proc_body) 4) = [3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [1])"
+shows "((nth (out_edges proc_body) 5) = [6])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [])"
+shows "((nth (out_edges proc_body) 6) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [])"
 by (simp add:proc_body_def outEdges_def)
 
 definition pres
@@ -99,6 +110,28 @@ definition params_vdecls :: "(vdecls)"
 definition locals_vdecls :: "(vdecls)"
   where
     "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding nested_loop_before_cfg_to_dag_prog.constants_vdecls_def nested_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
 lemma locals_min_aux:
 shows "(((map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
 unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
@@ -110,18 +143,23 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding nested_loop_before_cfg_to_dag_prog.constants_vdecls_def nested_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
 by simp
 
 lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding nested_loop_before_cfg_to_dag_prog.constants_vdecls_def
 by simp
 
 lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding nested_loop_before_cfg_to_dag_prog.globals_vdecls_def
 by simp
 
 lemma params_wf:
@@ -135,7 +173,7 @@ unfolding nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
 apply (rule lookup_ty_pred_2)
 by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
 
@@ -148,16 +186,16 @@ shows "((map_of (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_y:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_y
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-definition proc :: "(procedure)"
+definition proc :: "(mbodyCFG procedure)"
   where
     "proc  = (|proc_ty_args = 0,proc_args = nested_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop_before_cfg_to_dag_prog.post),proc_body = (Some (nested_loop_before_cfg_to_dag_prog.locals_vdecls,nested_loop_before_cfg_to_dag_prog.proc_body))|)"
 
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
similarity index 60%
rename from BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
index 4d9e13e..fa93109 100644
--- a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
@@ -1,5 +1,5 @@
 theory nested_loop_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -9,37 +9,40 @@ definition block_1
     "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
 definition block_2
   where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
 definition block_3
   where
-    "block_3  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_3  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
 definition block_4
   where
-    "block_4  = [(Havoc 1),(Assume (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
 definition block_5
   where
-    "block_5  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+    "block_5  = [(Havoc 1),(Assume (BinOp (Var 1) Ge (Lit (LInt 0))))]"
 definition block_6
   where
-    "block_6  = [(Havoc 0),(Havoc 1),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+    "block_6  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
 definition block_7
   where
-    "block_7  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+    "block_7  = [(Havoc 0),(Havoc 1),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
 definition block_8
   where
-    "block_8  = []"
+    "block_8  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
 definition block_9
   where
     "block_9  = []"
+definition block_10
+  where
+    "block_10  = []"
 definition outEdges
   where
-    "outEdges  = [[],[0],[0],[0],[2,3],[4],[1,5],[6],[7],[8]]"
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[1,6],[7],[8],[9]]"
 definition node_to_blocks
   where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10]"
 definition proc_body
   where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+    "proc_body  = (|entry = 10,out_edges = outEdges,node_to_block = node_to_blocks|)"
 lemma node_0:
 shows "((nth (node_to_block proc_body) 0) = block_0)"
 by (simp add:proc_body_def node_to_blocks_def)
@@ -80,6 +83,10 @@ lemma node_9:
 shows "((nth (node_to_block proc_body) 9) = block_9)"
 by (simp add:proc_body_def node_to_blocks_def)
 
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
 lemma outEdges_0:
 shows "((nth (out_edges proc_body) 0) = [])"
 by (simp add:proc_body_def outEdges_def)
@@ -97,19 +104,19 @@ shows "((nth (out_edges proc_body) 3) = [0])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2,3])"
+shows "((nth (out_edges proc_body) 4) = [3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
+shows "((nth (out_edges proc_body) 5) = [4,2])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [1,5])"
+shows "((nth (out_edges proc_body) 6) = [5])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
+shows "((nth (out_edges proc_body) 7) = [1,6])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_8:
@@ -120,19 +127,23 @@ lemma outEdges_9:
 shows "((nth (out_edges proc_body) 9) = [8])"
 by (simp add:proc_body_def outEdges_def)
 
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
 lemma locals_min_aux:
-shows "(((map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding nested_loop_before_ast_to_cfg_prog.constants_vdecls_def nested_loop_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
similarity index 72%
rename from BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
index bb20376..3ef623e 100644
--- a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
@@ -1,23 +1,23 @@
 theory nested_loop_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop_before_cfg_to_dag_prog nested_loop_before_passive_prog nested_loop_passification_proof nested_loop_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop_before_ast_to_cfg_prog nested_loop_before_cfg_to_dag_prog nested_loop_before_passive_prog nested_loop_passification_proof nested_loop_vcphase_proof
 begin
 locale cfg_to_dag_lemmas = 
 fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
 assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+Wf_Fun: "(fun_interp_wf A nested_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
 begin
 
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls))"
 declare Nat.One_nat_def[simp del]
 
 lemma cfg_block_GeneratedUnifiedExit:
 assumes 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def nested_loop_before_cfg_to_dag_prog.post_def 
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def nested_loop_before_ast_to_cfg_prog.post_def 
 apply (rule cfg_dag_rel_post_invs_3)
 apply (erule assms(1))
 apply (rule nested_loop_before_passive_prog.node_0)
@@ -27,13 +27,13 @@ by cfg_dag_rel_tac_single+
 
 lemma block_anon4_LoopDone:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_1 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_6_def nested_loop_before_passive_prog.block_1_def
+unfolding nested_loop_before_cfg_to_dag_prog.block_7_def nested_loop_before_passive_prog.block_1_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -41,65 +41,65 @@ done
 
 lemma cfg_block_anon4_LoopDone:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_6)
+apply (rule nested_loop_before_cfg_to_dag_prog.node_7)
 apply (rule nested_loop_before_passive_prog.node_1)
 apply (erule DagVerifies)
 apply (rule DagAssms)
 apply (erule block_anon4_LoopDone)
 apply assumption+
-apply (rule nested_loop_before_cfg_to_dag_prog.outEdges_6)
+apply (rule nested_loop_before_cfg_to_dag_prog.outEdges_7)
 apply (rule nested_loop_before_passive_prog.outEdges_1)
 apply (erule cfg_block_GeneratedUnifiedExit)
 by assumption
 
 
-lemma Mods_anon5_LoopDone:
-shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_5)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_5_def
+lemma Mods_anon5_LoopBody:
+shows "(mods_contained_in (set [1]) nested_loop_before_cfg_to_dag_prog.block_4)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_4_def
 by simp
 
-lemma block_anon5_LoopDone:
+lemma block_anon5_LoopBody:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_2 ns2 s' True)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_2 ns2 s' True)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_5_def nested_loop_before_passive_prog.block_2_def
+unfolding nested_loop_before_cfg_to_dag_prog.block_4_def nested_loop_before_passive_prog.block_2_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop_before_ast_to_cfg_prog.funcs_wf nested_loop_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_ast_to_cfg_prog.l_y(2)} [] 1\<close>))
 
 done
 
-lemma cfg_block_anon5_LoopDone:
+lemma cfg_block_anon5_LoopBody:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_5)
+apply (rule nested_loop_before_cfg_to_dag_prog.node_4)
 apply (rule nested_loop_before_passive_prog.node_2)
 apply (assumption+)
-apply (rule block_anon5_LoopDone)
+apply (rule block_anon5_LoopBody)
 apply (assumption+)
-apply (rule Mods_anon5_LoopDone)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_5))
+apply (rule Mods_anon5_LoopBody)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_4))
 apply (erule member_elim)
 apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon4_LoopHead)
+apply (rule IH_anon5_LoopHead)
 apply (simp, simp)
 unfolding dag_lemma_assms_def
 apply (intro conjI, simp)
@@ -110,48 +110,48 @@ apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
 by (simp add: member_rec(2))
 
 
-lemma Mods_anon5_LoopBody:
-shows "(mods_contained_in (set [1]) nested_loop_before_cfg_to_dag_prog.block_4)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_4_def
+lemma Mods_anon3:
+shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_6)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_6_def
 by simp
 
-lemma block_anon5_LoopBody:
+lemma block_anon3:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_3 ns2 s' True)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_3 ns2 s' True)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_4_def nested_loop_before_passive_prog.block_3_def
+unfolding nested_loop_before_cfg_to_dag_prog.block_6_def nested_loop_before_passive_prog.block_3_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop_before_ast_to_cfg_prog.funcs_wf nested_loop_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_y(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
 
 done
 
-lemma cfg_block_anon5_LoopBody:
+lemma cfg_block_anon3:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 3 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_4)
+apply (rule nested_loop_before_cfg_to_dag_prog.node_6)
 apply (rule nested_loop_before_passive_prog.node_3)
 apply (assumption+)
-apply (rule block_anon5_LoopBody)
+apply (rule block_anon3)
 apply (assumption+)
-apply (rule Mods_anon5_LoopBody)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_4))
+apply (rule Mods_anon3)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_6))
 apply (erule member_elim)
 apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon5_LoopHead)
+apply (rule IH_anon4_LoopHead)
 apply (simp, simp)
 unfolding dag_lemma_assms_def
 apply (intro conjI, simp)
@@ -162,6 +162,62 @@ apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
 by (simp add: member_rec(2))
 
 
+lemma Mods_anon5_LoopDone:
+shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_5)"
+unfolding nested_loop_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop_before_cfg_to_dag_prog.block_5_def nested_loop_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop_before_cfg_to_dag_prog.node_5)
+apply (rule nested_loop_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon5_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon5_LoopDone)
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon4_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
 lemma Mods_anon5_LoopHead:
 shows "(mods_contained_in (set [1]) nested_loop_before_cfg_to_dag_prog.block_3)"
 unfolding nested_loop_before_cfg_to_dag_prog.block_3_def
@@ -170,15 +226,15 @@ by simp
 lemma block_anon5_LoopHead:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_4 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_5 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_3_def nested_loop_before_passive_prog.block_4_def
+unfolding nested_loop_before_cfg_to_dag_prog.block_3_def nested_loop_before_passive_prog.block_5_def
 apply cfg_dag_rel_tac_single+
 apply simp
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(1)))
+apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_y(1)))
 apply simp
 done
 
@@ -186,23 +242,23 @@ lemma cfg_block_anon5_LoopHead:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
 using Red DagAssms assms(4-)
 proof (induction j arbitrary: ns1 rule: less_induct)
 case (less j)
 show ?case
 proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
 next
 case (Suc j')
 from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
 from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-  show ?thesis
+show ?thesis
 apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
 apply (rule nested_loop_before_cfg_to_dag_prog.node_3)
-apply (rule nested_loop_before_passive_prog.node_4)
+apply (rule nested_loop_before_passive_prog.node_5)
 apply (assumption+)
 apply (rule block_anon5_LoopHead)
 apply (assumption+)
@@ -211,8 +267,8 @@ apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3))
 apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3))
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=2])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_4))
+apply (erule allE[where x=4])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_5))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon5_LoopDone)
 apply simp
@@ -230,8 +286,8 @@ apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
 apply simp
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=3])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_4))
+apply (erule allE[where x=2])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_5))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon5_LoopBody)
 apply simp
@@ -268,18 +324,18 @@ by simp
 lemma block_anon4_LoopBody:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_5 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_6 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_2_def nested_loop_before_passive_prog.block_5_def
+unfolding nested_loop_before_cfg_to_dag_prog.block_2_def nested_loop_before_passive_prog.block_6_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop_before_ast_to_cfg_prog.funcs_wf nested_loop_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_y(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_ast_to_cfg_prog.l_y(2)} [] 1\<close>))
 
 done
 
@@ -287,12 +343,12 @@ lemma cfg_block_anon4_LoopBody:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
 apply (rule nested_loop_before_cfg_to_dag_prog.node_2)
-apply (rule nested_loop_before_passive_prog.node_5)
+apply (rule nested_loop_before_passive_prog.node_6)
 apply (assumption+)
 apply (rule block_anon4_LoopBody)
 apply (assumption+)
@@ -301,8 +357,8 @@ apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_2))
 apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_2))
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=4])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_5))
+apply (erule allE[where x=5])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_6))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon5_LoopHead)
 apply simp
@@ -328,16 +384,16 @@ by simp
 lemma block_anon4_LoopHead:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_6 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_7 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_1_def nested_loop_before_passive_prog.block_6_def
+unfolding nested_loop_before_cfg_to_dag_prog.block_1_def nested_loop_before_passive_prog.block_7_def
 apply cfg_dag_rel_tac_single+
 apply simp
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_x(1)))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(1)))
+apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_x(1)))
+apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_y(1)))
 apply simp
 done
 
@@ -345,14 +401,14 @@ lemma cfg_block_anon4_LoopHead:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
 using Red DagAssms
 proof (induction j arbitrary: ns1 rule: less_induct)
 case (less j)
 show ?case
 proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
 next
 case (Suc j')
 from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
@@ -360,7 +416,7 @@ from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add:
 show ?thesis
 apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
 apply (rule nested_loop_before_cfg_to_dag_prog.node_1)
-apply (rule nested_loop_before_passive_prog.node_6)
+apply (rule nested_loop_before_passive_prog.node_7)
 apply (assumption+)
 apply (rule block_anon4_LoopHead)
 apply (assumption+)
@@ -370,7 +426,7 @@ apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1))
 apply (erule member_elim)
 apply simp
 apply (erule allE[where x=1])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_6))
+apply ((simp add:nested_loop_before_passive_prog.outEdges_7))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon4_LoopDone)
 apply simp
@@ -383,8 +439,8 @@ apply (simp)
 apply (simp)
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=5])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_6))
+apply (erule allE[where x=6])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_7))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon4_LoopBody)
 apply simp
@@ -411,18 +467,18 @@ qed
 lemma block_anon0:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_7 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_8 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_0_def nested_loop_before_passive_prog.block_7_def
+unfolding nested_loop_before_cfg_to_dag_prog.block_0_def nested_loop_before_passive_prog.block_8_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop_before_ast_to_cfg_prog.funcs_wf nested_loop_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
 
 done
 
@@ -430,11 +486,11 @@ lemma cfg_block_anon0:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
-apply (rule nested_loop_before_passive_prog.node_7)
+apply (rule nested_loop_before_passive_prog.node_8)
 apply (assumption+)
 apply (rule block_anon0)
 apply (assumption+)
@@ -442,8 +498,8 @@ apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_0))
 apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_0))
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=6])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_7))
+apply (erule allE[where x=7])
+apply ((simp add:nested_loop_before_passive_prog.outEdges_8))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon4_LoopHead)
 apply simp
@@ -459,37 +515,37 @@ by (simp add: member_rec(2))
 
 lemma cfg_block_0:
 assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
 "(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
 "(state_well_typed A \<Lambda>1 [] ns1)" and 
 "(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
 shows "R"
 using assms
 apply (rule cfg_dag_empty_propagate_helper)
 apply (assumption, simp)
-apply ((simp add:nested_loop_before_passive_prog.outEdges_8))
-by ((simp add:nested_loop_before_passive_prog.node_8 nested_loop_before_passive_prog.block_8_def))
+apply ((simp add:nested_loop_before_passive_prog.outEdges_9))
+by ((simp add:nested_loop_before_passive_prog.node_9 nested_loop_before_passive_prog.block_9_def))
 
 lemma entry_lemma:
 assumes 
 "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_entry)
-apply (rule nested_loop_before_passive_prog.node_9)
+apply (rule nested_loop_before_passive_prog.node_10)
 apply (erule assms(3))
 apply (rule assms(2))
-unfolding nested_loop_before_passive_prog.block_9_def
-apply (rule assume_pres_normal[where ?es=nested_loop_before_cfg_to_dag_prog.pres])
+unfolding nested_loop_before_passive_prog.block_10_def
+apply (rule assume_pres_normal[where ?es=nested_loop_before_ast_to_cfg_prog.pres])
 apply (rule assms(4))
-unfolding nested_loop_before_cfg_to_dag_prog.pres_def
+unfolding nested_loop_before_ast_to_cfg_prog.pres_def
 apply simp
+apply (rule nested_loop_before_passive_prog.outEdges_10)
+apply ((simp add:nested_loop_before_passive_prog.node_9 nested_loop_before_passive_prog.block_9_def))
 apply (rule nested_loop_before_passive_prog.outEdges_9)
-apply ((simp add:nested_loop_before_passive_prog.node_8 nested_loop_before_passive_prog.block_8_def))
-apply (rule nested_loop_before_passive_prog.outEdges_8)
 by (rule cfg_block_anon0[OF assms(1-2)])
 
 
@@ -497,23 +553,23 @@ end
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls))"
 lemma end_to_end_theorem_aux:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
+Red: "(red_cfg_multi A M ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_y_2::int) (vc_x_1::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop_before_cfg_to_dag_prog.pres)" and 
+FInterp: "(fun_interp_wf A nested_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_loop_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop_before_ast_to_cfg_prog.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
 proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
 show ?thesis
 apply (rule cfg_to_dag_lemmas.entry_lemma)
@@ -545,13 +601,5 @@ done
 qed
 
 
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms nested_loop_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_loop_before_cfg_to_dag_prog.proc_def nested_loop_before_cfg_to_dag_prog.proc_body_def)
-
 
 end
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
similarity index 81%
rename from BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
index f624a39..e32ff81 100644
--- a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
@@ -1,5 +1,5 @@
 theory nested_loop_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_passive_prog nested_loop_passive_prog Boogie_Lang.PassificationML nested_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_ast_to_cfg_prog nested_loop_passive_prog Boogie_Lang.PassificationML nested_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,10 +9,10 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_GeneratedUnifiedExit:
@@ -38,101 +38,113 @@ apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_anon5_LoopDone:
+lemma block_anon5_LoopBody:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
 "((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old nested_loop_passive_prog.block_2 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(1,(Inl 5))]) R_old nested_loop_passive_prog.block_2 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_loop_before_passive_prog.block_2_def nested_loop_passive_prog.block_2_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_x(2) nested_loop_passive_prog.l_x_1(2)))
+apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_y(2) nested_loop_passive_prog.l_y_2(2)))
 by simp
 
-lemma block_anon5_LoopBody:
+lemma block_anon3:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(1,(Inl 5))]) R_old nested_loop_passive_prog.block_3 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old nested_loop_passive_prog.block_3 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_loop_before_passive_prog.block_3_def nested_loop_passive_prog.block_3_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(2) nested_loop_passive_prog.l_y_2(2)))
+apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_x(2) nested_loop_passive_prog.l_x_1(2)))
 by simp
 
-lemma block_anon5_LoopHead:
+lemma block_anon5_LoopDone:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 4)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop_before_passive_prog.block_4_def nested_loop_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
 "((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(1,(Inl 4))]) R_old nested_loop_passive_prog.block_4 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(1,(Inl 4))]) R_old nested_loop_passive_prog.block_5 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_4_def nested_loop_passive_prog.block_4_def
+unfolding nested_loop_before_passive_prog.block_5_def nested_loop_passive_prog.block_5_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(2) nested_loop_passive_prog.l_y_1(2)))
+apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_y(2) nested_loop_passive_prog.l_y_1(2)))
 by simp
 
 lemma block_anon4_LoopBody:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
 "((R 0) = (Some (Inl 2)))" and 
 "((R 1) = (Some (Inl 3)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_5 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_6 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_5_def nested_loop_passive_prog.block_5_def
+unfolding nested_loop_before_passive_prog.block_6_def nested_loop_passive_prog.block_6_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
 lemma block_anon4_LoopHead:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_7 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old nested_loop_passive_prog.block_6 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old nested_loop_passive_prog.block_7 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_6_def nested_loop_passive_prog.block_6_def
+unfolding nested_loop_before_passive_prog.block_7_def nested_loop_passive_prog.block_7_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_x(2) nested_loop_passive_prog.l_x_0(2)))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.l_y(2) nested_loop_passive_prog.l_y_0(2)))
+apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_x(2) nested_loop_passive_prog.l_x_0(2)))
+apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_y(2) nested_loop_passive_prog.l_y_0(2)))
 by simp
 
 lemma block_anon0:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_8 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10))),(1,(Inr (LInt 10)))]) R_old nested_loop_passive_prog.block_7 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10))),(1,(Inr (LInt 10)))]) R_old nested_loop_passive_prog.block_8 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_7_def nested_loop_passive_prog.block_7_def
+unfolding nested_loop_before_passive_prog.block_8_def nested_loop_passive_prog.block_8_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
 lemma block_0:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_9 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_8 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_9 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_8_def nested_loop_passive_prog.block_8_def
+unfolding nested_loop_before_passive_prog.block_9_def nested_loop_passive_prog.block_9_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
 lemma block_PreconditionGeneratedEntry:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_10 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_9 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_10 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_9_def nested_loop_passive_prog.block_9_def
+unfolding nested_loop_before_passive_prog.block_10_def nested_loop_passive_prog.block_10_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
@@ -153,87 +165,96 @@ shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and>
 by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_1},@{thm nested_loop_before_passive_prog.outEdges_1}) (@{thm nested_loop_passive_prog.node_1},@{thm nested_loop_passive_prog.outEdges_1}) @{thm block_anon4_LoopDone} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon5_LoopDone:
+lemma cfg_block_anon5_LoopBody:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
 "((R 1) = (Some (Inl 4)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_2},@{thm nested_loop_before_passive_prog.outEdges_2}) (@{thm nested_loop_passive_prog.node_2},@{thm nested_loop_passive_prog.outEdges_2}) @{thm block_anon5_LoopDone} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_2},@{thm nested_loop_before_passive_prog.outEdges_2}) (@{thm nested_loop_passive_prog.node_2},@{thm nested_loop_passive_prog.outEdges_2}) @{thm block_anon5_LoopBody} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon5_LoopBody:
+lemma cfg_block_anon3:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_3},@{thm nested_loop_before_passive_prog.outEdges_3}) (@{thm nested_loop_passive_prog.node_3},@{thm nested_loop_passive_prog.outEdges_3}) @{thm block_anon5_LoopBody} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_3},@{thm nested_loop_before_passive_prog.outEdges_3}) (@{thm nested_loop_passive_prog.node_3},@{thm nested_loop_passive_prog.outEdges_3}) @{thm block_anon3} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon5_LoopHead:
+lemma cfg_block_anon5_LoopDone:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))" and 
+"((R 1) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_4},@{thm nested_loop_before_passive_prog.outEdges_4}) (@{thm nested_loop_passive_prog.node_4},@{thm nested_loop_passive_prog.outEdges_4}) @{thm block_anon5_LoopDone} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
 "((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_4},@{thm nested_loop_before_passive_prog.outEdges_4}) (@{thm nested_loop_passive_prog.node_4},@{thm nested_loop_passive_prog.outEdges_4}) @{thm block_anon5_LoopHead} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_5},@{thm nested_loop_before_passive_prog.outEdges_5}) (@{thm nested_loop_passive_prog.node_5},@{thm nested_loop_passive_prog.outEdges_5}) @{thm block_anon5_LoopHead} [
 @{thm cfg_block_anon5_LoopDone}, 
 @{thm cfg_block_anon5_LoopBody}] 1\<close>))
 
 lemma cfg_block_anon4_LoopBody:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
 "((R 0) = (Some (Inl 2)))" and 
 "((R 1) = (Some (Inl 3)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_5},@{thm nested_loop_before_passive_prog.outEdges_5}) (@{thm nested_loop_passive_prog.node_5},@{thm nested_loop_passive_prog.outEdges_5}) @{thm block_anon4_LoopBody} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_6},@{thm nested_loop_before_passive_prog.outEdges_6}) (@{thm nested_loop_passive_prog.node_6},@{thm nested_loop_passive_prog.outEdges_6}) @{thm block_anon4_LoopBody} [
 @{thm cfg_block_anon5_LoopHead}] 1\<close>))
 
 lemma cfg_block_anon4_LoopHead:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_6},@{thm nested_loop_before_passive_prog.outEdges_6}) (@{thm nested_loop_passive_prog.node_6},@{thm nested_loop_passive_prog.outEdges_6}) @{thm block_anon4_LoopHead} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_7},@{thm nested_loop_before_passive_prog.outEdges_7}) (@{thm nested_loop_passive_prog.node_7},@{thm nested_loop_passive_prog.outEdges_7}) @{thm block_anon4_LoopHead} [
 @{thm cfg_block_anon4_LoopDone}, 
 @{thm cfg_block_anon4_LoopBody}] 1\<close>))
 
 lemma cfg_block_anon0:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_7},@{thm nested_loop_before_passive_prog.outEdges_7}) (@{thm nested_loop_passive_prog.node_7},@{thm nested_loop_passive_prog.outEdges_7}) @{thm block_anon0} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_8},@{thm nested_loop_before_passive_prog.outEdges_8}) (@{thm nested_loop_passive_prog.node_8},@{thm nested_loop_passive_prog.outEdges_8}) @{thm block_anon0} [
 @{thm cfg_block_anon4_LoopHead}] 1\<close>))
 
 lemma cfg_block_0:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_8},@{thm nested_loop_before_passive_prog.outEdges_8}) (@{thm nested_loop_passive_prog.node_8},@{thm nested_loop_passive_prog.outEdges_8}) @{thm block_0} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_9},@{thm nested_loop_before_passive_prog.outEdges_9}) (@{thm nested_loop_passive_prog.node_9},@{thm nested_loop_passive_prog.outEdges_9}) @{thm block_0} [
 @{thm cfg_block_anon0}] 1\<close>))
 
 lemma cfg_block_PreconditionGeneratedEntry:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_9},@{thm nested_loop_before_passive_prog.outEdges_9}) (@{thm nested_loop_passive_prog.node_9},@{thm nested_loop_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_10},@{thm nested_loop_before_passive_prog.outEdges_10}) (@{thm nested_loop_passive_prog.node_10},@{thm nested_loop_passive_prog.outEdges_10}) @{thm block_PreconditionGeneratedEntry} [
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
+Red: "(red_cfg_multi A M ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 10),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_y_2::int) (vc_x_1::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A nested_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_loop_before_ast_to_cfg_prog.constants_vdecls ns nested_loop_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -287,7 +308,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding nested_loop_before_ast_to_cfg_prog.constants_vdecls_def nested_loop_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding nested_loop_passive_prog.params_vdecls_def nested_loop_passive_prog.locals_vdecls_def
 by simp
@@ -317,7 +338,7 @@ lemma end_to_end:
 shows "(s' \<noteq> Failure)"
 proof
 assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_loop_passive_prog.proc_body u (Inl 9)))))"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_loop_passive_prog.proc_body u (Inl 10)))))"
 apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
 unfolding passive_lemma_assms_2_def
 apply (intro conjI)?
@@ -325,11 +346,11 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range nested_loop_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_loop_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_loop_passive_prog.proc_body ((Inl 10),(Normal u)) (mp',Failure))"
 by (auto simp add: passive_sim_cfg_fail_def)
 from nested_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
  apply rule
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
similarity index 53%
rename from BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
index 5eadc7c..5a8e9dd 100644
--- a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
@@ -1,5 +1,5 @@
 theory nested_loop_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -9,37 +9,40 @@ definition block_1
     "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
 definition block_2
   where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4))),(Assume (BinOp (Var 6) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 6) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_2  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 4) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 5) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
 definition block_3
   where
-    "block_3  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 4) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 5) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_3  = [(Assume (BinOp (Var 6) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 6) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
 definition block_4
   where
-    "block_4  = [(Assume (BinOp (Var 4) Ge (Lit (LInt 0))))]"
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4)))]"
 definition block_5
   where
-    "block_5  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 3) Ge (Lit (LInt 0))))]"
+    "block_5  = [(Assume (BinOp (Var 4) Ge (Lit (LInt 0))))]"
 definition block_6
   where
-    "block_6  = [(Assume (BinOp (Var 2) Ge (Lit (LInt 0))))]"
+    "block_6  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 3) Ge (Lit (LInt 0))))]"
 definition block_7
   where
-    "block_7  = [(Assert (BinOp (Lit (LInt 10)) Ge (Lit (LInt 0))))]"
+    "block_7  = [(Assume (BinOp (Var 2) Ge (Lit (LInt 0))))]"
 definition block_8
   where
-    "block_8  = []"
+    "block_8  = [(Assert (BinOp (Lit (LInt 10)) Ge (Lit (LInt 0))))]"
 definition block_9
   where
     "block_9  = []"
+definition block_10
+  where
+    "block_10  = []"
 definition outEdges
   where
-    "outEdges  = [[],[0],[0],[0],[2,3],[4],[1,5],[6],[7],[8]]"
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[1,6],[7],[8],[9]]"
 definition node_to_blocks
   where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10]"
 definition proc_body
   where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
+    "proc_body  = (|entry = 10,out_edges = outEdges,node_to_block = node_to_blocks|)"
 lemma node_0:
 shows "((nth (node_to_block proc_body) 0) = block_0)"
 by (simp add:proc_body_def node_to_blocks_def)
@@ -80,6 +83,10 @@ lemma node_9:
 shows "((nth (node_to_block proc_body) 9) = block_9)"
 by (simp add:proc_body_def node_to_blocks_def)
 
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
 lemma outEdges_0:
 shows "((nth (out_edges proc_body) 0) = [])"
 by (simp add:proc_body_def outEdges_def)
@@ -97,19 +104,19 @@ shows "((nth (out_edges proc_body) 3) = [0])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2,3])"
+shows "((nth (out_edges proc_body) 4) = [3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
+shows "((nth (out_edges proc_body) 5) = [4,2])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [1,5])"
+shows "((nth (out_edges proc_body) 6) = [5])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
+shows "((nth (out_edges proc_body) 7) = [1,6])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_8:
@@ -120,12 +127,16 @@ lemma outEdges_9:
 shows "((nth (out_edges proc_body) 9) = [8])"
 by (simp add:proc_body_def outEdges_def)
 
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
 definition params_vdecls :: "(vdecls)"
   where
     "params_vdecls  = []"
 definition locals_vdecls :: "(vdecls)"
   where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(5,(TPrim TInt),(None ))]"
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None ))]"
 lemma locals_min_aux:
 shows "(((map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
 unfolding nested_loop_passive_prog.params_vdecls_def nested_loop_passive_prog.locals_vdecls_def
@@ -137,8 +148,8 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) = {})"
+unfolding nested_loop_before_ast_to_cfg_prog.constants_vdecls_def nested_loop_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 lemma m_x:
@@ -161,48 +172,48 @@ lemma m_y_1:
 shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
 by (simp add:params_vdecls_def locals_vdecls_def)
 
-lemma m_x_1:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
 lemma m_y_2:
 shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
 by (simp add:params_vdecls_def locals_vdecls_def)
 
+lemma m_x_1:
+shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_y:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_y
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_y_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
 using globals_locals_disj m_y_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_y_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
 using globals_locals_disj m_y_1
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-lemma l_x_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
 lemma l_y_2:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
 using globals_locals_disj m_y_2
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
+lemma l_x_1:
+shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
 
 end
diff --git a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
similarity index 82%
rename from BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
index 01eeeb3..c654da1 100644
--- a/BoogieLang/generated_example_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
@@ -7,12 +7,15 @@ begin
 definition vc_anon4_LoopDone
   where
     "vc_anon4_LoopDone  = True"
-definition vc_anon5_LoopDone
-  where
-    "vc_anon5_LoopDone y_1 x_1 x_0 = ((((0::int) \<ge> y_1) \<and> (x_1 = (x_0 - (1::int)))) \<longrightarrow> (x_1 \<ge> (0::int)))"
 definition vc_anon5_LoopBody
   where
     "vc_anon5_LoopBody y_1 y_2 = (((y_1 > (0::int)) \<and> (y_2 = (y_1 - (1::int)))) \<longrightarrow> (y_2 \<ge> (0::int)))"
+definition vc_anon3
+  where
+    "vc_anon3 x_1 x_0 = ((x_1 = (x_0 - (1::int))) \<longrightarrow> (x_1 \<ge> (0::int)))"
+definition vc_anon5_LoopDone
+  where
+    "vc_anon5_LoopDone y_1 x_1 x_0 = (((0::int) \<ge> y_1) \<longrightarrow> (vc_anon3 x_1 x_0))"
 definition vc_anon5_LoopHead
   where
     "vc_anon5_LoopHead y_1 x_1 x_0 y_2 = ((y_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon5_LoopDone y_1 x_1 x_0) \<and> (vc_anon5_LoopBody y_1 y_2)))"
@@ -32,15 +35,15 @@ definition vc_PreconditionGeneratedEntry
 end
 
 locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_y_2 :: "int"
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_y_1 :: "int" and vc_y_2 :: "int" and vc_x_1 :: "int"
 assumes 
 G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
 G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
 G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
 G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
 G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_1)))" and 
-G5: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_1)))" and 
-G6: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_2)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_2)))" and 
+G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_1)))" and 
 G7: "(\<And> v. (closed ((type_of_val A) v)))"
 begin
 
@@ -69,29 +72,38 @@ apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm foral
 by (auto?)
 
 ML\<open>
-val block_anon5_LoopDone_hints = [
+val block_anon5_LoopBody_hints = [
 (AssumeConjR 1,NONE), 
 (AssumeConjR 0,NONE), 
 (AssertNoConj,NONE), 
 (AssumeFalse,NONE)]
 \<close>
-lemma block_anon5_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop_passive_prog.block_2_def vc.vc_anon5_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
+lemma block_anon5_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_y_1 vc_y_2) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop_passive_prog.block_2_def vc.vc_anon5_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
 by (auto?)
 
 ML\<open>
-val block_anon5_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
+val block_anon3_hints = [
 (AssumeConjR 0,NONE), 
 (AssertNoConj,NONE), 
 (AssumeFalse,NONE)]
 \<close>
-lemma block_anon5_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_y_1 vc_y_2) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop_passive_prog.block_3_def vc.vc_anon5_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
+lemma block_anon3AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_1 vc_x_0) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop_passive_prog.block_3_def vc.vc_anon3_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1 vc_x_0)))))))"
+unfolding nested_loop_passive_prog.block_4_def vc.vc_anon5_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
 by (auto?)
 
 ML\<open>
@@ -99,8 +111,8 @@ val block_anon5_LoopHead_hints = [
 (AssumeConjR 0,NONE)]
 \<close>
 lemma block_anon5_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0) \<and> (vc.vc_anon5_LoopBody vc_y_1 vc_y_2))))))))"
-unfolding nested_loop_passive_prog.block_4_def vc.vc_anon5_LoopHead_def
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0) \<and> (vc.vc_anon5_LoopBody vc_y_1 vc_y_2))))))))"
+unfolding nested_loop_passive_prog.block_5_def vc.vc_anon5_LoopHead_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopHead_hints \<close>)
 by (auto?)
 
@@ -110,8 +122,8 @@ val block_anon4_LoopBody_hints = [
 (AssertSub,NONE)]
 \<close>
 lemma block_anon4_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2)))))))"
-unfolding nested_loop_passive_prog.block_5_def vc.vc_anon4_LoopBody_def
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2)))))))"
+unfolding nested_loop_passive_prog.block_6_def vc.vc_anon4_LoopBody_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopBody_hints \<close>)
 by (auto?)
 
@@ -120,8 +132,8 @@ val block_anon4_LoopHead_hints = [
 (AssumeConjR 0,NONE)]
 \<close>
 lemma block_anon4_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_LoopDone ) \<and> (vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))))))))"
-unfolding nested_loop_passive_prog.block_6_def vc.vc_anon4_LoopHead_def
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_LoopDone ) \<and> (vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))))))))"
+unfolding nested_loop_passive_prog.block_7_def vc.vc_anon4_LoopHead_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopHead_hints \<close>)
 by (auto?)
 
@@ -130,26 +142,26 @@ val block_anon0_hints = [
 (AssertSub,NONE)]
 \<close>
 lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))))"
-unfolding nested_loop_passive_prog.block_7_def vc.vc_anon0_def
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))))"
+unfolding nested_loop_passive_prog.block_8_def vc.vc_anon0_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
 by (auto?)
 
 lemma block_0:
 assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_8 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_9 (Normal n_s) s')" and 
 "(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
 shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))"
 using assms
-unfolding nested_loop_passive_prog.block_8_def
+unfolding nested_loop_passive_prog.block_9_def
 apply cases
 by auto
 
 lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))))"
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_10 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))))"
 apply (erule red_cmd_list.cases)
 using global_assms
-unfolding nested_loop_passive_prog.block_9_def vc.vc_PreconditionGeneratedEntry_def
+unfolding nested_loop_passive_prog.block_10_def vc.vc_PreconditionGeneratedEntry_def
 apply (handle_cmd_list_full?)
 by (auto?)
 
@@ -174,34 +186,47 @@ apply (erule member_elim, simp)
 apply (erule cfg_block_GeneratedUnifiedExit, simp?)
 by (simp add: member_rec(2))
 
-lemma cfg_block_anon5_LoopDone:
+lemma cfg_block_anon5_LoopBody:
 assumes 
 "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0)"
+"(vc.vc_anon5_LoopBody vc_y_1 vc_y_2)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
 apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop_passive_prog.node_2])
-by (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
+by (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
 
-lemma cfg_block_anon5_LoopBody:
+lemma cfg_block_anon3:
 assumes 
 "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopBody vc_y_1 vc_y_2)"
+"(vc.vc_anon3 vc_x_1 vc_x_0)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
 apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop_passive_prog.node_3])
-by (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
+by (erule block_anon3AA0[OF _ assms(2)])
 
-lemma cfg_block_anon5_LoopHead:
+lemma cfg_block_anon5_LoopDone:
 assumes 
 "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2)"
+"(vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
 apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_4])
-apply (erule block_anon5_LoopHeadAA0[OF _ assms(2)])
+apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
 apply ((simp add:nested_loop_passive_prog.outEdges_4))
 apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_5])
+apply (erule block_anon5_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:nested_loop_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
 apply (erule cfg_block_anon5_LoopDone, simp?)
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon5_LoopBody, simp?)
@@ -209,26 +234,26 @@ by (simp add: member_rec(2))
 
 lemma cfg_block_anon4_LoopBody:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_5])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_6])
 apply (erule block_anon4_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_5))
+apply ((simp add:nested_loop_passive_prog.outEdges_6))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon5_LoopHead, simp?)
 by (simp add: member_rec(2))
 
 lemma cfg_block_anon4_LoopHead:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_6])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_7])
 apply (erule block_anon4_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_6))
+apply ((simp add:nested_loop_passive_prog.outEdges_7))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon4_LoopDone, simp?)
 apply (erule member_elim, simp)
@@ -237,39 +262,39 @@ by (simp add: member_rec(2))
 
 lemma cfg_block_anon0:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_7])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_8])
 apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_7))
+apply ((simp add:nested_loop_passive_prog.outEdges_8))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon4_LoopHead, simp?)
 by (simp add: member_rec(2))
 
 lemma cfg_block_0:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_8])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_9])
 apply (erule block_0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_8))
+apply ((simp add:nested_loop_passive_prog.outEdges_9))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon0, simp?)
 by (simp add: member_rec(2))
 
 lemma cfg_PreconditionGeneratedEntry:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
 "(vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_9])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_10])
 apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_9))
+apply ((simp add:nested_loop_passive_prog.outEdges_10))
 apply (erule member_elim, simp)
 apply (erule cfg_block_0, simp?)
 by (simp add: member_rec(2))
@@ -301,19 +326,19 @@ declare One_nat_def[simp del]
 
 lemma end_to_end:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) \<Gamma> [] nested_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_y_2::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
+Red: "(red_cfg_multi A M ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) \<Gamma> [] nested_loop_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_y_2::int) (vc_x_1::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+FInterp: "(fun_interp_wf A nested_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_loop_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) nested_loop_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls))"
 shows "(s' \<noteq> Failure)"
 proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+let ?n_s_c = "(nstate_global_restriction n_s nested_loop_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((nested_loop_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
 from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x])
@@ -339,16 +364,16 @@ apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_1])
 apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_1])+
 by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
 from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_2])
 apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_2])+
 by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
 show "(s' \<noteq> Failure)"
 apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
 apply (simp only:passification_def)
@@ -358,8 +383,8 @@ apply (rule HOL.conjunct1[OF sc_y])
 apply (rule HOL.conjunct1[OF sc_x_0])
 apply (rule HOL.conjunct1[OF sc_y_0])
 apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_x_1])
 apply (rule HOL.conjunct1[OF sc_y_2])
+apply (rule HOL.conjunct1[OF sc_x_1])
 apply (simp add:Closed)
 apply (rule VC)
 done
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/ROOT
new file mode 100644
index 0000000..7d363b2
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/ROOT
@@ -0,0 +1,12 @@
+session nested_loop_while_true_proofs = Boogie_Lang + 
+directories nested_loop2_proofs
+theories
+global_data
+"nested_loop2_proofs/nested_loop2_passification_proof"
+"nested_loop2_proofs/nested_loop2_cfgtodag_proof"
+"nested_loop2_proofs/nested_loop2_before_passive_prog"
+"nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog"
+"nested_loop2_proofs/nested_loop2_vcphase_proof"
+"nested_loop2_proofs/nested_loop2_before_ast_to_cfg_prog"
+"nested_loop2_proofs/nested_loop2_passive_prog"
+"nested_loop2_proofs/nested_loop2_asttocfg_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_asttocfg_proof.thy
new file mode 100644
index 0000000..174e907
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_asttocfg_proof.thy
@@ -0,0 +1,713 @@
+theory nested_loop2_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop2_before_ast_to_cfg_prog nested_loop2_before_cfg_to_dag_prog nested_loop2_cfgtodag_proof nested_loop2_passification_proof nested_loop2_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A nested_loop2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_9:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_9,cont_9,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (Lit (LBool True)) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_9])
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_9_def)
+
+apply (rule astTrace)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_9_def)
+apply (simp)
+apply (simp)
+apply (rule cont_9_def)
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_11)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule nested_loop2_before_cfg_to_dag_prog.block_11_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply ( rule neg_refl)
+apply (rule guardHint)
+apply (rule nested_loop2_before_cfg_to_dag_prog.outEdges_11)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_11)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_9_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_8:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop2_before_cfg_to_dag_prog.proc_body 1 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_8])
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_8_def)
+
+apply (rule astTrace)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_8_def)
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_10)
+apply (rule disjI1)
+apply (rule nested_loop2_before_cfg_to_dag_prog.block_10_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_8_def)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_10)
+
+
+
+apply ((erule allE[where x=1])+)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_10)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_nested_loop2_before_ast_to_cfg_prog_bigblock_7:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_7,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of nested_loop2_before_ast_to_cfg_prog.bigblock_7])
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_7_def nested_loop2_before_cfg_to_dag_prog.block_8_def)
+apply ((simp add: nested_loop2_before_cfg_to_dag_prog.block_8_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: nested_loop2_before_cfg_to_dag_prog.block_8_def nested_loop2_before_ast_to_cfg_prog.bigblock_7_def)+)
+done
+
+
+lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_7:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop2_before_cfg_to_dag_prog.proc_body 3 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of nested_loop2_before_ast_to_cfg_prog.bigblock_7])
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_7_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_7_def)
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_8)
+apply (rule disjI1)
+apply (rule nested_loop2_before_cfg_to_dag_prog.block_8_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_7_def)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_8)
+apply (rule rel_nested_loop2_before_ast_to_cfg_prog_bigblock_7)
+apply assumption
+apply (simp)
+apply ((erule allE[where x=3])+)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_8)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_nested_loop2_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of nested_loop2_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_6_def)
+apply ((simp add: assms(3) nested_loop2_before_ast_to_cfg_prog.bigblock_6_def)+)
+done
+
+
+lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_5 cont_5 nested_loop2_before_cfg_to_dag_prog.proc_body 5 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of nested_loop2_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_6_def)
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_6)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule nested_loop2_before_cfg_to_dag_prog.block_6_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_6_def)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_6)
+apply (rule rel_nested_loop2_before_ast_to_cfg_prog_bigblock_6)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=5])+)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_6)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop2_before_cfg_to_dag_prog.proc_body 3 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_5_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_5 _ _ _ nested_loop2_before_cfg_to_dag_prog.block_5])
+apply (simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_5_def nested_loop2_before_cfg_to_dag_prog.block_5_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_5_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_5])
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_5_def)+)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.block_5_def nested_loop2_before_cfg_to_dag_prog.node_5)+)
+apply (rule cont_5_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 6])+)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_6)
+apply (simp add: cont_5_def nested_loop2_before_ast_to_cfg_prog.bigblock_6_def cont_6_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_5_def cont_6_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 7])+)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_7)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_7)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_7_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_7)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_7)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_7_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_7)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop2_before_cfg_to_dag_prog.proc_body 3 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_5)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_5_def cont_4_def cont_5_def)
+apply (rule correctness_propagates_through_assumption2)
+using assms(2)
+apply blast
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_4)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_4_def)
+
+apply (rule guardHint)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_assumption4)
+using assms(3)
+apply blast
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_4)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_4_def)
+
+apply (rule guardHint)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec)
+apply ((simp)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule strictly_smaller_helper2)
+apply ((simp)+)
+done
+
+lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop2_before_cfg_to_dag_prog.proc_body 1 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_3 _ _ _ nested_loop2_before_cfg_to_dag_prog.block_3])
+apply (simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_3_def nested_loop2_before_cfg_to_dag_prog.block_3_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_3_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_3])
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_3_def)+)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.block_3_def nested_loop2_before_cfg_to_dag_prog.node_3)+)
+apply (rule cont_3_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def nested_loop2_before_ast_to_cfg_prog.bigblock_4_def cont_4_def nested_loop2_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_3_def cont_4_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 9])+)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_8)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_9)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_9_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_9)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_9)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_9_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_9)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (Lit (LBool True)) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop2_before_cfg_to_dag_prog.proc_body 1 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
+apply (rule correctness_propagates_through_assumption2)
+using assms(2)
+apply blast
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_2)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_2_def)
+
+apply (rule guardHint)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_assumption4)
+using assms(3)
+apply blast
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_2)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_2_def)
+
+apply (rule guardHint)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec)
+apply ((simp)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule strictly_smaller_helper2)
+apply ((simp)+)
+done
+
+lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_1 _ _ _ nested_loop2_before_cfg_to_dag_prog.block_1])
+apply (simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_1_def nested_loop2_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.block_1_def nested_loop2_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def nested_loop2_before_ast_to_cfg_prog.bigblock_2_def cont_2_def nested_loop2_before_ast_to_cfg_prog.bigblock_8_def cont_8_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 11])+)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+
+
+
+
+
+apply ((blast)+)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+done
+qed
+qed
+
+lemma rel_nested_loop2_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of nested_loop2_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def nested_loop2_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of nested_loop2_before_ast_to_cfg_prog.bigblock_0 _ nested_loop2_before_cfg_to_dag_prog.block_0])
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_0)
+apply (rule rel_nested_loop2_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (nested_loop2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A nested_loop2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_loop2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_loop2_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop2_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def nested_loop2_before_ast_to_cfg_prog.pres_def nested_loop2_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def nested_loop2_before_ast_to_cfg_prog.pres_def nested_loop2_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_9] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (nested_loop2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_9_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) nested_loop2_before_ast_to_cfg_prog.fdecls nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls nested_loop2_before_ast_to_cfg_prog.axioms nested_loop2_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding nested_loop2_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_loop2_before_ast_to_cfg_prog.ast_proc_def nested_loop2_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..ce56d08
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_ast_to_cfg_prog.thy
@@ -0,0 +1,168 @@
+theory nested_loop2_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))] (Some (WhileWrapper (ParsedWhile (Some (Lit (LBool True))) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (Lit (LBool True))) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_7
+  where
+    "bigblock_7  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_8
+  where
+    "bigblock_8  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_9
+  where
+    "bigblock_9  = (BigBlock (None ) [] (None ) (None ))"
+definition cont_9
+  where
+    "cont_9  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_9 cont_9)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_9 cont_9 ))"
+definition cont_8
+  where
+    "cont_8  = (KSeq bigblock_1 cont_1)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_8 cont_8)"
+definition cont_3
+  where
+    "cont_3  = (KEndBlock (KSeq bigblock_8 cont_8 ))"
+definition cont_7
+  where
+    "cont_7  = (KSeq bigblock_3 cont_3)"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_7 cont_7)"
+definition cont_5
+  where
+    "cont_5  = (KEndBlock (KSeq bigblock_7 cont_7 ))"
+definition cont_6
+  where
+    "cont_6  = (KSeq bigblock_5 cont_5)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_9]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding nested_loop2_before_ast_to_cfg_prog.constants_vdecls_def nested_loop2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding nested_loop2_before_ast_to_cfg_prog.constants_vdecls_def nested_loop2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding nested_loop2_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding nested_loop2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding nested_loop2_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = nested_loop2_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop2_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop2_before_ast_to_cfg_prog.post),proc_body = (Some (nested_loop2_before_ast_to_cfg_prog.locals_vdecls,nested_loop2_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy
similarity index 56%
rename from BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy
index d69bcb8..b641d60 100644
--- a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy
@@ -24,19 +24,25 @@ definition block_6
     "block_6  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
 definition block_7
   where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
 definition block_8
   where
-    "block_8  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+    "block_8  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
 definition block_9
   where
-    "block_9  = [(Assume (UnOp Not (Lit (LBool True))))]"
+    "block_9  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = [(Assume (UnOp Not (Lit (LBool True))))]"
 definition outEdges
   where
-    "outEdges  = [[1],[9,2],[3],[8,4],[5],[7,6],[5],[3],[1],[]]"
+    "outEdges  = [[1],[11,2],[3],[9,4],[5],[7,6],[5],[8],[3],[10],[1],[]]"
 definition node_to_blocks
   where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
 definition proc_body
   where
     "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
@@ -80,12 +86,20 @@ lemma node_9:
 shows "((nth (node_to_block proc_body) 9) = block_9)"
 by (simp add:proc_body_def node_to_blocks_def)
 
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
 lemma outEdges_0:
 shows "((nth (out_edges proc_body) 0) = [1])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [9,2])"
+shows "((nth (out_edges proc_body) 1) = [11,2])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_2:
@@ -93,7 +107,7 @@ shows "((nth (out_edges proc_body) 2) = [3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [8,4])"
+shows "((nth (out_edges proc_body) 3) = [9,4])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_4:
@@ -109,15 +123,23 @@ shows "((nth (out_edges proc_body) 6) = [5])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [3])"
+shows "((nth (out_edges proc_body) 7) = [8])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [1])"
+shows "((nth (out_edges proc_body) 8) = [3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [])"
+shows "((nth (out_edges proc_body) 9) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [])"
 by (simp add:proc_body_def outEdges_def)
 
 definition pres
@@ -132,6 +154,28 @@ definition params_vdecls :: "(vdecls)"
 definition locals_vdecls :: "(vdecls)"
   where
     "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding nested_loop2_before_cfg_to_dag_prog.constants_vdecls_def nested_loop2_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
 lemma locals_min_aux:
 shows "(((map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
 unfolding nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def
@@ -143,18 +187,23 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding nested_loop2_before_cfg_to_dag_prog.constants_vdecls_def nested_loop2_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
 by simp
 
 lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding nested_loop2_before_cfg_to_dag_prog.constants_vdecls_def
 by simp
 
 lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding nested_loop2_before_cfg_to_dag_prog.globals_vdecls_def
 by simp
 
 lemma params_wf:
@@ -168,7 +217,7 @@ unfolding nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
 apply (rule lookup_ty_pred_2)
 by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
 
@@ -181,16 +230,16 @@ shows "((map_of (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_y:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_y
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-definition proc :: "(procedure)"
+definition proc :: "(mbodyCFG procedure)"
   where
     "proc  = (|proc_ty_args = 0,proc_args = nested_loop2_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop2_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop2_before_cfg_to_dag_prog.post),proc_body = (Some (nested_loop2_before_cfg_to_dag_prog.locals_vdecls,nested_loop2_before_cfg_to_dag_prog.proc_body))|)"
 
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy
new file mode 100644
index 0000000..a8c6cc1
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy
@@ -0,0 +1,194 @@
+theory nested_loop2_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop2_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (UnOp Not (Lit (LBool True))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_5
+  where
+    "block_5  = [(Havoc 1),(Assume (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (Lit (LBool False)))]"
+definition block_8
+  where
+    "block_8  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_9
+  where
+    "block_9  = [(Havoc 0),(Havoc 1),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_10
+  where
+    "block_10  = [(Assume (Lit (LBool True))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+definition block_11
+  where
+    "block_11  = [(Havoc 0),(Havoc 1)]"
+definition block_12
+  where
+    "block_12  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]"
+definition block_13
+  where
+    "block_13  = []"
+definition block_14
+  where
+    "block_14  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[0],[7],[8,6],[9],[1,10],[11],[12],[13]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 14,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_13:
+shows "((nth (node_to_block proc_body) 13) = block_13)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_14:
+shows "((nth (node_to_block proc_body) 14) = block_14)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8,6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [1,10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_13:
+shows "((nth (out_edges proc_body) 13) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_14:
+shows "((nth (out_edges proc_body) 14) = [13])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding nested_loop2_before_ast_to_cfg_prog.constants_vdecls_def nested_loop2_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy
similarity index 72%
rename from BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy
index 548fd95..0173a93 100644
--- a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy
@@ -1,23 +1,23 @@
 theory nested_loop2_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop2_before_cfg_to_dag_prog nested_loop2_before_passive_prog nested_loop2_passification_proof nested_loop2_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop2_before_ast_to_cfg_prog nested_loop2_before_cfg_to_dag_prog nested_loop2_before_passive_prog nested_loop2_passification_proof nested_loop2_vcphase_proof
 begin
 locale cfg_to_dag_lemmas = 
 fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
 assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+Wf_Fun: "(fun_interp_wf A nested_loop2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
 begin
 
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls))"
 declare Nat.One_nat_def[simp del]
 
 lemma cfg_block_GeneratedUnifiedExit:
 assumes 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop2_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def nested_loop2_before_cfg_to_dag_prog.post_def 
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop2_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def nested_loop2_before_ast_to_cfg_prog.post_def 
 apply (rule cfg_dag_rel_post_invs_3)
 apply (erule assms(1))
 apply (rule nested_loop2_before_passive_prog.node_0)
@@ -27,13 +27,13 @@ by cfg_dag_rel_tac_single+
 
 lemma block_anon6_LoopDone:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_11 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_1 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_9_def nested_loop2_before_passive_prog.block_1_def
+unfolding nested_loop2_before_cfg_to_dag_prog.block_11_def nested_loop2_before_passive_prog.block_1_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -41,61 +41,65 @@ done
 
 lemma cfg_block_anon6_LoopDone:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_9)
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_11)
 apply (rule nested_loop2_before_passive_prog.node_1)
 apply (erule DagVerifies)
 apply (rule DagAssms)
 apply (erule block_anon6_LoopDone)
 apply assumption+
-apply (rule nested_loop2_before_cfg_to_dag_prog.outEdges_9)
+apply (rule nested_loop2_before_cfg_to_dag_prog.outEdges_11)
 apply (rule nested_loop2_before_passive_prog.outEdges_1)
 apply (erule cfg_block_GeneratedUnifiedExit)
 by assumption
 
 
-lemma Mods_anon7_LoopDone:
-shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_8)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_8_def
+lemma Mods_anon8_LoopBody:
+shows "(mods_contained_in (set [1]) nested_loop2_before_cfg_to_dag_prog.block_6)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def
 by simp
 
-lemma block_anon7_LoopDone:
+lemma block_anon8_LoopBody:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_2 ns2 s' True)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_2 ns2 s' True)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_8_def nested_loop2_before_passive_prog.block_2_def
+unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def nested_loop2_before_passive_prog.block_2_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
+apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop2_before_ast_to_cfg_prog.funcs_wf nested_loop2_before_ast_to_cfg_prog.var_context_wf])
+apply (simp)
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_ast_to_cfg_prog.l_y(2)} [] 1\<close>))
+
 done
 
-lemma cfg_block_anon7_LoopDone:
+lemma cfg_block_anon8_LoopBody:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 5 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_8)
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_6)
 apply (rule nested_loop2_before_passive_prog.node_2)
 apply (assumption+)
-apply (rule block_anon7_LoopDone)
+apply (rule block_anon8_LoopBody)
 apply (assumption+)
-apply (rule Mods_anon7_LoopDone)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_8))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_8))
+apply (rule Mods_anon8_LoopBody)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_6))
 apply (erule member_elim)
 apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
+apply (rule IH_anon8_LoopHead)
 apply (simp, simp)
 unfolding dag_lemma_assms_def
 apply (intro conjI, simp)
@@ -106,45 +110,45 @@ apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
 by (simp add: member_rec(2))
 
 
-lemma Mods_anon8_LoopDone:
-shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_7)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_7_def
+lemma Mods_anon4:
+shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_8)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_8_def
 by simp
 
-lemma block_anon8_LoopDone:
+lemma block_anon4:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_3 ns2 s' True)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_7_def nested_loop2_before_passive_prog.block_3_def
+unfolding nested_loop2_before_cfg_to_dag_prog.block_8_def nested_loop2_before_passive_prog.block_3_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop2_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop2_before_ast_to_cfg_prog.funcs_wf nested_loop2_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
 
 done
 
-lemma cfg_block_anon8_LoopDone:
+lemma cfg_block_anon4:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 3 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_7)
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_8)
 apply (rule nested_loop2_before_passive_prog.node_3)
 apply (assumption+)
-apply (rule block_anon8_LoopDone)
+apply (rule block_anon4)
 apply (assumption+)
-apply (rule Mods_anon8_LoopDone)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_7))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_7))
+apply (rule Mods_anon4)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_8))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_8))
 apply (erule member_elim)
 apply (rule loop_ih_apply[where ?j'="j-1"])
 apply (rule IH_anon7_LoopHead)
@@ -158,54 +162,58 @@ apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
 by (simp add: member_rec(2))
 
 
-lemma Mods_anon8_LoopBody:
-shows "(mods_contained_in (set [1]) nested_loop2_before_cfg_to_dag_prog.block_6)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def
+lemma Mods_anon8_LoopDone:
+shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_7)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_7_def
 by simp
 
-lemma block_anon8_LoopBody:
+lemma block_anon8_LoopDone:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_4 ns2 s' True)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_4 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def nested_loop2_before_passive_prog.block_4_def
+unfolding nested_loop2_before_cfg_to_dag_prog.block_7_def nested_loop2_before_passive_prog.block_4_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop2_before_cfg_to_dag_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_cfg_to_dag_prog.l_y(2)} [] 1\<close>))
-
 done
 
-lemma cfg_block_anon8_LoopBody:
+lemma cfg_block_anon8_LoopDone:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 5 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_6)
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_7)
 apply (rule nested_loop2_before_passive_prog.node_4)
 apply (assumption+)
-apply (rule block_anon8_LoopBody)
+apply (rule block_anon8_LoopDone)
 apply (assumption+)
-apply (rule Mods_anon8_LoopBody)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_6))
+apply (rule Mods_anon8_LoopDone)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_7))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_7))
 apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon8_LoopHead)
-apply (simp, simp)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4)
+apply simp
 unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
 apply (simp)
 apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
 apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
 by (simp add: member_rec(2))
 
@@ -226,7 +234,7 @@ apply (rule dag_rel_block_lemma_compact, simp)
 unfolding nested_loop2_before_cfg_to_dag_prog.block_5_def nested_loop2_before_passive_prog.block_5_def
 apply cfg_dag_rel_tac_single+
 apply simp
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(1)))
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(1)))
 apply simp
 done
 
@@ -235,14 +243,14 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 3 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
 using Red DagAssms assms(4-)
 proof (induction j arbitrary: ns1 rule: less_induct)
 case (less j)
 show ?case
 proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
 next
 case (Suc j')
 from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
@@ -259,7 +267,7 @@ apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5))
 apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5))
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=3])
+apply (erule allE[where x=4])
 apply ((simp add:nested_loop2_before_passive_prog.outEdges_5))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon8_LoopDone)
@@ -278,7 +286,7 @@ apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
 apply simp
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=4])
+apply (erule allE[where x=2])
 apply ((simp add:nested_loop2_before_passive_prog.outEdges_5))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon8_LoopBody)
@@ -325,9 +333,9 @@ unfolding nested_loop2_before_cfg_to_dag_prog.block_4_def nested_loop2_before_pa
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop2_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop2_before_ast_to_cfg_prog.funcs_wf nested_loop2_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_cfg_to_dag_prog.l_y(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_ast_to_cfg_prog.l_y(2)} [] 1\<close>))
 
 done
 
@@ -336,8 +344,8 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 3 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
 apply (rule nested_loop2_before_cfg_to_dag_prog.node_4)
 apply (rule nested_loop2_before_passive_prog.node_6)
@@ -368,6 +376,110 @@ apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
 by (simp add: member_rec(2))
 
 
+lemma Mods_anon5:
+shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_10)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_10_def
+by simp
+
+lemma block_anon5:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_10 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_7 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop2_before_cfg_to_dag_prog.block_10_def nested_loop2_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_10)
+apply (rule nested_loop2_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon5)
+apply (assumption+)
+apply (rule Mods_anon5)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_10))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_10))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_LoopDone:
+shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_9)"
+unfolding nested_loop2_before_cfg_to_dag_prog.block_9_def
+by simp
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding nested_loop2_before_cfg_to_dag_prog.block_9_def nested_loop2_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule nested_loop2_before_cfg_to_dag_prog.node_9)
+apply (rule nested_loop2_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon7_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon7_LoopDone)
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_9))
+apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_9))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon6_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
 lemma Mods_anon7_LoopHead:
 shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_3)"
 unfolding nested_loop2_before_cfg_to_dag_prog.block_3_def
@@ -376,16 +488,16 @@ by simp
 lemma block_anon7_LoopHead:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_7 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_9 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_3_def nested_loop2_before_passive_prog.block_7_def
+unfolding nested_loop2_before_cfg_to_dag_prog.block_3_def nested_loop2_before_passive_prog.block_9_def
 apply cfg_dag_rel_tac_single+
 apply simp
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_x(1)))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(1)))
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_x(1)))
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(1)))
 apply simp
 done
 
@@ -393,15 +505,15 @@ lemma cfg_block_anon7_LoopHead:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
 using Red DagAssms assms(4-)
 proof (induction j arbitrary: ns1 rule: less_induct)
 case (less j)
 show ?case
 proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
 next
 case (Suc j')
 from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
@@ -409,7 +521,7 @@ from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add:
 show ?thesis
 apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
 apply (rule nested_loop2_before_cfg_to_dag_prog.node_3)
-apply (rule nested_loop2_before_passive_prog.node_7)
+apply (rule nested_loop2_before_passive_prog.node_9)
 apply (assumption+)
 apply (rule block_anon7_LoopHead)
 apply (assumption+)
@@ -418,8 +530,8 @@ apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3))
 apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3))
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=2])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_7))
+apply (erule allE[where x=8])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_9))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon7_LoopDone)
 apply simp
@@ -438,7 +550,7 @@ apply simp
 apply (erule member_elim)
 apply simp
 apply (erule allE[where x=6])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_7))
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_9))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon7_LoopBody)
 apply simp
@@ -475,18 +587,18 @@ by simp
 lemma block_anon6_LoopBody:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_8 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_10 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_2_def nested_loop2_before_passive_prog.block_8_def
+unfolding nested_loop2_before_cfg_to_dag_prog.block_2_def nested_loop2_before_passive_prog.block_10_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf nested_loop2_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop2_before_ast_to_cfg_prog.funcs_wf nested_loop2_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_cfg_to_dag_prog.l_x(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
 
 done
 
@@ -494,12 +606,12 @@ lemma cfg_block_anon6_LoopBody:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
 apply (rule nested_loop2_before_cfg_to_dag_prog.node_2)
-apply (rule nested_loop2_before_passive_prog.node_8)
+apply (rule nested_loop2_before_passive_prog.node_10)
 apply (assumption+)
 apply (rule block_anon6_LoopBody)
 apply (assumption+)
@@ -508,8 +620,8 @@ apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_2))
 apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_2))
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=7])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_8))
+apply (erule allE[where x=9])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_10))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon7_LoopHead)
 apply simp
@@ -535,16 +647,16 @@ by simp
 lemma block_anon6_LoopHead:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_11 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_9 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_11 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_1_def nested_loop2_before_passive_prog.block_9_def
+unfolding nested_loop2_before_cfg_to_dag_prog.block_1_def nested_loop2_before_passive_prog.block_11_def
 apply cfg_dag_rel_tac_single+
 apply simp
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_x(1)))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(1)))
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_x(1)))
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(1)))
 apply simp
 done
 
@@ -552,14 +664,14 @@ lemma cfg_block_anon6_LoopHead:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
 using Red DagAssms
 proof (induction j arbitrary: ns1 rule: less_induct)
 case (less j)
 show ?case
 proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
 next
 case (Suc j')
 from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
@@ -567,7 +679,7 @@ from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add:
 show ?thesis
 apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
 apply (rule nested_loop2_before_cfg_to_dag_prog.node_1)
-apply (rule nested_loop2_before_passive_prog.node_9)
+apply (rule nested_loop2_before_passive_prog.node_11)
 apply (assumption+)
 apply (rule block_anon6_LoopHead)
 apply (assumption+)
@@ -577,7 +689,7 @@ apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_1))
 apply (erule member_elim)
 apply simp
 apply (erule allE[where x=1])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_9))
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_11))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon6_LoopDone)
 apply simp
@@ -590,8 +702,8 @@ apply (simp)
 apply (simp)
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=8])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_9))
+apply (erule allE[where x=10])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_11))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon6_LoopBody)
 apply simp
@@ -618,12 +730,12 @@ qed
 lemma block_anon0:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_12 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_10 ns2 s' False)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_12 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_0_def nested_loop2_before_passive_prog.block_10_def
+unfolding nested_loop2_before_cfg_to_dag_prog.block_0_def nested_loop2_before_passive_prog.block_12_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -633,11 +745,11 @@ lemma cfg_block_anon0:
 assumes 
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule nested_loop2_before_cfg_to_dag_prog.node_0)
-apply (rule nested_loop2_before_passive_prog.node_10)
+apply (rule nested_loop2_before_passive_prog.node_12)
 apply (assumption+)
 apply (rule block_anon0)
 apply (assumption+)
@@ -645,8 +757,8 @@ apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_0))
 apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_0))
 apply (erule member_elim)
 apply simp
-apply (erule allE[where x=9])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_10))
+apply (erule allE[where x=11])
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_12))
 apply ((simp add:member_rec(1)))
 apply (rule cfg_block_anon6_LoopHead)
 apply simp
@@ -662,37 +774,37 @@ by (simp add: member_rec(2))
 
 lemma cfg_block_0:
 assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
 "(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
 "(state_well_typed A \<Lambda>1 [] ns1)" and 
 "(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
 shows "R"
 using assms
 apply (rule cfg_dag_empty_propagate_helper)
 apply (assumption, simp)
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_11))
-by ((simp add:nested_loop2_before_passive_prog.node_11 nested_loop2_before_passive_prog.block_11_def))
+apply ((simp add:nested_loop2_before_passive_prog.outEdges_13))
+by ((simp add:nested_loop2_before_passive_prog.node_13 nested_loop2_before_passive_prog.block_13_def))
 
 lemma entry_lemma:
 assumes 
 "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop2_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 14),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop2_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_entry)
-apply (rule nested_loop2_before_passive_prog.node_12)
+apply (rule nested_loop2_before_passive_prog.node_14)
 apply (erule assms(3))
 apply (rule assms(2))
-unfolding nested_loop2_before_passive_prog.block_12_def
-apply (rule assume_pres_normal[where ?es=nested_loop2_before_cfg_to_dag_prog.pres])
+unfolding nested_loop2_before_passive_prog.block_14_def
+apply (rule assume_pres_normal[where ?es=nested_loop2_before_ast_to_cfg_prog.pres])
 apply (rule assms(4))
-unfolding nested_loop2_before_cfg_to_dag_prog.pres_def
+unfolding nested_loop2_before_ast_to_cfg_prog.pres_def
 apply simp
-apply (rule nested_loop2_before_passive_prog.outEdges_12)
-apply ((simp add:nested_loop2_before_passive_prog.node_11 nested_loop2_before_passive_prog.block_11_def))
-apply (rule nested_loop2_before_passive_prog.outEdges_11)
+apply (rule nested_loop2_before_passive_prog.outEdges_14)
+apply ((simp add:nested_loop2_before_passive_prog.node_13 nested_loop2_before_passive_prog.block_13_def))
+apply (rule nested_loop2_before_passive_prog.outEdges_13)
 by (rule cfg_block_anon0[OF assms(1-2)])
 
 
@@ -700,23 +812,23 @@ end
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls))"
 lemma end_to_end_theorem_aux:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
+Red: "(red_cfg_multi A M ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop2_before_cfg_to_dag_prog.pres)" and 
+FInterp: "(fun_interp_wf A nested_loop2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_loop2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_loop2_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop2_before_ast_to_cfg_prog.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
 proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
 show ?thesis
 apply (rule cfg_to_dag_lemmas.entry_lemma)
@@ -748,13 +860,5 @@ done
 qed
 
 
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms nested_loop2_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_loop2_before_cfg_to_dag_prog.proc_def nested_loop2_before_cfg_to_dag_prog.proc_body_def)
-
 
 end
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy
similarity index 79%
rename from BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy
index 5fc38ee..1c25f34 100644
--- a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy
@@ -1,5 +1,5 @@
 theory nested_loop2_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop2_before_passive_prog nested_loop2_passive_prog Boogie_Lang.PassificationML nested_loop2_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop2_before_ast_to_cfg_prog nested_loop2_passive_prog Boogie_Lang.PassificationML nested_loop2_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,10 +9,10 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_GeneratedUnifiedExit:
@@ -37,43 +37,43 @@ apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_anon7_LoopDone:
+lemma block_anon8_LoopBody:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_2 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(1,(Inl 7))]) R_old nested_loop2_passive_prog.block_2 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_loop2_before_passive_prog.block_2_def nested_loop2_passive_prog.block_2_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(2) nested_loop2_passive_prog.l_y_3(2)))
 by simp
 
-lemma block_anon8_LoopDone:
+lemma block_anon4:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_3 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))" and 
-"((R 1) = (Some (Inl 6)))"
+"((R 0) = (Some (Inl 4)))"
 shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old nested_loop2_passive_prog.block_3 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_loop2_before_passive_prog.block_3_def nested_loop2_passive_prog.block_3_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_x(2) nested_loop2_passive_prog.l_x_2(2)))
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_x(2) nested_loop2_passive_prog.l_x_2(2)))
 by simp
 
-lemma block_anon8_LoopBody:
+lemma block_anon8_LoopDone:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))" and 
 "((R 1) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(1,(Inl 7))]) R_old nested_loop2_passive_prog.block_4 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_4 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_loop2_before_passive_prog.block_4_def nested_loop2_passive_prog.block_4_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(2) nested_loop2_passive_prog.l_y_3(2)))
 by simp
 
 lemma block_anon8_LoopHead:
@@ -86,7 +86,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_loop2_before_passive_prog.block_5_def nested_loop2_passive_prog.block_5_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(2) nested_loop2_passive_prog.l_y_2(2)))
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(2) nested_loop2_passive_prog.l_y_2(2)))
 by simp
 
 lemma block_anon7_LoopBody:
@@ -102,24 +102,22 @@ apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_anon7_LoopHead:
+lemma block_anon5:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4,5] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4,5])) (update_nstate_rel R [(0,(Inl 4)),(1,(Inl 5))]) R_old nested_loop2_passive_prog.block_7 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_7 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_loop2_before_passive_prog.block_7_def nested_loop2_passive_prog.block_7_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_x(2) nested_loop2_passive_prog.l_x_1(2)))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(2) nested_loop2_passive_prog.l_y_1(2)))
 by simp
 
-lemma block_anon6_LoopBody:
+lemma block_anon7_LoopDone:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_8 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
+"((R 0) = (Some (Inl 4)))"
 shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_8 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_loop2_before_passive_prog.block_8_def nested_loop2_passive_prog.block_8_def
@@ -127,52 +125,77 @@ apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_anon6_LoopHead:
+lemma block_anon7_LoopHead:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old nested_loop2_passive_prog.block_9 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4,5] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4,5])) (update_nstate_rel R [(0,(Inl 4)),(1,(Inl 5))]) R_old nested_loop2_passive_prog.block_9 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_loop2_before_passive_prog.block_9_def nested_loop2_passive_prog.block_9_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_x(2) nested_loop2_passive_prog.l_x_0(2)))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.l_y(2) nested_loop2_passive_prog.l_y_0(2)))
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_x(2) nested_loop2_passive_prog.l_x_1(2)))
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(2) nested_loop2_passive_prog.l_y_1(2)))
 by simp
 
-lemma block_anon0:
+lemma block_anon6_LoopBody:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10))),(1,(Inr (LInt 10)))]) R_old nested_loop2_passive_prog.block_10 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 2)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_10 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_loop2_before_passive_prog.block_10_def nested_loop2_passive_prog.block_10_def
-apply (passive_rel_tac)
+apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
-lemma block_0:
+lemma block_anon6_LoopHead:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_11 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_11 s')"
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old nested_loop2_passive_prog.block_11 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_loop2_before_passive_prog.block_11_def nested_loop2_passive_prog.block_11_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_x(2) nested_loop2_passive_prog.l_x_0(2)))
+apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(2) nested_loop2_passive_prog.l_y_0(2)))
 by simp
 
-lemma block_PreconditionGeneratedEntry:
+lemma block_anon0:
 assumes 
 "(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_12 (Normal n_s) s')" and 
 "(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_12 s')"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10))),(1,(Inr (LInt 10)))]) R_old nested_loop2_passive_prog.block_12 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding nested_loop2_before_passive_prog.block_12_def nested_loop2_passive_prog.block_12_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_13 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_13 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_13_def nested_loop2_passive_prog.block_13_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_14 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_14 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding nested_loop2_before_passive_prog.block_14_def nested_loop2_passive_prog.block_14_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
 lemma cfg_block_GeneratedUnifiedExit:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
@@ -188,33 +211,33 @@ shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and>
 by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_1},@{thm nested_loop2_before_passive_prog.outEdges_1}) (@{thm nested_loop2_passive_prog.node_1},@{thm nested_loop2_passive_prog.outEdges_1}) @{thm block_anon6_LoopDone} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon7_LoopDone:
+lemma cfg_block_anon8_LoopBody:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 6)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_2},@{thm nested_loop2_before_passive_prog.outEdges_2}) (@{thm nested_loop2_passive_prog.node_2},@{thm nested_loop2_passive_prog.outEdges_2}) @{thm block_anon7_LoopDone} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_2},@{thm nested_loop2_before_passive_prog.outEdges_2}) (@{thm nested_loop2_passive_prog.node_2},@{thm nested_loop2_passive_prog.outEdges_2}) @{thm block_anon8_LoopBody} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon8_LoopDone:
+lemma cfg_block_anon4:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))" and 
-"((R 1) = (Some (Inl 6)))"
+"((R 0) = (Some (Inl 4)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_3},@{thm nested_loop2_before_passive_prog.outEdges_3}) (@{thm nested_loop2_passive_prog.node_3},@{thm nested_loop2_passive_prog.outEdges_3}) @{thm block_anon8_LoopDone} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_3},@{thm nested_loop2_before_passive_prog.outEdges_3}) (@{thm nested_loop2_passive_prog.node_3},@{thm nested_loop2_passive_prog.outEdges_3}) @{thm block_anon4} [
 @{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
 
-lemma cfg_block_anon8_LoopBody:
+lemma cfg_block_anon8_LoopDone:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))" and 
 "((R 1) = (Some (Inl 6)))"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_4},@{thm nested_loop2_before_passive_prog.outEdges_4}) (@{thm nested_loop2_passive_prog.node_4},@{thm nested_loop2_passive_prog.outEdges_4}) @{thm block_anon8_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_4},@{thm nested_loop2_before_passive_prog.outEdges_4}) (@{thm nested_loop2_passive_prog.node_4},@{thm nested_loop2_passive_prog.outEdges_4}) @{thm block_anon8_LoopDone} [
+@{thm cfg_block_anon4}] 1\<close>))
 
 lemma cfg_block_anon8_LoopHead:
 assumes 
@@ -236,66 +259,83 @@ shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and>
 by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_6},@{thm nested_loop2_before_passive_prog.outEdges_6}) (@{thm nested_loop2_passive_prog.node_6},@{thm nested_loop2_passive_prog.outEdges_6}) @{thm block_anon7_LoopBody} [
 @{thm cfg_block_anon8_LoopHead}] 1\<close>))
 
-lemma cfg_block_anon7_LoopHead:
+lemma cfg_block_anon5:
 assumes 
 "(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)"
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
 shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_7},@{thm nested_loop2_before_passive_prog.outEdges_7}) (@{thm nested_loop2_passive_prog.node_7},@{thm nested_loop2_passive_prog.outEdges_7}) @{thm block_anon7_LoopHead} [
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_7},@{thm nested_loop2_before_passive_prog.outEdges_7}) (@{thm nested_loop2_passive_prog.node_7},@{thm nested_loop2_passive_prog.outEdges_7}) @{thm block_anon5} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 4)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_8},@{thm nested_loop2_before_passive_prog.outEdges_8}) (@{thm nested_loop2_passive_prog.node_8},@{thm nested_loop2_passive_prog.outEdges_8}) @{thm block_anon7_LoopDone} [
+@{thm cfg_block_anon5}] 1\<close>))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_9},@{thm nested_loop2_before_passive_prog.outEdges_9}) (@{thm nested_loop2_passive_prog.node_9},@{thm nested_loop2_passive_prog.outEdges_9}) @{thm block_anon7_LoopHead} [
 @{thm cfg_block_anon7_LoopDone}, 
 @{thm cfg_block_anon7_LoopBody}] 1\<close>))
 
 lemma cfg_block_anon6_LoopBody:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
 "((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_8},@{thm nested_loop2_before_passive_prog.outEdges_8}) (@{thm nested_loop2_passive_prog.node_8},@{thm nested_loop2_passive_prog.outEdges_8}) @{thm block_anon6_LoopBody} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_10},@{thm nested_loop2_before_passive_prog.outEdges_10}) (@{thm nested_loop2_passive_prog.node_10},@{thm nested_loop2_passive_prog.outEdges_10}) @{thm block_anon6_LoopBody} [
 @{thm cfg_block_anon7_LoopHead}] 1\<close>))
 
 lemma cfg_block_anon6_LoopHead:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_9},@{thm nested_loop2_before_passive_prog.outEdges_9}) (@{thm nested_loop2_passive_prog.node_9},@{thm nested_loop2_passive_prog.outEdges_9}) @{thm block_anon6_LoopHead} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 11)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_11},@{thm nested_loop2_before_passive_prog.outEdges_11}) (@{thm nested_loop2_passive_prog.node_11},@{thm nested_loop2_passive_prog.outEdges_11}) @{thm block_anon6_LoopHead} [
 @{thm cfg_block_anon6_LoopDone}, 
 @{thm cfg_block_anon6_LoopBody}] 1\<close>))
 
 lemma cfg_block_anon0:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_10},@{thm nested_loop2_before_passive_prog.outEdges_10}) (@{thm nested_loop2_passive_prog.node_10},@{thm nested_loop2_passive_prog.outEdges_10}) @{thm block_anon0} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 12)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_12},@{thm nested_loop2_before_passive_prog.outEdges_12}) (@{thm nested_loop2_passive_prog.node_12},@{thm nested_loop2_passive_prog.outEdges_12}) @{thm block_anon0} [
 @{thm cfg_block_anon6_LoopHead}] 1\<close>))
 
 lemma cfg_block_0:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 11)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_11},@{thm nested_loop2_before_passive_prog.outEdges_11}) (@{thm nested_loop2_passive_prog.node_11},@{thm nested_loop2_passive_prog.outEdges_11}) @{thm block_0} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 13)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_13},@{thm nested_loop2_before_passive_prog.outEdges_13}) (@{thm nested_loop2_passive_prog.node_13},@{thm nested_loop2_passive_prog.outEdges_13}) @{thm block_0} [
 @{thm cfg_block_anon0}] 1\<close>))
 
 lemma cfg_block_PreconditionGeneratedEntry:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
 "(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 12)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_12},@{thm nested_loop2_before_passive_prog.outEdges_12}) (@{thm nested_loop2_passive_prog.node_12},@{thm nested_loop2_passive_prog.outEdges_12}) @{thm block_PreconditionGeneratedEntry} [
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 14)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_14},@{thm nested_loop2_before_passive_prog.outEdges_14}) (@{thm nested_loop2_passive_prog.node_14},@{thm nested_loop2_passive_prog.outEdges_14}) @{thm block_PreconditionGeneratedEntry} [
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 12),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
+Red: "(red_cfg_multi A M ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 14),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A nested_loop2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_loop2_before_ast_to_cfg_prog.constants_vdecls ns nested_loop2_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -349,7 +389,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding nested_loop2_before_ast_to_cfg_prog.constants_vdecls_def nested_loop2_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding nested_loop2_passive_prog.params_vdecls_def nested_loop2_passive_prog.locals_vdecls_def
 by simp
@@ -379,7 +419,7 @@ lemma end_to_end:
 shows "(s' \<noteq> Failure)"
 proof
 assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_loop2_passive_prog.proc_body u (Inl 12)))))"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_loop2_passive_prog.proc_body u (Inl 14)))))"
 apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
 unfolding passive_lemma_assms_2_def
 apply (intro conjI)?
@@ -387,11 +427,11 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range nested_loop2_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_loop2_passive_prog.proc_body ((Inl 12),(Normal u)) (mp',Failure))"
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_loop2_passive_prog.proc_body ((Inl 14),(Normal u)) (mp',Failure))"
 by (auto simp add: passive_sim_cfg_fail_def)
 from nested_loop2_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
  apply rule
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy
similarity index 54%
rename from BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy
index 5189398..b4a0741 100644
--- a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy
@@ -1,5 +1,5 @@
 theory nested_loop2_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop2_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop2_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -9,13 +9,13 @@ definition block_1
     "block_1  = [(Assume (UnOp Not (Lit (LBool True))))]"
 definition block_2
   where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4))),(Assume (Lit (LBool False)))]"
+    "block_2  = [(Assume (BinOp (Var 6) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 7) Eq (BinOp (Var 6) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 7) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
 definition block_3
   where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 6))),(Assume (BinOp (Var 8) Eq (BinOp (Var 4) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 8) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_3  = [(Assume (BinOp (Var 8) Eq (BinOp (Var 4) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 8) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
 definition block_4
   where
-    "block_4  = [(Assume (BinOp (Var 6) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 7) Eq (BinOp (Var 6) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 7) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 6)))]"
 definition block_5
   where
     "block_5  = [(Assume (BinOp (Var 6) Ge (Lit (LInt 0))))]"
@@ -24,31 +24,37 @@ definition block_6
     "block_6  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 5) Ge (Lit (LInt 0))))]"
 definition block_7
   where
-    "block_7  = [(Assume (BinOp (Var 4) Ge (Lit (LInt 0))))]"
+    "block_7  = [(Assume (Lit (LBool False)))]"
 definition block_8
   where
-    "block_8  = [(Assume (Lit (LBool True))),(Assert (BinOp (Var 2) Ge (Lit (LInt 0))))]"
+    "block_8  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4)))]"
 definition block_9
   where
-    "block_9  = []"
+    "block_9  = [(Assume (BinOp (Var 4) Ge (Lit (LInt 0))))]"
 definition block_10
   where
-    "block_10  = []"
+    "block_10  = [(Assume (Lit (LBool True))),(Assert (BinOp (Var 2) Ge (Lit (LInt 0))))]"
 definition block_11
   where
     "block_11  = []"
 definition block_12
   where
     "block_12  = []"
+definition block_13
+  where
+    "block_13  = []"
+definition block_14
+  where
+    "block_14  = []"
 definition outEdges
   where
-    "outEdges  = [[],[0],[0],[0],[0],[3,4],[5],[2,6],[7],[1,8],[9],[10],[11]]"
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[0],[7],[8,6],[9],[1,10],[11],[12],[13]]"
 definition node_to_blocks
   where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14]"
 definition proc_body
   where
-    "proc_body  = (|entry = 12,out_edges = outEdges,node_to_block = node_to_blocks|)"
+    "proc_body  = (|entry = 14,out_edges = outEdges,node_to_block = node_to_blocks|)"
 lemma node_0:
 shows "((nth (node_to_block proc_body) 0) = block_0)"
 by (simp add:proc_body_def node_to_blocks_def)
@@ -101,6 +107,14 @@ lemma node_12:
 shows "((nth (node_to_block proc_body) 12) = block_12)"
 by (simp add:proc_body_def node_to_blocks_def)
 
+lemma node_13:
+shows "((nth (node_to_block proc_body) 13) = block_13)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_14:
+shows "((nth (node_to_block proc_body) 14) = block_14)"
+by (simp add:proc_body_def node_to_blocks_def)
+
 lemma outEdges_0:
 shows "((nth (out_edges proc_body) 0) = [])"
 by (simp add:proc_body_def outEdges_def)
@@ -118,11 +132,11 @@ shows "((nth (out_edges proc_body) 3) = [0])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [0])"
+shows "((nth (out_edges proc_body) 4) = [3])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3,4])"
+shows "((nth (out_edges proc_body) 5) = [4,2])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_6:
@@ -130,7 +144,7 @@ shows "((nth (out_edges proc_body) 6) = [5])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [2,6])"
+shows "((nth (out_edges proc_body) 7) = [0])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_8:
@@ -138,7 +152,7 @@ shows "((nth (out_edges proc_body) 8) = [7])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [1,8])"
+shows "((nth (out_edges proc_body) 9) = [8,6])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_10:
@@ -146,19 +160,27 @@ shows "((nth (out_edges proc_body) 10) = [9])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
+shows "((nth (out_edges proc_body) 11) = [1,10])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_12:
 shows "((nth (out_edges proc_body) 12) = [11])"
 by (simp add:proc_body_def outEdges_def)
 
+lemma outEdges_13:
+shows "((nth (out_edges proc_body) 13) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_14:
+shows "((nth (out_edges proc_body) 14) = [13])"
+by (simp add:proc_body_def outEdges_def)
+
 definition params_vdecls :: "(vdecls)"
   where
     "params_vdecls  = []"
 definition locals_vdecls :: "(vdecls)"
   where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(7,(TPrim TInt),(None ))]"
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None ))]"
 lemma locals_min_aux:
 shows "(((map fst (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)))) \<ge> 0))"
 unfolding nested_loop2_passive_prog.params_vdecls_def nested_loop2_passive_prog.locals_vdecls_def
@@ -170,8 +192,8 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)))) = {})"
+unfolding nested_loop2_before_ast_to_cfg_prog.constants_vdecls_def nested_loop2_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 lemma m_x:
@@ -202,58 +224,58 @@ lemma m_y_2:
 shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
 by (simp add:params_vdecls_def locals_vdecls_def)
 
-lemma m_x_2:
-shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
 lemma m_y_3:
 shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
 by (simp add:params_vdecls_def locals_vdecls_def)
 
+lemma m_x_2:
+shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_y:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_y
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_y_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
 using globals_locals_disj m_y_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_x_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x_1
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_y_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
 using globals_locals_disj m_y_1
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_y_2:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
 using globals_locals_disj m_y_2
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-lemma l_x_2:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
 lemma l_y_3:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
 using globals_locals_disj m_y_3
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
+lemma l_x_2:
+shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
 
 end
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy
similarity index 80%
rename from BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy
index d8bb5a0..7e91703 100644
--- a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy
@@ -7,24 +7,30 @@ begin
 definition vc_anon6_LoopDone
   where
     "vc_anon6_LoopDone  = True"
-definition vc_anon7_LoopDone
-  where
-    "vc_anon7_LoopDone  = True"
-definition vc_anon8_LoopDone
-  where
-    "vc_anon8_LoopDone y_2 x_2 x_1 = ((((0::int) \<ge> y_2) \<and> (x_2 = (x_1 - (1::int)))) \<longrightarrow> (x_2 \<ge> (0::int)))"
 definition vc_anon8_LoopBody
   where
     "vc_anon8_LoopBody y_2 y_3 = (((y_2 > (0::int)) \<and> (y_3 = (y_2 - (1::int)))) \<longrightarrow> (y_3 \<ge> (0::int)))"
+definition vc_anon4
+  where
+    "vc_anon4 x_2 x_1 = ((x_2 = (x_1 - (1::int))) \<longrightarrow> (x_2 \<ge> (0::int)))"
+definition vc_anon8_LoopDone
+  where
+    "vc_anon8_LoopDone y_2 x_2 x_1 = (((0::int) \<ge> y_2) \<longrightarrow> (vc_anon4 x_2 x_1))"
 definition vc_anon8_LoopHead
   where
     "vc_anon8_LoopHead y_2 x_2 x_1 y_3 = ((y_2 \<ge> (0::int)) \<longrightarrow> ((vc_anon8_LoopDone y_2 x_2 x_1) \<and> (vc_anon8_LoopBody y_2 y_3)))"
 definition vc_anon7_LoopBody
   where
     "vc_anon7_LoopBody x_1 y_1 y_2 x_2 y_3 = ((x_1 > (0::int)) \<longrightarrow> ((y_1 \<ge> (0::int)) \<and> ((y_1 \<ge> (0::int)) \<longrightarrow> (vc_anon8_LoopHead y_2 x_2 x_1 y_3))))"
+definition vc_anon5
+  where
+    "vc_anon5  = True"
+definition vc_anon7_LoopDone
+  where
+    "vc_anon7_LoopDone x_1 = (((0::int) \<ge> x_1) \<longrightarrow> (vc_anon5 ))"
 definition vc_anon7_LoopHead
   where
-    "vc_anon7_LoopHead x_1 y_1 y_2 x_2 y_3 = ((x_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon7_LoopDone ) \<and> (vc_anon7_LoopBody x_1 y_1 y_2 x_2 y_3)))"
+    "vc_anon7_LoopHead x_1 y_1 y_2 x_2 y_3 = ((x_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon7_LoopDone x_1) \<and> (vc_anon7_LoopBody x_1 y_1 y_2 x_2 y_3)))"
 definition vc_anon6_LoopBody
   where
     "vc_anon6_LoopBody x_0 x_1 y_1 y_2 x_2 y_3 = ((x_0 \<ge> (0::int)) \<and> ((x_0 \<ge> (0::int)) \<longrightarrow> (vc_anon7_LoopHead x_1 y_1 y_2 x_2 y_3)))"
@@ -35,7 +41,7 @@ definition vc_anon0
 end
 
 locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_x_1 :: "int" and vc_y_1 :: "int" and vc_y_2 :: "int" and vc_x_2 :: "int" and vc_y_3 :: "int"
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_x_1 :: "int" and vc_y_1 :: "int" and vc_y_2 :: "int" and vc_y_3 :: "int" and vc_x_2 :: "int"
 assumes 
 G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
 G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
@@ -44,8 +50,8 @@ G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and
 G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_1)))" and 
 G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_1)))" and 
 G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_y_2)))" and 
-G7: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_2)))" and 
-G8: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_3)))" and 
+G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_3)))" and 
+G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_2)))" and 
 G9: "(\<And> v. (closed ((type_of_val A) v)))"
 begin
 
@@ -74,40 +80,38 @@ apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm foral
 by (auto?)
 
 ML\<open>
-val block_anon7_LoopDone_hints = [
-(AssumeTrue,NONE), 
+val block_anon8_LoopBody_hints = [
+(AssumeConjR 1,NONE), 
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE), 
 (AssumeFalse,NONE)]
 \<close>
-lemma block_anon7_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopDone ) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop2_passive_prog.block_2_def vc.vc_anon7_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopDone_hints \<close>)
+lemma block_anon8_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopBody vc_y_2 vc_y_3) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop2_passive_prog.block_2_def vc.vc_anon8_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopBody_hints \<close>)
 by (auto?)
 
 ML\<open>
-val block_anon8_LoopDone_hints = [
-(AssumeConjR 1,NONE), 
+val block_anon4_hints = [
 (AssumeConjR 0,NONE), 
 (AssertNoConj,NONE), 
 (AssumeFalse,NONE)]
 \<close>
-lemma block_anon8_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop2_passive_prog.block_3_def vc.vc_anon8_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopDone_hints \<close>)
+lemma block_anon4AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_2 vc_x_1) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop2_passive_prog.block_3_def vc.vc_anon4_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
 by (auto?)
 
 ML\<open>
-val block_anon8_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
+val block_anon8_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
 \<close>
-lemma block_anon8_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopBody vc_y_2 vc_y_3) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop2_passive_prog.block_4_def vc.vc_anon8_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopBody_hints \<close>)
+lemma block_anon8_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_2 vc_x_1)))))))"
+unfolding nested_loop2_passive_prog.block_4_def vc.vc_anon8_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopDone_hints \<close>)
 by (auto?)
 
 ML\<open>
@@ -131,13 +135,33 @@ unfolding nested_loop2_passive_prog.block_6_def vc.vc_anon7_LoopBody_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
 by (auto?)
 
+ML\<open>
+val block_anon5_hints = [
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon5AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5 ) \<Longrightarrow> (s' = Magic)))"
+unfolding nested_loop2_passive_prog.block_7_def vc.vc_anon5_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon7_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon7_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopDone vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5 )))))))"
+unfolding nested_loop2_passive_prog.block_8_def vc.vc_anon7_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopDone_hints \<close>)
+by (auto?)
+
 ML\<open>
 val block_anon7_LoopHead_hints = [
 (AssumeConjR 0,NONE)]
 \<close>
 lemma block_anon7_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone ) \<and> (vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))))"
-unfolding nested_loop2_passive_prog.block_7_def vc.vc_anon7_LoopHead_def
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_x_1) \<and> (vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))))"
+unfolding nested_loop2_passive_prog.block_9_def vc.vc_anon7_LoopHead_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopHead_hints \<close>)
 by (auto?)
 
@@ -147,46 +171,46 @@ val block_anon6_LoopBody_hints = [
 (AssertSub,NONE)]
 \<close>
 lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)))))))"
-unfolding nested_loop2_passive_prog.block_8_def vc.vc_anon6_LoopBody_def
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_10 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)))))))"
+unfolding nested_loop2_passive_prog.block_10_def vc.vc_anon6_LoopBody_def
 apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
 by (auto?)
 
 lemma block_anon6_LoopHead:
 assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_9 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_11 (Normal n_s) s')" and 
 "((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
 shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))"
 using assms
-unfolding nested_loop2_passive_prog.block_9_def
+unfolding nested_loop2_passive_prog.block_11_def
 apply cases
 by auto
 
 lemma block_anon0:
 assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_10 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_12 (Normal n_s) s')" and 
 "((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
 shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))"
 using assms
-unfolding nested_loop2_passive_prog.block_10_def
+unfolding nested_loop2_passive_prog.block_12_def
 apply cases
 by auto
 
 lemma block_0:
 assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_11 (Normal n_s) s')" and 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_13 (Normal n_s) s')" and 
 "((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
 shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))"
 using assms
-unfolding nested_loop2_passive_prog.block_11_def
+unfolding nested_loop2_passive_prog.block_13_def
 apply cases
 by auto
 
 lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_12 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))))"
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_14 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))))"
 apply (erule red_cmd_list.cases)
 using global_assms
-unfolding nested_loop2_passive_prog.block_12_def vc.vc_anon0_def
+unfolding nested_loop2_passive_prog.block_14_def vc.vc_anon0_def
 apply (handle_cmd_list_full?)
 by (auto?)
 
@@ -211,32 +235,36 @@ apply (erule member_elim, simp)
 apply (erule cfg_block_GeneratedUnifiedExit, simp?)
 by (simp add: member_rec(2))
 
-lemma cfg_block_anon7_LoopDone:
+lemma cfg_block_anon8_LoopBody:
 assumes 
 "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_LoopDone )"
+"(vc.vc_anon8_LoopBody vc_y_2 vc_y_3)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
 apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop2_passive_prog.node_2])
-by (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
+by (erule block_anon8_LoopBodyAA0[OF _ assms(2)])
 
-lemma cfg_block_anon8_LoopDone:
+lemma cfg_block_anon4:
 assumes 
 "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1)"
+"(vc.vc_anon4 vc_x_2 vc_x_1)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
 apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop2_passive_prog.node_3])
-by (erule block_anon8_LoopDoneAA0[OF _ assms(2)])
+by (erule block_anon4AA0[OF _ assms(2)])
 
-lemma cfg_block_anon8_LoopBody:
+lemma cfg_block_anon8_LoopDone:
 assumes 
 "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_LoopBody vc_y_2 vc_y_3)"
+"(vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop2_passive_prog.node_4])
-by (erule block_anon8_LoopBodyAA0[OF _ assms(2)])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_4])
+apply (erule block_anon8_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:nested_loop2_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4, simp?)
+by (simp add: member_rec(2))
 
 lemma cfg_block_anon8_LoopHead:
 assumes 
@@ -266,15 +294,37 @@ apply (erule member_elim, simp)
 apply (erule cfg_block_anon8_LoopHead, simp?)
 by (simp add: member_rec(2))
 
-lemma cfg_block_anon7_LoopHead:
+lemma cfg_block_anon5:
 assumes 
 "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop2_passive_prog.node_7])
+by (erule block_anon5AA0[OF _ assms(2)])
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_LoopDone vc_x_1)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_8])
+apply (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:nested_loop2_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_7])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_9])
 apply (erule block_anon7_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_7))
+apply ((simp add:nested_loop2_passive_prog.outEdges_9))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon7_LoopDone, simp?)
 apply (erule member_elim, simp)
@@ -283,26 +333,26 @@ by (simp add: member_rec(2))
 
 lemma cfg_block_anon6_LoopBody:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_8])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_10])
 apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_8))
+apply ((simp add:nested_loop2_passive_prog.outEdges_10))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon7_LoopHead, simp?)
 by (simp add: member_rec(2))
 
 lemma cfg_block_anon6_LoopHead:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
 "((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_9])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_11])
 apply (erule block_anon6_LoopHead[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_9))
+apply ((simp add:nested_loop2_passive_prog.outEdges_11))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon6_LoopDone, simp?)
 apply (erule member_elim, simp)
@@ -311,39 +361,39 @@ by (simp add: member_rec(2))
 
 lemma cfg_block_anon0:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
 "((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_10])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_12])
 apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_10))
+apply ((simp add:nested_loop2_passive_prog.outEdges_12))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon6_LoopHead, simp?)
 by (simp add: member_rec(2))
 
 lemma cfg_block_0:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
 "((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_11])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_13])
 apply (erule block_0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_11))
+apply ((simp add:nested_loop2_passive_prog.outEdges_13))
 apply (erule member_elim, simp)
 apply (erule cfg_block_anon0, simp?)
 by (simp add: member_rec(2))
 
 lemma cfg_PreconditionGeneratedEntry:
 assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
 "(vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)"
 shows "(s' \<noteq> Failure)"
 apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_12])
+apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_14])
 apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_12))
+apply ((simp add:nested_loop2_passive_prog.outEdges_14))
 apply (erule member_elim, simp)
 apply (erule cfg_block_0, simp?)
 by (simp add: member_rec(2))
@@ -375,19 +425,19 @@ declare One_nat_def[simp del]
 
 lemma end_to_end:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) \<Gamma> [] nested_loop2_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
+Red: "(red_cfg_multi A M ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) \<Gamma> [] nested_loop2_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+FInterp: "(fun_interp_wf A nested_loop2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> nested_loop2_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) nested_loop2_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls))"
 shows "(s' \<noteq> Failure)"
 proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+let ?n_s_c = "(nstate_global_restriction n_s nested_loop2_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((nested_loop2_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
 from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_x])
@@ -423,16 +473,16 @@ apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_y_2])
 apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_y_2])+
 by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
 from ParamsLocal have sc_y_3:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_y_3])
 apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_y_3])+
 by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
 show "(s' \<noteq> Failure)"
 apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
 apply (simp only:passification_def)
@@ -444,8 +494,8 @@ apply (rule HOL.conjunct1[OF sc_y_0])
 apply (rule HOL.conjunct1[OF sc_x_1])
 apply (rule HOL.conjunct1[OF sc_y_1])
 apply (rule HOL.conjunct1[OF sc_y_2])
-apply (rule HOL.conjunct1[OF sc_x_2])
 apply (rule HOL.conjunct1[OF sc_y_3])
+apply (rule HOL.conjunct1[OF sc_x_2])
 apply (simp add:Closed)
 apply (rule VC)
 done
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/ROOT
new file mode 100644
index 0000000..9d5060e
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/ROOT
@@ -0,0 +1,12 @@
+session no_guard_empty_branch_if_proofs = Boogie_Lang + 
+directories no_guard_empty_branch_if_proofs
+theories
+global_data
+"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog"
+"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_to_cfg_prog"
+"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof"
+"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof"
+"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog"
+"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof"
+"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_asttocfg_proof"
+"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_asttocfg_proof.thy
new file mode 100644
index 0000000..01511e5
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_asttocfg_proof.thy
@@ -0,0 +1,251 @@
+theory no_guard_empty_branch_if_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_empty_branch_if_before_ast_to_cfg_prog no_guard_empty_branch_if_before_cfg_to_dag_prog no_guard_empty_branch_if_cfgtodag_proof no_guard_empty_branch_if_passification_proof no_guard_empty_branch_if_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_guard_empty_branch_if_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (simp)
+apply (rule cont_2_def)
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
+apply (rule disjI1)
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def)
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
+apply (rule rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_2)
+apply assumption+
+
+done
+qed
+
+lemma global_rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_guard_empty_branch_if_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def)
+
+apply (rule astTrace)
+apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (simp)
+apply (rule cont_1_def)
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
+apply (rule disjI1)
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def)
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
+apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_guard_empty_branch_if_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0 _ no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0])
+apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
+apply (rule rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+
+apply (rule disjE, simp)
+apply ((erule allE[where x = 1])+)
+apply ((simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_0_def no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) no_guard_empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_empty_branch_if_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.pres_def no_guard_empty_branch_if_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.pres_def no_guard_empty_branch_if_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.axioms no_guard_empty_branch_if_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_guard_empty_branch_if_before_ast_to_cfg_prog.ast_proc_def no_guard_empty_branch_if_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..1ebfb8d
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_to_cfg_prog.thy
@@ -0,0 +1,117 @@
+theory no_guard_empty_branch_if_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (None ) [(BigBlock (None ) [] (None ) (None ))] [(BigBlock (None ) [(Assign 0 (Lit (LInt 6)))] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (Lit (LInt 6)))] (None ) (None ))"
+definition cont_0
+  where
+    "cont_0  = KStop"
+definition cont_1
+  where
+    "cont_1  = KStop"
+definition cont_2
+  where
+    "cont_2  = KStop"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_ast_to_cfg_prog.post),proc_body = (Some (no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls,no_guard_empty_branch_if_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
similarity index 53%
rename from BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
index caf8832..56c8adc 100644
--- a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
@@ -6,13 +6,13 @@ definition block_0
     "block_0  = [(Havoc 0)]"
 definition block_1
   where
-    "block_1  = [(Assign 0 (Lit (LInt 6)))]"
+    "block_1  = []"
 definition block_2
   where
-    "block_2  = []"
+    "block_2  = [(Assign 0 (Lit (LInt 6)))]"
 definition outEdges
   where
-    "outEdges  = [[2,1],[],[]]"
+    "outEdges  = [[1,2],[],[]]"
 definition node_to_blocks
   where
     "node_to_blocks  = [block_0,block_1,block_2]"
@@ -32,7 +32,7 @@ shows "((nth (node_to_block proc_body) 2) = block_2)"
 by (simp add:proc_body_def node_to_blocks_def)
 
 lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [2,1])"
+shows "((nth (out_edges proc_body) 0) = [1,2])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_1:
@@ -55,6 +55,28 @@ definition params_vdecls :: "(vdecls)"
 definition locals_vdecls :: "(vdecls)"
   where
     "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
 lemma locals_min_aux:
 shows "(((map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
 unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
@@ -66,18 +88,23 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
 by simp
 
 lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls_def
 by simp
 
 lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls_def
 by simp
 
 lemma params_wf:
@@ -91,7 +118,7 @@ unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
 apply (rule lookup_ty_pred_2)
 by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
 
@@ -100,11 +127,11 @@ shows "((map_of (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_v
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-definition proc :: "(procedure)"
+definition proc :: "(mbodyCFG procedure)"
   where
     "proc  = (|proc_ty_args = 0,proc_args = no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_cfg_to_dag_prog.post),proc_body = (Some (no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls,no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body))|)"
 
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
similarity index 68%
rename from BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
index 05f60ff..d4d93a5 100644
--- a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
@@ -1,5 +1,5 @@
 theory no_guard_empty_branch_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -77,18 +77,18 @@ shows "((nth (out_edges proc_body) 5) = [4])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
similarity index 75%
rename from BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
index 4c9441e..7833ae7 100644
--- a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
@@ -1,23 +1,23 @@
 theory no_guard_empty_branch_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_empty_branch_if_before_cfg_to_dag_prog no_guard_empty_branch_if_before_passive_prog no_guard_empty_branch_if_passification_proof no_guard_empty_branch_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_empty_branch_if_before_ast_to_cfg_prog no_guard_empty_branch_if_before_cfg_to_dag_prog no_guard_empty_branch_if_before_passive_prog no_guard_empty_branch_if_passification_proof no_guard_empty_branch_if_vcphase_proof
 begin
 locale cfg_to_dag_lemmas = 
 fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
 assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+Wf_Fun: "(fun_interp_wf A no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
 begin
 
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
 declare Nat.One_nat_def[simp del]
 
 lemma cfg_block_GeneratedUnifiedExit:
 assumes 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_empty_branch_if_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def no_guard_empty_branch_if_before_cfg_to_dag_prog.post_def 
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_empty_branch_if_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def no_guard_empty_branch_if_before_ast_to_cfg_prog.post_def 
 apply (rule cfg_dag_rel_post_invs_3)
 apply (erule assms(1))
 apply (rule no_guard_empty_branch_if_before_passive_prog.node_0)
@@ -27,13 +27,13 @@ by cfg_dag_rel_tac_single+
 
 lemma block_anon3_Then:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_1 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def no_guard_empty_branch_if_before_passive_prog.block_1_def
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def no_guard_empty_branch_if_before_passive_prog.block_1_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -41,18 +41,18 @@ done
 
 lemma cfg_block_anon3_Then:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
 apply (rule no_guard_empty_branch_if_before_passive_prog.node_1)
 apply (erule DagVerifies)
 apply (rule DagAssms)
 apply (erule block_anon3_Then)
 apply assumption+
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
 apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_1)
 apply (erule cfg_block_GeneratedUnifiedExit)
 by assumption
@@ -60,13 +60,13 @@ by assumption
 
 lemma block_anon3_Else:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_2 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def no_guard_empty_branch_if_before_passive_prog.block_2_def
+unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def no_guard_empty_branch_if_before_passive_prog.block_2_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -74,18 +74,18 @@ done
 
 lemma cfg_block_anon3_Else:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
 apply (rule no_guard_empty_branch_if_before_passive_prog.node_2)
 apply (erule DagVerifies)
 apply (rule DagAssms)
 apply (erule block_anon3_Else)
 apply assumption+
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
 apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_2)
 apply (erule cfg_block_GeneratedUnifiedExit)
 by assumption
@@ -110,7 +110,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
 apply (rule no_guard_empty_branch_if_before_passive_prog.node_3)
@@ -169,16 +169,16 @@ assumes
 "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_empty_branch_if_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_empty_branch_if_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_entry)
 apply (rule no_guard_empty_branch_if_before_passive_prog.node_5)
 apply (erule assms(3))
 apply (rule assms(2))
 unfolding no_guard_empty_branch_if_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=no_guard_empty_branch_if_before_cfg_to_dag_prog.pres])
+apply (rule assume_pres_normal[where ?es=no_guard_empty_branch_if_before_ast_to_cfg_prog.pres])
 apply (rule assms(4))
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.pres_def
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.pres_def
 apply simp
 apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_5)
 apply ((simp add:no_guard_empty_branch_if_before_passive_prog.node_4 no_guard_empty_branch_if_before_passive_prog.block_4_def))
@@ -190,23 +190,23 @@ end
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
 lemma end_to_end_theorem_aux:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_empty_branch_if_before_cfg_to_dag_prog.pres)" and 
+FInterp: "(fun_interp_wf A no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) no_guard_empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_empty_branch_if_before_ast_to_cfg_prog.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post m' s')"
 proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
 show ?thesis
 apply (rule cfg_to_dag_lemmas.entry_lemma)
@@ -238,13 +238,5 @@ done
 qed
 
 
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms no_guard_empty_branch_if_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_def no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body_def)
-
 
 end
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
similarity index 88%
rename from BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
index 29765aa..aaeb398 100644
--- a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
@@ -1,5 +1,5 @@
 theory no_guard_empty_branch_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_passive_prog no_guard_empty_branch_if_passive_prog Boogie_Lang.PassificationML no_guard_empty_branch_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_ast_to_cfg_prog no_guard_empty_branch_if_passive_prog Boogie_Lang.PassificationML no_guard_empty_branch_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,10 +9,10 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_GeneratedUnifiedExit:
@@ -57,7 +57,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding no_guard_empty_branch_if_before_passive_prog.block_3_def no_guard_empty_branch_if_passive_prog.block_3_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.l_x(2) no_guard_empty_branch_if_passive_prog.l_x_0(2)))
+apply ((simp add:no_guard_empty_branch_if_before_ast_to_cfg_prog.l_x(2) no_guard_empty_branch_if_passive_prog.l_x_0(2)))
 by simp
 
 lemma block_0:
@@ -131,14 +131,14 @@ by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} []
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls ns no_guard_empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -192,7 +192,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding no_guard_empty_branch_if_passive_prog.params_vdecls_def no_guard_empty_branch_if_passive_prog.locals_vdecls_def
 by simp
@@ -230,7 +230,7 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
similarity index 68%
rename from BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
index 9e83877..9d48a04 100644
--- a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
@@ -1,5 +1,5 @@
 theory no_guard_empty_branch_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -93,8 +93,8 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) = {})"
+unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 lemma m_x:
@@ -106,12 +106,12 @@ shows "((map_of (append no_guard_empty_branch_if_passive_prog.params_vdecls no_g
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
diff --git a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
similarity index 86%
rename from BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
index f961fcc..e4324d7 100644
--- a/BoogieLang/generated_example_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
@@ -174,19 +174,19 @@ declare One_nat_def[simp del]
 
 lemma end_to_end:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+FInterp: "(fun_interp_wf A no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) no_guard_empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))"
 shows "(s' \<noteq> Failure)"
 proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+let ?n_s_c = "(nstate_global_restriction n_s no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
 from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_empty_branch_if_passive_prog.m_x])
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/ROOT
new file mode 100644
index 0000000..d67dd14
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/ROOT
@@ -0,0 +1,12 @@
+session no_guard_if_proofs = Boogie_Lang + 
+directories no_guard_if_proofs
+theories
+global_data
+"no_guard_if_proofs/no_guard_if_before_passive_prog"
+"no_guard_if_proofs/no_guard_if_before_ast_to_cfg_prog"
+"no_guard_if_proofs/no_guard_if_asttocfg_proof"
+"no_guard_if_proofs/no_guard_if_passive_prog"
+"no_guard_if_proofs/no_guard_if_vcphase_proof"
+"no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog"
+"no_guard_if_proofs/no_guard_if_cfgtodag_proof"
+"no_guard_if_proofs/no_guard_if_passification_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_asttocfg_proof.thy
new file mode 100644
index 0000000..0904d61
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_asttocfg_proof.thy
@@ -0,0 +1,267 @@
+theory no_guard_if_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_if_before_ast_to_cfg_prog no_guard_if_before_cfg_to_dag_prog no_guard_if_cfgtodag_proof no_guard_if_passification_proof no_guard_if_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A no_guard_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_no_guard_if_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of no_guard_if_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_2_def no_guard_if_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: no_guard_if_before_cfg_to_dag_prog.block_2_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: no_guard_if_before_cfg_to_dag_prog.block_2_def no_guard_if_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_no_guard_if_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_guard_if_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of no_guard_if_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (simp)
+apply (rule cont_2_def)
+apply (rule no_guard_if_before_cfg_to_dag_prog.node_2)
+apply (rule disjI1)
+apply (rule no_guard_if_before_cfg_to_dag_prog.block_2_def)
+apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_2)
+apply (rule rel_no_guard_if_before_ast_to_cfg_prog_bigblock_2)
+apply assumption+
+
+done
+qed
+
+lemma rel_no_guard_if_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of no_guard_if_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_1_def no_guard_if_before_cfg_to_dag_prog.block_1_def)
+apply ((simp add: no_guard_if_before_cfg_to_dag_prog.block_1_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: no_guard_if_before_cfg_to_dag_prog.block_1_def no_guard_if_before_ast_to_cfg_prog.bigblock_1_def)+)
+done
+
+
+lemma global_rel_no_guard_if_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_guard_if_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of no_guard_if_before_ast_to_cfg_prog.bigblock_1])
+apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_1_def)
+apply (simp)
+apply (simp)
+apply (rule cont_1_def)
+apply (rule no_guard_if_before_cfg_to_dag_prog.node_1)
+apply (rule disjI1)
+apply (rule no_guard_if_before_cfg_to_dag_prog.block_1_def)
+apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_1)
+apply (rule rel_no_guard_if_before_ast_to_cfg_prog_bigblock_1)
+apply assumption+
+
+done
+qed
+
+lemma rel_no_guard_if_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of no_guard_if_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def no_guard_if_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_no_guard_if_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_guard_if_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of no_guard_if_before_ast_to_cfg_prog.bigblock_0 _ no_guard_if_before_cfg_to_dag_prog.block_0])
+apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def no_guard_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)
+apply (rule astTrace)
+apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_0)
+apply (rule rel_no_guard_if_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+
+apply (rule disjE, simp)
+apply ((erule allE[where x = 1])+)
+apply ((simp add: no_guard_if_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_no_guard_if_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: cont_0_def no_guard_if_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
+apply blast+
+
+
+
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add: no_guard_if_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_no_guard_if_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_0_def no_guard_if_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (no_guard_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A no_guard_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> no_guard_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) no_guard_if_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_if_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_no_guard_if_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def no_guard_if_before_ast_to_cfg_prog.pres_def no_guard_if_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def no_guard_if_before_ast_to_cfg_prog.pres_def no_guard_if_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (no_guard_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) no_guard_if_before_ast_to_cfg_prog.fdecls no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls no_guard_if_before_ast_to_cfg_prog.axioms no_guard_if_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding no_guard_if_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_guard_if_before_ast_to_cfg_prog.ast_proc_def no_guard_if_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..156d377
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_to_cfg_prog.thy
@@ -0,0 +1,117 @@
+theory no_guard_if_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (None ) [(BigBlock (None ) [(Assign 0 (Lit (LInt 0)))] (None ) (None ))] [(BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))])) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0)))] (None ) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))"
+definition cont_0
+  where
+    "cont_0  = KStop"
+definition cont_1
+  where
+    "cont_1  = KStop"
+definition cont_2
+  where
+    "cont_2  = KStop"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding no_guard_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding no_guard_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding no_guard_if_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding no_guard_if_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding no_guard_if_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = no_guard_if_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_if_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_if_before_ast_to_cfg_prog.post),proc_body = (Some (no_guard_if_before_ast_to_cfg_prog.locals_vdecls,no_guard_if_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
similarity index 54%
rename from BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
index a616969..e159f5a 100644
--- a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
@@ -6,13 +6,13 @@ definition block_0
     "block_0  = [(Havoc 0)]"
 definition block_1
   where
-    "block_1  = [(Assign 0 (Lit (LInt 1)))]"
+    "block_1  = [(Assign 0 (Lit (LInt 0)))]"
 definition block_2
   where
-    "block_2  = [(Assign 0 (Lit (LInt 0)))]"
+    "block_2  = [(Assign 0 (Lit (LInt 1)))]"
 definition outEdges
   where
-    "outEdges  = [[2,1],[],[]]"
+    "outEdges  = [[1,2],[],[]]"
 definition node_to_blocks
   where
     "node_to_blocks  = [block_0,block_1,block_2]"
@@ -32,7 +32,7 @@ shows "((nth (node_to_block proc_body) 2) = block_2)"
 by (simp add:proc_body_def node_to_blocks_def)
 
 lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [2,1])"
+shows "((nth (out_edges proc_body) 0) = [1,2])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_1:
@@ -55,6 +55,28 @@ definition params_vdecls :: "(vdecls)"
 definition locals_vdecls :: "(vdecls)"
   where
     "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding no_guard_if_before_cfg_to_dag_prog.constants_vdecls_def no_guard_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
 lemma locals_min_aux:
 shows "(((map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
 unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
@@ -66,18 +88,23 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding no_guard_if_before_cfg_to_dag_prog.constants_vdecls_def no_guard_if_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
 by simp
 
 lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding no_guard_if_before_cfg_to_dag_prog.constants_vdecls_def
 by simp
 
 lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding no_guard_if_before_cfg_to_dag_prog.globals_vdecls_def
 by simp
 
 lemma params_wf:
@@ -91,7 +118,7 @@ unfolding no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
 apply (rule lookup_ty_pred_2)
 by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
 
@@ -100,11 +127,11 @@ shows "((map_of (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guar
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-definition proc :: "(procedure)"
+definition proc :: "(mbodyCFG procedure)"
   where
     "proc  = (|proc_ty_args = 0,proc_args = no_guard_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_if_before_cfg_to_dag_prog.post),proc_body = (Some (no_guard_if_before_cfg_to_dag_prog.locals_vdecls,no_guard_if_before_cfg_to_dag_prog.proc_body))|)"
 
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
similarity index 72%
rename from BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
index 63101c3..d44f599 100644
--- a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
@@ -1,5 +1,5 @@
 theory no_guard_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -77,18 +77,18 @@ shows "((nth (out_edges proc_body) 5) = [4])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding no_guard_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_if_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
similarity index 76%
rename from BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
index f4a541d..8203453 100644
--- a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
@@ -1,23 +1,23 @@
 theory no_guard_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_if_before_cfg_to_dag_prog no_guard_if_before_passive_prog no_guard_if_passification_proof no_guard_if_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_if_before_ast_to_cfg_prog no_guard_if_before_cfg_to_dag_prog no_guard_if_before_passive_prog no_guard_if_passification_proof no_guard_if_vcphase_proof
 begin
 locale cfg_to_dag_lemmas = 
 fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
 assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+Wf_Fun: "(fun_interp_wf A no_guard_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
 begin
 
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls))"
 declare Nat.One_nat_def[simp del]
 
 lemma cfg_block_GeneratedUnifiedExit:
 assumes 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_if_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def no_guard_if_before_cfg_to_dag_prog.post_def 
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_if_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def no_guard_if_before_ast_to_cfg_prog.post_def 
 apply (rule cfg_dag_rel_post_invs_3)
 apply (erule assms(1))
 apply (rule no_guard_if_before_passive_prog.node_0)
@@ -27,13 +27,13 @@ by cfg_dag_rel_tac_single+
 
 lemma block_anon3_Then:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_1 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_if_before_cfg_to_dag_prog.block_2_def no_guard_if_before_passive_prog.block_1_def
+unfolding no_guard_if_before_cfg_to_dag_prog.block_1_def no_guard_if_before_passive_prog.block_1_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -41,18 +41,18 @@ done
 
 lemma cfg_block_anon3_Then:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_guard_if_before_cfg_to_dag_prog.node_2)
+apply (rule no_guard_if_before_cfg_to_dag_prog.node_1)
 apply (rule no_guard_if_before_passive_prog.node_1)
 apply (erule DagVerifies)
 apply (rule DagAssms)
 apply (erule block_anon3_Then)
 apply assumption+
-apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_2)
+apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_1)
 apply (rule no_guard_if_before_passive_prog.outEdges_1)
 apply (erule cfg_block_GeneratedUnifiedExit)
 by assumption
@@ -60,13 +60,13 @@ by assumption
 
 lemma block_anon3_Else:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
 "(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
 shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_2 ns2 s' False)"
 using assms
 apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_if_before_cfg_to_dag_prog.block_1_def no_guard_if_before_passive_prog.block_2_def
+unfolding no_guard_if_before_cfg_to_dag_prog.block_2_def no_guard_if_before_passive_prog.block_2_def
 apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
@@ -74,18 +74,18 @@ done
 
 lemma cfg_block_anon3_Else:
 assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_guard_if_before_cfg_to_dag_prog.node_1)
+apply (rule no_guard_if_before_cfg_to_dag_prog.node_2)
 apply (rule no_guard_if_before_passive_prog.node_2)
 apply (erule DagVerifies)
 apply (rule DagAssms)
 apply (erule block_anon3_Else)
 apply assumption+
-apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_1)
+apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_2)
 apply (rule no_guard_if_before_passive_prog.outEdges_2)
 apply (erule cfg_block_GeneratedUnifiedExit)
 by assumption
@@ -110,7 +110,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
 apply (rule no_guard_if_before_passive_prog.node_3)
@@ -169,16 +169,16 @@ assumes
 "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_if_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_if_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_entry)
 apply (rule no_guard_if_before_passive_prog.node_5)
 apply (erule assms(3))
 apply (rule assms(2))
 unfolding no_guard_if_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=no_guard_if_before_cfg_to_dag_prog.pres])
+apply (rule assume_pres_normal[where ?es=no_guard_if_before_ast_to_cfg_prog.pres])
 apply (rule assms(4))
-unfolding no_guard_if_before_cfg_to_dag_prog.pres_def
+unfolding no_guard_if_before_ast_to_cfg_prog.pres_def
 apply simp
 apply (rule no_guard_if_before_passive_prog.outEdges_5)
 apply ((simp add:no_guard_if_before_passive_prog.node_4 no_guard_if_before_passive_prog.block_4_def))
@@ -190,23 +190,23 @@ end
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls))"
 lemma end_to_end_theorem_aux:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_if_before_cfg_to_dag_prog.pres)" and 
+FInterp: "(fun_interp_wf A no_guard_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> no_guard_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) no_guard_if_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_if_before_ast_to_cfg_prog.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post m' s')"
 proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
 show ?thesis
 apply (rule cfg_to_dag_lemmas.entry_lemma)
@@ -238,13 +238,5 @@ done
 qed
 
 
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms no_guard_if_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_guard_if_before_cfg_to_dag_prog.proc_def no_guard_if_before_cfg_to_dag_prog.proc_body_def)
-
 
 end
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
similarity index 88%
rename from BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
index a115244..2ab1609 100644
--- a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
@@ -1,5 +1,5 @@
 theory no_guard_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_passive_prog no_guard_if_passive_prog Boogie_Lang.PassificationML no_guard_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_ast_to_cfg_prog no_guard_if_passive_prog Boogie_Lang.PassificationML no_guard_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,10 +9,10 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_GeneratedUnifiedExit:
@@ -57,7 +57,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding no_guard_if_before_passive_prog.block_3_def no_guard_if_passive_prog.block_3_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:no_guard_if_before_cfg_to_dag_prog.l_x(2) no_guard_if_passive_prog.l_x_0(2)))
+apply ((simp add:no_guard_if_before_ast_to_cfg_prog.l_x(2) no_guard_if_passive_prog.l_x_0(2)))
 by simp
 
 lemma block_0:
@@ -131,14 +131,14 @@ by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} []
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A no_guard_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> no_guard_if_before_ast_to_cfg_prog.constants_vdecls ns no_guard_if_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -192,7 +192,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding no_guard_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_if_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding no_guard_if_passive_prog.params_vdecls_def no_guard_if_passive_prog.locals_vdecls_def
 by simp
@@ -230,7 +230,7 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range no_guard_if_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
similarity index 71%
rename from BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
index 31ce339..1ad5e24 100644
--- a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
@@ -1,5 +1,5 @@
 theory no_guard_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -93,8 +93,8 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) = {})"
+unfolding no_guard_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_if_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 lemma m_x:
@@ -106,12 +106,12 @@ shows "((map_of (append no_guard_if_passive_prog.params_vdecls no_guard_if_passi
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
diff --git a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
similarity index 87%
rename from BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
index cf00163..0ca11b4 100644
--- a/BoogieLang/generated_example_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
@@ -174,19 +174,19 @@ declare One_nat_def[simp del]
 
 lemma end_to_end:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) \<Gamma> [] no_guard_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) \<Gamma> [] no_guard_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+FInterp: "(fun_interp_wf A no_guard_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> no_guard_if_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) no_guard_if_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls))"
 shows "(s' \<noteq> Failure)"
 proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+let ?n_s_c = "(nstate_global_restriction n_s no_guard_if_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((no_guard_if_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
 from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_if_passive_prog.m_x])
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_asttocfg_proof.thy
new file mode 100644
index 0000000..a697260
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_asttocfg_proof.thy
@@ -0,0 +1,716 @@
+theory M_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_cfgtodag_proof M_passification_proof M_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_9:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_9,cont_9,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_9])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_9_def)
+
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_9_def)
+apply (simp)
+apply (simp)
+apply (rule cont_9_def)
+apply (rule M_before_cfg_to_dag_prog.node_10)
+apply (rule disjI1)
+apply (rule M_before_cfg_to_dag_prog.block_10_def)
+apply (rule M_before_cfg_to_dag_prog.outEdges_10)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: M_before_cfg_to_dag_prog.node_10)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_9_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_8:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_8,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_8])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def M_before_cfg_to_dag_prog.block_9_def)
+apply ((simp add: M_before_cfg_to_dag_prog.block_9_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: M_before_cfg_to_dag_prog.block_9_def M_before_ast_to_cfg_prog.bigblock_8_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_8:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(guard_of_enclosing_loop = (None ))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_8])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
+apply (rule M_before_cfg_to_dag_prog.node_9)
+apply (rule disjI1)
+apply (rule M_before_cfg_to_dag_prog.block_9_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_8_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_9)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_8)
+apply assumption
+apply (simp)
+apply ((erule allE[where x=1])+)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_9)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_7:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV False))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_7])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
+
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
+apply (rule M_before_cfg_to_dag_prog.node_8)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule M_before_cfg_to_dag_prog.block_8_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_7_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_8)
+
+
+
+
+apply ((erule allE[where x = 9])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_8)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_8)
+
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply blast+
+done
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) (Normal ns1')))))"
+unfolding M_before_cfg_to_dag_prog.block_7_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: M_before_cfg_to_dag_prog.block_7_def)
+apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_6_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
+apply (rule M_before_cfg_to_dag_prog.node_7)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule M_before_cfg_to_dag_prog.block_7_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_6_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_7)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_6)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x = 9])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_7)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_8)
+
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply blast+
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(guard_of_enclosing_loop = (None ))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: M_before_cfg_to_dag_prog.block_6_def M_before_ast_to_cfg_prog.bigblock_5_def)
+
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_5_def)
+apply (rule M_before_cfg_to_dag_prog.node_6)
+apply (rule disjI1)
+
+
+
+apply (simp add: M_before_cfg_to_dag_prog.block_6_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+
+
+
+
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 7])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_6)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_6)
+apply (simp add: cont_5_def M_before_ast_to_cfg_prog.bigblock_6_def cont_6_def )
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+
+apply ((erule allE[where x = 8])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_6)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_7)
+apply (simp add: cont_5_def M_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+done
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+unfolding M_before_cfg_to_dag_prog.block_4_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: M_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_4_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_3 cont_3 M_before_cfg_to_dag_prog.proc_body 3 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule M_before_cfg_to_dag_prog.node_4)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule M_before_cfg_to_dag_prog.block_4_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_4_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_4)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_4)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=3])+)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3 _ _ _ M_before_cfg_to_dag_prog.block_3])
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def M_before_cfg_to_dag_prog.block_3_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3])
+apply ((simp add:M_before_ast_to_cfg_prog.bigblock_3_def)+)
+apply ((simp add:M_before_cfg_to_dag_prog.block_3_def M_before_cfg_to_dag_prog.node_3)+)
+apply (rule cont_3_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def M_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_3_def cont_4_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 5])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_5)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_5)
+apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_5)
+apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(guard_of_enclosing_loop = (None ))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
+apply (rule correctness_propagates_through_empty)
+using assms(2)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_2)
+apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
+
+
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_empty2)
+using assms(3)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_2)
+apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
+
+
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec)
+apply ((simp)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule strictly_smaller_helper2)
+apply ((simp)+)
+done
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(personal_guard = (None ))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1 _ _ _ M_before_cfg_to_dag_prog.block_1])
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def M_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:M_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:M_before_cfg_to_dag_prog.block_1_def M_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+apply ((simp)+)
+apply (erule disjE)
+defer
+apply ((erule allE[where x = 2])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def M_before_ast_to_cfg_prog.bigblock_2_def cont_2_def M_before_ast_to_cfg_prog.bigblock_5_def cont_5_def M_before_ast_to_cfg_prog.bigblock_8_def cont_8_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule guardHint)
+apply ((erule allE[where x = 10])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply ((blast)+)
+
+
+
+
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_9)
+apply (simp)
+apply ((blast)+)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+done
+qed
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: M_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: M_before_cfg_to_dag_prog.block_0_def M_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0 _ M_before_cfg_to_dag_prog.block_0])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
+apply (rule M_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: M_before_cfg_to_dag_prog.node_0)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_M_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_9] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_9_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) M_before_ast_to_cfg_prog.fdecls M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls M_before_ast_to_cfg_prog.axioms M_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding M_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 M_before_ast_to_cfg_prog.ast_proc_def M_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..a5a1b75
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
@@ -0,0 +1,177 @@
+theory M_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1),(Havoc 2)] (Some (WhileWrapper (ParsedWhile (None ) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None )),(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (None ) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None )),(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))"
+definition bigblock_7
+  where
+    "bigblock_7  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_8
+  where
+    "bigblock_8  = (BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (None ) (None ))"
+definition bigblock_9
+  where
+    "bigblock_9  = (BigBlock (None ) [] (None ) (None ))"
+definition cont_9
+  where
+    "cont_9  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_9 cont_9)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_9 cont_9 ))"
+definition cont_8
+  where
+    "cont_8  = (KSeq bigblock_1 cont_1)"
+definition cont_5
+  where
+    "cont_5  = (KSeq bigblock_8 cont_8)"
+definition cont_6
+  where
+    "cont_6  = (KSeq bigblock_8 cont_8)"
+definition cont_7
+  where
+    "cont_7  = (KSeq bigblock_8 cont_8)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_5 cont_5)"
+definition cont_3
+  where
+    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_9]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = M_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.post),proc_body = (Some (M_before_ast_to_cfg_prog.locals_vdecls,M_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..2f81621
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
@@ -0,0 +1,244 @@
+theory M_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))]"
+definition block_8
+  where
+    "block_8  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10)))))]"
+definition block_9
+  where
+    "block_9  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))]"
+definition block_10
+  where
+    "block_10  = []"
+definition outEdges
+  where
+    "outEdges  = [[1],[10,2],[3],[5,4],[3],[6],[7,8],[9],[9],[1],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [10,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [5,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [7,8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = M_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.post),proc_body = (Some (M_before_cfg_to_dag_prog.locals_vdecls,M_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_passive_prog.thy
new file mode 100644
index 0000000..86acc69
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_passive_prog.thy
@@ -0,0 +1,183 @@
+theory M_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10)))))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
+definition block_8
+  where
+    "block_8  = [(Havoc 0)]"
+definition block_9
+  where
+    "block_9  = []"
+definition block_10
+  where
+    "block_10  = [(Havoc 0),(Havoc 1)]"
+definition block_11
+  where
+    "block_11  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
+definition block_12
+  where
+    "block_12  = []"
+definition block_13
+  where
+    "block_13  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[3],[4,5],[6],[7,2],[8],[1,9],[10],[11],[12]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 13,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_13:
+shows "((nth (node_to_block proc_body) 13) = block_13)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [4,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [1,9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_13:
+shows "((nth (out_edges proc_body) 13) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_cfgtodag_proof.thy
new file mode 100644
index 0000000..7d840e9
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_cfgtodag_proof.thy
@@ -0,0 +1,775 @@
+theory M_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_before_passive_prog M_passification_proof M_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def M_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule M_before_passive_prog.node_0)
+apply simp
+unfolding M_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_10 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_10_def M_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule M_before_cfg_to_dag_prog.node_10)
+apply (rule M_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon7_LoopDone)
+apply assumption+
+apply (rule M_before_cfg_to_dag_prog.outEdges_10)
+apply (rule M_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon8_LoopBody:
+shows "(mods_contained_in (set [0]) M_before_cfg_to_dag_prog.block_4)"
+unfolding M_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_4_def M_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0] [] M_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_4)
+apply (rule M_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon8_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon8_LoopBody)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon8_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_9)"
+unfolding M_before_cfg_to_dag_prog.block_9_def
+by simp
+
+lemma block_anon6:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_3 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_9_def M_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_9)
+apply (rule M_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon6)
+apply (assumption+)
+apply (rule Mods_anon6)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_9))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_9))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon7_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon9_Then:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_7)"
+unfolding M_before_cfg_to_dag_prog.block_7_def
+by simp
+
+lemma block_anon9_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_7_def M_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon9_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_7)
+apply (rule M_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon9_Then)
+apply (assumption+)
+apply (rule Mods_anon9_Then)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:M_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon9_Else:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_8)"
+unfolding M_before_cfg_to_dag_prog.block_8_def
+by simp
+
+lemma block_anon9_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_8_def M_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon9_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_8)
+apply (rule M_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon9_Else)
+apply (assumption+)
+apply (rule Mods_anon9_Else)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:M_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon3:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_6)"
+unfolding M_before_cfg_to_dag_prog.block_6_def
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_6_def M_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_6)
+apply (rule M_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon3)
+apply (assumption+)
+apply (rule Mods_anon3)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:M_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon9_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:M_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon9_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_LoopDone:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_5)"
+unfolding M_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_5_def M_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_5)
+apply (rule M_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon8_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon8_LoopDone)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:M_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_LoopHead:
+shows "(mods_contained_in (set [0]) M_before_cfg_to_dag_prog.block_3)"
+unfolding M_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_3_def M_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule M_before_cfg_to_dag_prog.node_3)
+apply (rule M_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon8_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon8_LoopHead)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:M_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:M_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon7_LoopBody:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_2)"
+unfolding M_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_9 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_2_def M_before_passive_prog.block_9_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_2)
+apply (rule M_before_passive_prog.node_9)
+apply (assumption+)
+apply (rule block_anon7_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon7_LoopBody)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=8])
+apply ((simp add:M_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_LoopHead:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_1)"
+unfolding M_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_10 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_1_def M_before_passive_prog.block_10_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule M_before_cfg_to_dag_prog.node_1)
+apply (rule M_before_passive_prog.node_10)
+apply (assumption+)
+apply (rule block_anon7_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon7_LoopHead)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:M_before_passive_prog.outEdges_10))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=9])
+apply ((simp add:M_before_passive_prog.outEdges_10))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_11 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_11 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_0_def M_before_passive_prog.block_11_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_0)
+apply (rule M_before_passive_prog.node_11)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=10])
+apply ((simp add:M_before_passive_prog.outEdges_11))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:M_before_passive_prog.outEdges_12))
+by ((simp add:M_before_passive_prog.node_12 M_before_passive_prog.block_12_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule M_before_passive_prog.node_13)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding M_before_passive_prog.block_13_def
+apply (rule assume_pres_normal[where ?es=M_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding M_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule M_before_passive_prog.outEdges_13)
+apply ((simp add:M_before_passive_prog.node_12 M_before_passive_prog.block_12_def))
+apply (rule M_before_passive_prog.outEdges_12)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule M_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passification_proof.thy
new file mode 100644
index 0000000..d62a181
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passification_proof.thy
@@ -0,0 +1,458 @@
+theory M_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog M_passive_prog Boogie_Lang.PassificationML M_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_0_def M_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_1_def M_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [10] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [10])) (update_nstate_rel R [(0,(Inl 10))]) R_old M_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_2_def M_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_3(2)))
+by simp
+
+lemma block_anon6:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [11] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [11])) (update_nstate_rel R [(0,(Inl 11))]) R_old M_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_3_def M_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_4(2)))
+by simp
+
+lemma block_anon9_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9])) (update_nstate_rel R [(1,(Inl 9))]) R_old M_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_4_def M_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_2(2)))
+by simp
+
+lemma block_anon9_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 1) = (Some (Inl 7)))" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_5_def M_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_6_def M_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_7_def M_passive_prog.block_7_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old M_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_8_def M_passive_prog.block_8_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_9_def M_passive_prog.block_9_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_10 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6,7] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6,7])) (update_nstate_rel R [(0,(Inl 6)),(1,(Inl 7))]) R_old M_passive_prog.block_10 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_10_def M_passive_prog.block_10_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_1(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_11 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4,5] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4,5])) (update_nstate_rel R [(0,(Inl 3)),(1,(Inl 4)),(2,(Inl 5))]) R_old M_passive_prog.block_11 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_11_def M_passive_prog.block_11_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_0(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_0(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_z(2) M_passive_prog.l_z_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_12 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_12 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_12_def M_passive_prog.block_12_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_13 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_13 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_13_def M_passive_prog.block_13_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_0},@{thm M_before_passive_prog.outEdges_0}) (@{thm M_passive_prog.node_0},@{thm M_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_1},@{thm M_before_passive_prog.outEdges_1}) (@{thm M_passive_prog.node_1},@{thm M_passive_prog.outEdges_1}) @{thm block_anon7_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 10 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_2},@{thm M_before_passive_prog.outEdges_2}) (@{thm M_passive_prog.node_2},@{thm M_passive_prog.outEdges_2}) @{thm block_anon8_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_3},@{thm M_before_passive_prog.outEdges_3}) (@{thm M_passive_prog.node_3},@{thm M_passive_prog.outEdges_3}) @{thm block_anon6} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon9_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_4},@{thm M_before_passive_prog.outEdges_4}) (@{thm M_passive_prog.node_4},@{thm M_passive_prog.outEdges_4}) @{thm block_anon9_Then} [
+@{thm cfg_block_anon6}] 1\<close>))
+
+lemma cfg_block_anon9_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 1) = (Some (Inl 7)))" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_5},@{thm M_before_passive_prog.outEdges_5}) (@{thm M_passive_prog.node_5},@{thm M_passive_prog.outEdges_5}) @{thm block_anon9_Else} [
+@{thm cfg_block_anon6}] 1\<close>))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_6},@{thm M_before_passive_prog.outEdges_6}) (@{thm M_passive_prog.node_6},@{thm M_passive_prog.outEdges_6}) @{thm block_anon3} [
+@{thm cfg_block_anon9_Then}, 
+@{thm cfg_block_anon9_Else}] 1\<close>))
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_7},@{thm M_before_passive_prog.outEdges_7}) (@{thm M_passive_prog.node_7},@{thm M_passive_prog.outEdges_7}) @{thm block_anon8_LoopDone} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_8},@{thm M_before_passive_prog.outEdges_8}) (@{thm M_passive_prog.node_8},@{thm M_passive_prog.outEdges_8}) @{thm block_anon8_LoopHead} [
+@{thm cfg_block_anon8_LoopDone}, 
+@{thm cfg_block_anon8_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_9},@{thm M_before_passive_prog.outEdges_9}) (@{thm M_passive_prog.node_9},@{thm M_passive_prog.outEdges_9}) @{thm block_anon7_LoopBody} [
+@{thm cfg_block_anon8_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_10},@{thm M_before_passive_prog.outEdges_10}) (@{thm M_passive_prog.node_10},@{thm M_passive_prog.outEdges_10}) @{thm block_anon7_LoopHead} [
+@{thm cfg_block_anon7_LoopDone}, 
+@{thm cfg_block_anon7_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 11)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_11},@{thm M_before_passive_prog.outEdges_11}) (@{thm M_passive_prog.node_11},@{thm M_passive_prog.outEdges_11}) @{thm block_anon0} [
+@{thm cfg_block_anon7_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 12)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_12},@{thm M_before_passive_prog.outEdges_12}) (@{thm M_passive_prog.node_12},@{thm M_passive_prog.outEdges_12}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 13)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_13},@{thm M_before_passive_prog.outEdges_13}) (@{thm M_passive_prog.node_13},@{thm M_passive_prog.outEdges_13}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_passive_prog.proc_body ((Inl 13),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls ns M_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv M_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using M_before_passive_prog.globals_locals_disj apply auto[1]
+using M_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body u (Inl 13)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range M_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body ((Inl 13),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from M_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passive_prog.thy
new file mode 100644
index 0000000..b325823
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passive_prog.thy
@@ -0,0 +1,297 @@
+theory M_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 7) Gt (Lit (LInt 10)))),(Assume (BinOp (Var 10) Eq (BinOp (Var 8) Mul (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 11) Eq (BinOp (BinOp (Var 8) Add (Var 1)) Add (Var 5)))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (BinOp (Var 8) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assume (BinOp (Var 9) Eq (BinOp (Var 5) Add (Lit (LInt 7)))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 8) Sub (Lit (LInt 10)))))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 7)))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = []"
+definition block_12
+  where
+    "block_12  = []"
+definition block_13
+  where
+    "block_13  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[3],[4,5],[6],[7,2],[8],[1,9],[10],[11],[12]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 13,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_13:
+shows "((nth (node_to_block proc_body) 13) = block_13)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [4,5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [1,9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_13:
+shows "((nth (out_edges proc_body) 13) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(10,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(11,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) = {})"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z_0:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_3:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_4:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 11) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z_0:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_3:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_4:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_4
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_vcphase_proof.thy
new file mode 100644
index 0000000..54f25dc
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_vcphase_proof.thy
@@ -0,0 +1,473 @@
+theory M_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML M_passive_prog M_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_z :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_z_0 :: "int" and vc_x_1 :: "int" and vc_y_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_y_2 :: "int" and vc_x_4 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_z)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_0)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_z_0)))" and 
+G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_1)))" and 
+G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_1)))" and 
+G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_2)))" and 
+G9: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_x_3)))" and 
+G10: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_y_2)))" and 
+G11: "((lookup_var \<Lambda> n_s 11) = (Some (IntV vc_x_4)))" and 
+G12: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11 G12
+lemmas forall_poly_thm = forall_vc_type[OF G12]
+lemmas exists_poly_thm = exists_vc_type[OF G12]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding M_passive_prog.block_0_def
+apply cases
+by auto
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_1 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding M_passive_prog.block_1_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon8_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon8_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding M_passive_prog.block_2_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_hints = [
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon6AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding M_passive_prog.block_3_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon9_Then_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon9_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
+unfolding M_passive_prog.block_4_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon9_Else_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon9_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
+unfolding M_passive_prog.block_5_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_6 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_6_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon8_LoopDone_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon8_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+unfolding M_passive_prog.block_7_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_8 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_8_def
+apply cases
+by auto
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_9 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_9_def
+apply cases
+by auto
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_10 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_10_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_11 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_11_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_12 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_12_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_13 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding M_passive_prog.block_13_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) M_passive_prog.node_0 M_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) M_passive_prog.node_1])
+apply (erule block_anon7_LoopDone)
+apply ((simp add:M_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_2])
+by (erule block_anon8_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon6:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_3])
+by (erule block_anon6AA0[OF _ assms(2)])
+
+lemma cfg_block_anon9_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_4])
+apply (erule block_anon9_ThenAA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon9_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_5])
+apply (erule block_anon9_ElseAA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_6])
+apply (erule block_anon3[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon9_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon9_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_7])
+apply (erule block_anon8_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_8])
+apply (erule block_anon8_LoopHead[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_9])
+apply (erule block_anon7_LoopBody[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_10])
+apply (erule block_anon7_LoopHead[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_10))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_11])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_11))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_12])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_12))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_13])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_13))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<Gamma> [] M_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s M_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((M_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x])
+apply (subst lookup_var_local[OF M_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y])
+apply (subst lookup_var_local[OF M_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z])
+apply (subst lookup_var_local[OF M_passive_prog.m_z])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z_0:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z_0])
+apply (subst lookup_var_local[OF M_passive_prog.m_z_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_3])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 11) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 11)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 11))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_4])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_4])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_z])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_z_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (rule HOL.conjunct1[OF sc_x_3])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (rule HOL.conjunct1[OF sc_x_4])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/ROOT
new file mode 100644
index 0000000..3487ed6
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/ROOT
@@ -0,0 +1,12 @@
+session no_guard_loop2_proofs = Boogie_Lang + 
+directories M_proofs
+theories
+global_data
+"M_proofs/M_before_ast_to_cfg_prog"
+"M_proofs/M_passive_prog"
+"M_proofs/M_asttocfg_proof"
+"M_proofs/M_passification_proof"
+"M_proofs/M_before_passive_prog"
+"M_proofs/M_vcphase_proof"
+"M_proofs/M_before_cfg_to_dag_prog"
+"M_proofs/M_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_asttocfg_proof.thy
new file mode 100644
index 0000000..683bfee
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_asttocfg_proof.thy
@@ -0,0 +1,679 @@
+theory M_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_cfgtodag_proof M_passification_proof M_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_8:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_8])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
+
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
+apply (simp)
+apply (simp)
+apply (rule cont_8_def)
+apply (rule M_before_cfg_to_dag_prog.node_9)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule M_before_cfg_to_dag_prog.block_9_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply ( rule neg_gt)
+apply (rule guardHint)
+apply (rule M_before_cfg_to_dag_prog.outEdges_9)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: M_before_cfg_to_dag_prog.node_9)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_7:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_7])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
+
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
+apply (rule M_before_cfg_to_dag_prog.node_8)
+apply (rule disjI1)
+apply (rule M_before_cfg_to_dag_prog.block_8_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_7_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_8)
+
+
+
+apply ((erule allE[where x=1])+)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_8)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV False))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_3 cont_3 M_before_cfg_to_dag_prog.proc_body 3 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
+
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
+apply (rule M_before_cfg_to_dag_prog.node_6)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule M_before_cfg_to_dag_prog.block_6_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_6_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_6)
+
+
+
+
+apply ((erule allE[where x=3])+)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_6)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_5 (Normal ns1) (Normal ns1')))))"
+unfolding M_before_cfg_to_dag_prog.block_5_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
+apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_5_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_3 cont_3 M_before_cfg_to_dag_prog.proc_body 3 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_5_def)
+apply (rule M_before_cfg_to_dag_prog.node_5)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule M_before_cfg_to_dag_prog.block_5_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_5_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_5)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_5)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=3])+)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def M_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: M_before_cfg_to_dag_prog.block_4_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: M_before_cfg_to_dag_prog.block_4_def M_before_ast_to_cfg_prog.bigblock_4_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(guard_of_enclosing_loop = (None ))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_3 cont_3 M_before_cfg_to_dag_prog.proc_body 3 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: M_before_cfg_to_dag_prog.block_4_def M_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp add: M_before_cfg_to_dag_prog.block_4_def)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule M_before_cfg_to_dag_prog.node_4)
+apply (rule disjI1)
+
+
+
+apply (simp add: M_before_cfg_to_dag_prog.block_4_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: M_before_cfg_to_dag_prog.node_4)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
+apply ((simp)+)
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 5])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_4)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_5)
+apply (simp add: cont_4_def M_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+
+apply ((erule allE[where x = 6])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_4)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_6)
+apply (simp add: cont_4_def M_before_ast_to_cfg_prog.bigblock_6_def cont_6_def )
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(personal_guard = (None ))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3 _ _ _ M_before_cfg_to_dag_prog.block_3])
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def M_before_cfg_to_dag_prog.block_3_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3])
+apply ((simp add:M_before_ast_to_cfg_prog.bigblock_3_def)+)
+apply ((simp add:M_before_cfg_to_dag_prog.block_3_def M_before_cfg_to_dag_prog.node_3)+)
+apply (rule cont_3_def)
+apply (erule disjE)
+apply ((simp)+)
+apply (erule disjE)
+defer
+apply ((erule allE[where x = 4])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def M_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_3_def cont_4_def
+apply (simp)
+apply (blast)
+apply (blast)
+apply (rule guardHint)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(6))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 7])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply ((blast)+)
+
+
+
+
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_7)
+apply (simp)
+
+apply (rule correctness_propagates_through_empty)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_7)
+apply (simp add: M_before_cfg_to_dag_prog.block_7_def)
+
+apply (simp)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_7)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_empty2)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_7)
+apply (simp add: M_before_cfg_to_dag_prog.block_7_def)
+
+apply (simp)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_7)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(6))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding M_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
+apply (rule M_before_cfg_to_dag_prog.node_2)
+
+apply (rule disjI2)
+apply (rule disjI1)
+
+apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (simp)
+
+
+apply (rule guardHint)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: M_before_cfg_to_dag_prog.node_2)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def)
+apply ((simp)+)
+apply (rule guardHint)
+apply ((erule allE[where x = 3])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1 _ _ _ M_before_cfg_to_dag_prog.block_1])
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def M_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:M_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:M_before_cfg_to_dag_prog.block_1_def M_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def M_before_ast_to_cfg_prog.bigblock_2_def cont_2_def M_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 9])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_8)
+apply (blast)
+
+
+apply ((blast)+)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+done
+qed
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: M_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: M_before_cfg_to_dag_prog.block_0_def M_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0 _ M_before_cfg_to_dag_prog.block_0])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
+apply (rule M_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: M_before_cfg_to_dag_prog.node_0)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_3::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_M_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_8] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_8_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_3::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) M_before_ast_to_cfg_prog.fdecls M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls M_before_ast_to_cfg_prog.axioms M_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding M_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 M_before_ast_to_cfg_prog.ast_proc_def M_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..7eb13ba
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
@@ -0,0 +1,171 @@
+theory M_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1),(Havoc 2)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (Some (WhileWrapper (ParsedWhile (None ) [] [(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (Some (WhileWrapper (ParsedWhile (None ) [] [(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (Some (WhileWrapper (ParsedWhile (None ) [] [(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))]))) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (None ) [] [(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_7
+  where
+    "bigblock_7  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_8
+  where
+    "bigblock_8  = (BigBlock (None ) [] (None ) (None ))"
+definition cont_8
+  where
+    "cont_8  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_8 cont_8)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_8 cont_8 ))"
+definition cont_7
+  where
+    "cont_7  = (KSeq bigblock_1 cont_1)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_7 cont_7)"
+definition cont_3
+  where
+    "cont_3  = (KEndBlock (KSeq bigblock_7 cont_7 ))"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_3 cont_3)"
+definition cont_5
+  where
+    "cont_5  = (KSeq bigblock_3 cont_3)"
+definition cont_6
+  where
+    "cont_6  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_8]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = M_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.post),proc_body = (Some (M_before_ast_to_cfg_prog.locals_vdecls,M_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..a4c8d31
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
@@ -0,0 +1,233 @@
+theory M_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10)))))]"
+definition block_7
+  where
+    "block_7  = []"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[9,2],[3],[7,4],[5,6],[3],[3],[8],[1],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [9,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [7,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [5,6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = M_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.post),proc_body = (Some (M_before_cfg_to_dag_prog.locals_vdecls,M_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_passive_prog.thy
new file mode 100644
index 0000000..8b61917
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_passive_prog.thy
@@ -0,0 +1,172 @@
+theory M_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))]"
+definition block_5
+  where
+    "block_5  = [(Assume (Lit (LBool False)))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = [(Havoc 1),(Havoc 0)]"
+definition block_8
+  where
+    "block_8  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))]"
+definition block_9
+  where
+    "block_9  = [(Havoc 1),(Havoc 0)]"
+definition block_10
+  where
+    "block_10  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
+definition block_11
+  where
+    "block_11  = []"
+definition block_12
+  where
+    "block_12  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[2,3],[0],[5],[6,4],[7],[1,8],[9],[10],[11]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 12,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [1,8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_cfgtodag_proof.thy
new file mode 100644
index 0000000..54db418
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_cfgtodag_proof.thy
@@ -0,0 +1,712 @@
+theory M_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_before_passive_prog M_passification_proof M_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def M_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule M_before_passive_prog.node_0)
+apply simp
+unfolding M_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_9_def M_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule M_before_cfg_to_dag_prog.node_9)
+apply (rule M_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon6_LoopDone)
+apply assumption+
+apply (rule M_before_cfg_to_dag_prog.outEdges_9)
+apply (rule M_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon8_Then:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_5)"
+unfolding M_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon8_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_5_def M_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_5)
+apply (rule M_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon8_Then)
+apply (assumption+)
+apply (rule Mods_anon8_Then)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon7_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_Else:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_6)"
+unfolding M_before_cfg_to_dag_prog.block_6_def
+by simp
+
+lemma block_anon8_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_3 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_6_def M_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_6)
+apply (rule M_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon8_Else)
+apply (assumption+)
+apply (rule Mods_anon8_Else)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon7_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_LoopBody:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_4)"
+unfolding M_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_4_def M_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_4)
+apply (rule M_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon7_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon7_LoopBody)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:M_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:M_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon7_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon5:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_8)"
+unfolding M_before_cfg_to_dag_prog.block_8_def
+by simp
+
+lemma block_anon5:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_5 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_8_def M_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_8)
+apply (rule M_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon5)
+apply (assumption+)
+apply (rule Mods_anon5)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_LoopDone:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_7)"
+unfolding M_before_cfg_to_dag_prog.block_7_def
+by simp
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_7_def M_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_7)
+apply (rule M_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon7_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon7_LoopDone)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:M_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon6_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_LoopHead:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_3)"
+unfolding M_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_3_def M_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(1)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule M_before_cfg_to_dag_prog.node_3)
+apply (rule M_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon7_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon7_LoopHead)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:M_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:M_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon6_LoopBody:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_2)"
+unfolding M_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_2_def M_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_2)
+apply (rule M_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon6_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon6_LoopBody)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:M_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon6_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopHead:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_1)"
+unfolding M_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_9 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_1_def M_before_passive_prog.block_9_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(1)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule M_before_cfg_to_dag_prog.node_1)
+apply (rule M_before_passive_prog.node_9)
+apply (assumption+)
+apply (rule block_anon6_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon6_LoopHead)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:M_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=8])
+apply ((simp add:M_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_10 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_0_def M_before_passive_prog.block_10_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_0)
+apply (rule M_before_passive_prog.node_10)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=9])
+apply ((simp add:M_before_passive_prog.outEdges_10))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:M_before_passive_prog.outEdges_11))
+by ((simp add:M_before_passive_prog.node_11 M_before_passive_prog.block_11_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule M_before_passive_prog.node_12)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding M_before_passive_prog.block_12_def
+apply (rule assume_pres_normal[where ?es=M_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding M_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule M_before_passive_prog.outEdges_12)
+apply ((simp add:M_before_passive_prog.node_11 M_before_passive_prog.block_11_def))
+apply (rule M_before_passive_prog.outEdges_11)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_3::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule M_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passification_proof.thy
new file mode 100644
index 0000000..8a4a2c1
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passification_proof.thy
@@ -0,0 +1,422 @@
+theory M_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog M_passive_prog Boogie_Lang.PassificationML M_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_0_def M_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_1_def M_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [12] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 0) = (Some (Inl 11)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [12])) (update_nstate_rel R [(1,(Inl 12))]) R_old M_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_2_def M_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_3(2)))
+by simp
+
+lemma block_anon8_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 11)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_3_def M_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [11] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 0) = (Some (Inl 10)))" and 
+"((R 1) = (Some (Inl 9)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [11])) (update_nstate_rel R [(0,(Inl 11))]) R_old M_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_4_def M_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_4(2)))
+by simp
+
+lemma block_anon5:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_5_def M_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_6_def M_passive_prog.block_6_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9,10] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9,10])) (update_nstate_rel R [(1,(Inl 9)),(0,(Inl 10))]) R_old M_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_7_def M_passive_prog.block_7_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_2(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_3(2)))
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 0) = (Some (Inl 7)))" and 
+"((R 1) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old M_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_8_def M_passive_prog.block_8_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6,7] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6,7])) (update_nstate_rel R [(1,(Inl 6)),(0,(Inl 7))]) R_old M_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_9_def M_passive_prog.block_9_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_1(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_10 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4,5] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4,5])) (update_nstate_rel R [(0,(Inl 3)),(1,(Inl 4)),(2,(Inl 5))]) R_old M_passive_prog.block_10 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_10_def M_passive_prog.block_10_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_0(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_0(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_z(2) M_passive_prog.l_z_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_11 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_11 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_11_def M_passive_prog.block_11_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_12 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_12 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_12_def M_passive_prog.block_12_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_0},@{thm M_before_passive_prog.outEdges_0}) (@{thm M_passive_prog.node_0},@{thm M_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_1},@{thm M_before_passive_prog.outEdges_1}) (@{thm M_passive_prog.node_1},@{thm M_passive_prog.outEdges_1}) @{thm block_anon6_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon8_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 12 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 0) = (Some (Inl 11)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_2},@{thm M_before_passive_prog.outEdges_2}) (@{thm M_passive_prog.node_2},@{thm M_passive_prog.outEdges_2}) @{thm block_anon8_Then} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon8_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 11)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_3},@{thm M_before_passive_prog.outEdges_3}) (@{thm M_passive_prog.node_3},@{thm M_passive_prog.outEdges_3}) @{thm block_anon8_Else} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 0) = (Some (Inl 10)))" and 
+"((R 1) = (Some (Inl 9)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_4},@{thm M_before_passive_prog.outEdges_4}) (@{thm M_passive_prog.node_4},@{thm M_passive_prog.outEdges_4}) @{thm block_anon7_LoopBody} [
+@{thm cfg_block_anon8_Then}, 
+@{thm cfg_block_anon8_Else}] 1\<close>))
+
+lemma cfg_block_anon5:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_5},@{thm M_before_passive_prog.outEdges_5}) (@{thm M_passive_prog.node_5},@{thm M_passive_prog.outEdges_5}) @{thm block_anon5} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_6},@{thm M_before_passive_prog.outEdges_6}) (@{thm M_passive_prog.node_6},@{thm M_passive_prog.outEdges_6}) @{thm block_anon7_LoopDone} [
+@{thm cfg_block_anon5}] 1\<close>))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_7},@{thm M_before_passive_prog.outEdges_7}) (@{thm M_passive_prog.node_7},@{thm M_passive_prog.outEdges_7}) @{thm block_anon7_LoopHead} [
+@{thm cfg_block_anon7_LoopDone}, 
+@{thm cfg_block_anon7_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 0) = (Some (Inl 7)))" and 
+"((R 1) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_8},@{thm M_before_passive_prog.outEdges_8}) (@{thm M_passive_prog.node_8},@{thm M_passive_prog.outEdges_8}) @{thm block_anon6_LoopBody} [
+@{thm cfg_block_anon7_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_9},@{thm M_before_passive_prog.outEdges_9}) (@{thm M_passive_prog.node_9},@{thm M_passive_prog.outEdges_9}) @{thm block_anon6_LoopHead} [
+@{thm cfg_block_anon6_LoopDone}, 
+@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_10},@{thm M_before_passive_prog.outEdges_10}) (@{thm M_passive_prog.node_10},@{thm M_passive_prog.outEdges_10}) @{thm block_anon0} [
+@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 11)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_11},@{thm M_before_passive_prog.outEdges_11}) (@{thm M_passive_prog.node_11},@{thm M_passive_prog.outEdges_11}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 12)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_12},@{thm M_before_passive_prog.outEdges_12}) (@{thm M_passive_prog.node_12},@{thm M_passive_prog.outEdges_12}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_3::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls ns M_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv M_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using M_before_passive_prog.globals_locals_disj apply auto[1]
+using M_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body u (Inl 12)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range M_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body ((Inl 12),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from M_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passive_prog.thy
new file mode 100644
index 0000000..f276df4
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passive_prog.thy
@@ -0,0 +1,295 @@
+theory M_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 6)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (BinOp (Var 11) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assume (BinOp (Var 12) Eq (BinOp (Var 5) Add (Lit (LInt 7))))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 11) Sub (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 11) Eq (BinOp (BinOp (Var 10) Add (Var 9)) Add (Var 5))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (Lit (LBool False)))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = []"
+definition block_8
+  where
+    "block_8  = [(Assume (BinOp (Var 6) Gt (Lit (LInt 10)))),(Assume (BinOp (Var 8) Eq (BinOp (Var 7) Mul (Lit (LInt 10)))))]"
+definition block_9
+  where
+    "block_9  = []"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = []"
+definition block_12
+  where
+    "block_12  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[2,3],[0],[5],[6,4],[7],[1,8],[9],[10],[11]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 12,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [1,8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(10,(TPrim TInt),(None )),(11,(TPrim TInt),(None )),(12,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) = {})"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z_0:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_3:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_4:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 11) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_3:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 12) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z_0:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_3:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_4:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_4
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_3:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 12) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 12) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_vcphase_proof.thy
new file mode 100644
index 0000000..085beb0
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_vcphase_proof.thy
@@ -0,0 +1,455 @@
+theory M_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML M_passive_prog M_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_z :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_z_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_y_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int" and vc_y_3 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_z)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_0)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_z_0)))" and 
+G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_y_1)))" and 
+G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_x_1)))" and 
+G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_2)))" and 
+G9: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_y_2)))" and 
+G10: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_x_3)))" and 
+G11: "((lookup_var \<Lambda> n_s 11) = (Some (IntV vc_x_4)))" and 
+G12: "((lookup_var \<Lambda> n_s 12) = (Some (IntV vc_y_3)))" and 
+G13: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11 G12 G13
+lemmas forall_poly_thm = forall_vc_type[OF G13]
+lemmas exists_poly_thm = exists_vc_type[OF G13]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding M_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon6_LoopDone_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon6_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding M_passive_prog.block_1_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_Then_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon8_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding M_passive_prog.block_2_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_Else_hints = [
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon8_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding M_passive_prog.block_3_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_Else_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon7_LoopBody_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon7_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+unfolding M_passive_prog.block_4_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_hints = [
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon7_LoopDone:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding M_passive_prog.block_5_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_hints \<close>)
+by (auto?)
+
+lemma block_anon7_LoopDoneAA0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_6 (Normal n_s) s')" and 
+"(vc.vc_anon0 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
+using assms
+unfolding M_passive_prog.block_6_def
+apply cases
+by auto
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_7 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_7_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon6_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon6_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+unfolding M_passive_prog.block_8_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
+by (auto?)
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_9 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_9_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_10 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_10_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_11 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_11_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_12 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding M_passive_prog.block_12_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) M_passive_prog.node_0 M_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) M_passive_prog.node_1])
+apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_2])
+by (erule block_anon8_ThenAA0[OF _ assms(2)])
+
+lemma cfg_block_anon8_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_3])
+by (erule block_anon8_ElseAA0[OF _ assms(2)])
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_4])
+apply (erule block_anon7_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_5])
+by (erule block_anon7_LoopDone[OF _ assms(2)])
+
+lemma cfg_block_anon7_LoopDoneAA0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_6])
+apply (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_7])
+apply (erule block_anon7_LoopHead[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopDoneAA0, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_8])
+apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_9])
+apply (erule block_anon6_LoopHead[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_10])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_10))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_11])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_11))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_12])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_12))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<Gamma> [] M_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_3::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s M_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((M_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x])
+apply (subst lookup_var_local[OF M_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y])
+apply (subst lookup_var_local[OF M_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z])
+apply (subst lookup_var_local[OF M_passive_prog.m_z])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z_0:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z_0])
+apply (subst lookup_var_local[OF M_passive_prog.m_z_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_3])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 11) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 11)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 11))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_4])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_4])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_3:"(((lookup_var ?\<Lambda> n_s 12) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 12)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 12))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_3])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_z])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_z_0])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (rule HOL.conjunct1[OF sc_x_3])
+apply (rule HOL.conjunct1[OF sc_x_4])
+apply (rule HOL.conjunct1[OF sc_y_3])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/ROOT
new file mode 100644
index 0000000..52fb0f5
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/ROOT
@@ -0,0 +1,12 @@
+session no_guard_loop3_proofs = Boogie_Lang + 
+directories M_proofs
+theories
+global_data
+"M_proofs/M_before_ast_to_cfg_prog"
+"M_proofs/M_passive_prog"
+"M_proofs/M_asttocfg_proof"
+"M_proofs/M_passification_proof"
+"M_proofs/M_before_passive_prog"
+"M_proofs/M_vcphase_proof"
+"M_proofs/M_before_cfg_to_dag_prog"
+"M_proofs/M_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_asttocfg_proof.thy
new file mode 100644
index 0000000..e88a3c5
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_asttocfg_proof.thy
@@ -0,0 +1,678 @@
+theory M_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_cfgtodag_proof M_passification_proof M_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_8:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_8])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
+
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
+apply (simp)
+apply (simp)
+apply (rule cont_8_def)
+apply (rule M_before_cfg_to_dag_prog.node_9)
+apply (rule disjI1)
+apply (rule M_before_cfg_to_dag_prog.block_9_def)
+apply (rule M_before_cfg_to_dag_prog.outEdges_9)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: M_before_cfg_to_dag_prog.node_9)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_7:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV False))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_7])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
+
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
+apply (rule M_before_cfg_to_dag_prog.node_8)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule M_before_cfg_to_dag_prog.block_8_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_7_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_8)
+
+
+
+
+apply ((erule allE[where x=1])+)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_8)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) (Normal ns1')))))"
+unfolding M_before_cfg_to_dag_prog.block_7_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: M_before_cfg_to_dag_prog.block_7_def)
+apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_6_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
+apply (rule M_before_cfg_to_dag_prog.node_7)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule M_before_cfg_to_dag_prog.block_7_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_6_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_7)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_6)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=1])+)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_7)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(guard_of_enclosing_loop = (None ))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: M_before_cfg_to_dag_prog.block_6_def M_before_ast_to_cfg_prog.bigblock_5_def)
+
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_5_def)
+apply (rule M_before_cfg_to_dag_prog.node_6)
+apply (rule disjI1)
+
+
+
+apply (simp add: M_before_cfg_to_dag_prog.block_6_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+
+
+
+
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 7])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_6)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_6)
+apply (simp add: cont_5_def M_before_ast_to_cfg_prog.bigblock_6_def cont_6_def )
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+
+apply ((erule allE[where x = 8])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_6)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_7)
+apply (simp add: cont_5_def M_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+done
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+unfolding M_before_cfg_to_dag_prog.block_4_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: M_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_4_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_3 cont_3 M_before_cfg_to_dag_prog.proc_body 3 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule M_before_cfg_to_dag_prog.node_4)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule M_before_cfg_to_dag_prog.block_4_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_4_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_4)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_4)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=3])+)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3 _ _ _ M_before_cfg_to_dag_prog.block_3])
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def M_before_cfg_to_dag_prog.block_3_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3])
+apply ((simp add:M_before_ast_to_cfg_prog.bigblock_3_def)+)
+apply ((simp add:M_before_cfg_to_dag_prog.block_3_def M_before_cfg_to_dag_prog.node_3)+)
+apply (rule cont_3_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def M_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_3_def cont_4_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 5])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_5)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_5)
+apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_5)
+apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: M_before_cfg_to_dag_prog.block_2_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: M_before_cfg_to_dag_prog.block_2_def M_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(guard_of_enclosing_loop = (None ))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
+apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
+apply (rule M_before_cfg_to_dag_prog.node_2)
+apply (rule disjI1)
+
+
+
+apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: M_before_cfg_to_dag_prog.node_2)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(personal_guard = (None ))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1 _ _ _ M_before_cfg_to_dag_prog.block_1])
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def M_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:M_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:M_before_cfg_to_dag_prog.block_1_def M_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+apply ((simp)+)
+apply (erule disjE)
+defer
+apply ((erule allE[where x = 2])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def M_before_ast_to_cfg_prog.bigblock_2_def cont_2_def M_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule guardHint)
+apply ((erule allE[where x = 9])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply ((blast)+)
+
+
+
+
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_8)
+apply (simp)
+apply ((blast)+)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+done
+qed
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: M_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: M_before_cfg_to_dag_prog.block_0_def M_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0 _ M_before_cfg_to_dag_prog.block_0])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
+apply (rule M_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: M_before_cfg_to_dag_prog.node_0)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_2::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_M_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_8] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_8_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_2::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) M_before_ast_to_cfg_prog.fdecls M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls M_before_ast_to_cfg_prog.axioms M_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding M_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 M_before_ast_to_cfg_prog.ast_proc_def M_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..ce2eb13
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
@@ -0,0 +1,171 @@
+theory M_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1),(Havoc 2)] (Some (WhileWrapper (ParsedWhile (None ) [] [(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (None ) [] [(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))"
+definition bigblock_7
+  where
+    "bigblock_7  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_8
+  where
+    "bigblock_8  = (BigBlock (None ) [] (None ) (None ))"
+definition cont_8
+  where
+    "cont_8  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_8 cont_8)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_8 cont_8 ))"
+definition cont_5
+  where
+    "cont_5  = (KSeq bigblock_1 cont_1)"
+definition cont_6
+  where
+    "cont_6  = (KSeq bigblock_1 cont_1)"
+definition cont_7
+  where
+    "cont_7  = (KSeq bigblock_1 cont_1)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_5 cont_5)"
+definition cont_3
+  where
+    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_8]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = M_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.post),proc_body = (Some (M_before_ast_to_cfg_prog.locals_vdecls,M_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..986f60d
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
@@ -0,0 +1,233 @@
+theory M_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))]"
+definition block_8
+  where
+    "block_8  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10)))))]"
+definition block_9
+  where
+    "block_9  = []"
+definition outEdges
+  where
+    "outEdges  = [[1],[9,2],[3],[5,4],[3],[6],[7,8],[1],[1],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [9,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [5,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [7,8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = M_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.post),proc_body = (Some (M_before_cfg_to_dag_prog.locals_vdecls,M_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_passive_prog.thy
similarity index 63%
rename from BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_passive_prog.thy
index 92b57e1..35d4e2b 100644
--- a/BoogieLang/generated_example_proofs/nested_loop2_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_passive_prog.thy
@@ -1,39 +1,39 @@
-theory nested_loop2_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop2_before_cfg_to_dag_prog
+theory M_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
 begin
 definition block_0
   where
     "block_0  = []"
 definition block_1
   where
-    "block_1  = [(Assume (UnOp Not (Lit (LBool True))))]"
+    "block_1  = []"
 definition block_2
   where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0))),(Assume (Lit (LBool False)))]"
+    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10)))),(Assume (Lit (LBool False)))]"
 definition block_3
   where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_3  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7)))),(Assume (Lit (LBool False)))]"
 definition block_4
   where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
+    "block_4  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
 definition block_5
   where
-    "block_5  = [(Havoc 1),(Assume (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+    "block_5  = []"
 definition block_6
   where
-    "block_6  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
+    "block_6  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
 definition block_7
   where
-    "block_7  = [(Havoc 0),(Havoc 1),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+    "block_7  = [(Havoc 0)]"
 definition block_8
   where
-    "block_8  = [(Assume (Lit (LBool True))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
+    "block_8  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))]"
 definition block_9
   where
-    "block_9  = [(Havoc 0),(Havoc 1)]"
+    "block_9  = [(Havoc 1),(Havoc 0)]"
 definition block_10
   where
-    "block_10  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]"
+    "block_10  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
 definition block_11
   where
     "block_11  = []"
@@ -42,7 +42,7 @@ definition block_12
     "block_12  = []"
 definition outEdges
   where
-    "outEdges  = [[],[0],[0],[0],[0],[3,4],[5],[2,6],[7],[1,8],[9],[10],[11]]"
+    "outEdges  = [[],[0],[0],[0],[0],[3,4],[5],[6,2],[7],[1,8],[9],[10],[11]]"
 definition node_to_blocks
   where
     "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
@@ -130,7 +130,7 @@ shows "((nth (out_edges proc_body) 6) = [5])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [2,6])"
+shows "((nth (out_edges proc_body) 7) = [6,2])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma outEdges_8:
@@ -154,18 +154,18 @@ shows "((nth (out_edges proc_body) 12) = [11])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_cfgtodag_proof.thy
new file mode 100644
index 0000000..cd75e46
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_cfgtodag_proof.thy
@@ -0,0 +1,711 @@
+theory M_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_before_passive_prog M_passification_proof M_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def M_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule M_before_passive_prog.node_0)
+apply simp
+unfolding M_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_9_def M_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule M_before_cfg_to_dag_prog.node_9)
+apply (rule M_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon6_LoopDone)
+apply assumption+
+apply (rule M_before_cfg_to_dag_prog.outEdges_9)
+apply (rule M_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon7_LoopBody:
+shows "(mods_contained_in (set [0]) M_before_cfg_to_dag_prog.block_4)"
+unfolding M_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_4_def M_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0] [] M_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_4)
+apply (rule M_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon7_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon7_LoopBody)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon7_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_Then:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_7)"
+unfolding M_before_cfg_to_dag_prog.block_7_def
+by simp
+
+lemma block_anon8_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_3 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_7_def M_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_7)
+apply (rule M_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon8_Then)
+apply (assumption+)
+apply (rule Mods_anon8_Then)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_Else:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_8)"
+unfolding M_before_cfg_to_dag_prog.block_8_def
+by simp
+
+lemma block_anon8_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_4 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_8_def M_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_8)
+apply (rule M_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon8_Else)
+apply (assumption+)
+apply (rule Mods_anon8_Else)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon3:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_6)"
+unfolding M_before_cfg_to_dag_prog.block_6_def
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_6_def M_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_6)
+apply (rule M_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon3)
+apply (assumption+)
+apply (rule Mods_anon3)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:M_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon6_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:M_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon6_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_LoopDone:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_5)"
+unfolding M_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_5_def M_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_5)
+apply (rule M_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon7_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon7_LoopDone)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:M_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon6_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_LoopHead:
+shows "(mods_contained_in (set [0]) M_before_cfg_to_dag_prog.block_3)"
+unfolding M_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_3_def M_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule M_before_cfg_to_dag_prog.node_3)
+apply (rule M_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon7_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon7_LoopHead)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:M_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:M_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon6_LoopBody:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_2)"
+unfolding M_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_2_def M_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_2)
+apply (rule M_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon6_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon6_LoopBody)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:M_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon6_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopHead:
+shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_1)"
+unfolding M_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_9 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_1_def M_before_passive_prog.block_9_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(1)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule M_before_cfg_to_dag_prog.node_1)
+apply (rule M_before_passive_prog.node_9)
+apply (assumption+)
+apply (rule block_anon6_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon6_LoopHead)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:M_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=8])
+apply ((simp add:M_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_10 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_0_def M_before_passive_prog.block_10_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_0)
+apply (rule M_before_passive_prog.node_10)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=9])
+apply ((simp add:M_before_passive_prog.outEdges_10))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:M_before_passive_prog.outEdges_11))
+by ((simp add:M_before_passive_prog.node_11 M_before_passive_prog.block_11_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule M_before_passive_prog.node_12)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding M_before_passive_prog.block_12_def
+apply (rule assume_pres_normal[where ?es=M_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding M_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule M_before_passive_prog.outEdges_12)
+apply ((simp add:M_before_passive_prog.node_11 M_before_passive_prog.block_11_def))
+apply (rule M_before_passive_prog.outEdges_11)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_2::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule M_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passification_proof.thy
new file mode 100644
index 0000000..a76507a
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passification_proof.thy
@@ -0,0 +1,429 @@
+theory M_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog M_passive_prog Boogie_Lang.PassificationML M_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_0_def M_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_1_def M_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [10] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 9)))" and 
+"((R 1) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [10])) (update_nstate_rel R [(0,(Inl 10))]) R_old M_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_2_def M_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_4(2)))
+by simp
+
+lemma block_anon8_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [11] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 0) = (Some (Inl 9)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [11])) (update_nstate_rel R [(1,(Inl 11))]) R_old M_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_3_def M_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_2(2)))
+by simp
+
+lemma block_anon8_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 9)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_4_def M_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 0) = (Some (Inl 9)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_5_def M_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 0) = (Some (Inl 9)))" and 
+"((R 1) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_6_def M_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 6)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9])) (update_nstate_rel R [(0,(Inl 9))]) R_old M_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_7_def M_passive_prog.block_7_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_3(2)))
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 6)))" and 
+"((R 0) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old M_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_8_def M_passive_prog.block_8_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6,7] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6,7])) (update_nstate_rel R [(1,(Inl 6)),(0,(Inl 7))]) R_old M_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_9_def M_passive_prog.block_9_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_1(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_10 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4,5] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4,5])) (update_nstate_rel R [(0,(Inl 3)),(1,(Inl 4)),(2,(Inl 5))]) R_old M_passive_prog.block_10 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_10_def M_passive_prog.block_10_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_0(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_0(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_z(2) M_passive_prog.l_z_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_11 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_11 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_11_def M_passive_prog.block_11_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_12 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_12 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_12_def M_passive_prog.block_12_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_0},@{thm M_before_passive_prog.outEdges_0}) (@{thm M_passive_prog.node_0},@{thm M_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_1},@{thm M_before_passive_prog.outEdges_1}) (@{thm M_passive_prog.node_1},@{thm M_passive_prog.outEdges_1}) @{thm block_anon6_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 10 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 9)))" and 
+"((R 1) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_2},@{thm M_before_passive_prog.outEdges_2}) (@{thm M_passive_prog.node_2},@{thm M_passive_prog.outEdges_2}) @{thm block_anon7_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon8_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 0) = (Some (Inl 9)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_3},@{thm M_before_passive_prog.outEdges_3}) (@{thm M_passive_prog.node_3},@{thm M_passive_prog.outEdges_3}) @{thm block_anon8_Then} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon8_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 9)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_4},@{thm M_before_passive_prog.outEdges_4}) (@{thm M_passive_prog.node_4},@{thm M_passive_prog.outEdges_4}) @{thm block_anon8_Else} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 0) = (Some (Inl 9)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_5},@{thm M_before_passive_prog.outEdges_5}) (@{thm M_passive_prog.node_5},@{thm M_passive_prog.outEdges_5}) @{thm block_anon3} [
+@{thm cfg_block_anon8_Then}, 
+@{thm cfg_block_anon8_Else}] 1\<close>))
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 0) = (Some (Inl 9)))" and 
+"((R 1) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_6},@{thm M_before_passive_prog.outEdges_6}) (@{thm M_passive_prog.node_6},@{thm M_passive_prog.outEdges_6}) @{thm block_anon7_LoopDone} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 6)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_7},@{thm M_before_passive_prog.outEdges_7}) (@{thm M_passive_prog.node_7},@{thm M_passive_prog.outEdges_7}) @{thm block_anon7_LoopHead} [
+@{thm cfg_block_anon7_LoopDone}, 
+@{thm cfg_block_anon7_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 6)))" and 
+"((R 0) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_8},@{thm M_before_passive_prog.outEdges_8}) (@{thm M_passive_prog.node_8},@{thm M_passive_prog.outEdges_8}) @{thm block_anon6_LoopBody} [
+@{thm cfg_block_anon7_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_9},@{thm M_before_passive_prog.outEdges_9}) (@{thm M_passive_prog.node_9},@{thm M_passive_prog.outEdges_9}) @{thm block_anon6_LoopHead} [
+@{thm cfg_block_anon6_LoopDone}, 
+@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_10},@{thm M_before_passive_prog.outEdges_10}) (@{thm M_passive_prog.node_10},@{thm M_passive_prog.outEdges_10}) @{thm block_anon0} [
+@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 11)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_11},@{thm M_before_passive_prog.outEdges_11}) (@{thm M_passive_prog.node_11},@{thm M_passive_prog.outEdges_11}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 12)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_12},@{thm M_before_passive_prog.outEdges_12}) (@{thm M_passive_prog.node_12},@{thm M_passive_prog.outEdges_12}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_2::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls ns M_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv M_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using M_before_passive_prog.globals_locals_disj apply auto[1]
+using M_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body u (Inl 12)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range M_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body ((Inl 12),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from M_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passive_prog.thy
new file mode 100644
index 0000000..b2575fd
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passive_prog.thy
@@ -0,0 +1,286 @@
+theory M_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 6) Gt (Lit (LInt 10)))),(Assume (BinOp (Var 10) Eq (BinOp (Var 9) Mul (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (BinOp (Var 9) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assume (BinOp (Var 11) Eq (BinOp (Var 5) Add (Lit (LInt 7))))),(Assume (Lit (LBool False)))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 9) Sub (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 6)))]"
+definition block_7
+  where
+    "block_7  = []"
+definition block_8
+  where
+    "block_8  = [(Assume (BinOp (Var 8) Eq (BinOp (BinOp (Var 7) Add (Var 6)) Add (Var 5))))]"
+definition block_9
+  where
+    "block_9  = []"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = []"
+definition block_12
+  where
+    "block_12  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[0],[3,4],[5],[6,2],[7],[1,8],[9],[10],[11]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 12,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [1,8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(10,(TPrim TInt),(None )),(11,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) = {})"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z_0:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_3:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_4:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 11) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z_0:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_3:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_4:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_4
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_vcphase_proof.thy
new file mode 100644
index 0000000..cd9d054
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_vcphase_proof.thy
@@ -0,0 +1,447 @@
+theory M_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML M_passive_prog M_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_z :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_z_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int" and vc_y_2 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_z)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_0)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_z_0)))" and 
+G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_y_1)))" and 
+G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_x_1)))" and 
+G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_2)))" and 
+G9: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_x_3)))" and 
+G10: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_x_4)))" and 
+G11: "((lookup_var \<Lambda> n_s 11) = (Some (IntV vc_y_2)))" and 
+G12: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11 G12
+lemmas forall_poly_thm = forall_vc_type[OF G12]
+lemmas exists_poly_thm = exists_vc_type[OF G12]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding M_passive_prog.block_0_def
+apply cases
+by auto
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_1 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding M_passive_prog.block_1_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon7_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon7_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding M_passive_prog.block_2_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_Then_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon8_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding M_passive_prog.block_3_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon8_Else_hints = [
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon8_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding M_passive_prog.block_4_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_5 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_5_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon7_LoopDone_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon7_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+unfolding M_passive_prog.block_6_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon7_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_7 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_7_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon6_LoopBody_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon6_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+unfolding M_passive_prog.block_8_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
+by (auto?)
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_9 (Normal n_s) s')" and 
+"(vc.vc_anon0 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
+using assms
+unfolding M_passive_prog.block_9_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_10 (Normal n_s) s')" and 
+"(vc.vc_anon0 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
+using assms
+unfolding M_passive_prog.block_10_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_11 (Normal n_s) s')" and 
+"(vc.vc_anon0 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
+using assms
+unfolding M_passive_prog.block_11_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_12 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding M_passive_prog.block_12_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) M_passive_prog.node_0 M_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) M_passive_prog.node_1])
+apply (erule block_anon6_LoopDone)
+apply ((simp add:M_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_2])
+by (erule block_anon7_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon8_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_3])
+by (erule block_anon8_ThenAA0[OF _ assms(2)])
+
+lemma cfg_block_anon8_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_4])
+by (erule block_anon8_ElseAA0[OF _ assms(2)])
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_5])
+apply (erule block_anon3[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_6])
+apply (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_7])
+apply (erule block_anon7_LoopHead[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_8])
+apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_9])
+apply (erule block_anon6_LoopHead[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_10])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_10))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_11])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_11))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_12])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_12))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<Gamma> [] M_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_2::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s M_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((M_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x])
+apply (subst lookup_var_local[OF M_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y])
+apply (subst lookup_var_local[OF M_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z])
+apply (subst lookup_var_local[OF M_passive_prog.m_z])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z_0:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z_0])
+apply (subst lookup_var_local[OF M_passive_prog.m_z_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_3])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_4])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_4])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 11) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 11)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 11))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_z])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_z_0])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (rule HOL.conjunct1[OF sc_x_3])
+apply (rule HOL.conjunct1[OF sc_x_4])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/ROOT
new file mode 100644
index 0000000..ab4bdf6
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/ROOT
@@ -0,0 +1,12 @@
+session no_guard_loop4_proofs = Boogie_Lang + 
+directories M_proofs
+theories
+global_data
+"M_proofs/M_before_ast_to_cfg_prog"
+"M_proofs/M_passive_prog"
+"M_proofs/M_asttocfg_proof"
+"M_proofs/M_passification_proof"
+"M_proofs/M_before_passive_prog"
+"M_proofs/M_vcphase_proof"
+"M_proofs/M_before_cfg_to_dag_prog"
+"M_proofs/M_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_asttocfg_proof.thy
new file mode 100644
index 0000000..1ee1693
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_asttocfg_proof.thy
@@ -0,0 +1,732 @@
+theory M_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_cfgtodag_proof M_passification_proof M_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_9:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_9,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_11 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_11 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_9])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_9_def M_before_cfg_to_dag_prog.block_11_def)
+apply ((simp add: M_before_cfg_to_dag_prog.block_11_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: M_before_cfg_to_dag_prog.block_11_def M_before_ast_to_cfg_prog.bigblock_9_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_9:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_9,cont_9,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_9])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_9_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_9_def)
+apply (simp)
+apply (simp)
+apply (rule cont_9_def)
+apply (rule M_before_cfg_to_dag_prog.node_11)
+apply (rule disjI1)
+apply (rule M_before_cfg_to_dag_prog.block_11_def)
+apply (rule M_before_cfg_to_dag_prog.outEdges_11)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: M_before_cfg_to_dag_prog.node_11)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_9)
+apply assumption+
+
+done
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_8:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_8,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_8])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def M_before_cfg_to_dag_prog.block_9_def)
+apply ((simp add: M_before_cfg_to_dag_prog.block_9_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: M_before_cfg_to_dag_prog.block_9_def M_before_ast_to_cfg_prog.bigblock_8_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_8:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(guard_of_enclosing_loop = (None ))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_8])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
+apply (rule M_before_cfg_to_dag_prog.node_9)
+apply (rule disjI1)
+apply (rule M_before_cfg_to_dag_prog.block_9_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_8_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_9)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_8)
+apply assumption
+apply (simp)
+apply ((erule allE[where x=1])+)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_9)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_7:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV False))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_7])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
+
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
+apply (rule M_before_cfg_to_dag_prog.node_8)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule M_before_cfg_to_dag_prog.block_8_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_gt)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_7_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_8)
+
+
+
+
+apply ((erule allE[where x = 9])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_8)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_8)
+
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply blast+
+done
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) (Normal ns1')))))"
+unfolding M_before_cfg_to_dag_prog.block_7_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: M_before_cfg_to_dag_prog.block_7_def)
+apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_6_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
+apply (rule M_before_cfg_to_dag_prog.node_7)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule M_before_cfg_to_dag_prog.block_7_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_6_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_7)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_6)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x = 9])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_7)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_8)
+
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply blast+
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(guard_of_enclosing_loop = (None ))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: M_before_cfg_to_dag_prog.block_6_def M_before_ast_to_cfg_prog.bigblock_5_def)
+
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_5_def)
+apply (rule M_before_cfg_to_dag_prog.node_6)
+apply (rule disjI1)
+
+
+
+apply (simp add: M_before_cfg_to_dag_prog.block_6_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+
+
+
+
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 7])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_6)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_6)
+apply (simp add: cont_5_def M_before_ast_to_cfg_prog.bigblock_6_def cont_6_def )
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+
+apply ((erule allE[where x = 8])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_6)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_7)
+apply (simp add: cont_5_def M_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+done
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
+unfolding M_before_cfg_to_dag_prog.block_4_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: M_before_cfg_to_dag_prog.block_4_def)
+apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_4_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_3 cont_3 M_before_cfg_to_dag_prog.proc_body 3 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule M_before_cfg_to_dag_prog.node_4)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule M_before_cfg_to_dag_prog.block_4_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_4_def)
+apply (simp add: M_before_cfg_to_dag_prog.node_4)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_4)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=3])+)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3 _ _ _ M_before_cfg_to_dag_prog.block_3])
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def M_before_cfg_to_dag_prog.block_3_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3])
+apply ((simp add:M_before_ast_to_cfg_prog.bigblock_3_def)+)
+apply ((simp add:M_before_cfg_to_dag_prog.block_3_def M_before_cfg_to_dag_prog.node_3)+)
+apply (rule cont_3_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_3_def M_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_3_def cont_4_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper3)
+apply ((simp)+)
+
+apply ((erule allE[where x = 5])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_5)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_5)
+apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_5)
+apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
+apply ((simp add: member_rec)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule less(5))
+apply (rule strictly_smaller_helper4)
+apply ((simp)+)
+done
+qed
+qed
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(guard_of_enclosing_loop = (None ))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
+apply (rule correctness_propagates_through_empty)
+using assms(2)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_2)
+apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
+
+
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_empty2)
+using assms(3)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_2)
+apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
+
+
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec)
+apply ((simp)+)
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule strictly_smaller_helper2)
+apply ((simp)+)
+done
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(personal_guard = (None ))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1 _ _ _ M_before_cfg_to_dag_prog.block_1])
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def M_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:M_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:M_before_cfg_to_dag_prog.block_1_def M_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+apply ((simp)+)
+apply (erule disjE)
+defer
+apply ((erule allE[where x = 2])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def M_before_ast_to_cfg_prog.bigblock_2_def cont_2_def M_before_ast_to_cfg_prog.bigblock_5_def cont_5_def M_before_ast_to_cfg_prog.bigblock_8_def cont_8_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+apply (rule guardHint)
+apply ((erule allE[where x = 10])+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply ((blast)+)
+
+
+
+
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_9)
+apply (simp)
+
+apply (rule correctness_propagates_through_empty)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_10)
+apply (simp add: M_before_cfg_to_dag_prog.block_10_def)
+
+apply (simp)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_10)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_empty2)
+apply blast
+apply (simp add: M_before_cfg_to_dag_prog.node_10)
+apply (simp add: M_before_cfg_to_dag_prog.block_10_def)
+
+apply (simp)
+apply (simp add: M_before_cfg_to_dag_prog.outEdges_10)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_M_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: M_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: M_before_cfg_to_dag_prog.block_0_def M_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_M_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0 _ M_before_cfg_to_dag_prog.block_0])
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
+apply (rule M_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: M_before_cfg_to_dag_prog.node_0)
+apply (rule rel_M_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: M_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: M_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int) (vc_z_1::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_M_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_9] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_9_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int) (vc_z_1::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) M_before_ast_to_cfg_prog.fdecls M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls M_before_ast_to_cfg_prog.axioms M_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding M_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 M_before_ast_to_cfg_prog.ast_proc_def M_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..6be8b66
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
@@ -0,0 +1,177 @@
+theory M_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1),(Havoc 2)] (Some (WhileWrapper (ParsedWhile (None ) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None )),(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (None ) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None )),(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))])) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))"
+definition bigblock_7
+  where
+    "bigblock_7  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_8
+  where
+    "bigblock_8  = (BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (None ) (None ))"
+definition bigblock_9
+  where
+    "bigblock_9  = (BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 2))))] (None ) (None ))"
+definition cont_9
+  where
+    "cont_9  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_9 cont_9)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_9 cont_9 ))"
+definition cont_8
+  where
+    "cont_8  = (KSeq bigblock_1 cont_1)"
+definition cont_5
+  where
+    "cont_5  = (KSeq bigblock_8 cont_8)"
+definition cont_6
+  where
+    "cont_6  = (KSeq bigblock_8 cont_8)"
+definition cont_7
+  where
+    "cont_7  = (KSeq bigblock_8 cont_8)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_5 cont_5)"
+definition cont_3
+  where
+    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_3 cont_3)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_9]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding M_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = M_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.post),proc_body = (Some (M_before_ast_to_cfg_prog.locals_vdecls,M_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..b95ff29
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
@@ -0,0 +1,255 @@
+theory M_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))]"
+definition block_5
+  where
+    "block_5  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))]"
+definition block_8
+  where
+    "block_8  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10)))))]"
+definition block_9
+  where
+    "block_9  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))]"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 2))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[10,2],[3],[5,4],[3],[6],[7,8],[9],[9],[1],[11],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [10,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [5,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [7,8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [11])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding M_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = M_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.post),proc_body = (Some (M_before_cfg_to_dag_prog.locals_vdecls,M_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_passive_prog.thy
new file mode 100644
index 0000000..dfc1207
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_passive_prog.thy
@@ -0,0 +1,194 @@
+theory M_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10)))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10)))))]"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
+definition block_7
+  where
+    "block_7  = [(Havoc 0)]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 2))))]"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = [(Havoc 0),(Havoc 1)]"
+definition block_12
+  where
+    "block_12  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
+definition block_13
+  where
+    "block_13  = []"
+definition block_14
+  where
+    "block_14  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[2],[3,4],[5],[6,1],[7],[0],[9],[10,8],[11],[12],[13]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 14,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_13:
+shows "((nth (node_to_block proc_body) 13) = block_13)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_14:
+shows "((nth (node_to_block proc_body) 14) = block_14)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10,8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_13:
+shows "((nth (out_edges proc_body) 13) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_14:
+shows "((nth (out_edges proc_body) 14) = [13])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_cfgtodag_proof.thy
new file mode 100644
index 0000000..5408f30
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_cfgtodag_proof.thy
@@ -0,0 +1,820 @@
+theory M_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_before_passive_prog M_passification_proof M_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def M_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule M_before_passive_prog.node_0)
+apply simp
+unfolding M_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma Mods_anon9_LoopBody:
+shows "(mods_contained_in (set [0]) M_before_cfg_to_dag_prog.block_4)"
+unfolding M_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon9_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_1 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_4_def M_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon9_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon9_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0] [] M_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_4)
+apply (rule M_before_passive_prog.node_1)
+apply (assumption+)
+apply (rule block_anon9_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon9_LoopBody)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon9_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_9)"
+unfolding M_before_cfg_to_dag_prog.block_9_def
+by simp
+
+lemma block_anon6:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_9_def M_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_9)
+apply (rule M_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon6)
+apply (assumption+)
+apply (rule Mods_anon6)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_9))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_9))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon8_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon10_Then:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_7)"
+unfolding M_before_cfg_to_dag_prog.block_7_def
+by simp
+
+lemma block_anon10_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_7_def M_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon10_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_7)
+apply (rule M_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon10_Then)
+apply (assumption+)
+apply (rule Mods_anon10_Then)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:M_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon8_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon10_Else:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_8)"
+unfolding M_before_cfg_to_dag_prog.block_8_def
+by simp
+
+lemma block_anon10_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_8_def M_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon10_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_8)
+apply (rule M_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon10_Else)
+apply (assumption+)
+apply (rule Mods_anon10_Else)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:M_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon8_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon3:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_6)"
+unfolding M_before_cfg_to_dag_prog.block_6_def
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_6_def M_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon3:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_6)
+apply (rule M_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon3)
+apply (assumption+)
+apply (rule Mods_anon3)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:M_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon10_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon8_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:M_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon10_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon8_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon9_LoopDone:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_5)"
+unfolding M_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon9_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_5_def M_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon9_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_5)
+apply (rule M_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon9_LoopDone)
+apply (assumption+)
+apply (rule Mods_anon9_LoopDone)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:M_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon3)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon8_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon9_LoopHead:
+shows "(mods_contained_in (set [0]) M_before_cfg_to_dag_prog.block_3)"
+unfolding M_before_cfg_to_dag_prog.block_3_def
+by simp
+
+lemma block_anon9_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_3_def M_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon9_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms assms(4-)
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule M_before_cfg_to_dag_prog.node_3)
+apply (rule M_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon9_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon9_LoopHead)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:M_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon9_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_subset_pred)
+using less(4) apply simp
+apply assumption
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:M_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon9_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+apply (rule loop_ih_convert_subset_smaller_2)
+using less(4) apply simp
+apply (simp, fastforce, assumption)
+apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
+apply simp
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma Mods_anon8_LoopBody:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_2)"
+unfolding M_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_2_def M_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_2)
+apply (rule M_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon8_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon8_LoopBody)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:M_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon9_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon8_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma block_anon7:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_11 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_9 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_11_def M_before_passive_prog.block_9_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule M_before_cfg_to_dag_prog.node_11)
+apply (rule M_before_passive_prog.node_9)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon7)
+apply assumption+
+apply (rule M_before_cfg_to_dag_prog.outEdges_11)
+apply (rule M_before_passive_prog.outEdges_9)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_10 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_10 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_10_def M_before_passive_prog.block_10_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_10)
+apply (rule M_before_passive_prog.node_10)
+apply (assumption+)
+apply (rule block_anon8_LoopDone)
+apply (assumption+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_10))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_10))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=9])
+apply ((simp add:M_before_passive_prog.outEdges_10))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon8_LoopHead:
+shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_1)"
+unfolding M_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_11 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_11 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_1_def M_before_passive_prog.block_11_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(1)))
+apply simp
+done
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule M_before_cfg_to_dag_prog.node_1)
+apply (rule M_before_passive_prog.node_11)
+apply (assumption+)
+apply (rule block_anon8_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon8_LoopHead)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=10])
+apply ((simp add:M_before_passive_prog.outEdges_11))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=8])
+apply ((simp add:M_before_passive_prog.outEdges_11))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_12 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_12 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding M_before_cfg_to_dag_prog.block_0_def M_before_passive_prog.block_12_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule M_before_cfg_to_dag_prog.node_0)
+apply (rule M_before_passive_prog.node_12)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=11])
+apply ((simp add:M_before_passive_prog.outEdges_12))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon8_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:M_before_passive_prog.outEdges_13))
+by ((simp add:M_before_passive_prog.node_13 M_before_passive_prog.block_13_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 14),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule M_before_passive_prog.node_14)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding M_before_passive_prog.block_14_def
+apply (rule assume_pres_normal[where ?es=M_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding M_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule M_before_passive_prog.outEdges_14)
+apply ((simp add:M_before_passive_prog.node_13 M_before_passive_prog.block_13_def))
+apply (rule M_before_passive_prog.outEdges_13)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int) (vc_z_1::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule M_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passification_proof.thy
new file mode 100644
index 0000000..3c5361e
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passification_proof.thy
@@ -0,0 +1,482 @@
+theory M_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog M_passive_prog Boogie_Lang.PassificationML M_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_0_def M_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon9_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [10] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [10])) (update_nstate_rel R [(0,(Inl 10))]) R_old M_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_1_def M_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_3(2)))
+by simp
+
+lemma block_anon6:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [11] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [11])) (update_nstate_rel R [(0,(Inl 11))]) R_old M_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_2_def M_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_4(2)))
+by simp
+
+lemma block_anon10_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9])) (update_nstate_rel R [(1,(Inl 9))]) R_old M_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_3_def M_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_2(2)))
+by simp
+
+lemma block_anon10_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 1) = (Some (Inl 7)))" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_4_def M_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_5_def M_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon9_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_6_def M_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon9_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old M_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_7_def M_passive_prog.block_7_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_8_def M_passive_prog.block_8_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [12] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [12])) (update_nstate_rel R [(2,(Inl 12))]) R_old M_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_9_def M_passive_prog.block_9_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_z(2) M_passive_prog.l_z_1(2)))
+by simp
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_10 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_10 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_10_def M_passive_prog.block_10_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_11 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6,7] R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6,7])) (update_nstate_rel R [(0,(Inl 6)),(1,(Inl 7))]) R_old M_passive_prog.block_11 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_11_def M_passive_prog.block_11_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_1(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_1(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_12 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4,5] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4,5])) (update_nstate_rel R [(0,(Inl 3)),(1,(Inl 4)),(2,(Inl 5))]) R_old M_passive_prog.block_12 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_12_def M_passive_prog.block_12_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_0(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_0(2)))
+apply ((simp add:M_before_ast_to_cfg_prog.l_z(2) M_passive_prog.l_z_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_13 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_13 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_13_def M_passive_prog.block_13_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_14 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_14 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding M_before_passive_prog.block_14_def M_passive_prog.block_14_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_0},@{thm M_before_passive_prog.outEdges_0}) (@{thm M_passive_prog.node_0},@{thm M_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon9_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 10 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_1},@{thm M_before_passive_prog.outEdges_1}) (@{thm M_passive_prog.node_1},@{thm M_passive_prog.outEdges_1}) @{thm block_anon9_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 1) = (Some (Inl 1)))" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_2},@{thm M_before_passive_prog.outEdges_2}) (@{thm M_passive_prog.node_2},@{thm M_passive_prog.outEdges_2}) @{thm block_anon6} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon10_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_3},@{thm M_before_passive_prog.outEdges_3}) (@{thm M_passive_prog.node_3},@{thm M_passive_prog.outEdges_3}) @{thm block_anon10_Then} [
+@{thm cfg_block_anon6}] 1\<close>))
+
+lemma cfg_block_anon10_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 1) = (Some (Inl 7)))" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_4},@{thm M_before_passive_prog.outEdges_4}) (@{thm M_passive_prog.node_4},@{thm M_passive_prog.outEdges_4}) @{thm block_anon10_Else} [
+@{thm cfg_block_anon6}] 1\<close>))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_5},@{thm M_before_passive_prog.outEdges_5}) (@{thm M_passive_prog.node_5},@{thm M_passive_prog.outEdges_5}) @{thm block_anon3} [
+@{thm cfg_block_anon10_Then}, 
+@{thm cfg_block_anon10_Else}] 1\<close>))
+
+lemma cfg_block_anon9_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 8)))" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_6},@{thm M_before_passive_prog.outEdges_6}) (@{thm M_passive_prog.node_6},@{thm M_passive_prog.outEdges_6}) @{thm block_anon9_LoopDone} [
+@{thm cfg_block_anon3}] 1\<close>))
+
+lemma cfg_block_anon9_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_7},@{thm M_before_passive_prog.outEdges_7}) (@{thm M_passive_prog.node_7},@{thm M_passive_prog.outEdges_7}) @{thm block_anon9_LoopHead} [
+@{thm cfg_block_anon9_LoopDone}, 
+@{thm cfg_block_anon9_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))" and 
+"((R 1) = (Some (Inl 7)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_8},@{thm M_before_passive_prog.outEdges_8}) (@{thm M_passive_prog.node_8},@{thm M_passive_prog.outEdges_8}) @{thm block_anon8_LoopBody} [
+@{thm cfg_block_anon9_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon7:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 12 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_9},@{thm M_before_passive_prog.outEdges_9}) (@{thm M_passive_prog.node_9},@{thm M_passive_prog.outEdges_9}) @{thm block_anon7} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 12 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_10},@{thm M_before_passive_prog.outEdges_10}) (@{thm M_passive_prog.node_10},@{thm M_passive_prog.outEdges_10}) @{thm block_anon8_LoopDone} [
+@{thm cfg_block_anon7}] 1\<close>))
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
+"((R 2) = (Some (Inl 5)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 11)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_11},@{thm M_before_passive_prog.outEdges_11}) (@{thm M_passive_prog.node_11},@{thm M_passive_prog.outEdges_11}) @{thm block_anon8_LoopHead} [
+@{thm cfg_block_anon8_LoopDone}, 
+@{thm cfg_block_anon8_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 12)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_12},@{thm M_before_passive_prog.outEdges_12}) (@{thm M_passive_prog.node_12},@{thm M_passive_prog.outEdges_12}) @{thm block_anon0} [
+@{thm cfg_block_anon8_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 13)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_13},@{thm M_before_passive_prog.outEdges_13}) (@{thm M_passive_prog.node_13},@{thm M_passive_prog.outEdges_13}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 14)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_14},@{thm M_before_passive_prog.outEdges_14}) (@{thm M_passive_prog.node_14},@{thm M_passive_prog.outEdges_14}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_passive_prog.proc_body ((Inl 14),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int) (vc_z_1::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls ns M_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv M_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using M_before_passive_prog.globals_locals_disj apply auto[1]
+using M_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body u (Inl 14)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range M_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body ((Inl 14),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from M_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passive_prog.thy
new file mode 100644
index 0000000..b8aae9c
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passive_prog.thy
@@ -0,0 +1,317 @@
+theory M_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 7) Gt (Lit (LInt 10)))),(Assume (BinOp (Var 10) Eq (BinOp (Var 8) Mul (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 11) Eq (BinOp (BinOp (Var 8) Add (Var 1)) Add (Var 5)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (BinOp (Var 8) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assume (BinOp (Var 9) Eq (BinOp (Var 5) Add (Lit (LInt 7)))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 8) Sub (Lit (LInt 10)))))]"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 7)))]"
+definition block_7
+  where
+    "block_7  = []"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = [(Assume (BinOp (Var 12) Eq (BinOp (Var 5) Sub (Lit (LInt 2)))))]"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = []"
+definition block_12
+  where
+    "block_12  = []"
+definition block_13
+  where
+    "block_13  = []"
+definition block_14
+  where
+    "block_14  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[2],[3,4],[5],[6,1],[7],[0],[9],[10,8],[11],[12],[13]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 14,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_12:
+shows "((nth (node_to_block proc_body) 12) = block_12)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_13:
+shows "((nth (node_to_block proc_body) 13) = block_13)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_14:
+shows "((nth (node_to_block proc_body) 14) = block_14)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [3,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10,8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_12:
+shows "((nth (out_edges proc_body) 12) = [11])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_13:
+shows "((nth (out_edges proc_body) 13) = [12])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_14:
+shows "((nth (out_edges proc_body) 14) = [13])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(10,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(11,(TPrim TInt),(None )),(12,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) = {})"
+unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_0:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z_0:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_1:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_3:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_y_2:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_4:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 11) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_z_1:
+shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 12) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_0:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z_0:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_1:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_3:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_3
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_y_2:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
+using globals_locals_disj m_y_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_4:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_4
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_z_1:
+shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 12) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 12) = (Some (TPrim TInt)))"
+using globals_locals_disj m_z_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_vcphase_proof.thy
new file mode 100644
index 0000000..926b213
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_vcphase_proof.thy
@@ -0,0 +1,505 @@
+theory M_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML M_passive_prog M_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_z :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_z_0 :: "int" and vc_x_1 :: "int" and vc_y_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_y_2 :: "int" and vc_x_4 :: "int" and vc_z_1 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_z)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
+G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_0)))" and 
+G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_z_0)))" and 
+G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_1)))" and 
+G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_1)))" and 
+G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_2)))" and 
+G9: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_x_3)))" and 
+G10: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_y_2)))" and 
+G11: "((lookup_var \<Lambda> n_s 11) = (Some (IntV vc_x_4)))" and 
+G12: "((lookup_var \<Lambda> n_s 12) = (Some (IntV vc_z_1)))" and 
+G13: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11 G12 G13
+lemmas forall_poly_thm = forall_vc_type[OF G13]
+lemmas exists_poly_thm = exists_vc_type[OF G13]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding M_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon9_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon9_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding M_passive_prog.block_1_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_hints = [
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon6AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding M_passive_prog.block_2_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon10_Then_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon10_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
+unfolding M_passive_prog.block_3_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon10_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon10_Else_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon10_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
+unfolding M_passive_prog.block_4_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon10_Else_hints \<close>)
+by (auto?)
+
+lemma block_anon3:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_5 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_5_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon9_LoopDone_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon9_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+unfolding M_passive_prog.block_6_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon9_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_7 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_7_def
+apply cases
+by auto
+
+lemma block_anon8_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_8 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_8_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon7_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon7AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding M_passive_prog.block_9_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_hints \<close>)
+by (auto?)
+
+lemma block_anon8_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_10 (Normal n_s) s')" and 
+"(vc.vc_anon0 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
+using assms
+unfolding M_passive_prog.block_10_def
+apply cases
+by auto
+
+lemma block_anon8_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_11 (Normal n_s) s')" and 
+"(((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_11_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_12 (Normal n_s) s')" and 
+"(((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_12_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_13 (Normal n_s) s')" and 
+"(((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding M_passive_prog.block_13_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_14 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding M_passive_prog.block_14_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) M_passive_prog.node_0 M_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon9_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_1])
+by (erule block_anon9_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon6:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_2])
+by (erule block_anon6AA0[OF _ assms(2)])
+
+lemma cfg_block_anon10_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_3])
+apply (erule block_anon10_ThenAA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon10_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_4])
+apply (erule block_anon10_ElseAA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon3:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_5])
+apply (erule block_anon3[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon10_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon10_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon9_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_6])
+apply (erule block_anon9_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon3, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon9_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_7])
+apply (erule block_anon9_LoopHead[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon9_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon9_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_8])
+apply (erule block_anon8_LoopBody[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon9_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon7:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) M_passive_prog.node_9])
+apply (erule block_anon7AA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_10])
+apply (erule block_anon8_LoopDone[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_10))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon8_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_11])
+apply (erule block_anon8_LoopHead[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_11))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
+"(((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_12])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_12))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon8_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
+"(((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_13])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_13))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_14])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:M_passive_prog.outEdges_14))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<Gamma> [] M_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int) (vc_z_1::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s M_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((M_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x])
+apply (subst lookup_var_local[OF M_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y])
+apply (subst lookup_var_local[OF M_passive_prog.m_y])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z])
+apply (subst lookup_var_local[OF M_passive_prog.m_z])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_0])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z_0:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z_0])
+apply (subst lookup_var_local[OF M_passive_prog.m_z_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_1])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_3])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_3])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_2])
+apply (subst lookup_var_local[OF M_passive_prog.m_y_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 11) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 11)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 11))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_4])
+apply (subst lookup_var_local[OF M_passive_prog.m_x_4])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_z_1:"(((lookup_var ?\<Lambda> n_s 12) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 12)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 12))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z_1])
+apply (subst lookup_var_local[OF M_passive_prog.m_z_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_y])
+apply (rule HOL.conjunct1[OF sc_z])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_y_0])
+apply (rule HOL.conjunct1[OF sc_z_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_y_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (rule HOL.conjunct1[OF sc_x_3])
+apply (rule HOL.conjunct1[OF sc_y_2])
+apply (rule HOL.conjunct1[OF sc_x_4])
+apply (rule HOL.conjunct1[OF sc_z_1])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/ROOT
new file mode 100644
index 0000000..f4cd52f
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/ROOT
@@ -0,0 +1,12 @@
+session no_guard_loop_proofs = Boogie_Lang + 
+directories M_proofs
+theories
+global_data
+"M_proofs/M_before_ast_to_cfg_prog"
+"M_proofs/M_passive_prog"
+"M_proofs/M_asttocfg_proof"
+"M_proofs/M_passification_proof"
+"M_proofs/M_before_passive_prog"
+"M_proofs/M_vcphase_proof"
+"M_proofs/M_before_cfg_to_dag_prog"
+"M_proofs/M_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/ROOT
new file mode 100644
index 0000000..206ae2b
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/ROOT
@@ -0,0 +1,12 @@
+session no_inv_loop_proofs = Boogie_Lang + 
+directories no_inv_loop_proofs
+theories
+global_data
+"no_inv_loop_proofs/no_inv_loop_before_passive_prog"
+"no_inv_loop_proofs/no_inv_loop_vcphase_proof"
+"no_inv_loop_proofs/no_inv_loop_asttocfg_proof"
+"no_inv_loop_proofs/no_inv_loop_passification_proof"
+"no_inv_loop_proofs/no_inv_loop_passive_prog"
+"no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog"
+"no_inv_loop_proofs/no_inv_loop_cfgtodag_proof"
+"no_inv_loop_proofs/no_inv_loop_before_ast_to_cfg_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_asttocfg_proof.thy
new file mode 100644
index 0000000..9d338e2
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_asttocfg_proof.thy
@@ -0,0 +1,344 @@
+theory no_inv_loop_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_inv_loop_before_ast_to_cfg_prog no_inv_loop_before_cfg_to_dag_prog no_inv_loop_cfgtodag_proof no_inv_loop_passification_proof no_inv_loop_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A no_inv_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_inv_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of no_inv_loop_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_3_def)
+
+apply (rule astTrace)
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+apply (rule cont_3_def)
+apply (rule no_inv_loop_before_cfg_to_dag_prog.node_3)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule no_inv_loop_before_cfg_to_dag_prog.block_3_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply ( rule neg_gt)
+apply (rule guardHint)
+apply (rule no_inv_loop_before_cfg_to_dag_prog.outEdges_3)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_3)
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding no_inv_loop_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of no_inv_loop_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: assms(3) no_inv_loop_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_inv_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T no_inv_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 no_inv_loop_before_cfg_to_dag_prog.proc_body 1 no_inv_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of no_inv_loop_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule no_inv_loop_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule no_inv_loop_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_2)
+apply (rule rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_2)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=1])+)
+apply (simp add: no_inv_loop_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_inv_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of no_inv_loop_before_ast_to_cfg_prog.bigblock_1 _ _ _ no_inv_loop_before_cfg_to_dag_prog.block_1])
+apply (simp add:no_inv_loop_before_ast_to_cfg_prog.bigblock_1_def no_inv_loop_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:no_inv_loop_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of no_inv_loop_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:no_inv_loop_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.block_1_def no_inv_loop_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def no_inv_loop_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_3)
+apply (blast)
+
+
+apply ((blast)+)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+done
+qed
+qed
+
+lemma rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of no_inv_loop_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def no_inv_loop_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_inv_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of no_inv_loop_before_ast_to_cfg_prog.bigblock_0 _ no_inv_loop_before_cfg_to_dag_prog.block_0])
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+apply (rule no_inv_loop_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_0)
+apply (rule rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: no_inv_loop_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (no_inv_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A no_inv_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> no_inv_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) no_inv_loop_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_inv_loop_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def no_inv_loop_before_ast_to_cfg_prog.pres_def no_inv_loop_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def no_inv_loop_before_ast_to_cfg_prog.pres_def no_inv_loop_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (no_inv_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) no_inv_loop_before_ast_to_cfg_prog.fdecls no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls no_inv_loop_before_ast_to_cfg_prog.axioms no_inv_loop_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding no_inv_loop_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_inv_loop_before_ast_to_cfg_prog.ast_proc_def no_inv_loop_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..23ff6ee
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_to_cfg_prog.thy
@@ -0,0 +1,123 @@
+theory no_inv_loop_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (None ) (None ))"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_1 cont_1)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding no_inv_loop_before_ast_to_cfg_prog.constants_vdecls_def no_inv_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding no_inv_loop_before_ast_to_cfg_prog.constants_vdecls_def no_inv_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding no_inv_loop_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding no_inv_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = no_inv_loop_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_inv_loop_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec no_inv_loop_before_ast_to_cfg_prog.post),proc_body = (Some (no_inv_loop_before_ast_to_cfg_prog.locals_vdecls,no_inv_loop_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy
similarity index 59%
rename from BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy
index 1de73ea..a765df1 100644
--- a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy
@@ -66,6 +66,28 @@ definition params_vdecls :: "(vdecls)"
 definition locals_vdecls :: "(vdecls)"
   where
     "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding no_inv_loop_before_cfg_to_dag_prog.constants_vdecls_def no_inv_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
 lemma locals_min_aux:
 shows "(((map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
 unfolding no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def
@@ -77,18 +99,23 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding no_inv_loop_before_cfg_to_dag_prog.constants_vdecls_def no_inv_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
 by simp
 
 lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding no_inv_loop_before_cfg_to_dag_prog.constants_vdecls_def
 by simp
 
 lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding no_inv_loop_before_cfg_to_dag_prog.globals_vdecls_def
 by simp
 
 lemma params_wf:
@@ -102,7 +129,7 @@ unfolding no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
 apply (rule lookup_ty_pred_2)
 by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
 
@@ -111,11 +138,11 @@ shows "((map_of (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-definition proc :: "(procedure)"
+definition proc :: "(mbodyCFG procedure)"
   where
     "proc  = (|proc_ty_args = 0,proc_args = no_inv_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_inv_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_inv_loop_before_cfg_to_dag_prog.post),proc_body = (Some (no_inv_loop_before_cfg_to_dag_prog.locals_vdecls,no_inv_loop_before_cfg_to_dag_prog.proc_body))|)"
 
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy
similarity index 75%
rename from BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy
index 25b55c4..e3abb28 100644
--- a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy
@@ -1,5 +1,5 @@
 theory no_inv_loop_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_inv_loop_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_inv_loop_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -88,18 +88,18 @@ shows "((nth (out_edges proc_body) 6) = [5])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding no_inv_loop_before_ast_to_cfg_prog.constants_vdecls_def no_inv_loop_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy
similarity index 79%
rename from BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy
index a89ee19..ff59d56 100644
--- a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy
@@ -1,23 +1,23 @@
 theory no_inv_loop_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_inv_loop_before_cfg_to_dag_prog no_inv_loop_before_passive_prog no_inv_loop_passification_proof no_inv_loop_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_inv_loop_before_ast_to_cfg_prog no_inv_loop_before_cfg_to_dag_prog no_inv_loop_before_passive_prog no_inv_loop_passification_proof no_inv_loop_vcphase_proof
 begin
 locale cfg_to_dag_lemmas = 
 fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
 assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+Wf_Fun: "(fun_interp_wf A no_inv_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
 begin
 
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls))"
 declare Nat.One_nat_def[simp del]
 
 lemma cfg_block_GeneratedUnifiedExit:
 assumes 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_inv_loop_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def no_inv_loop_before_cfg_to_dag_prog.post_def 
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_inv_loop_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def no_inv_loop_before_ast_to_cfg_prog.post_def 
 apply (rule cfg_dag_rel_post_invs_3)
 apply (erule assms(1))
 apply (rule no_inv_loop_before_passive_prog.node_0)
@@ -44,7 +44,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
 apply (rule no_inv_loop_before_cfg_to_dag_prog.node_3)
 apply (rule no_inv_loop_before_passive_prog.node_1)
@@ -82,8 +82,8 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon2_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body [0] [] no_inv_loop_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.post m' s')"
+IH_anon2_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body [0] [] no_inv_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
 apply (rule no_inv_loop_before_cfg_to_dag_prog.node_2)
 apply (rule no_inv_loop_before_passive_prog.node_2)
@@ -122,7 +122,7 @@ apply (rule dag_rel_block_lemma_compact, simp)
 unfolding no_inv_loop_before_cfg_to_dag_prog.block_1_def no_inv_loop_before_passive_prog.block_3_def
 apply cfg_dag_rel_tac_single+
 apply simp
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.l_x(1)))
+apply ((simp add:no_inv_loop_before_ast_to_cfg_prog.l_x(1)))
 apply simp
 done
 
@@ -131,13 +131,13 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post m' s')"
 using Red DagAssms
 proof (induction j arbitrary: ns1 rule: less_induct)
 case (less j)
 show ?case
 proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
 next
 case (Suc j')
 from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
@@ -212,7 +212,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule no_inv_loop_before_cfg_to_dag_prog.node_0)
 apply (rule no_inv_loop_before_passive_prog.node_4)
@@ -257,16 +257,16 @@ assumes
 "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_inv_loop_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.post m' s')"
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_inv_loop_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_entry)
 apply (rule no_inv_loop_before_passive_prog.node_6)
 apply (erule assms(3))
 apply (rule assms(2))
 unfolding no_inv_loop_before_passive_prog.block_6_def
-apply (rule assume_pres_normal[where ?es=no_inv_loop_before_cfg_to_dag_prog.pres])
+apply (rule assume_pres_normal[where ?es=no_inv_loop_before_ast_to_cfg_prog.pres])
 apply (rule assms(4))
-unfolding no_inv_loop_before_cfg_to_dag_prog.pres_def
+unfolding no_inv_loop_before_ast_to_cfg_prog.pres_def
 apply simp
 apply (rule no_inv_loop_before_passive_prog.outEdges_6)
 apply ((simp add:no_inv_loop_before_passive_prog.node_5 no_inv_loop_before_passive_prog.block_5_def))
@@ -278,23 +278,23 @@ end
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls))"
 lemma end_to_end_theorem_aux:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_inv_loop_before_cfg_to_dag_prog.pres)" and 
+FInterp: "(fun_interp_wf A no_inv_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> no_inv_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) no_inv_loop_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_inv_loop_before_ast_to_cfg_prog.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post m' s')"
 proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
 show ?thesis
 apply (rule cfg_to_dag_lemmas.entry_lemma)
@@ -326,13 +326,5 @@ done
 qed
 
 
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms no_inv_loop_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_inv_loop_before_cfg_to_dag_prog.proc_def no_inv_loop_before_cfg_to_dag_prog.proc_body_def)
-
 
 end
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy
similarity index 89%
rename from BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy
index 96658e5..c884e04 100644
--- a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy
@@ -1,5 +1,5 @@
 theory no_inv_loop_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_inv_loop_before_passive_prog no_inv_loop_passive_prog Boogie_Lang.PassificationML no_inv_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_inv_loop_before_ast_to_cfg_prog no_inv_loop_passive_prog Boogie_Lang.PassificationML no_inv_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,10 +9,10 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_GeneratedUnifiedExit:
@@ -48,7 +48,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding no_inv_loop_before_passive_prog.block_2_def no_inv_loop_passive_prog.block_2_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.l_x(2) no_inv_loop_passive_prog.l_x_2(2)))
+apply ((simp add:no_inv_loop_before_ast_to_cfg_prog.l_x(2) no_inv_loop_passive_prog.l_x_2(2)))
 by simp
 
 lemma block_anon2_LoopHead:
@@ -60,7 +60,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding no_inv_loop_before_passive_prog.block_3_def no_inv_loop_passive_prog.block_3_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.l_x(2) no_inv_loop_passive_prog.l_x_1(2)))
+apply ((simp add:no_inv_loop_before_ast_to_cfg_prog.l_x(2) no_inv_loop_passive_prog.l_x_1(2)))
 by simp
 
 lemma block_anon0:
@@ -72,7 +72,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding no_inv_loop_before_passive_prog.block_4_def no_inv_loop_passive_prog.block_4_def
 apply (passive_rel_tac)
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.l_x(2) no_inv_loop_passive_prog.l_x_0(2)))
+apply ((simp add:no_inv_loop_before_ast_to_cfg_prog.l_x(2) no_inv_loop_passive_prog.l_x_0(2)))
 by simp
 
 lemma block_0:
@@ -156,14 +156,14 @@ by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} []
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A no_inv_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> no_inv_loop_before_ast_to_cfg_prog.constants_vdecls ns no_inv_loop_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -217,7 +217,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding no_inv_loop_before_ast_to_cfg_prog.constants_vdecls_def no_inv_loop_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding no_inv_loop_passive_prog.params_vdecls_def no_inv_loop_passive_prog.locals_vdecls_def
 by simp
@@ -255,7 +255,7 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range no_inv_loop_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy
similarity index 66%
rename from BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy
index 128a014..2c29254 100644
--- a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy
@@ -1,5 +1,5 @@
 theory no_inv_loop_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_inv_loop_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util no_inv_loop_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -104,8 +104,8 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)))) = {})"
+unfolding no_inv_loop_before_ast_to_cfg_prog.constants_vdecls_def no_inv_loop_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 lemma m_x:
@@ -125,22 +125,22 @@ shows "((map_of (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passi
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_x:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_x_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_x_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x_1
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_x_2:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
 using globals_locals_disj m_x_2
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
diff --git a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy
similarity index 90%
rename from BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy
index c0aa666..06d33d3 100644
--- a/BoogieLang/generated_example_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy
@@ -205,19 +205,19 @@ declare One_nat_def[simp del]
 
 lemma end_to_end:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
 VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+FInterp: "(fun_interp_wf A no_inv_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> no_inv_loop_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) no_inv_loop_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls))"
 shows "(s' \<noteq> Failure)"
 proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+let ?n_s_c = "(nstate_global_restriction n_s no_inv_loop_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((no_inv_loop_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
 from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_inv_loop_passive_prog.m_x])
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/ROOT
new file mode 100644
index 0000000..4fc4f56
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/ROOT
@@ -0,0 +1,12 @@
+session return_in_loop2_proofs = Boogie_Lang + 
+directories return_in_loop_proofs
+theories
+global_data
+"return_in_loop_proofs/return_in_loop_before_passive_prog"
+"return_in_loop_proofs/return_in_loop_passive_prog"
+"return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog"
+"return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog"
+"return_in_loop_proofs/return_in_loop_cfgtodag_proof"
+"return_in_loop_proofs/return_in_loop_vcphase_proof"
+"return_in_loop_proofs/return_in_loop_passification_proof"
+"return_in_loop_proofs/return_in_loop_asttocfg_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy
new file mode 100644
index 0000000..40a4912
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy
@@ -0,0 +1,518 @@
+theory return_in_loop_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML return_in_loop_before_ast_to_cfg_prog return_in_loop_before_cfg_to_dag_prog return_in_loop_cfgtodag_proof return_in_loop_passification_proof return_in_loop_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_7 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_7 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_6_def return_in_loop_before_cfg_to_dag_prog.block_7_def)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_7_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_7_def return_in_loop_before_ast_to_cfg_prog.bigblock_6_def)+)
+done
+
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (simp)
+apply (rule cont_6_def)
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_7)
+apply (rule disjI1)
+apply (rule return_in_loop_before_cfg_to_dag_prog.block_7_def)
+apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_7)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_7)
+apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6)
+apply assumption+
+
+done
+qed
+
+lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_5_def return_in_loop_before_cfg_to_dag_prog.block_5_def)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_5_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_5_def return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)+)
+done
+
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T return_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 return_in_loop_before_cfg_to_dag_prog.proc_body 1 return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_5)
+apply (rule disjI1)
+apply (rule return_in_loop_before_cfg_to_dag_prog.block_5_def)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_5_def)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_5)
+apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5)
+apply assumption
+apply (simp)
+apply ((erule allE[where x=1])+)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_5)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Eq (Lit (LInt 5))) ns1 (BoolV False))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T return_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 return_in_loop_before_cfg_to_dag_prog.proc_body 1 return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_4])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_4_def)
+
+apply (rule astTrace)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_4_def)
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_4)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule return_in_loop_before_cfg_to_dag_prog.block_4_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (rule neg_eq)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_4_def)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_4)
+
+
+
+
+apply ((erule allE[where x = 5])+)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_4)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5)
+
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply blast+
+done
+qed
+
+lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Eq (Lit (LInt 5))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
+unfolding return_in_loop_before_cfg_to_dag_prog.block_3_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_3_def)
+apply ((simp add: assms(3) return_in_loop_before_ast_to_cfg_prog.bigblock_3_def)+)
+done
+
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Eq (Lit (LInt 5))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T return_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 return_in_loop_before_cfg_to_dag_prog.proc_body 1 return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_3)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule return_in_loop_before_cfg_to_dag_prog.block_3_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_3)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_3)
+apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_3)
+apply assumption+
+apply (rule guardHint)
+done
+qed
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T return_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 return_in_loop_before_cfg_to_dag_prog.proc_body 1 return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_if_successor)
+apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_2_def return_in_loop_before_ast_to_cfg_prog.bigblock_2_def)
+
+apply (rule astTrace)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_2)
+
+apply (rule disjI2)
+apply (rule disjI1)
+
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply (simp)
+
+
+apply (rule guardHint)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+
+
+
+
+
+apply (erule disjE)
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_3)
+apply (simp add: cont_2_def return_in_loop_before_ast_to_cfg_prog.bigblock_3_def cont_3_def )
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+
+apply ((erule allE[where x = 4])+)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_2)+)
+apply (simp add: member_rec(1))
+apply (rule conjE)
+apply ((simp)+)
+apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: cont_2_def return_in_loop_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
+apply blast+
+apply (rule loop_IH_prove)
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply (rule less_trans_inv)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_1 _ _ _ return_in_loop_before_cfg_to_dag_prog.block_1])
+apply (simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_1_def return_in_loop_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.block_1_def return_in_loop_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def return_in_loop_before_ast_to_cfg_prog.bigblock_2_def cont_2_def return_in_loop_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 6])+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_6)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_6_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_6)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_6)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_6_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_6)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def return_in_loop_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_0 _ return_in_loop_before_cfg_to_dag_prog.block_0])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_0)
+apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) return_in_loop_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns return_in_loop_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def return_in_loop_before_ast_to_cfg_prog.pres_def return_in_loop_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def return_in_loop_before_ast_to_cfg_prog.pres_def return_in_loop_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_6] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_6_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) return_in_loop_before_ast_to_cfg_prog.fdecls return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls return_in_loop_before_ast_to_cfg_prog.axioms return_in_loop_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding return_in_loop_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 return_in_loop_before_ast_to_cfg_prog.ast_proc_def return_in_loop_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..f819dad
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy
@@ -0,0 +1,141 @@
+theory return_in_loop_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 10)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 0) Eq (Lit (LInt 5)))) [(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 5))))] (None ) (Some Return))] [(BigBlock (None ) [] (None ) (None ))])) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 0) Eq (Lit (LInt 5)))) [(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 5))))] (None ) (Some Return))] [(BigBlock (None ) [] (None ) (None ))])) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 0) Eq (Lit (LInt 5)))) [(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 5))))] (None ) (Some Return))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 5))))] (None ) (Some Return))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [] (None ) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [(Assert (BinOp (Var 0) Neq (Lit (LInt 5))))] (None ) (None ))"
+definition cont_6
+  where
+    "cont_6  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_6 cont_6)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_6 cont_6 ))"
+definition cont_5
+  where
+    "cont_5  = (KSeq bigblock_1 cont_1)"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_5 cont_5)"
+definition cont_3
+  where
+    "cont_3  = (KSeq bigblock_5 cont_5)"
+definition cont_4
+  where
+    "cont_4  = (KSeq bigblock_5 cont_5)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_6]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding return_in_loop_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = return_in_loop_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec return_in_loop_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec return_in_loop_before_ast_to_cfg_prog.post),proc_body = (Some (return_in_loop_before_ast_to_cfg_prog.locals_vdecls,return_in_loop_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..ab1f54a
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy
@@ -0,0 +1,193 @@
+theory return_in_loop_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 10)))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 5)))),(Assert (BinOp (Var 0) Eq (Lit (LInt 5))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 5))))]"
+definition block_5
+  where
+    "block_5  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_7
+  where
+    "block_7  = [(Assert (BinOp (Var 0) Neq (Lit (LInt 5))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[6,2],[3,4],[],[5],[1],[7],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [6,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [3,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding return_in_loop_before_cfg_to_dag_prog.constants_vdecls_def return_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding return_in_loop_before_cfg_to_dag_prog.constants_vdecls_def return_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding return_in_loop_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding return_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding return_in_loop_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = return_in_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec return_in_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec return_in_loop_before_cfg_to_dag_prog.post),proc_body = (Some (return_in_loop_before_cfg_to_dag_prog.locals_vdecls,return_in_loop_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy
new file mode 100644
index 0000000..d1f5c0f
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy
@@ -0,0 +1,150 @@
+theory return_in_loop_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util return_in_loop_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 5)))),(Assert (BinOp (Var 0) Eq (Lit (LInt 5))))]"
+definition block_2
+  where
+    "block_2  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 5))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assert (BinOp (Var 0) Neq (Lit (LInt 5))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_7
+  where
+    "block_7  = [(Havoc 0)]"
+definition block_8
+  where
+    "block_8  = [(Assign 0 (Lit (LInt 10)))]"
+definition block_9
+  where
+    "block_9  = []"
+definition block_10
+  where
+    "block_10  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[1,3],[0],[5],[6,4],[7],[8],[9]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 10,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [1,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy
new file mode 100644
index 0000000..e348684
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy
@@ -0,0 +1,534 @@
+theory return_in_loop_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML return_in_loop_before_ast_to_cfg_prog return_in_loop_before_cfg_to_dag_prog return_in_loop_before_passive_prog return_in_loop_passification_proof return_in_loop_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 return_in_loop_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def return_in_loop_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule return_in_loop_before_passive_prog.node_0)
+apply simp
+unfolding return_in_loop_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon7_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_3_def return_in_loop_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_Then:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_3)
+apply (rule return_in_loop_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon7_Then)
+apply assumption+
+apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_3)
+apply (rule return_in_loop_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon4:
+shows "(mods_contained_in (set [0]) return_in_loop_before_cfg_to_dag_prog.block_5)"
+unfolding return_in_loop_before_cfg_to_dag_prog.block_5_def
+by simp
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_5_def return_in_loop_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body [0] [] return_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_5)
+apply (rule return_in_loop_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon4)
+apply (assumption+)
+apply (rule Mods_anon4)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon6_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon7_Else:
+shows "(mods_contained_in (set [0]) return_in_loop_before_cfg_to_dag_prog.block_4)"
+unfolding return_in_loop_before_cfg_to_dag_prog.block_4_def
+by simp
+
+lemma block_anon7_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_4_def return_in_loop_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon7_Else:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body [0] [] return_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_4)
+apply (rule return_in_loop_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon7_Else)
+apply (assumption+)
+apply (rule Mods_anon7_Else)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon6_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopBody:
+shows "(mods_contained_in (set [0]) return_in_loop_before_cfg_to_dag_prog.block_2)"
+unfolding return_in_loop_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_2_def return_in_loop_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body [0] [] return_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_2)
+apply (rule return_in_loop_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon6_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon6_LoopBody)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_Then)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon7_Else)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_convert_pred)
+using IH_anon6_LoopHead apply simp
+apply simp
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma block_anon5:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_7_def return_in_loop_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_7)
+apply (rule return_in_loop_before_passive_prog.node_5)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon5)
+apply assumption+
+apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_7)
+apply (rule return_in_loop_before_passive_prog.outEdges_5)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_6_def return_in_loop_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_6)
+apply (rule return_in_loop_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon6_LoopDone)
+apply (assumption+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_6))
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_6))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon6_LoopHead:
+shows "(mods_contained_in (set [0]) return_in_loop_before_cfg_to_dag_prog.block_1)"
+unfolding return_in_loop_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_1_def return_in_loop_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply ((simp add:return_in_loop_before_ast_to_cfg_prog.l_x(1)))
+apply simp
+done
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_1)
+apply (rule return_in_loop_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon6_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon6_LoopHead)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_0_def return_in_loop_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_0)
+apply (rule return_in_loop_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_9))
+by ((simp add:return_in_loop_before_passive_prog.node_9 return_in_loop_before_passive_prog.block_9_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 return_in_loop_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule return_in_loop_before_passive_prog.node_10)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding return_in_loop_before_passive_prog.block_10_def
+apply (rule assume_pres_normal[where ?es=return_in_loop_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding return_in_loop_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule return_in_loop_before_passive_prog.outEdges_10)
+apply ((simp add:return_in_loop_before_passive_prog.node_9 return_in_loop_before_passive_prog.block_9_def))
+apply (rule return_in_loop_before_passive_prog.outEdges_9)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) return_in_loop_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns return_in_loop_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule return_in_loop_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy
new file mode 100644
index 0000000..15a3ac1
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy
@@ -0,0 +1,363 @@
+theory return_in_loop_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util return_in_loop_before_ast_to_cfg_prog return_in_loop_passive_prog Boogie_Lang.PassificationML return_in_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_0_def return_in_loop_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon7_Then:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_1_def return_in_loop_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old return_in_loop_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_2_def return_in_loop_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:return_in_loop_before_ast_to_cfg_prog.l_x(2) return_in_loop_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon7_Else:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_3_def return_in_loop_passive_prog.block_3_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_4_def return_in_loop_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_5_def return_in_loop_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_6_def return_in_loop_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old return_in_loop_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_7_def return_in_loop_passive_prog.block_7_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:return_in_loop_before_ast_to_cfg_prog.l_x(2) return_in_loop_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10)))]) R_old return_in_loop_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_8_def return_in_loop_passive_prog.block_8_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_9_def return_in_loop_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_10 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_10 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_10_def return_in_loop_passive_prog.block_10_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_0},@{thm return_in_loop_before_passive_prog.outEdges_0}) (@{thm return_in_loop_passive_prog.node_0},@{thm return_in_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon7_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_1},@{thm return_in_loop_before_passive_prog.outEdges_1}) (@{thm return_in_loop_passive_prog.node_1},@{thm return_in_loop_passive_prog.outEdges_1}) @{thm block_anon7_Then} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_2},@{thm return_in_loop_before_passive_prog.outEdges_2}) (@{thm return_in_loop_passive_prog.node_2},@{thm return_in_loop_passive_prog.outEdges_2}) @{thm block_anon4} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon7_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_3},@{thm return_in_loop_before_passive_prog.outEdges_3}) (@{thm return_in_loop_passive_prog.node_3},@{thm return_in_loop_passive_prog.outEdges_3}) @{thm block_anon7_Else} [
+@{thm cfg_block_anon4}] 1\<close>))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_4},@{thm return_in_loop_before_passive_prog.outEdges_4}) (@{thm return_in_loop_passive_prog.node_4},@{thm return_in_loop_passive_prog.outEdges_4}) @{thm block_anon6_LoopBody} [
+@{thm cfg_block_anon7_Then}, 
+@{thm cfg_block_anon7_Else}] 1\<close>))
+
+lemma cfg_block_anon5:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_5},@{thm return_in_loop_before_passive_prog.outEdges_5}) (@{thm return_in_loop_passive_prog.node_5},@{thm return_in_loop_passive_prog.outEdges_5}) @{thm block_anon5} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_6},@{thm return_in_loop_before_passive_prog.outEdges_6}) (@{thm return_in_loop_passive_prog.node_6},@{thm return_in_loop_passive_prog.outEdges_6}) @{thm block_anon6_LoopDone} [
+@{thm cfg_block_anon5}] 1\<close>))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_7},@{thm return_in_loop_before_passive_prog.outEdges_7}) (@{thm return_in_loop_passive_prog.node_7},@{thm return_in_loop_passive_prog.outEdges_7}) @{thm block_anon6_LoopHead} [
+@{thm cfg_block_anon6_LoopDone}, 
+@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_8},@{thm return_in_loop_before_passive_prog.outEdges_8}) (@{thm return_in_loop_passive_prog.node_8},@{thm return_in_loop_passive_prog.outEdges_8}) @{thm block_anon0} [
+@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_9},@{thm return_in_loop_before_passive_prog.outEdges_9}) (@{thm return_in_loop_passive_prog.node_9},@{thm return_in_loop_passive_prog.outEdges_9}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_10},@{thm return_in_loop_before_passive_prog.outEdges_10}) (@{thm return_in_loop_passive_prog.node_10},@{thm return_in_loop_passive_prog.outEdges_10}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls ns return_in_loop_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv return_in_loop_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding return_in_loop_passive_prog.params_vdecls_def return_in_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using return_in_loop_before_passive_prog.globals_locals_disj apply auto[1]
+using return_in_loop_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] return_in_loop_passive_prog.proc_body u (Inl 10)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range return_in_loop_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] return_in_loop_passive_prog.proc_body ((Inl 10),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from return_in_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy
new file mode 100644
index 0000000..2d69610
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy
@@ -0,0 +1,183 @@
+theory return_in_loop_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util return_in_loop_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Eq (Lit (LInt 5)))),(Assert (BinOp (Var 1) Eq (Lit (LInt 5))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 2) Eq (BinOp (Var 1) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Var 1) Neq (Lit (LInt 5))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
+definition block_5
+  where
+    "block_5  = [(Assert (BinOp (Var 1) Neq (Lit (LInt 5))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_7
+  where
+    "block_7  = []"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition block_10
+  where
+    "block_10  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[2],[1,3],[0],[5],[6,4],[7],[8],[9]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 10,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [1,3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6,4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding return_in_loop_passive_prog.params_vdecls_def return_in_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)))) = {})"
+unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy
new file mode 100644
index 0000000..d0014b8
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy
@@ -0,0 +1,361 @@
+theory return_in_loop_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML return_in_loop_passive_prog return_in_loop_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon7_Then
+  where
+    "vc_anon7_Then x_0 = ((x_0 = (5::int)) \<longrightarrow> (x_0 = (5::int)))"
+definition vc_anon4
+  where
+    "vc_anon4  = True"
+definition vc_anon7_Else
+  where
+    "vc_anon7_Else x_0 = ((x_0 \<noteq> (5::int)) \<longrightarrow> (vc_anon4 ))"
+definition vc_anon6_LoopBody
+  where
+    "vc_anon6_LoopBody x_0 = ((x_0 > (0::int)) \<longrightarrow> ((vc_anon7_Then x_0) \<and> (vc_anon7_Else x_0)))"
+definition vc_anon5
+  where
+    "vc_anon5 x_0 = (x_0 \<noteq> (5::int))"
+definition vc_anon6_LoopDone
+  where
+    "vc_anon6_LoopDone x_0 = (((0::int) \<ge> x_0) \<longrightarrow> (vc_anon5 x_0))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 = ((vc_anon6_LoopDone x_0) \<and> (vc_anon6_LoopBody x_0))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3
+lemmas forall_poly_thm = forall_vc_type[OF G3]
+lemmas exists_poly_thm = exists_vc_type[OF G3]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding return_in_loop_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon7_Then_hints = [
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon7_ThenAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_Then vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding return_in_loop_passive_prog.block_1_def vc.vc_anon7_Then_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_Then_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_hints = [
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon4AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 ) \<Longrightarrow> (s' = Magic)))"
+unfolding return_in_loop_passive_prog.block_2_def vc.vc_anon4_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon7_Else_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon7_ElseAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_Else vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 )))))))"
+unfolding return_in_loop_passive_prog.block_3_def vc.vc_anon7_Else_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_Else_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopBody_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon6_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_Then vc_x_0) \<and> (vc.vc_anon7_Else vc_x_0))))))))"
+unfolding return_in_loop_passive_prog.block_4_def vc.vc_anon6_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon5_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon5AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding return_in_loop_passive_prog.block_5_def vc.vc_anon5_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon6_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5 vc_x_0)))))))"
+unfolding return_in_loop_passive_prog.block_6_def vc.vc_anon6_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_7 (Normal n_s) s')" and 
+"((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))))))"
+using assms
+unfolding return_in_loop_passive_prog.block_7_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_8 (Normal n_s) s')" and 
+"((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))))))"
+using assms
+unfolding return_in_loop_passive_prog.block_8_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_9 (Normal n_s) s')" and 
+"((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))))))"
+using assms
+unfolding return_in_loop_passive_prog.block_9_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_10 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding return_in_loop_passive_prog.block_10_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) return_in_loop_passive_prog.node_0 return_in_loop_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon7_Then:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_Then vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_in_loop_passive_prog.node_1])
+apply (erule block_anon7_ThenAA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) return_in_loop_passive_prog.node_2])
+by (erule block_anon4AA0[OF _ assms(2)])
+
+lemma cfg_block_anon7_Else:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon7_Else vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_3])
+apply (erule block_anon7_ElseAA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopBody vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_4])
+apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_Then, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon7_Else, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5 vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_in_loop_passive_prog.node_5])
+apply (erule block_anon5AA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopDone vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_6])
+apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_7])
+apply (erule block_anon6_LoopHead[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_8])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_9])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_10])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_10))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) \<Gamma> [] return_in_loop_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) return_in_loop_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s return_in_loop_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((return_in_loop_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x])
+apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/ROOT
new file mode 100644
index 0000000..4198e04
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/ROOT
@@ -0,0 +1,12 @@
+session return_in_loop_proofs = Boogie_Lang + 
+directories return_in_loop_proofs
+theories
+global_data
+"return_in_loop_proofs/return_in_loop_before_passive_prog"
+"return_in_loop_proofs/return_in_loop_passive_prog"
+"return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog"
+"return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog"
+"return_in_loop_proofs/return_in_loop_cfgtodag_proof"
+"return_in_loop_proofs/return_in_loop_vcphase_proof"
+"return_in_loop_proofs/return_in_loop_passification_proof"
+"return_in_loop_proofs/return_in_loop_asttocfg_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy
new file mode 100644
index 0000000..126532e
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy
@@ -0,0 +1,529 @@
+theory return_in_loop_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML return_in_loop_before_ast_to_cfg_prog return_in_loop_before_cfg_to_dag_prog return_in_loop_cfgtodag_proof return_in_loop_passification_proof return_in_loop_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_6_def return_in_loop_before_cfg_to_dag_prog.block_8_def)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_8_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_8_def return_in_loop_before_ast_to_cfg_prog.bigblock_6_def)+)
+done
+
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_6])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_6_def)
+apply (simp)
+apply (simp)
+apply (rule cont_6_def)
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_8)
+apply (rule disjI1)
+apply (rule return_in_loop_before_cfg_to_dag_prog.block_8_def)
+apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_8)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_8)
+apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6)
+apply assumption+
+
+done
+qed
+
+lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
+unfolding return_in_loop_before_cfg_to_dag_prog.block_6_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_6_def)
+apply ((simp add: assms(3) return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)+)
+done
+
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T return_in_loop_before_ast_to_cfg_prog.bigblock_4 cont_4 return_in_loop_before_cfg_to_dag_prog.proc_body 5 return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_5])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)
+apply (simp)
+apply (simp)
+
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_6)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule return_in_loop_before_cfg_to_dag_prog.block_6_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_6)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_6)
+apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5)
+apply assumption+
+apply (rule guardHint)
+done
+qed
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_4:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_4_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_4 _ _ _ return_in_loop_before_cfg_to_dag_prog.block_5])
+apply (simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_4_def return_in_loop_before_cfg_to_dag_prog.block_5_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_4_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_4])
+apply ((simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_4_def)+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.block_5_def return_in_loop_before_cfg_to_dag_prog.node_5)+)
+apply (rule cont_4_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 6])+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_5)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5)
+apply (simp add: cont_4_def return_in_loop_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_4_def cont_5_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 7])+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_5)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_7)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_7_def)
+apply (rule neg_lt)
+apply (simp)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_7)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_7)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_7_def)
+apply (rule neg_lt)
+apply (simp)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_7)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_3_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_4)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_4_def cont_3_def cont_4_def)
+apply (rule correctness_propagates_through_empty)
+using assms(2)
+apply blast
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_4)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_4_def)
+
+
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_empty2)
+using assms(3)
+apply blast
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_4)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_4_def)
+
+
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_4)
+apply (simp add: member_rec)
+apply ((simp)+)
+done
+
+lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding return_in_loop_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: assms(3) return_in_loop_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T return_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 return_in_loop_before_cfg_to_dag_prog.proc_body 1 return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (simp)
+
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule return_in_loop_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_2)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_2)
+apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_2)
+apply assumption+
+apply (rule guardHint)
+done
+qed
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_1 _ _ _ return_in_loop_before_cfg_to_dag_prog.block_1])
+apply (simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_1_def return_in_loop_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.block_1_def return_in_loop_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def return_in_loop_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_3)
+apply (blast)
+
+
+
+apply (rule correctness_propagates_through_assumption)
+apply blast
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_3)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_3_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_3)
+apply ((simp add: member_rec)+)
+apply (rule correctness_propagates_through_assumption3)
+apply blast
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_3)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_3_def)
+apply (rule neg_gt)
+apply (simp)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_3)
+apply ((simp add: member_rec)+)
+done
+qed
+qed
+
+lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def return_in_loop_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_0 _ return_in_loop_before_cfg_to_dag_prog.block_0])
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def)
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_0)
+apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) return_in_loop_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns return_in_loop_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def return_in_loop_before_ast_to_cfg_prog.pres_def return_in_loop_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def return_in_loop_before_ast_to_cfg_prog.pres_def return_in_loop_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3,bigblock_6] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def cont_6_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) return_in_loop_before_ast_to_cfg_prog.fdecls return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls return_in_loop_before_ast_to_cfg_prog.axioms return_in_loop_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding return_in_loop_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 return_in_loop_before_ast_to_cfg_prog.ast_proc_def return_in_loop_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..e46ed8f
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy
@@ -0,0 +1,141 @@
+theory return_in_loop_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (Some Return))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (Some Return))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (Some Return))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) [(BinOp (Var 0) Le (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (Some Return))]))) (None ))"
+definition bigblock_4
+  where
+    "bigblock_4  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) [(BinOp (Var 0) Le (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (Some Return))])) (None ))"
+definition bigblock_5
+  where
+    "bigblock_5  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (Some Return))"
+definition bigblock_6
+  where
+    "bigblock_6  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] (None ) (None ))"
+definition cont_6
+  where
+    "cont_6  = KStop"
+definition cont_3
+  where
+    "cont_3  = (KSeq bigblock_6 cont_6)"
+definition cont_4
+  where
+    "cont_4  = (KEndBlock (KSeq bigblock_6 cont_6 ))"
+definition cont_5
+  where
+    "cont_5  = (KSeq bigblock_4 cont_4)"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_1 cont_1)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3,bigblock_6]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding return_in_loop_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = return_in_loop_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec return_in_loop_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec return_in_loop_before_ast_to_cfg_prog.post),proc_body = (Some (return_in_loop_before_ast_to_cfg_prog.locals_vdecls,return_in_loop_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..39a44bc
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy
@@ -0,0 +1,204 @@
+theory return_in_loop_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Havoc 0)]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = [(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0)))]"
+definition block_8
+  where
+    "block_8  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[3,2],[],[4],[5],[7,6],[],[8],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [7,6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding return_in_loop_before_cfg_to_dag_prog.constants_vdecls_def return_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding return_in_loop_before_cfg_to_dag_prog.constants_vdecls_def return_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding return_in_loop_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding return_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding return_in_loop_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = return_in_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec return_in_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec return_in_loop_before_cfg_to_dag_prog.post),proc_body = (Some (return_in_loop_before_cfg_to_dag_prog.locals_vdecls,return_in_loop_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy
new file mode 100644
index 0000000..8c9e1ef
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy
@@ -0,0 +1,161 @@
+theory return_in_loop_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util return_in_loop_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
+definition block_3
+  where
+    "block_3  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0)))]"
+definition block_5
+  where
+    "block_5  = [(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = [(Havoc 0)]"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[9],[10]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 11,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy
new file mode 100644
index 0000000..4eba79c
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy
@@ -0,0 +1,514 @@
+theory return_in_loop_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML return_in_loop_before_ast_to_cfg_prog return_in_loop_before_cfg_to_dag_prog return_in_loop_before_passive_prog return_in_loop_passification_proof return_in_loop_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 return_in_loop_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def return_in_loop_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule return_in_loop_before_passive_prog.node_0)
+apply simp
+unfolding return_in_loop_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_2_def return_in_loop_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_2)
+apply (rule return_in_loop_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon5_LoopBody)
+apply assumption+
+apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_2)
+apply (rule return_in_loop_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_2 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_6_def return_in_loop_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_6)
+apply (rule return_in_loop_before_passive_prog.node_2)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon6_LoopBody)
+apply assumption+
+apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_6)
+apply (rule return_in_loop_before_passive_prog.outEdges_2)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_8_def return_in_loop_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon4:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_8)
+apply (rule return_in_loop_before_passive_prog.node_3)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon4)
+apply assumption+
+apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_8)
+apply (rule return_in_loop_before_passive_prog.outEdges_3)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_7_def return_in_loop_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_7)
+apply (rule return_in_loop_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon6_LoopDone)
+apply (assumption+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_7))
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_7))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon4)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_5 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_5_def return_in_loop_before_passive_prog.block_5_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_5)
+apply (rule return_in_loop_before_passive_prog.node_5)
+apply (assumption+)
+apply (rule block_anon6_LoopHead)
+apply (assumption+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_5))
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_5))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=4])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_5))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon2:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_6 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_4_def return_in_loop_before_passive_prog.block_6_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon2:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_4)
+apply (rule return_in_loop_before_passive_prog.node_6)
+apply (assumption+)
+apply (rule block_anon2)
+apply (assumption+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_4))
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_4))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=5])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_6))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon6_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_7 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_3_def return_in_loop_before_passive_prog.block_7_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_3)
+apply (rule return_in_loop_before_passive_prog.node_7)
+apply (assumption+)
+apply (rule block_anon5_LoopDone)
+apply (assumption+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_3))
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_3))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=6])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_7))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_8 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_1_def return_in_loop_before_passive_prog.block_8_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_1)
+apply (rule return_in_loop_before_passive_prog.node_8)
+apply (assumption+)
+apply (rule block_anon5_LoopHead)
+apply (assumption+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=7])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_8))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_9 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_in_loop_before_cfg_to_dag_prog.block_0_def return_in_loop_before_passive_prog.block_9_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule return_in_loop_before_cfg_to_dag_prog.node_0)
+apply (rule return_in_loop_before_passive_prog.node_9)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=8])
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_9))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon5_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:return_in_loop_before_passive_prog.outEdges_10))
+by ((simp add:return_in_loop_before_passive_prog.node_10 return_in_loop_before_passive_prog.block_10_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 return_in_loop_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule return_in_loop_before_passive_prog.node_11)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding return_in_loop_before_passive_prog.block_11_def
+apply (rule assume_pres_normal[where ?es=return_in_loop_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding return_in_loop_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule return_in_loop_before_passive_prog.outEdges_11)
+apply ((simp add:return_in_loop_before_passive_prog.node_10 return_in_loop_before_passive_prog.block_10_def))
+apply (rule return_in_loop_before_passive_prog.outEdges_10)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) return_in_loop_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns return_in_loop_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule return_in_loop_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy
new file mode 100644
index 0000000..ec7bcb2
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy
@@ -0,0 +1,385 @@
+theory return_in_loop_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util return_in_loop_before_ast_to_cfg_prog return_in_loop_passive_prog Boogie_Lang.PassificationML return_in_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_0_def return_in_loop_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old return_in_loop_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_1_def return_in_loop_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:return_in_loop_before_ast_to_cfg_prog.l_x(2) return_in_loop_passive_prog.l_x_1(2)))
+by simp
+
+lemma block_anon6_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old return_in_loop_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_2_def return_in_loop_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:return_in_loop_before_ast_to_cfg_prog.l_x(2) return_in_loop_passive_prog.l_x_2(2)))
+by simp
+
+lemma block_anon4:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old return_in_loop_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_3_def return_in_loop_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_4_def return_in_loop_passive_prog.block_4_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon6_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_5_def return_in_loop_passive_prog.block_5_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon2:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_6_def return_in_loop_passive_prog.block_6_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_7 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_7 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_7_def return_in_loop_passive_prog.block_7_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_8 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_8 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_8_def return_in_loop_passive_prog.block_8_def
+apply (passive_rel_tac R_def: assms(3-))
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_9 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old return_in_loop_passive_prog.block_9 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_9_def return_in_loop_passive_prog.block_9_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+apply ((simp add:return_in_loop_before_ast_to_cfg_prog.l_x(2) return_in_loop_passive_prog.l_x_0(2)))
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_10 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_10 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_10_def return_in_loop_passive_prog.block_10_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_11 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_11 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_in_loop_before_passive_prog.block_11_def return_in_loop_passive_prog.block_11_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_0},@{thm return_in_loop_before_passive_prog.outEdges_0}) (@{thm return_in_loop_passive_prog.node_0},@{thm return_in_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_1},@{thm return_in_loop_before_passive_prog.outEdges_1}) (@{thm return_in_loop_passive_prog.node_1},@{thm return_in_loop_passive_prog.outEdges_1}) @{thm block_anon5_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_2},@{thm return_in_loop_before_passive_prog.outEdges_2}) (@{thm return_in_loop_passive_prog.node_2},@{thm return_in_loop_passive_prog.outEdges_2}) @{thm block_anon6_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_3},@{thm return_in_loop_before_passive_prog.outEdges_3}) (@{thm return_in_loop_passive_prog.node_3},@{thm return_in_loop_passive_prog.outEdges_3}) @{thm block_anon4} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_4},@{thm return_in_loop_before_passive_prog.outEdges_4}) (@{thm return_in_loop_passive_prog.node_4},@{thm return_in_loop_passive_prog.outEdges_4}) @{thm block_anon6_LoopDone} [
+@{thm cfg_block_anon4}] 1\<close>))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_5},@{thm return_in_loop_before_passive_prog.outEdges_5}) (@{thm return_in_loop_passive_prog.node_5},@{thm return_in_loop_passive_prog.outEdges_5}) @{thm block_anon6_LoopHead} [
+@{thm cfg_block_anon6_LoopDone}, 
+@{thm cfg_block_anon6_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon2:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_6},@{thm return_in_loop_before_passive_prog.outEdges_6}) (@{thm return_in_loop_passive_prog.node_6},@{thm return_in_loop_passive_prog.outEdges_6}) @{thm block_anon2} [
+@{thm cfg_block_anon6_LoopHead}] 1\<close>))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 7)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_7},@{thm return_in_loop_before_passive_prog.outEdges_7}) (@{thm return_in_loop_passive_prog.node_7},@{thm return_in_loop_passive_prog.outEdges_7}) @{thm block_anon5_LoopDone} [
+@{thm cfg_block_anon2}] 1\<close>))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
+"((R 0) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 8)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_8},@{thm return_in_loop_before_passive_prog.outEdges_8}) (@{thm return_in_loop_passive_prog.node_8},@{thm return_in_loop_passive_prog.outEdges_8}) @{thm block_anon5_LoopHead} [
+@{thm cfg_block_anon5_LoopDone}, 
+@{thm cfg_block_anon5_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 9)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_9},@{thm return_in_loop_before_passive_prog.outEdges_9}) (@{thm return_in_loop_passive_prog.node_9},@{thm return_in_loop_passive_prog.outEdges_9}) @{thm block_anon0} [
+@{thm cfg_block_anon5_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 10)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_10},@{thm return_in_loop_before_passive_prog.outEdges_10}) (@{thm return_in_loop_passive_prog.node_10},@{thm return_in_loop_passive_prog.outEdges_10}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 11)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_11},@{thm return_in_loop_before_passive_prog.outEdges_11}) (@{thm return_in_loop_passive_prog.node_11},@{thm return_in_loop_passive_prog.outEdges_11}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 11),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls ns return_in_loop_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv return_in_loop_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding return_in_loop_passive_prog.params_vdecls_def return_in_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using return_in_loop_before_passive_prog.globals_locals_disj apply auto[1]
+using return_in_loop_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] return_in_loop_passive_prog.proc_body u (Inl 11)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range return_in_loop_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] return_in_loop_passive_prog.proc_body ((Inl 11),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from return_in_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy
new file mode 100644
index 0000000..2d86a94
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy
@@ -0,0 +1,203 @@
+theory return_in_loop_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util return_in_loop_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 2) Eq (BinOp (Var 1) Sub (Lit (LInt 1)))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (BinOp (Var 1) Lt (Lit (LInt 0)))),(Assume (BinOp (Var 3) Eq (BinOp (Var 1) Add (Lit (LInt 1)))))]"
+definition block_3
+  where
+    "block_3  = [(Assert (BinOp (Lit (LInt 0)) Eq (Lit (LInt 0))))]"
+definition block_4
+  where
+    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 1)))]"
+definition block_5
+  where
+    "block_5  = [(Assert (BinOp (Var 1) Le (Lit (LInt 0))))]"
+definition block_6
+  where
+    "block_6  = []"
+definition block_7
+  where
+    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
+definition block_8
+  where
+    "block_8  = []"
+definition block_9
+  where
+    "block_9  = []"
+definition block_10
+  where
+    "block_10  = []"
+definition block_11
+  where
+    "block_11  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[9],[10]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 11,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_7:
+shows "((nth (node_to_block proc_body) 7) = block_7)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_8:
+shows "((nth (node_to_block proc_body) 8) = block_8)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_9:
+shows "((nth (node_to_block proc_body) 9) = block_9)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_10:
+shows "((nth (node_to_block proc_body) 10) = block_10)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_11:
+shows "((nth (node_to_block proc_body) 11) = block_11)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_7:
+shows "((nth (out_edges proc_body) 7) = [6])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_8:
+shows "((nth (out_edges proc_body) 8) = [7,1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_9:
+shows "((nth (out_edges proc_body) 9) = [8])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_10:
+shows "((nth (out_edges proc_body) 10) = [9])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_11:
+shows "((nth (out_edges proc_body) 11) = [10])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding return_in_loop_passive_prog.params_vdecls_def return_in_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)))) = {})"
+unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_0:
+shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_1:
+shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_x_2:
+shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_0:
+shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_0
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_1:
+shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_1
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_x_2:
+shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x_2
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy
new file mode 100644
index 0000000..25d40b6
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy
@@ -0,0 +1,395 @@
+theory return_in_loop_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML return_in_loop_passive_prog return_in_loop_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon5_LoopBody
+  where
+    "vc_anon5_LoopBody  = True"
+definition vc_anon6_LoopBody
+  where
+    "vc_anon6_LoopBody  = True"
+definition vc_anon4
+  where
+    "vc_anon4  = ((0::int) = (0::int))"
+definition vc_anon6_LoopDone
+  where
+    "vc_anon6_LoopDone x_0 = (((0::int) \<le> x_0) \<longrightarrow> (vc_anon4 ))"
+definition vc_anon6_LoopHead
+  where
+    "vc_anon6_LoopHead x_0 = ((x_0 \<le> (0::int)) \<and> ((x_0 \<le> (0::int)) \<longrightarrow> ((vc_anon6_LoopDone x_0) \<and> (vc_anon6_LoopBody ))))"
+definition vc_anon5_LoopDone
+  where
+    "vc_anon5_LoopDone x_0 = (((0::int) \<ge> x_0) \<longrightarrow> (vc_anon6_LoopHead x_0))"
+definition vc_anon0
+  where
+    "vc_anon0 x_0 = ((vc_anon5_LoopDone x_0) \<and> (vc_anon5_LoopBody ))"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
+G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
+G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_2)))" and 
+G4: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4
+lemmas forall_poly_thm = forall_vc_type[OF G4]
+lemmas exists_poly_thm = exists_vc_type[OF G4]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding return_in_loop_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon5_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon5_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding return_in_loop_passive_prog.block_1_def vc.vc_anon5_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon6_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding return_in_loop_passive_prog.block_2_def vc.vc_anon6_LoopBody_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon4_hints = [
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon4AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding return_in_loop_passive_prog.block_3_def vc.vc_anon4_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon6_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 )))))))"
+unfolding return_in_loop_passive_prog.block_4_def vc.vc_anon6_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon6_LoopHead_hints = [
+(AssertSub,NONE)]
+\<close>
+lemma block_anon6_LoopHeadAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopHead vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody ))))))))"
+unfolding return_in_loop_passive_prog.block_5_def vc.vc_anon6_LoopHead_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopHead_hints \<close>)
+by (auto?)
+
+lemma block_anon2:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_6 (Normal n_s) s')" and 
+"(vc.vc_anon6_LoopHead vc_x_0)"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6_LoopHead vc_x_0)))))"
+using assms
+unfolding return_in_loop_passive_prog.block_6_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon5_LoopDone_hints = [
+(AssumeConjR 0,NONE)]
+\<close>
+lemma block_anon5_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6_LoopHead vc_x_0)))))))"
+unfolding return_in_loop_passive_prog.block_7_def vc.vc_anon5_LoopDone_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
+by (auto?)
+
+lemma block_anon5_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_8 (Normal n_s) s')" and 
+"((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))))))"
+using assms
+unfolding return_in_loop_passive_prog.block_8_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_9 (Normal n_s) s')" and 
+"((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))))))"
+using assms
+unfolding return_in_loop_passive_prog.block_9_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_10 (Normal n_s) s')" and 
+"((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))))))"
+using assms
+unfolding return_in_loop_passive_prog.block_10_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_11 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding return_in_loop_passive_prog.block_11_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) return_in_loop_passive_prog.node_0 return_in_loop_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon5_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopBody )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_in_loop_passive_prog.node_1])
+apply (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopBody )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_in_loop_passive_prog.node_2])
+apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon4:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon4 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_in_loop_passive_prog.node_3])
+apply (erule block_anon4AA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopDone vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_4])
+apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon4, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon6_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopHead vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_5])
+apply (erule block_anon6_LoopHeadAA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon2:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon6_LoopHead vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_6])
+apply (erule block_anon2[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon6_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon5_LoopDone vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_7])
+apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_7))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon5_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_8])
+apply (erule block_anon5_LoopHead[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_8))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_9])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_9))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon5_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_10])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_10))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_x_0)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_11])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:return_in_loop_passive_prog.outEdges_11))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) \<Gamma> [] return_in_loop_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) return_in_loop_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s return_in_loop_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((return_in_loop_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x])
+apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x_0])
+apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x_0])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x_1])
+apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x_1])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x_2])
+apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x_2])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_x_0])
+apply (rule HOL.conjunct1[OF sc_x_1])
+apply (rule HOL.conjunct1[OF sc_x_2])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/ROOT
new file mode 100644
index 0000000..523efa1
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/ROOT
@@ -0,0 +1,12 @@
+session simple_return_test_proofs = Boogie_Lang + 
+directories return_test_proofs
+theories
+global_data
+"return_test_proofs/return_test_asttocfg_proof"
+"return_test_proofs/return_test_before_cfg_to_dag_prog"
+"return_test_proofs/return_test_cfgtodag_proof"
+"return_test_proofs/return_test_before_passive_prog"
+"return_test_proofs/return_test_vcphase_proof"
+"return_test_proofs/return_test_passification_proof"
+"return_test_proofs/return_test_passive_prog"
+"return_test_proofs/return_test_before_ast_to_cfg_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_asttocfg_proof.thy
new file mode 100644
index 0000000..3c81ac8
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_asttocfg_proof.thy
@@ -0,0 +1,138 @@
+theory return_test_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML return_test_before_ast_to_cfg_prog return_test_before_cfg_to_dag_prog return_test_cfgtodag_proof return_test_passification_proof return_test_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A return_test_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_return_test_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_test_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of return_test_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: return_test_before_ast_to_cfg_prog.bigblock_0_def return_test_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: return_test_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: return_test_before_cfg_to_dag_prog.block_0_def return_test_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_return_test_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_test_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_test_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_test_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of return_test_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: return_test_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: return_test_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp)
+apply (simp)
+
+apply (rule return_test_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+apply (rule return_test_before_cfg_to_dag_prog.block_0_def)
+apply (rule return_test_before_cfg_to_dag_prog.outEdges_0)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: return_test_before_cfg_to_dag_prog.node_0)
+apply (rule rel_return_test_before_ast_to_cfg_prog_bigblock_0)
+apply assumption+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (return_test_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_m::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A return_test_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> return_test_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) return_test_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns return_test_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] return_test_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (return_test_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_return_test_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def return_test_before_ast_to_cfg_prog.pres_def return_test_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def return_test_before_ast_to_cfg_prog.pres_def return_test_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (return_test_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_m::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) return_test_before_ast_to_cfg_prog.fdecls return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls return_test_before_ast_to_cfg_prog.axioms return_test_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding return_test_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 return_test_before_ast_to_cfg_prog.ast_proc_def return_test_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..4faebd0
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_ast_to_cfg_prog.thy
@@ -0,0 +1,105 @@
+theory return_test_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0)))] (None ) (Some Return))"
+definition cont_0
+  where
+    "cont_0  = KStop"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding return_test_before_ast_to_cfg_prog.constants_vdecls_def return_test_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding return_test_before_ast_to_cfg_prog.constants_vdecls_def return_test_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding return_test_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding return_test_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding return_test_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding return_test_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_m:
+shows "((map_of (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_m:
+shows "((lookup_var_decl ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = return_test_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec return_test_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec return_test_before_ast_to_cfg_prog.post),proc_body = (Some (return_test_before_ast_to_cfg_prog.locals_vdecls,return_test_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..99fb2b3
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_cfg_to_dag_prog.thy
@@ -0,0 +1,116 @@
+theory return_test_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 0)))]"
+definition outEdges
+  where
+    "outEdges  = [[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding return_test_before_cfg_to_dag_prog.constants_vdecls_def return_test_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding return_test_before_cfg_to_dag_prog.constants_vdecls_def return_test_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding return_test_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding return_test_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding return_test_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding return_test_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls),(append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_m:
+shows "((map_of (append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_m:
+shows "((lookup_var_decl ((append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls),(append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls),(append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = return_test_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec return_test_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec return_test_before_cfg_to_dag_prog.post),proc_body = (Some (return_test_before_cfg_to_dag_prog.locals_vdecls,return_test_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_passive_prog.thy
new file mode 100644
index 0000000..e8b85a4
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_passive_prog.thy
@@ -0,0 +1,62 @@
+theory return_test_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util return_test_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assign 0 (Lit (LInt 0)))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding return_test_before_ast_to_cfg_prog.constants_vdecls_def return_test_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_cfgtodag_proof.thy
new file mode 100644
index 0000000..db494a3
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_cfgtodag_proof.thy
@@ -0,0 +1,135 @@
+theory return_test_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML return_test_before_ast_to_cfg_prog return_test_before_cfg_to_dag_prog return_test_before_passive_prog return_test_passification_proof return_test_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A return_test_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_test_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_test_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding return_test_before_cfg_to_dag_prog.block_0_def return_test_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_test_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_test_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule return_test_before_cfg_to_dag_prog.node_0)
+apply (rule return_test_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding return_test_before_ast_to_cfg_prog.post_def
+apply (rule block_anon0)
+apply assumption+
+by (rule return_test_before_cfg_to_dag_prog.outEdges_0)
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_test_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_test_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:return_test_before_passive_prog.outEdges_1))
+by ((simp add:return_test_before_passive_prog.node_1 return_test_before_passive_prog.block_1_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_test_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 return_test_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_test_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule return_test_before_passive_prog.node_2)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding return_test_before_passive_prog.block_2_def
+apply (rule assume_pres_normal[where ?es=return_test_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding return_test_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule return_test_before_passive_prog.outEdges_2)
+apply ((simp add:return_test_before_passive_prog.node_1 return_test_before_passive_prog.block_1_def))
+apply (rule return_test_before_passive_prog.outEdges_1)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_test_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_m::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A return_test_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> return_test_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) return_test_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns return_test_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] return_test_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_test_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule return_test_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passification_proof.thy
new file mode 100644
index 0000000..186f37f
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passification_proof.thy
@@ -0,0 +1,195 @@
+theory return_test_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util return_test_before_ast_to_cfg_prog return_test_passive_prog Boogie_Lang.PassificationML return_test_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_test_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old return_test_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_test_before_passive_prog.block_0_def return_test_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_test_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_test_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_test_before_passive_prog.block_1_def return_test_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_test_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_test_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding return_test_before_passive_prog.block_2_def return_test_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_test_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_test_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_test_before_passive_prog.node_0},@{thm return_test_before_passive_prog.outEdges_0}) (@{thm return_test_passive_prog.node_0},@{thm return_test_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_test_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_test_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_test_before_passive_prog.node_1},@{thm return_test_before_passive_prog.outEdges_1}) (@{thm return_test_passive_prog.node_1},@{thm return_test_passive_prog.outEdges_1}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_test_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_test_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_test_before_passive_prog.node_2},@{thm return_test_before_passive_prog.outEdges_2}) (@{thm return_test_passive_prog.node_2},@{thm return_test_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_test_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_m::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A return_test_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> return_test_before_ast_to_cfg_prog.constants_vdecls ns return_test_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv return_test_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding return_test_before_ast_to_cfg_prog.constants_vdecls_def return_test_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding return_test_passive_prog.params_vdecls_def return_test_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using return_test_before_passive_prog.globals_locals_disj apply auto[1]
+using return_test_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] return_test_passive_prog.proc_body u (Inl 2)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range return_test_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] return_test_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from return_test_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passive_prog.thy
new file mode 100644
index 0000000..d5e738b
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passive_prog.thy
@@ -0,0 +1,77 @@
+theory return_test_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util return_test_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding return_test_passive_prog.params_vdecls_def return_test_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)))) = {})"
+unfolding return_test_before_ast_to_cfg_prog.constants_vdecls_def return_test_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_m:
+shows "((map_of (append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_m:
+shows "((lookup_var_decl ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_vcphase_proof.thy
new file mode 100644
index 0000000..8f77b8e
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_vcphase_proof.thy
@@ -0,0 +1,141 @@
+theory return_test_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML return_test_passive_prog return_test_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_m :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_m)))" and 
+G1: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1
+lemmas forall_poly_thm = forall_vc_type[OF G1]
+lemmas exists_poly_thm = exists_vc_type[OF G1]
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_test_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding return_test_passive_prog.block_0_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_test_passive_prog.block_1 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding return_test_passive_prog.block_1_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_test_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding return_test_passive_prog.block_2_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_test_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) return_test_passive_prog.node_0 return_test_passive_prog.outEdges_0])
+using block_anon0 by blast
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_test_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_test_passive_prog.node_1])
+apply (erule block_0)
+apply ((simp add:return_test_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_test_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_test_passive_prog.node_2])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:return_test_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)) \<Gamma> [] return_test_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_m::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A return_test_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> return_test_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) return_test_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s return_test_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((return_test_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ParamsLocal have sc_m:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_test_passive_prog.m_m])
+apply (subst lookup_var_local[OF return_test_passive_prog.m_m])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_m])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/ROOT
new file mode 100644
index 0000000..a7bb232
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/ROOT
@@ -0,0 +1,12 @@
+session start_loop_proofs = Boogie_Lang + 
+directories start_loop_proofs
+theories
+global_data
+"start_loop_proofs/start_loop_cfgtodag_proof"
+"start_loop_proofs/start_loop_vcphase_proof"
+"start_loop_proofs/start_loop_passive_prog"
+"start_loop_proofs/start_loop_asttocfg_proof"
+"start_loop_proofs/start_loop_before_cfg_to_dag_prog"
+"start_loop_proofs/start_loop_before_ast_to_cfg_prog"
+"start_loop_proofs/start_loop_passification_proof"
+"start_loop_proofs/start_loop_before_passive_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/global_data.thy
new file mode 100644
index 0000000..3d9c689
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/global_data.thy
@@ -0,0 +1,36 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma m_t:
+shows "((map_of (append global_data.constants_vdecls global_data.globals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:global_data.constants_vdecls_def global_data.globals_vdecls_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_asttocfg_proof.thy
new file mode 100644
index 0000000..113de50
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_asttocfg_proof.thy
@@ -0,0 +1,315 @@
+theory start_loop_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML start_loop_before_ast_to_cfg_prog start_loop_before_cfg_to_dag_prog start_loop_cfgtodag_proof start_loop_passification_proof start_loop_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A start_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma global_rel_start_loop_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (start_loop_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end start_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (Lit (LBool True)) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of start_loop_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_3_def)
+
+apply (rule astTrace)
+apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+apply (rule cont_3_def)
+apply (rule start_loop_before_cfg_to_dag_prog.node_3)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule start_loop_before_cfg_to_dag_prog.block_3_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply ( rule neg_refl)
+apply (rule guardHint)
+apply (rule start_loop_before_cfg_to_dag_prog.outEdges_3)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: start_loop_before_cfg_to_dag_prog.node_3)
+apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma rel_start_loop_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (start_loop_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (Lit (LBool True)) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding start_loop_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of start_loop_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: start_loop_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: assms(3) start_loop_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_start_loop_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (start_loop_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end start_loop_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (Lit (LBool True)) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T start_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 start_loop_before_cfg_to_dag_prog.proc_body 1 start_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of start_loop_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule start_loop_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule start_loop_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: start_loop_before_cfg_to_dag_prog.node_2)
+apply (rule rel_start_loop_before_ast_to_cfg_prog_bigblock_2)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=1])+)
+apply (simp add: start_loop_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_start_loop_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (start_loop_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end start_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of start_loop_before_ast_to_cfg_prog.bigblock_1 _ _ _ start_loop_before_cfg_to_dag_prog.block_1])
+apply (simp add:start_loop_before_ast_to_cfg_prog.bigblock_1_def start_loop_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:start_loop_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of start_loop_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:start_loop_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:start_loop_before_cfg_to_dag_prog.block_1_def start_loop_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_start_loop_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def start_loop_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+
+
+
+
+
+apply ((blast)+)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+done
+qed
+qed
+
+lemma global_rel_start_loop_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (start_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end start_loop_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+apply (rule ending_after_unwrapping)
+apply (rule astTrace)
+apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_0_def)
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply (simp)
+apply (rule global_rel_start_loop_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply (rule correctness_propagates_through_empty)
+using assms(2)
+apply blast
+apply (simp add: start_loop_before_cfg_to_dag_prog.node_0)
+apply (simp add: start_loop_before_cfg_to_dag_prog.block_0_def)
+
+
+apply (simp add: start_loop_before_cfg_to_dag_prog.outEdges_0)
+apply (simp add: member_rec)
+apply (simp)
+apply (rule correctness_propagates_through_empty2)
+using assms(3)
+apply blast
+apply (simp add: start_loop_before_cfg_to_dag_prog.node_0)
+apply (simp add: start_loop_before_cfg_to_dag_prog.block_0_def)
+
+
+apply (simp add: start_loop_before_cfg_to_dag_prog.outEdges_0)
+apply (simp add: member_rec)
+apply ((simp)+)
+done
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (start_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_t::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A start_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> start_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) start_loop_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns start_loop_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (start_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_start_loop_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def start_loop_before_ast_to_cfg_prog.pres_def start_loop_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def start_loop_before_ast_to_cfg_prog.pres_def start_loop_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (start_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_t::int). (vc.vc_anon0 ))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) start_loop_before_ast_to_cfg_prog.fdecls start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls start_loop_before_ast_to_cfg_prog.axioms start_loop_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding start_loop_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 start_loop_before_ast_to_cfg_prog.ast_proc_def start_loop_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..7612a9f
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_ast_to_cfg_prog.thy
@@ -0,0 +1,123 @@
+theory start_loop_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (Lit (LBool True))) [] [(BigBlock (None ) [(Assume (Lit (LBool True)))] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (Lit (LBool True))) [] [(BigBlock (None ) [(Assume (Lit (LBool True)))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assume (Lit (LBool True)))] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (None ) (None ))"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_1 cont_1)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = []"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding start_loop_before_ast_to_cfg_prog.constants_vdecls_def start_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 1))"
+unfolding start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 1)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+using start_loop_before_ast_to_cfg_prog.locals_min start_loop_before_ast_to_cfg_prog.globals_max
+by fastforce
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding start_loop_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding start_loop_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding start_loop_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding start_loop_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_t:
+shows "((map_of (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:start_loop_before_ast_to_cfg_prog.constants_vdecls_def start_loop_before_ast_to_cfg_prog.globals_vdecls_def)
+
+lemma l_t:
+shows "((lookup_var_decl ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_t
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = start_loop_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [0],proc_pres = (exprs_to_only_checked_spec start_loop_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec start_loop_before_ast_to_cfg_prog.post),proc_body = (Some (start_loop_before_ast_to_cfg_prog.locals_vdecls,start_loop_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..fba7765
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_cfg_to_dag_prog.thy
@@ -0,0 +1,149 @@
+theory start_loop_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = [(Assume (Lit (LBool True))),(Assume (Lit (LBool True)))]"
+definition block_3
+  where
+    "block_3  = [(Assume (UnOp Not (Lit (LBool True))))]"
+definition outEdges
+  where
+    "outEdges  = [[1],[3,2],[1],[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [3,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = []"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding start_loop_before_cfg_to_dag_prog.constants_vdecls_def start_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 1))"
+unfolding start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 1)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+using start_loop_before_cfg_to_dag_prog.locals_min start_loop_before_cfg_to_dag_prog.globals_max
+by fastforce
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding start_loop_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding start_loop_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding start_loop_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding start_loop_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls),(append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_t:
+shows "((map_of (append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:start_loop_before_cfg_to_dag_prog.constants_vdecls_def start_loop_before_cfg_to_dag_prog.globals_vdecls_def)
+
+lemma l_t:
+shows "((lookup_var_decl ((append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls),(append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls),(append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_t
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = start_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [0],proc_pres = (exprs_to_only_checked_spec start_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec start_loop_before_cfg_to_dag_prog.post),proc_body = (Some (start_loop_before_cfg_to_dag_prog.locals_vdecls,start_loop_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_passive_prog.thy
similarity index 62%
rename from BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_passive_prog.thy
index 5e21755..07faadc 100644
--- a/BoogieLang/generated_example_proofs/while_example_proofs/m_proofs/m_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_passive_prog.thy
@@ -1,21 +1,21 @@
-theory m_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_cfg_to_dag_prog
+theory start_loop_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util start_loop_before_ast_to_cfg_prog
 begin
 definition block_0
   where
     "block_0  = []"
 definition block_1
   where
-    "block_1  = [(Assume (BinOp (Var 1) Le (Var 0))),(Assert (BinOp (Var 0) Ge (Var 1)))]"
+    "block_1  = [(Assume (UnOp Not (Lit (LBool True))))]"
 definition block_2
   where
-    "block_2  = [(Assume (BinOp (Var 0) Lt (Var 1))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Var 1))),(Assume (Lit (LBool False)))]"
+    "block_2  = [(Assume (Lit (LBool True))),(Assume (Lit (LBool True))),(Assume (Lit (LBool False)))]"
 definition block_3
   where
-    "block_3  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Var 1)))]"
+    "block_3  = []"
 definition block_4
   where
-    "block_4  = [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 0) Le (Var 1)))]"
+    "block_4  = []"
 definition block_5
   where
     "block_5  = []"
@@ -88,19 +88,19 @@ shows "((nth (out_edges proc_body) 6) = [5])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 1))"
+unfolding start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 1)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
+shows "((Set.inter (set (map fst (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+using start_loop_before_ast_to_cfg_prog.locals_min start_loop_before_ast_to_cfg_prog.globals_max
+by fastforce
 
 
 end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_cfgtodag_proof.thy
new file mode 100644
index 0000000..5b8f68d
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_cfgtodag_proof.thy
@@ -0,0 +1,329 @@
+theory start_loop_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML start_loop_before_ast_to_cfg_prog start_loop_before_cfg_to_dag_prog start_loop_before_passive_prog start_loop_passification_proof start_loop_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A start_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(state_well_typed A \<Lambda>1 [] ns2)"
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 start_loop_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def start_loop_before_ast_to_cfg_prog.post_def 
+apply (rule cfg_dag_rel_post_invs_3)
+apply (erule assms(1))
+apply (rule start_loop_before_passive_prog.node_0)
+apply simp
+unfolding start_loop_before_passive_prog.block_0_def
+by cfg_dag_rel_tac_single+
+
+lemma block_anon2_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] start_loop_before_passive_prog.block_1 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding start_loop_before_cfg_to_dag_prog.block_3_def start_loop_before_passive_prog.block_1_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon2_LoopDone:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_2[OF Red])
+apply (rule start_loop_before_cfg_to_dag_prog.node_3)
+apply (rule start_loop_before_passive_prog.node_1)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+apply (erule block_anon2_LoopDone)
+apply assumption+
+apply (rule start_loop_before_cfg_to_dag_prog.outEdges_3)
+apply (rule start_loop_before_passive_prog.outEdges_1)
+apply (erule cfg_block_GeneratedUnifiedExit)
+by assumption
+
+
+lemma Mods_anon2_LoopBody:
+shows "(mods_contained_in (set []) start_loop_before_cfg_to_dag_prog.block_2)"
+unfolding start_loop_before_cfg_to_dag_prog.block_2_def
+by simp
+
+lemma block_anon2_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] start_loop_before_passive_prog.block_2 ns2 s' True)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding start_loop_before_cfg_to_dag_prog.block_2_def start_loop_before_passive_prog.block_2_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon2_LoopBody:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+IH_anon2_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body [] [] start_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
+apply (rule start_loop_before_cfg_to_dag_prog.node_2)
+apply (rule start_loop_before_passive_prog.node_2)
+apply (assumption+)
+apply (rule block_anon2_LoopBody)
+apply (assumption+)
+apply (rule Mods_anon2_LoopBody)
+apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_2))
+apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_2))
+apply (erule member_elim)
+apply (rule loop_ih_apply[where ?j'="j-1"])
+apply (rule IH_anon2_LoopHead)
+apply (simp, simp)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_sym)
+apply (simp)
+apply (simp)
+apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
+by (simp add: member_rec(2))
+
+
+lemma Mods_anon2_LoopHead:
+shows "(mods_contained_in (set []) start_loop_before_cfg_to_dag_prog.block_1)"
+unfolding start_loop_before_cfg_to_dag_prog.block_1_def
+by simp
+
+lemma block_anon2_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] start_loop_before_passive_prog.block_3 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding start_loop_before_cfg_to_dag_prog.block_1_def start_loop_before_passive_prog.block_3_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon2_LoopHead:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post m' s')"
+using Red DagAssms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+show ?case
+proof (cases j)
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
+next
+case (Suc j')
+from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set []))"by (simp add: dag_lemma_assms_def)
+from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
+show ?thesis
+apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
+apply (rule start_loop_before_cfg_to_dag_prog.node_1)
+apply (rule start_loop_before_passive_prog.node_3)
+apply (assumption+)
+apply (rule block_anon2_LoopHead)
+apply (assumption+)
+apply (rule Mods_anon2_LoopHead)
+apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_1))
+apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_1))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=1])
+apply ((simp add:start_loop_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2_LoopDone)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=2])
+apply ((simp add:start_loop_before_passive_prog.outEdges_3))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2_LoopBody)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply simp
+apply (fastforce)
+apply (simp)
+apply (simp)
+apply (rule loop_ih_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper, assumption, assumption)
+unfolding dag_lemma_assms_def
+apply (intro conjI, simp)
+apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
+apply ((fastforce, simp, simp))
+apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
+by (simp add: member_rec(2))
+qed
+qed
+
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] start_loop_before_passive_prog.block_4 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding start_loop_before_cfg_to_dag_prog.block_0_def start_loop_before_passive_prog.block_4_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
+apply (rule start_loop_before_cfg_to_dag_prog.node_0)
+apply (rule start_loop_before_passive_prog.node_4)
+apply (assumption+)
+apply (rule block_anon0)
+apply (assumption+)
+apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_0))
+apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_0))
+apply (erule member_elim)
+apply simp
+apply (erule allE[where x=3])
+apply ((simp add:start_loop_before_passive_prog.outEdges_4))
+apply ((simp add:member_rec(1)))
+apply (rule cfg_block_anon2_LoopHead)
+apply simp
+unfolding dag_lemma_assms_def
+apply (intro conjI)
+apply simp
+apply (erule nstate_same_on_empty_subset)
+apply (fastforce)
+apply (simp)
+apply (simp)
+by (simp add: member_rec(2))
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:start_loop_before_passive_prog.outEdges_5))
+by ((simp add:start_loop_before_passive_prog.node_5 start_loop_before_passive_prog.block_5_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 start_loop_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule start_loop_before_passive_prog.node_6)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding start_loop_before_passive_prog.block_6_def
+apply (rule assume_pres_normal[where ?es=start_loop_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding start_loop_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule start_loop_before_passive_prog.outEdges_6)
+apply ((simp add:start_loop_before_passive_prog.node_5 start_loop_before_passive_prog.block_5_def))
+apply (rule start_loop_before_passive_prog.outEdges_5)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_t::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A start_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> start_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) start_loop_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns start_loop_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule start_loop_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passification_proof.thy
new file mode 100644
index 0000000..e04cea8
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passification_proof.thy
@@ -0,0 +1,272 @@
+theory start_loop_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util start_loop_before_ast_to_cfg_prog start_loop_passive_prog Boogie_Lang.PassificationML start_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding start_loop_before_passive_prog.block_0_def start_loop_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon2_LoopDone:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding start_loop_before_passive_prog.block_1_def start_loop_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon2_LoopBody:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding start_loop_before_passive_prog.block_2_def start_loop_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon2_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_3 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding start_loop_before_passive_prog.block_3_def start_loop_passive_prog.block_3_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_4 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding start_loop_before_passive_prog.block_4_def start_loop_passive_prog.block_4_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_5 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding start_loop_before_passive_prog.block_5_def start_loop_passive_prog.block_5_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_6 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding start_loop_before_passive_prog.block_6_def start_loop_passive_prog.block_6_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_0},@{thm start_loop_before_passive_prog.outEdges_0}) (@{thm start_loop_passive_prog.node_0},@{thm start_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
+
+lemma cfg_block_anon2_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_1},@{thm start_loop_before_passive_prog.outEdges_1}) (@{thm start_loop_passive_prog.node_1},@{thm start_loop_passive_prog.outEdges_1}) @{thm block_anon2_LoopDone} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon2_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_2},@{thm start_loop_before_passive_prog.outEdges_2}) (@{thm start_loop_passive_prog.node_2},@{thm start_loop_passive_prog.outEdges_2}) @{thm block_anon2_LoopBody} [
+@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
+
+lemma cfg_block_anon2_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 3)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_3},@{thm start_loop_before_passive_prog.outEdges_3}) (@{thm start_loop_passive_prog.node_3},@{thm start_loop_passive_prog.outEdges_3}) @{thm block_anon2_LoopHead} [
+@{thm cfg_block_anon2_LoopDone}, 
+@{thm cfg_block_anon2_LoopBody}] 1\<close>))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 4)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_4},@{thm start_loop_before_passive_prog.outEdges_4}) (@{thm start_loop_passive_prog.node_4},@{thm start_loop_passive_prog.outEdges_4}) @{thm block_anon0} [
+@{thm cfg_block_anon2_LoopHead}] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 5)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_5},@{thm start_loop_before_passive_prog.outEdges_5}) (@{thm start_loop_passive_prog.node_5},@{thm start_loop_passive_prog.outEdges_5}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 6)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_6},@{thm start_loop_before_passive_prog.outEdges_6}) (@{thm start_loop_passive_prog.node_6},@{thm start_loop_passive_prog.outEdges_6}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_t::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A start_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> start_loop_before_ast_to_cfg_prog.constants_vdecls ns start_loop_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv start_loop_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding start_loop_before_ast_to_cfg_prog.constants_vdecls_def start_loop_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding start_loop_passive_prog.params_vdecls_def start_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using start_loop_before_passive_prog.globals_locals_disj apply auto[1]
+using start_loop_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] start_loop_passive_prog.proc_body u (Inl 6)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range start_loop_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] start_loop_passive_prog.proc_body ((Inl 6),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from start_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passive_prog.thy
new file mode 100644
index 0000000..4485f59
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passive_prog.thy
@@ -0,0 +1,117 @@
+theory start_loop_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util start_loop_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = []"
+definition block_1
+  where
+    "block_1  = [(Assume (UnOp Not (Lit (LBool True))))]"
+definition block_2
+  where
+    "block_2  = [(Assume (Lit (LBool True))),(Assume (Lit (LBool True))),(Assume (Lit (LBool False)))]"
+definition block_3
+  where
+    "block_3  = []"
+definition block_4
+  where
+    "block_4  = []"
+definition block_5
+  where
+    "block_5  = []"
+definition block_6
+  where
+    "block_6  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_3:
+shows "((nth (node_to_block proc_body) 3) = block_3)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_4:
+shows "((nth (node_to_block proc_body) 4) = block_4)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_5:
+shows "((nth (node_to_block proc_body) 5) = block_5)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_6:
+shows "((nth (node_to_block proc_body) 6) = block_6)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_3:
+shows "((nth (out_edges proc_body) 3) = [1,2])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_4:
+shows "((nth (out_edges proc_body) 4) = [3])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_5:
+shows "((nth (out_edges proc_body) 5) = [4])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_6:
+shows "((nth (out_edges proc_body) 6) = [5])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = []"
+lemma locals_min_aux:
+shows "(((map fst (append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)))) \<ge> 1))"
+unfolding start_loop_passive_prog.params_vdecls_def start_loop_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 1)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)))) = {})"
+using start_loop_passive_prog.locals_min start_loop_before_ast_to_cfg_prog.globals_max
+by fastforce
+
+lemma l_t:
+shows "((lookup_var_decl ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj start_loop_before_ast_to_cfg_prog.m_t
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_vcphase_proof.thy
new file mode 100644
index 0000000..fa10bf8
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_vcphase_proof.thy
@@ -0,0 +1,235 @@
+theory start_loop_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML start_loop_passive_prog start_loop_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_t :: "int"
+assumes 
+G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_t)))" and 
+G1: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1
+lemmas forall_poly_thm = forall_vc_type[OF G1]
+lemmas exists_poly_thm = exists_vc_type[OF G1]
+declare Nat.One_nat_def[simp del]
+
+lemma block_GeneratedUnifiedExit:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_0 (Normal n_s) s')"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
+using assms
+unfolding start_loop_passive_prog.block_0_def
+apply cases
+by auto
+
+ML\<open>
+val block_anon2_LoopDone_hints = [
+(AssumeTrue,NONE)]
+\<close>
+lemma block_anon2_LoopDoneAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding start_loop_passive_prog.block_1_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopDone_hints \<close>)
+by (auto?)
+
+ML\<open>
+val block_anon2_LoopBody_hints = [
+(AssumeTrue,NONE), 
+(AssumeTrue,NONE), 
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon2_LoopBodyAA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding start_loop_passive_prog.block_2_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopBody_hints \<close>)
+by (auto?)
+
+lemma block_anon2_LoopHead:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_3 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding start_loop_passive_prog.block_3_def
+apply cases
+by auto
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_4 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding start_loop_passive_prog.block_4_def
+apply cases
+by auto
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_5 (Normal n_s) s')" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
+using assms
+unfolding start_loop_passive_prog.block_5_def
+apply cases
+by auto
+
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding start_loop_passive_prog.block_6_def vc.vc_anon0_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_GeneratedUnifiedExit:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) start_loop_passive_prog.node_0 start_loop_passive_prog.outEdges_0])
+using block_GeneratedUnifiedExit by blast
+
+lemma cfg_block_anon2_LoopDone:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_2[OF assms(1) start_loop_passive_prog.node_1])
+apply (erule block_anon2_LoopDoneAA0[OF _ assms(2)])
+apply ((simp add:start_loop_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_GeneratedUnifiedExit, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon2_LoopBody:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) start_loop_passive_prog.node_2])
+by (erule block_anon2_LoopBodyAA0[OF _ assms(2)])
+
+lemma cfg_block_anon2_LoopHead:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) start_loop_passive_prog.node_3])
+apply (erule block_anon2_LoopHead[OF _ assms(2)])
+apply ((simp add:start_loop_passive_prog.outEdges_3))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2_LoopDone, simp?)
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2_LoopBody, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) start_loop_passive_prog.node_4])
+apply (erule block_anon0[OF _ assms(2)])
+apply ((simp add:start_loop_passive_prog.outEdges_4))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon2_LoopHead, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
+"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) start_loop_passive_prog.node_5])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:start_loop_passive_prog.outEdges_5))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) start_loop_passive_prog.node_6])
+apply (erule block_anon0AA0[OF _ assms(2)])
+apply ((simp add:start_loop_passive_prog.outEdges_6))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)) \<Gamma> [] start_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_t::int). (vc.vc_anon0 ))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A start_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> start_loop_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) start_loop_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s start_loop_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((start_loop_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+from ConstsGlobal have sc_t:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF start_loop_before_ast_to_cfg_prog.m_t])
+apply (subst lookup_var_global_disj[OF start_loop_passive_prog.globals_locals_disj start_loop_before_ast_to_cfg_prog.m_t])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (rule HOL.conjunct1[OF sc_t])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/ROOT
new file mode 100644
index 0000000..44cb07b
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/ROOT
@@ -0,0 +1,12 @@
+session triangle_example_proofs = Boogie_Lang + 
+directories triangle_proofs
+theories
+global_data
+"triangle_proofs/triangle_asttocfg_proof"
+"triangle_proofs/triangle_passive_prog"
+"triangle_proofs/triangle_vcphase_proof"
+"triangle_proofs/triangle_before_cfg_to_dag_prog"
+"triangle_proofs/triangle_cfgtodag_proof"
+"triangle_proofs/triangle_before_ast_to_cfg_prog"
+"triangle_proofs/triangle_before_passive_prog"
+"triangle_proofs/triangle_passification_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_asttocfg_proof.thy
new file mode 100644
index 0000000..e4f8c9b
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_asttocfg_proof.thy
@@ -0,0 +1,344 @@
+theory triangle_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML triangle_before_ast_to_cfg_prog triangle_before_cfg_to_dag_prog triangle_cfgtodag_proof triangle_passification_proof triangle_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A triangle_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma global_rel_triangle_before_ast_to_cfg_prog_bigblock_3:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end triangle_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Lt (Var 0)) ns1 (BoolV False))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Invs[of triangle_before_ast_to_cfg_prog.bigblock_3])
+apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_3_def)
+
+apply (rule astTrace)
+apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp)
+apply (simp)
+apply (rule cont_3_def)
+apply (rule triangle_before_cfg_to_dag_prog.node_3)
+apply (rule disjI2)
+apply (rule disjI2)
+apply (rule conjI)
+apply (rule triangle_before_cfg_to_dag_prog.block_3_def)
+apply (rule conjI)
+apply (simp)
+apply (rule conjI)
+apply ( rule neg_lt)
+apply (rule guardHint)
+apply (rule triangle_before_cfg_to_dag_prog.outEdges_3)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: triangle_before_cfg_to_dag_prog.node_3)
+apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_3_def)
+apply (simp add: end_static)
+done
+qed
+
+lemma rel_triangle_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Lt (Var 0)) ns1 (BoolV True))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
+unfolding triangle_before_cfg_to_dag_prog.block_2_def
+apply (rule guard_holds_push_through_assumption)
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of triangle_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp+)
+apply (rule astStep)
+apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
+apply (simp add: triangle_before_cfg_to_dag_prog.block_2_def)
+apply ((simp add: assms(3) triangle_before_ast_to_cfg_prog.bigblock_2_def)+)
+done
+
+
+lemma global_rel_triangle_before_ast_to_cfg_prog_bigblock_2:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end triangle_before_ast_to_cfg_prog.post))))))" and 
+guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Lt (Var 0)) ns1 (BoolV True))" and 
+inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T triangle_before_ast_to_cfg_prog.bigblock_1 cont_1 triangle_before_cfg_to_dag_prog.proc_body 1 triangle_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis 
+apply (rule block_global_rel_generic)
+apply (rule Rel_Main_test[of triangle_before_ast_to_cfg_prog.bigblock_2])
+apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_2_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_2_def)
+apply (rule triangle_before_cfg_to_dag_prog.node_2)
+apply (rule disjI2)
+apply (rule disjI1)
+apply (rule conjI)
+apply (rule triangle_before_cfg_to_dag_prog.block_2_def)
+apply (rule conjI)
+apply (simp)
+apply (rule guardHint)
+apply (rule cfgDoesntFail)
+apply ((simp)+)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (rule cont_2_def)
+apply (simp add: triangle_before_cfg_to_dag_prog.node_2)
+apply (rule rel_triangle_before_ast_to_cfg_prog_bigblock_2)
+apply assumption
+apply (simp)
+apply (rule guardHint)
+apply ((erule allE[where x=1])+)
+apply (simp add: triangle_before_cfg_to_dag_prog.outEdges_2)
+apply (simp add: member_rec(1))
+apply (rule loop_IH_apply)
+apply (rule inductionHypothesis)
+apply ((simp)+)
+done
+qed
+
+lemma global_rel_triangle_before_ast_to_cfg_prog_bigblock_1:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end triangle_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+using assms
+proof (induction j arbitrary: ns1 rule: less_induct)
+case (less j)
+then show ?case
+proof (cases j)
+case 0
+then show ?thesis
+using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
+next
+case (Suc j')
+show ?thesis
+apply (rule block_global_rel_loop_head )
+apply (rule Rel_Invs[of triangle_before_ast_to_cfg_prog.bigblock_1 _ _ _ triangle_before_cfg_to_dag_prog.block_1])
+apply (simp add:triangle_before_ast_to_cfg_prog.bigblock_1_def triangle_before_cfg_to_dag_prog.block_1_def)
+apply (rule less(2))
+apply (rule less(3), simp)
+apply (rule less(4), simp)
+apply (simp)
+apply (simp add:triangle_before_ast_to_cfg_prog.bigblock_1_def)
+apply simp                 
+apply (rule block_local_rel_loop_head)
+apply (rule Rel_Invs[of triangle_before_ast_to_cfg_prog.bigblock_1])
+apply ((simp add:triangle_before_ast_to_cfg_prog.bigblock_1_def)+)
+apply ((simp add:triangle_before_cfg_to_dag_prog.block_1_def triangle_before_cfg_to_dag_prog.node_1)+)
+apply (rule cont_1_def)
+apply (erule disjE)
+
+
+
+apply ((erule allE[where x = 2])+)
+apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule global_rel_triangle_before_ast_to_cfg_prog_bigblock_2)
+apply (simp add: cont_1_def triangle_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
+apply ((blast)+)
+apply (rule loop_IH_prove)
+apply (rule less.IH)
+apply (erule strictly_smaller_helper2)
+apply (simp)
+unfolding cont_1_def cont_2_def
+apply (simp)
+apply (blast)
+apply (blast)
+
+
+apply ((erule allE[where x = 3])+)
+apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_1)+)
+apply (simp add:member_rec(1))
+apply (erule conjE)
+apply (rule ending_after_skipping_endblock2)
+apply ((simp)+)
+apply (blast)
+apply (blast)
+apply (simp)
+apply (simp)
+apply (rule global_rel_triangle_before_ast_to_cfg_prog_bigblock_3)
+apply (blast)
+
+
+apply ((blast)+)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+done
+qed
+qed
+
+lemma rel_triangle_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of triangle_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_0_def triangle_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: triangle_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: triangle_before_cfg_to_dag_prog.block_0_def triangle_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_triangle_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end triangle_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule block_global_rel_while_successor)
+apply (rule astTrace)
+apply (rule Rel_Main_test[of triangle_before_ast_to_cfg_prog.bigblock_0 _ triangle_before_cfg_to_dag_prog.block_0])
+apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_0_def triangle_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_0_def triangle_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_0_def triangle_before_cfg_to_dag_prog.block_0_def)
+apply (simp add: triangle_before_cfg_to_dag_prog.block_0_def)
+apply (rule triangle_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+
+
+
+apply (simp add: triangle_before_cfg_to_dag_prog.block_0_def)
+
+
+
+
+
+
+
+apply (rule cfgDoesntFail, simp)
+apply (rule cfgSatisfiesPosts, blast)
+apply ((simp)+)
+apply (simp add: triangle_before_cfg_to_dag_prog.node_0)
+apply (rule rel_triangle_before_ast_to_cfg_prog_bigblock_0)
+apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_0_def)
+apply ((simp)+)
+
+apply ((erule allE[where x = 1])+)
+apply ((simp add: triangle_before_cfg_to_dag_prog.outEdges_0)+)
+apply (simp add: member_rec(1))
+apply (rule global_rel_triangle_before_ast_to_cfg_prog_bigblock_1)
+apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
+apply blast+
+
+
+
+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (triangle_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A triangle_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> triangle_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) triangle_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns triangle_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] triangle_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_triangle_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def triangle_before_ast_to_cfg_prog.pres_def triangle_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def triangle_before_ast_to_cfg_prog.pres_def triangle_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (triangle_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def cont_3_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) triangle_before_ast_to_cfg_prog.fdecls triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls triangle_before_ast_to_cfg_prog.axioms triangle_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding triangle_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 triangle_before_ast_to_cfg_prog.ast_proc_def triangle_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..143826b
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_to_cfg_prog.thy
@@ -0,0 +1,141 @@
+theory triangle_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assign 1 (Lit (LInt 0))),(Assign 2 (Lit (LInt 0)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Lt (Var 0))) [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
+definition bigblock_1
+  where
+    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Lt (Var 0))) [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] (None ) (None ))])) (None ))"
+definition bigblock_2
+  where
+    "bigblock_2  = (BigBlock (None ) [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] (None ) (None ))"
+definition bigblock_3
+  where
+    "bigblock_3  = (BigBlock (None ) [] (None ) (None ))"
+definition cont_3
+  where
+    "cont_3  = KStop"
+definition cont_0
+  where
+    "cont_0  = (KSeq bigblock_3 cont_3)"
+definition cont_1
+  where
+    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
+definition cont_2
+  where
+    "cont_2  = (KSeq bigblock_1 cont_1)"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0,bigblock_3]"
+definition pres
+  where
+    "pres  = [(BinOp (Var 0) Ge (Lit (LInt 0)))]"
+definition post
+  where
+    "post  = [(BinOp (Var 2) Eq (BinOp (BinOp (Var 0) Mul (BinOp (Var 0) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))]"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding triangle_before_ast_to_cfg_prog.constants_vdecls_def triangle_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding triangle_before_ast_to_cfg_prog.constants_vdecls_def triangle_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding triangle_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding triangle_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding triangle_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding triangle_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_n:
+shows "((map_of (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_m:
+shows "((map_of (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_t:
+shows "((map_of (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_n:
+shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_n
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_m:
+shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_m
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_t:
+shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+using globals_locals_disj m_t
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = triangle_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec triangle_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec triangle_before_ast_to_cfg_prog.post),proc_body = (Some (triangle_before_ast_to_cfg_prog.locals_vdecls,triangle_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy
similarity index 57%
rename from BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy
index 7881e0b..fb9eb86 100644
--- a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy
@@ -66,6 +66,28 @@ definition params_vdecls :: "(vdecls)"
 definition locals_vdecls :: "(vdecls)"
   where
     "locals_vdecls  = [(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding triangle_before_cfg_to_dag_prog.constants_vdecls_def triangle_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
 lemma locals_min_aux:
 shows "(((map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
 unfolding triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def
@@ -77,18 +99,23 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding triangle_before_cfg_to_dag_prog.constants_vdecls_def triangle_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
 by simp
 
 lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.constants_vdecls) )"
-unfolding global_data.constants_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding triangle_before_cfg_to_dag_prog.constants_vdecls_def
 by simp
 
 lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) global_data.globals_vdecls) )"
-unfolding global_data.globals_vdecls_def
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding triangle_before_cfg_to_dag_prog.globals_vdecls_def
 by simp
 
 lemma params_wf:
@@ -102,7 +129,7 @@ unfolding triangle_before_cfg_to_dag_prog.locals_vdecls_def
 by simp
 
 lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
 apply (rule lookup_ty_pred_2)
 by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
 
@@ -119,21 +146,21 @@ shows "((map_of (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_b
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_n:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_n
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_m:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_m
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_t:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
 using globals_locals_disj m_t
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
-definition proc :: "(procedure)"
+definition proc :: "(mbodyCFG procedure)"
   where
     "proc  = (|proc_ty_args = 0,proc_args = triangle_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec triangle_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec triangle_before_cfg_to_dag_prog.post),proc_body = (Some (triangle_before_cfg_to_dag_prog.locals_vdecls,triangle_before_cfg_to_dag_prog.proc_body))|)"
 
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy
similarity index 79%
rename from BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy
index 1c5560b..310cc4e 100644
--- a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy
@@ -1,5 +1,5 @@
 theory triangle_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util triangle_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util triangle_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -88,18 +88,18 @@ shows "((nth (out_edges proc_body) 6) = [5])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding triangle_before_ast_to_cfg_prog.constants_vdecls_def triangle_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy
similarity index 76%
rename from BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy
index 7f4641a..a070c51 100644
--- a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy
@@ -1,15 +1,15 @@
 theory triangle_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML triangle_before_cfg_to_dag_prog triangle_before_passive_prog triangle_passification_proof triangle_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML triangle_before_ast_to_cfg_prog triangle_before_cfg_to_dag_prog triangle_before_passive_prog triangle_passification_proof triangle_vcphase_proof
 begin
 locale cfg_to_dag_lemmas = 
 fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
 assumes 
-Wf_Fun: "(fun_interp_wf A global_data.fdecls \<Gamma>)"
+Wf_Fun: "(fun_interp_wf A triangle_before_ast_to_cfg_prog.fdecls \<Gamma>)"
 begin
 
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls))"
 declare Nat.One_nat_def[simp del]
 
 lemma ty_hint_1:
@@ -20,16 +20,16 @@ lemma cfg_block_GeneratedUnifiedExit:
 assumes 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
 "(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 triangle_before_cfg_to_dag_prog.post)"
-unfolding expr_all_sat_def triangle_before_cfg_to_dag_prog.post_def 
+shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 triangle_before_ast_to_cfg_prog.post)"
+unfolding expr_all_sat_def triangle_before_ast_to_cfg_prog.post_def 
 apply (rule cfg_dag_rel_post_invs_3)
 apply (erule assms(1))
 apply (rule triangle_before_passive_prog.node_0)
 apply simp
-apply (rule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf triangle_before_cfg_to_dag_prog.var_context_wf])
+apply (rule type_safety_top_level_inv[OF Wf_Fun triangle_before_ast_to_cfg_prog.funcs_wf triangle_before_ast_to_cfg_prog.var_context_wf])
 apply (rule assms(2))
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} @{thms ty_hint_1} @{thms triangle_before_cfg_to_dag_prog.l_t(2) triangle_before_cfg_to_dag_prog.l_n(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} @{thms ty_hint_1} @{thms triangle_before_ast_to_cfg_prog.l_t(2) triangle_before_ast_to_cfg_prog.l_n(2)} [] 1\<close>))
 
 unfolding triangle_before_passive_prog.block_0_def
 by cfg_dag_rel_tac_single+
@@ -53,7 +53,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_return_2[OF Red])
 apply (rule triangle_before_cfg_to_dag_prog.node_3)
 apply (rule triangle_before_passive_prog.node_1)
@@ -89,12 +89,12 @@ apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
 apply (intro conjI)
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf triangle_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun triangle_before_ast_to_cfg_prog.funcs_wf triangle_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} @{thms ty_hint_2} @{thms triangle_before_cfg_to_dag_prog.l_t(2) triangle_before_cfg_to_dag_prog.l_m(2)} [] 1\<close>))
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf triangle_before_cfg_to_dag_prog.var_context_wf])
+apply ((tactic \<open> typing_tac @{context} @{thms ty_hint_2} @{thms triangle_before_ast_to_cfg_prog.l_t(2) triangle_before_ast_to_cfg_prog.l_m(2)} [] 1\<close>))
+apply (erule type_safety_top_level_inv[OF Wf_Fun triangle_before_ast_to_cfg_prog.funcs_wf triangle_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms triangle_before_cfg_to_dag_prog.l_m(2) triangle_before_cfg_to_dag_prog.l_n(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms triangle_before_ast_to_cfg_prog.l_m(2) triangle_before_ast_to_cfg_prog.l_n(2)} [] 1\<close>))
 
 done
 
@@ -103,8 +103,8 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon2_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body [2,1] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] triangle_before_cfg_to_dag_prog.post ns1 s' 1 m' j)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.post m' s')"
+IH_anon2_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body [2,1] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] triangle_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
 apply (rule triangle_before_cfg_to_dag_prog.node_2)
 apply (rule triangle_before_passive_prog.node_2)
@@ -143,8 +143,8 @@ apply (rule dag_rel_block_lemma_compact, simp)
 unfolding triangle_before_cfg_to_dag_prog.block_1_def triangle_before_passive_prog.block_3_def
 apply cfg_dag_rel_tac_single+
 apply simp
-apply ((simp add:triangle_before_cfg_to_dag_prog.l_t(1)))
-apply ((simp add:triangle_before_cfg_to_dag_prog.l_m(1)))
+apply ((simp add:triangle_before_ast_to_cfg_prog.l_t(1)))
+apply ((simp add:triangle_before_ast_to_cfg_prog.l_m(1)))
 apply simp
 done
 
@@ -153,13 +153,13 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [2,1] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post m' s')"
 using Red DagAssms
 proof (induction j arbitrary: ns1 rule: less_induct)
 case (less j)
 show ?case
 proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding valid_configuration_def by auto
+case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
 next
 case (Suc j')
 from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [2,1]))"by (simp add: dag_lemma_assms_def)
@@ -232,12 +232,12 @@ apply cfg_dag_rel_tac_single+
 apply simp
 apply simp
 apply (intro conjI)
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf triangle_before_cfg_to_dag_prog.var_context_wf])
+apply (erule type_safety_top_level_inv[OF Wf_Fun triangle_before_ast_to_cfg_prog.funcs_wf triangle_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} @{thms ty_hint_3} @{thms triangle_before_cfg_to_dag_prog.l_t(2) triangle_before_cfg_to_dag_prog.l_m(2)} [] 1\<close>))
-apply (erule type_safety_top_level_inv[OF Wf_Fun global_data.funcs_wf triangle_before_cfg_to_dag_prog.var_context_wf])
+apply ((tactic \<open> typing_tac @{context} @{thms ty_hint_3} @{thms triangle_before_ast_to_cfg_prog.l_t(2) triangle_before_ast_to_cfg_prog.l_m(2)} [] 1\<close>))
+apply (erule type_safety_top_level_inv[OF Wf_Fun triangle_before_ast_to_cfg_prog.funcs_wf triangle_before_ast_to_cfg_prog.var_context_wf])
 apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms triangle_before_cfg_to_dag_prog.l_m(2) triangle_before_cfg_to_dag_prog.l_n(2)} [] 1\<close>))
+apply ((tactic \<open> typing_tac @{context} [] @{thms triangle_before_ast_to_cfg_prog.l_m(2) triangle_before_ast_to_cfg_prog.l_n(2)} [] 1\<close>))
 
 done
 
@@ -246,7 +246,7 @@ assumes
 Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
 apply (rule triangle_before_cfg_to_dag_prog.node_0)
 apply (rule triangle_before_passive_prog.node_4)
@@ -291,16 +291,16 @@ assumes
 "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
 "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
 "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 triangle_before_cfg_to_dag_prog.pres)"
-shows "(valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.post m' s')"
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 triangle_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post m' s')"
 apply (rule cfg_dag_helper_entry)
 apply (rule triangle_before_passive_prog.node_6)
 apply (erule assms(3))
 apply (rule assms(2))
 unfolding triangle_before_passive_prog.block_6_def
-apply (rule assume_pres_normal[where ?es=triangle_before_cfg_to_dag_prog.pres])
+apply (rule assume_pres_normal[where ?es=triangle_before_ast_to_cfg_prog.pres])
 apply (rule assms(4))
-unfolding triangle_before_cfg_to_dag_prog.pres_def
+unfolding triangle_before_ast_to_cfg_prog.pres_def
 apply simp
 apply (rule triangle_before_passive_prog.outEdges_6)
 apply ((simp add:triangle_before_passive_prog.node_5 triangle_before_passive_prog.block_5_def))
@@ -312,23 +312,23 @@ end
 
 abbreviation \<Lambda>0
   where
-    "\<Lambda>0  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>0  \<equiv> ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls))"
 lemma end_to_end_theorem_aux:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (ns::(('a)nstate)) global_data.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns triangle_before_cfg_to_dag_prog.pres)" and 
+FInterp: "(fun_interp_wf A triangle_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> triangle_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) triangle_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns triangle_before_ast_to_cfg_prog.pres)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
 OldGlobal: "((global_state ns) = (old_global_state ns))" and 
 BinderNs: "((binder_state ns) = Map.empty)"
-shows "(valid_configuration A \<Lambda>0 \<Gamma> [] triangle_before_cfg_to_dag_prog.post m' s')"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] triangle_before_ast_to_cfg_prog.post m' s')"
 proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
 by (meson rtranclp_imp_relpowp)
 show ?thesis
 apply (rule cfg_to_dag_lemmas.entry_lemma)
@@ -360,13 +360,5 @@ done
 qed
 
 
-lemma end_to_end_theorem:
-assumes 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) global_data.fdecls global_data.constants_vdecls global_data.globals_vdecls global_data.axioms triangle_before_cfg_to_dag_prog.proc))"
-apply (rule end_to_end_util[OF end_to_end_theorem_aux])
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 triangle_before_cfg_to_dag_prog.proc_def triangle_before_cfg_to_dag_prog.proc_body_def)
-
 
 end
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy
similarity index 88%
rename from BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy
index d6c447b..3d7d195 100644
--- a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy
@@ -1,5 +1,5 @@
 theory triangle_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util triangle_before_passive_prog triangle_passive_prog Boogie_Lang.PassificationML triangle_vcphase_proof Boogie_Lang.PassificationEndToEnd
+imports Boogie_Lang.Semantics Boogie_Lang.Util triangle_before_ast_to_cfg_prog triangle_passive_prog Boogie_Lang.PassificationML triangle_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,10 +9,10 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_GeneratedUnifiedExit:
@@ -40,7 +40,7 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding triangle_before_passive_prog.block_1_def triangle_passive_prog.block_1_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:triangle_before_cfg_to_dag_prog.l_t(2) triangle_passive_prog.l_t_2(2)))
+apply ((simp add:triangle_before_ast_to_cfg_prog.l_t(2) triangle_passive_prog.l_t_2(2)))
 by simp
 
 lemma block_anon2_LoopBody:
@@ -55,9 +55,9 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding triangle_before_passive_prog.block_2_def triangle_passive_prog.block_2_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:triangle_before_cfg_to_dag_prog.l_t(2) triangle_passive_prog.l_t_1(2)))
-apply ((simp add:triangle_before_cfg_to_dag_prog.l_m(2) triangle_passive_prog.l_m_1(2)))
-apply ((simp add:triangle_before_cfg_to_dag_prog.l_t(2) triangle_passive_prog.l_t_2(2)))
+apply ((simp add:triangle_before_ast_to_cfg_prog.l_t(2) triangle_passive_prog.l_t_1(2)))
+apply ((simp add:triangle_before_ast_to_cfg_prog.l_m(2) triangle_passive_prog.l_m_1(2)))
+apply ((simp add:triangle_before_ast_to_cfg_prog.l_t(2) triangle_passive_prog.l_t_2(2)))
 by simp
 
 lemma block_anon2_LoopHead:
@@ -70,8 +70,8 @@ apply (rule passification_block_lemma_compact[OF assms(1-2)])
 unfolding triangle_before_passive_prog.block_3_def triangle_passive_prog.block_3_def
 apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:triangle_before_cfg_to_dag_prog.l_t(2) triangle_passive_prog.l_t_0(2)))
-apply ((simp add:triangle_before_cfg_to_dag_prog.l_m(2) triangle_passive_prog.l_m_0(2)))
+apply ((simp add:triangle_before_ast_to_cfg_prog.l_t(2) triangle_passive_prog.l_t_0(2)))
+apply ((simp add:triangle_before_ast_to_cfg_prog.l_m(2) triangle_passive_prog.l_m_0(2)))
 by simp
 
 lemma block_anon0:
@@ -179,14 +179,14 @@ by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{t
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 6),(Normal ns)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 6),(Normal ns)) (m',s'))" and 
 VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A triangle_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> triangle_before_ast_to_cfg_prog.constants_vdecls ns triangle_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -209,7 +209,7 @@ shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x
 apply (rule convert_fun_to_list[OF R_rel_def])
 apply ((simp add:R_list_def))
 apply ((intro conjI)?)
-apply ((simp add:triangle_before_cfg_to_dag_prog.l_n(2) triangle_passive_prog.l_n(2)))
+apply ((simp add:triangle_before_ast_to_cfg_prog.l_n(2) triangle_passive_prog.l_n(2)))
 done
 
 lemma R_wt:
@@ -241,7 +241,7 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding triangle_before_ast_to_cfg_prog.constants_vdecls_def triangle_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
 unfolding triangle_passive_prog.params_vdecls_def triangle_passive_prog.locals_vdecls_def
 by simp
@@ -279,7 +279,7 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range triangle_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy
similarity index 60%
rename from BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy
index 1866d4e..c4e7972 100644
--- a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy
@@ -1,5 +1,5 @@
 theory triangle_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util triangle_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util triangle_before_ast_to_cfg_prog
 begin
 definition block_0
   where
@@ -104,8 +104,8 @@ using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)))) = {})"
+unfolding triangle_before_ast_to_cfg_prog.constants_vdecls_def triangle_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 lemma m_n:
@@ -141,42 +141,42 @@ shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_pro
 by (simp add:params_vdecls_def locals_vdecls_def)
 
 lemma l_n:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
 using globals_locals_disj m_n
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_m:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
 using globals_locals_disj m_m
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_t_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
 using globals_locals_disj m_t_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_m_0:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
 using globals_locals_disj m_m_0
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_t_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
 using globals_locals_disj m_t_1
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_m_1:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
 using globals_locals_disj m_m_1
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_t_2:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
 using globals_locals_disj m_t_2
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
 lemma l_t:
-shows "((lookup_var_decl ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
+shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
 using globals_locals_disj m_t
 by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
 
diff --git a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy
similarity index 93%
rename from BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy
index 5efa15b..88110ad 100644
--- a/BoogieLang/generated_example_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy
@@ -234,19 +234,19 @@ declare One_nat_def[simp del]
 
 lemma end_to_end:
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) \<Gamma> [] triangle_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
+Red: "(red_cfg_multi A M ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) \<Gamma> [] triangle_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
 VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls (n_s::(('a)nstate)) global_data.axioms)" and 
+FInterp: "(fun_interp_wf A triangle_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> triangle_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) triangle_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append global_data.constants_vdecls global_data.globals_vdecls))"
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls))"
 shows "(s' \<noteq> Failure)"
 proof -
-let ?n_s_c = "(nstate_global_restriction n_s global_data.constants_vdecls)"
-let ?\<Lambda> = "((append global_data.constants_vdecls global_data.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((global_data.constants_vdecls,[])::(var_context))"
+let ?n_s_c = "(nstate_global_restriction n_s triangle_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((triangle_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
 from ParamsLocal have sc_n:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
 apply (simp only:state_typ_wf_def)
 apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_n])
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/ROOT
new file mode 100644
index 0000000..b78f844
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/ROOT
@@ -0,0 +1,12 @@
+session trivial_assert_false_proofs = Boogie_Lang + 
+directories trivial_assert_false_proofs
+theories
+global_data
+"trivial_assert_false_proofs/trivial_assert_false_passive_prog"
+"trivial_assert_false_proofs/trivial_assert_false_before_ast_to_cfg_prog"
+"trivial_assert_false_proofs/trivial_assert_false_cfgtodag_proof"
+"trivial_assert_false_proofs/trivial_assert_false_asttocfg_proof"
+"trivial_assert_false_proofs/trivial_assert_false_before_passive_prog"
+"trivial_assert_false_proofs/trivial_assert_false_passification_proof"
+"trivial_assert_false_proofs/trivial_assert_false_vcphase_proof"
+"trivial_assert_false_proofs/trivial_assert_false_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_asttocfg_proof.thy
new file mode 100644
index 0000000..af133d6
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_asttocfg_proof.thy
@@ -0,0 +1,138 @@
+theory trivial_assert_false_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML trivial_assert_false_before_ast_to_cfg_prog trivial_assert_false_before_cfg_to_dag_prog trivial_assert_false_cfgtodag_proof trivial_assert_false_passification_proof trivial_assert_false_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A trivial_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_trivial_assert_false_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (trivial_assert_false_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of trivial_assert_false_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.bigblock_0_def trivial_assert_false_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: trivial_assert_false_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: trivial_assert_false_before_cfg_to_dag_prog.block_0_def trivial_assert_false_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_trivial_assert_false_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (trivial_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end trivial_assert_false_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] trivial_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of trivial_assert_false_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp)
+apply (simp)
+apply (rule cont_0_def)
+apply (rule trivial_assert_false_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+apply (rule trivial_assert_false_before_cfg_to_dag_prog.block_0_def)
+apply (rule trivial_assert_false_before_cfg_to_dag_prog.outEdges_0)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: trivial_assert_false_before_cfg_to_dag_prog.node_0)
+apply (rule rel_trivial_assert_false_before_ast_to_cfg_prog_bigblock_0)
+apply assumption+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (trivial_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(vc.vc_PreconditionGeneratedEntry )" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A trivial_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) trivial_assert_false_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns trivial_assert_false_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] trivial_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (trivial_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_trivial_assert_false_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.pres_def trivial_assert_false_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.pres_def trivial_assert_false_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (trivial_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(vc.vc_PreconditionGeneratedEntry )"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) trivial_assert_false_before_ast_to_cfg_prog.fdecls trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls trivial_assert_false_before_ast_to_cfg_prog.axioms trivial_assert_false_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding trivial_assert_false_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 trivial_assert_false_before_ast_to_cfg_prog.ast_proc_def trivial_assert_false_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..cdfa475
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_ast_to_cfg_prog.thy
@@ -0,0 +1,96 @@
+theory trivial_assert_false_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))"
+definition cont_0
+  where
+    "cont_0  = KStop"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = []"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = trivial_assert_false_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec trivial_assert_false_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec trivial_assert_false_before_ast_to_cfg_prog.post),proc_body = (Some (trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls,trivial_assert_false_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..821b938
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_cfg_to_dag_prog.thy
@@ -0,0 +1,107 @@
+theory trivial_assert_false_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (Lit (LBool False)))]"
+definition outEdges
+  where
+    "outEdges  = [[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = []"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append trivial_assert_false_before_cfg_to_dag_prog.params_vdecls trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assert_false_before_cfg_to_dag_prog.params_vdecls trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assert_false_before_cfg_to_dag_prog.params_vdecls trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append trivial_assert_false_before_cfg_to_dag_prog.params_vdecls trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls),(append trivial_assert_false_before_cfg_to_dag_prog.params_vdecls trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = trivial_assert_false_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec trivial_assert_false_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec trivial_assert_false_before_cfg_to_dag_prog.post),proc_body = (Some (trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls,trivial_assert_false_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_passive_prog.thy
new file mode 100644
index 0000000..71de04f
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_passive_prog.thy
@@ -0,0 +1,62 @@
+theory trivial_assert_false_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util trivial_assert_false_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (Lit (LBool False)))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_cfgtodag_proof.thy
new file mode 100644
index 0000000..b1fd9cc
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_cfgtodag_proof.thy
@@ -0,0 +1,135 @@
+theory trivial_assert_false_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML trivial_assert_false_before_ast_to_cfg_prog trivial_assert_false_before_cfg_to_dag_prog trivial_assert_false_before_passive_prog trivial_assert_false_passification_proof trivial_assert_false_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A trivial_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] trivial_assert_false_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding trivial_assert_false_before_cfg_to_dag_prog.block_0_def trivial_assert_false_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] trivial_assert_false_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule trivial_assert_false_before_cfg_to_dag_prog.node_0)
+apply (rule trivial_assert_false_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding trivial_assert_false_before_ast_to_cfg_prog.post_def
+apply (rule block_anon0)
+apply assumption+
+by (rule trivial_assert_false_before_cfg_to_dag_prog.outEdges_0)
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:trivial_assert_false_before_passive_prog.outEdges_1))
+by ((simp add:trivial_assert_false_before_passive_prog.node_1 trivial_assert_false_before_passive_prog.block_1_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 trivial_assert_false_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] trivial_assert_false_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule trivial_assert_false_before_passive_prog.node_2)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding trivial_assert_false_before_passive_prog.block_2_def
+apply (rule assume_pres_normal[where ?es=trivial_assert_false_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding trivial_assert_false_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule trivial_assert_false_before_passive_prog.outEdges_2)
+apply ((simp add:trivial_assert_false_before_passive_prog.node_1 trivial_assert_false_before_passive_prog.block_1_def))
+apply (rule trivial_assert_false_before_passive_prog.outEdges_1)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(vc.vc_PreconditionGeneratedEntry )" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A trivial_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) trivial_assert_false_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns trivial_assert_false_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] trivial_assert_false_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule trivial_assert_false_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passification_proof.thy
new file mode 100644
index 0000000..4ec3c20
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passification_proof.thy
@@ -0,0 +1,195 @@
+theory trivial_assert_false_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util trivial_assert_false_before_ast_to_cfg_prog trivial_assert_false_passive_prog Boogie_Lang.PassificationML trivial_assert_false_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> trivial_assert_false_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old trivial_assert_false_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding trivial_assert_false_before_passive_prog.block_0_def trivial_assert_false_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> trivial_assert_false_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old trivial_assert_false_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding trivial_assert_false_before_passive_prog.block_1_def trivial_assert_false_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> trivial_assert_false_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old trivial_assert_false_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding trivial_assert_false_before_passive_prog.block_2_def trivial_assert_false_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> trivial_assert_false_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> trivial_assert_false_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm trivial_assert_false_before_passive_prog.node_0},@{thm trivial_assert_false_before_passive_prog.outEdges_0}) (@{thm trivial_assert_false_passive_prog.node_0},@{thm trivial_assert_false_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> trivial_assert_false_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> trivial_assert_false_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm trivial_assert_false_before_passive_prog.node_1},@{thm trivial_assert_false_before_passive_prog.outEdges_1}) (@{thm trivial_assert_false_passive_prog.node_1},@{thm trivial_assert_false_passive_prog.outEdges_1}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> trivial_assert_false_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> trivial_assert_false_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm trivial_assert_false_before_passive_prog.node_2},@{thm trivial_assert_false_before_passive_prog.outEdges_2}) (@{thm trivial_assert_false_passive_prog.node_2},@{thm trivial_assert_false_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] trivial_assert_false_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
+VC: "(vc.vc_PreconditionGeneratedEntry )" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A trivial_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls ns trivial_assert_false_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv trivial_assert_false_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding trivial_assert_false_passive_prog.params_vdecls_def trivial_assert_false_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using trivial_assert_false_before_passive_prog.globals_locals_disj apply auto[1]
+using trivial_assert_false_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] trivial_assert_false_passive_prog.proc_body u (Inl 2)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range trivial_assert_false_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] trivial_assert_false_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from trivial_assert_false_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passive_prog.thy
new file mode 100644
index 0000000..b402a28
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passive_prog.thy
@@ -0,0 +1,68 @@
+theory trivial_assert_false_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util trivial_assert_false_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assert (Lit (LBool False)))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = []"
+lemma locals_min_aux:
+shows "(((map fst (append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding trivial_assert_false_passive_prog.params_vdecls_def trivial_assert_false_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls)))) = {})"
+unfolding trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_vcphase_proof.thy
new file mode 100644
index 0000000..5d52a38
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_vcphase_proof.thy
@@ -0,0 +1,141 @@
+theory trivial_assert_false_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML trivial_assert_false_passive_prog trivial_assert_false_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0  = False"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry  = (vc_anon0 )"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon0_hints = [
+(AssertFalse,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> trivial_assert_false_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
+unfolding trivial_assert_false_passive_prog.block_0_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> trivial_assert_false_passive_prog.block_1 (Normal n_s) s')" and 
+"(vc.vc_anon0 )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
+using assms
+unfolding trivial_assert_false_passive_prog.block_1_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> trivial_assert_false_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding trivial_assert_false_passive_prog.block_2_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> trivial_assert_false_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) trivial_assert_false_passive_prog.node_0])
+by (erule block_anon0AA0[OF _ assms(2)])
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> trivial_assert_false_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) trivial_assert_false_passive_prog.node_1])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:trivial_assert_false_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> trivial_assert_false_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) trivial_assert_false_passive_prog.node_2])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:trivial_assert_false_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls)) \<Gamma> [] trivial_assert_false_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+VC: "(vc.vc_PreconditionGeneratedEntry )" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A trivial_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) trivial_assert_false_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/ROOT
new file mode 100644
index 0000000..35242f5
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/ROOT
@@ -0,0 +1,12 @@
+session trivial_assume_false_proofs = Boogie_Lang + 
+directories trivial_assume_false_proofs
+theories
+global_data
+"trivial_assume_false_proofs/trivial_assume_false_vcphase_proof"
+"trivial_assume_false_proofs/trivial_assume_false_cfgtodag_proof"
+"trivial_assume_false_proofs/trivial_assume_false_passification_proof"
+"trivial_assume_false_proofs/trivial_assume_false_before_ast_to_cfg_prog"
+"trivial_assume_false_proofs/trivial_assume_false_before_cfg_to_dag_prog"
+"trivial_assume_false_proofs/trivial_assume_false_passive_prog"
+"trivial_assume_false_proofs/trivial_assume_false_asttocfg_proof"
+"trivial_assume_false_proofs/trivial_assume_false_before_passive_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/global_data.thy
new file mode 100644
index 0000000..e09ac86
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/global_data.thy
@@ -0,0 +1,32 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_asttocfg_proof.thy
new file mode 100644
index 0000000..8e93906
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_asttocfg_proof.thy
@@ -0,0 +1,138 @@
+theory trivial_assume_false_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML trivial_assume_false_before_ast_to_cfg_prog trivial_assume_false_before_cfg_to_dag_prog trivial_assume_false_cfgtodag_proof trivial_assume_false_passification_proof trivial_assume_false_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A trivial_assume_false_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_trivial_assume_false_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (trivial_assume_false_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of trivial_assume_false_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.bigblock_0_def trivial_assume_false_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: trivial_assume_false_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: trivial_assume_false_before_cfg_to_dag_prog.block_0_def trivial_assume_false_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_trivial_assume_false_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (trivial_assume_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end trivial_assume_false_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] trivial_assume_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of trivial_assume_false_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp)
+apply (simp)
+apply (rule cont_0_def)
+apply (rule trivial_assume_false_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+apply (rule trivial_assume_false_before_cfg_to_dag_prog.block_0_def)
+apply (rule trivial_assume_false_before_cfg_to_dag_prog.outEdges_0)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: trivial_assume_false_before_cfg_to_dag_prog.node_0)
+apply (rule rel_trivial_assume_false_before_ast_to_cfg_prog_bigblock_0)
+apply assumption+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (trivial_assume_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(vc.vc_PreconditionGeneratedEntry )" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A trivial_assume_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) trivial_assume_false_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns trivial_assume_false_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] trivial_assume_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (trivial_assume_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_trivial_assume_false_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.pres_def trivial_assume_false_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.pres_def trivial_assume_false_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (trivial_assume_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(vc.vc_PreconditionGeneratedEntry )"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) trivial_assume_false_before_ast_to_cfg_prog.fdecls trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls trivial_assume_false_before_ast_to_cfg_prog.axioms trivial_assume_false_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding trivial_assume_false_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 trivial_assume_false_before_ast_to_cfg_prog.ast_proc_def trivial_assume_false_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..26b6b63
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_ast_to_cfg_prog.thy
@@ -0,0 +1,96 @@
+theory trivial_assume_false_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assume (Lit (LBool False)))] (None ) (None ))"
+definition cont_0
+  where
+    "cont_0  = KStop"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = []"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = trivial_assume_false_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec trivial_assume_false_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec trivial_assume_false_before_ast_to_cfg_prog.post),proc_body = (Some (trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls,trivial_assume_false_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..e879245
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_cfg_to_dag_prog.thy
@@ -0,0 +1,107 @@
+theory trivial_assume_false_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assume (Lit (LBool False)))]"
+definition outEdges
+  where
+    "outEdges  = [[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = []"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = []"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append trivial_assume_false_before_cfg_to_dag_prog.params_vdecls trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assume_false_before_cfg_to_dag_prog.params_vdecls trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assume_false_before_cfg_to_dag_prog.params_vdecls trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append trivial_assume_false_before_cfg_to_dag_prog.params_vdecls trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls),(append trivial_assume_false_before_cfg_to_dag_prog.params_vdecls trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = trivial_assume_false_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec trivial_assume_false_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec trivial_assume_false_before_cfg_to_dag_prog.post),proc_body = (Some (trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls,trivial_assume_false_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_passive_prog.thy
new file mode 100644
index 0000000..d016365
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_passive_prog.thy
@@ -0,0 +1,62 @@
+theory trivial_assume_false_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util trivial_assume_false_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assume (Lit (LBool False)))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma locals_min_aux:
+shows "(((map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_cfgtodag_proof.thy
new file mode 100644
index 0000000..78b8a8b
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_cfgtodag_proof.thy
@@ -0,0 +1,135 @@
+theory trivial_assume_false_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML trivial_assume_false_before_ast_to_cfg_prog trivial_assume_false_before_cfg_to_dag_prog trivial_assume_false_before_passive_prog trivial_assume_false_passification_proof trivial_assume_false_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A trivial_assume_false_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] trivial_assume_false_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding trivial_assume_false_before_cfg_to_dag_prog.block_0_def trivial_assume_false_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] trivial_assume_false_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule trivial_assume_false_before_cfg_to_dag_prog.node_0)
+apply (rule trivial_assume_false_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding trivial_assume_false_before_ast_to_cfg_prog.post_def
+apply (rule block_anon0)
+apply assumption+
+by (rule trivial_assume_false_before_cfg_to_dag_prog.outEdges_0)
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:trivial_assume_false_before_passive_prog.outEdges_1))
+by ((simp add:trivial_assume_false_before_passive_prog.node_1 trivial_assume_false_before_passive_prog.block_1_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 trivial_assume_false_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] trivial_assume_false_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule trivial_assume_false_before_passive_prog.node_2)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding trivial_assume_false_before_passive_prog.block_2_def
+apply (rule assume_pres_normal[where ?es=trivial_assume_false_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding trivial_assume_false_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule trivial_assume_false_before_passive_prog.outEdges_2)
+apply ((simp add:trivial_assume_false_before_passive_prog.node_1 trivial_assume_false_before_passive_prog.block_1_def))
+apply (rule trivial_assume_false_before_passive_prog.outEdges_1)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(vc.vc_PreconditionGeneratedEntry )" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A trivial_assume_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) trivial_assume_false_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns trivial_assume_false_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] trivial_assume_false_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule trivial_assume_false_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passification_proof.thy
new file mode 100644
index 0000000..bfdc8a5
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passification_proof.thy
@@ -0,0 +1,195 @@
+theory trivial_assume_false_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util trivial_assume_false_before_ast_to_cfg_prog trivial_assume_false_passive_prog Boogie_Lang.PassificationML trivial_assume_false_vcphase_proof Boogie_Lang.PassificationEndToEnd
+begin
+definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_old_list  = []"
+definition R_old
+  where
+    "R_old  = (map_of R_old_list)"
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls))"
+abbreviation \<Lambda>2
+  where
+    "\<Lambda>2  \<equiv> ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls))"
+declare One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> trivial_assume_false_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old trivial_assume_false_passive_prog.block_0 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding trivial_assume_false_before_passive_prog.block_0_def trivial_assume_false_passive_prog.block_0_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> trivial_assume_false_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old trivial_assume_false_passive_prog.block_1 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding trivial_assume_false_before_passive_prog.block_1_def trivial_assume_false_passive_prog.block_1_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma block_PreconditionGeneratedEntry:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> trivial_assume_false_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old trivial_assume_false_passive_prog.block_2 s')"
+apply (rule passification_block_lemma_compact[OF assms(1-2)])
+unfolding trivial_assume_false_before_passive_prog.block_2_def trivial_assume_false_passive_prog.block_2_def
+apply (passive_rel_tac)
+apply (unfold type_rel_def, simp, (intro conjI)?)
+by simp
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> trivial_assume_false_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> trivial_assume_false_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm trivial_assume_false_before_passive_prog.node_0},@{thm trivial_assume_false_before_passive_prog.outEdges_0}) (@{thm trivial_assume_false_passive_prog.node_0},@{thm trivial_assume_false_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> trivial_assume_false_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> trivial_assume_false_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm trivial_assume_false_before_passive_prog.node_1},@{thm trivial_assume_false_before_passive_prog.outEdges_1}) (@{thm trivial_assume_false_passive_prog.node_1},@{thm trivial_assume_false_passive_prog.outEdges_1}) @{thm block_0} [
+@{thm cfg_block_anon0}] 1\<close>))
+
+lemma cfg_block_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> trivial_assume_false_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> trivial_assume_false_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm trivial_assume_false_before_passive_prog.node_2},@{thm trivial_assume_false_before_passive_prog.outEdges_2}) (@{thm trivial_assume_false_passive_prog.node_2},@{thm trivial_assume_false_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
+@{thm cfg_block_0}] 1\<close>))
+
+locale glue_proof = 
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+assumes 
+Red: "(red_cfg_multi A M ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] trivial_assume_false_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
+VC: "(vc.vc_PreconditionGeneratedEntry )" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A trivial_assume_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls ns trivial_assume_false_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
+BinderNs: "((binder_state ns) = Map.empty)" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))"
+begin
+
+definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
+  where
+    "R_list  = []"
+definition R_rel
+  where
+    "R_rel  = (map_of R_list)"
+lemma inj_R_rel:
+shows "(inj_on_defined R_rel)"
+apply (rule injective_fun_to_list_2[OF R_rel_def])
+by ((simp add: R_list_def del: distinct.simps))
+
+lemma R_well_formed:
+shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
+apply (rule convert_fun_to_list[OF R_rel_def])
+apply ((simp add:R_list_def))
+apply ((intro conjI)?)
+done
+
+lemma R_wt:
+shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
+apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
+using R_well_formed by auto
+
+abbreviation U0
+  where
+    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
+lemma U0_ns_rel:
+shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
+unfolding nstate_rel_states_def nstate_rel_def
+by ((simp add:BinderNs))
+
+lemma U0_ns_old_rel:
+shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
+apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
+apply (simp only: fst_conv snd_conv trivial_assume_false_before_passive_prog.globals_locals_disj)
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+apply simp
+apply (rule convert_fun_to_list[OF R_old_def])
+unfolding R_old_list_def 
+by simp
+
+lemma closed_ty_passive_vars:
+assumes 
+"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
+shows "(closed (instantiate [] \<tau>))"
+apply (rule lookup_ty_pred[OF assms(1)])
+unfolding trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls_def
+apply simp
+unfolding trivial_assume_false_passive_prog.params_vdecls_def trivial_assume_false_passive_prog.locals_vdecls_def
+by simp
+
+lemma U0_non_empty:
+shows "(U0 \<noteq> {})"
+apply (rule init_set_non_empty)
+apply (erule NonEmptyTypes)
+apply (erule closed_ty_passive_vars)
+using R_well_formed apply fastforce
+apply (rule R_wt)
+apply (rule inj_R_rel)
+apply simp
+apply (rule ConstsGlobal)
+using R_well_formed apply fastforce
+using trivial_assume_false_before_passive_prog.globals_locals_disj apply auto[1]
+using trivial_assume_false_passive_prog.globals_locals_disj apply auto[1]
+done
+
+lemma max_rel_range:
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+ apply (rule rel_range_fun_to_list)
+apply ((simp add:R_rel_def))
+by ((simp add:R_list_def))
+
+lemma end_to_end:
+shows "(s' \<noteq> Failure)"
+proof
+assume A1: "(s' = Failure)"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] trivial_assume_false_passive_prog.proc_body u (Inl 2)))))"
+apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
+unfolding passive_lemma_assms_2_def
+apply (intro conjI)?
+apply (rule U0_ns_rel)
+apply (rule U0_ns_old_rel)
+apply (rule R_wt)
+apply (rule init_state_dependent)
+using helper_init_disj[OF max_rel_range trivial_assume_false_before_ast_to_cfg_prog.globals_max]
+apply simp
+apply (rule U0_non_empty)
+by ((simp_all add:R_rel_def R_list_def))?
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] trivial_assume_false_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
+by (auto simp add: passive_sim_cfg_fail_def)
+from trivial_assume_false_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+ apply rule
+using VC apply assumption
+apply (rule Closed)
+apply (erule NonEmptyTypes)
+apply (rule FInterp)
+apply (rule axiom_assm_aux[OF Axioms])
+using uElem by simp_all
+thus False by simp
+qed
+
+
+end
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passive_prog.thy
new file mode 100644
index 0000000..d61e576
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passive_prog.thy
@@ -0,0 +1,68 @@
+theory trivial_assume_false_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util trivial_assume_false_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assume (Lit (LBool False)))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = []"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = []"
+lemma locals_min_aux:
+shows "(((map fst (append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding trivial_assume_false_passive_prog.params_vdecls_def trivial_assume_false_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls)))) = {})"
+unfolding trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_vcphase_proof.thy
new file mode 100644
index 0000000..e059f9c
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_vcphase_proof.thy
@@ -0,0 +1,138 @@
+theory trivial_assume_false_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML trivial_assume_false_passive_prog trivial_assume_false_before_passive_prog
+begin
+locale vc
+begin
+
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry  = True"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon0_hints = [
+(AssumeFalse,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> trivial_assume_false_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry ) \<Longrightarrow> (s' = Magic)))"
+unfolding trivial_assume_false_passive_prog.block_0_def vc.vc_PreconditionGeneratedEntry_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> trivial_assume_false_passive_prog.block_1 (Normal n_s) s')" and 
+"(vc.vc_PreconditionGeneratedEntry )"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_PreconditionGeneratedEntry )))))"
+using assms
+unfolding trivial_assume_false_passive_prog.block_1_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> trivial_assume_false_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_PreconditionGeneratedEntry )))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding trivial_assume_false_passive_prog.block_2_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> trivial_assume_false_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) trivial_assume_false_passive_prog.node_0])
+by (erule block_anon0AA0[OF _ assms(2)])
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> trivial_assume_false_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) trivial_assume_false_passive_prog.node_1])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:trivial_assume_false_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> trivial_assume_false_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry )"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) trivial_assume_false_passive_prog.node_2])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:trivial_assume_false_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
+assumes 
+G0: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0
+lemmas forall_poly_thm = forall_vc_type[OF G0]
+lemmas exists_poly_thm = exists_vc_type[OF G0]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls)) \<Gamma> [] trivial_assume_false_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+VC: "(vc.vc_PreconditionGeneratedEntry )" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A trivial_assume_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) trivial_assume_false_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/ROOT
new file mode 100644
index 0000000..7ba2aaf
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/ROOT
@@ -0,0 +1,12 @@
+session trivial_example_proofs = Boogie_Lang + 
+directories p_proofs
+theories
+global_data
+"p_proofs/p_passification_proof"
+"p_proofs/p_vcphase_proof"
+"p_proofs/p_cfgtodag_proof"
+"p_proofs/p_passive_prog"
+"p_proofs/p_before_passive_prog"
+"p_proofs/p_asttocfg_proof"
+"p_proofs/p_before_ast_to_cfg_prog"
+"p_proofs/p_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/global_data.thy
new file mode 100644
index 0000000..1a246cd
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/global_data.thy
@@ -0,0 +1,36 @@
+theory global_data
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
+begin
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = [(''f'',0,[(TPrim TInt)],(TPrim TBool))]"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
+unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma mfun_f:
+shows "((map_of fdecls ''f'') = (Some (0,[(TPrim TInt)],(TPrim TBool))))"
+by (simp add:fdecls_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_asttocfg_proof.thy
new file mode 100644
index 0000000..8dc1666
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_asttocfg_proof.thy
@@ -0,0 +1,138 @@
+theory p_asttocfg_proof
+imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_ast_to_cfg_prog p_before_cfg_to_dag_prog p_cfgtodag_proof p_passification_proof p_vcphase_proof
+begin
+locale ast_to_cfg_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma rel_p_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
+cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
+apply (rule block_local_rel_generic)
+apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def p_before_cfg_to_dag_prog.block_0_def)
+apply ((simp add: p_before_cfg_to_dag_prog.block_0_def)+)
+apply (rule astStep)
+apply (rule cfgBlockDoesntFail)
+apply ((simp add: p_before_cfg_to_dag_prog.block_0_def p_before_ast_to_cfg_prog.bigblock_0_def)+)
+done
+
+
+lemma global_rel_p_before_ast_to_cfg_prog_bigblock_0:
+assumes 
+astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
+cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
+cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end p_before_ast_to_cfg_prog.post))))))"
+shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+show ?thesis
+apply (rule generic_ending_block_global_rel)
+apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_0])
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp)
+apply (rule astTrace)
+apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def)
+apply (simp)
+apply (simp)
+apply (rule cont_0_def)
+apply (rule p_before_cfg_to_dag_prog.node_0)
+apply (rule disjI1)
+apply (rule p_before_cfg_to_dag_prog.block_0_def)
+apply (rule p_before_cfg_to_dag_prog.outEdges_0)
+apply (rule cfgDoesntFail)
+apply (simp)
+apply (rule cfgSatisfiesPosts)
+apply ((simp)+)
+apply (simp add: p_before_cfg_to_dag_prog.node_0)
+apply (rule rel_p_before_ast_to_cfg_prog_bigblock_0)
+apply assumption+
+
+done
+qed
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux_ast:
+assumes 
+Red: "(rtranclp (red_bigblock A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
+VC: "(\<And> (vc_x::int) (vc_a::int) (vc_f::(int => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_a))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
+proof -
+from Red obtain j where Aux:"(red_bigblock_k_step A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule ast_to_cfg_lemmas.global_rel_p_before_ast_to_cfg_prog_bigblock_0)
+unfolding ast_to_cfg_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule valid_config_implies_not_failure)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_ast_to_cfg_prog.pres_def p_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp
+apply (rule valid_config_implies_satisfied_posts)
+apply (rule end_to_end_theorem_aux)
+apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using Precondition apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_ast_to_cfg_prog.pres_def p_before_cfg_to_dag_prog.pres_def)
+using ParamsLocal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using ConstsGlobal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
+using OldGlobal apply simp
+using BinderNs apply simp+
+done
+qed
+
+
+lemma initialization:
+assumes 
+"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
+shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
+using assms
+by (simp add: cont_0_def )
+
+lemma end_to_end_theorem_ast:
+assumes 
+VC: "(\<And> (vc_x::int) (vc_a::int) (vc_f::(int => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_a))"
+shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) p_before_ast_to_cfg_prog.fdecls p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls p_before_ast_to_cfg_prog.axioms p_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
+apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
+apply (rule initialization)
+unfolding p_before_ast_to_cfg_prog.ast_proc_def
+apply assumption using VC apply simp  apply assumption+
+by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_ast_to_cfg_prog.ast_proc_def p_before_ast_to_cfg_prog.proc_body_def)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
new file mode 100644
index 0000000..c81e740
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
@@ -0,0 +1,118 @@
+theory p_before_ast_to_cfg_prog
+imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition bigblock_0
+  where
+    "bigblock_0  = (BigBlock (None ) [(Assume (FunExp ''f'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 1)]))] (None ) (None ))"
+definition cont_0
+  where
+    "cont_0  = KStop"
+definition proc_body
+  where
+    "proc_body  = [bigblock_0]"
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = [(''f'',0,[(TPrim TInt)],(TPrim TBool))]"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.constants_vdecls) )"
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.globals_vdecls) )"
+unfolding p_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.params_vdecls) )"
+unfolding p_before_ast_to_cfg_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.locals_vdecls) )"
+unfolding p_before_ast_to_cfg_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_a:
+shows "((map_of (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma mfun_f:
+shows "((map_of fdecls ''f'') = (Some (0,[(TPrim TInt)],(TPrim TBool))))"
+by (simp add:fdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_a:
+shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_a
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition ast_proc :: "(ast procedure)"
+  where
+    "ast_proc  = (|proc_ty_args = 0,proc_args = p_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_ast_to_cfg_prog.post),proc_body = (Some (p_before_ast_to_cfg_prog.locals_vdecls,p_before_ast_to_cfg_prog.proc_body))|)"
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
new file mode 100644
index 0000000..dedd382
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
@@ -0,0 +1,129 @@
+theory p_before_cfg_to_dag_prog
+imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
+begin
+definition block_0
+  where
+    "block_0  = [(Assume (FunExp ''f'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 1)]))]"
+definition outEdges
+  where
+    "outEdges  = [[]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+definition pres
+  where
+    "pres  = []"
+definition post
+  where
+    "post  = []"
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(1,(TPrim TInt),(None ))]"
+definition axioms
+  where
+    "axioms  = []"
+definition fdecls
+  where
+    "fdecls  = [(''f'',0,[(TPrim TInt)],(TPrim TBool))]"
+definition globals_vdecls :: "(vdecls)"
+  where
+    "globals_vdecls  = []"
+definition constants_vdecls :: "(vdecls)"
+  where
+    "constants_vdecls  = []"
+lemma globals_max_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
+unfolding p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma globals_max:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
+using globals_max_aux helper_max
+by blast
+
+lemma locals_min_aux:
+shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
+unfolding p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma funcs_wf:
+shows "((list_all (comp wf_fdecl snd) fdecls) )"
+unfolding fdecls_def
+by simp
+
+lemma consts_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.constants_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.constants_vdecls_def
+by simp
+
+lemma globals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.globals_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.globals_vdecls_def
+by simp
+
+lemma params_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.params_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.params_vdecls_def
+by simp
+
+lemma locals_wf:
+shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.locals_vdecls) )"
+unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
+by simp
+
+lemma var_context_wf:
+shows "(\<forall> x \<tau>. (((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
+apply (rule lookup_ty_pred_2)
+by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
+
+lemma m_x:
+shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_a:
+shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma mfun_f:
+shows "((map_of fdecls ''f'') = (Some (0,[(TPrim TInt)],(TPrim TBool))))"
+by (simp add:fdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_a:
+shows "((lookup_var_decl ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_a
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+definition proc :: "(mbodyCFG procedure)"
+  where
+    "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
+
+end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_passive_prog.thy
similarity index 54%
rename from BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_passive_prog.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_passive_prog.thy
index 03071fe..2d12d64 100644
--- a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_before_passive_prog.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_passive_prog.thy
@@ -1,9 +1,9 @@
-theory q_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util q_before_cfg_to_dag_prog
+theory p_before_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog
 begin
 definition block_0
   where
-    "block_0  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
+    "block_0  = [(Assume (FunExp ''f'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 1)]))]"
 definition block_1
   where
     "block_1  = []"
@@ -44,18 +44,18 @@ shows "((nth (out_edges proc_body) 2) = [1])"
 by (simp add:proc_body_def outEdges_def)
 
 lemma locals_min_aux:
-shows "(((map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding q_before_cfg_to_dag_prog.params_vdecls_def q_before_cfg_to_dag_prog.locals_vdecls_def
+shows "(((map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def
 by simp
 
 lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
 using locals_min_aux helper_min
 by blast
 
 lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls))) (set (map fst (append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
 by simp
 
 
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_cfgtodag_proof.thy
new file mode 100644
index 0000000..1ff1468
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_cfgtodag_proof.thy
@@ -0,0 +1,135 @@
+theory p_cfgtodag_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_ast_to_cfg_prog p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
+begin
+locale cfg_to_dag_lemmas = 
+fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
+assumes 
+Wf_Fun: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)"
+begin
+
+abbreviation \<Lambda>1
+  where
+    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
+declare Nat.One_nat_def[simp del]
+
+lemma block_anon0:
+assumes 
+"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
+"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
+shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_0 ns2 s' False)"
+using assms
+apply (rule dag_rel_block_lemma_compact, simp)
+unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_0_def
+apply cfg_dag_rel_tac_single+
+apply simp
+apply simp
+done
+
+lemma cfg_block_anon0:
+assumes 
+Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_return_1[OF assms(1)])
+apply (rule p_before_cfg_to_dag_prog.node_0)
+apply (rule p_before_passive_prog.node_0)
+apply (erule DagVerifies)
+apply (rule DagAssms)
+unfolding p_before_ast_to_cfg_prog.post_def
+apply (rule block_anon0)
+apply assumption+
+by (rule p_before_cfg_to_dag_prog.outEdges_0)
+
+
+lemma cfg_block_0:
+assumes 
+"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
+"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
+"(state_well_typed A \<Lambda>1 [] ns1)" and 
+"(state_well_typed A \<Lambda>1 [] ns2)" and 
+"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
+shows "R"
+using assms
+apply (rule cfg_dag_empty_propagate_helper)
+apply (assumption, simp)
+apply ((simp add:p_before_passive_prog.outEdges_1))
+by ((simp add:p_before_passive_prog.node_1 p_before_passive_prog.block_1_def))
+
+lemma entry_lemma:
+assumes 
+"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
+"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
+"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
+"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_ast_to_cfg_prog.pres)"
+shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
+apply (rule cfg_dag_helper_entry)
+apply (rule p_before_passive_prog.node_2)
+apply (erule assms(3))
+apply (rule assms(2))
+unfolding p_before_passive_prog.block_2_def
+apply (rule assume_pres_normal[where ?es=p_before_ast_to_cfg_prog.pres])
+apply (rule assms(4))
+unfolding p_before_ast_to_cfg_prog.pres_def
+apply simp
+apply (rule p_before_passive_prog.outEdges_2)
+apply ((simp add:p_before_passive_prog.node_1 p_before_passive_prog.block_1_def))
+apply (rule p_before_passive_prog.outEdges_1)
+by (rule cfg_block_anon0[OF assms(1-2)])
+
+
+end
+
+abbreviation \<Lambda>0
+  where
+    "\<Lambda>0  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
+lemma end_to_end_theorem_aux:
+assumes 
+Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_a::int) (vc_f::(int => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_a))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
+Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_ast_to_cfg_prog.pres)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
+OldGlobal: "((global_state ns) = (old_global_state ns))" and 
+BinderNs: "((binder_state ns) = Map.empty)"
+shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
+proof -
+from Red obtain j where Aux:"(red_cfg_k_step A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
+by (meson rtranclp_imp_relpowp)
+show ?thesis
+apply (rule cfg_to_dag_lemmas.entry_lemma)
+unfolding cfg_to_dag_lemmas_def
+apply (rule FInterp)
+apply (rule Aux)
+apply (rule dag_lemma_assms_same)
+unfolding state_well_typed_def
+apply (intro conjI)
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using ConstsGlobal OldGlobal apply simp
+using BinderNs apply simp
+apply (rule p_passification_proof.glue_proof.end_to_end)
+unfolding glue_proof_def
+apply (intro conjI)
+apply assumption
+using VC apply simp
+using Closed apply simp
+using NonEmptyTypes apply simp
+apply (rule FInterp)
+using Axioms apply simp
+using ParamsLocal apply simp
+using ConstsGlobal apply simp
+using BinderNs apply simp
+using OldGlobal apply simp
+using Precondition apply simp
+done
+qed
+
+
+
+end
diff --git a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passification_proof.thy
similarity index 59%
rename from BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passification_proof.thy
rename to boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passification_proof.thy
index 9a9c3c6..8caf21f 100644
--- a/BoogieLang/generated_example_proofs/goto_example_proofs/q_proofs/q_passification_proof.thy
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passification_proof.thy
@@ -1,5 +1,5 @@
-theory q_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util q_before_passive_prog q_passive_prog Boogie_Lang.PassificationML q_vcphase_proof Boogie_Lang.PassificationEndToEnd
+theory p_passification_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
 begin
 definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
@@ -9,77 +9,83 @@ definition R_old
     "R_old  = (map_of R_old_list)"
 abbreviation \<Lambda>1
   where
-    "\<Lambda>1  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls))"
+    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
 abbreviation \<Lambda>2
   where
-    "\<Lambda>2  \<equiv> ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_passive_prog.params_vdecls q_passive_prog.locals_vdecls))"
+    "\<Lambda>2  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
 declare One_nat_def[simp del]
 
 lemma block_anon0:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> q_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old q_passive_prog.block_0 s')"
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_0 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_0 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding q_before_passive_prog.block_0_def q_passive_prog.block_0_def
-apply (passive_rel_tac)
+unfolding p_before_passive_prog.block_0_def p_passive_prog.block_0_def
+apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
 lemma block_0:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> q_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old q_passive_prog.block_1 s')"
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_1 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_1 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding q_before_passive_prog.block_1_def q_passive_prog.block_1_def
-apply (passive_rel_tac)
+unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
+apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
 lemma block_PreconditionGeneratedEntry:
 assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> q_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old q_passive_prog.block_2 s')"
+"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_2 (Normal n_s) s')" and 
+"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_2 s')"
 apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding q_before_passive_prog.block_2_def q_passive_prog.block_2_def
-apply (passive_rel_tac)
+unfolding p_before_passive_prog.block_2_def p_passive_prog.block_2_def
+apply (passive_rel_tac R_def: assms(3-))
 apply (unfold type_rel_def, simp, (intro conjI)?)
 by simp
 
 lemma cfg_block_anon0:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> q_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> q_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm q_before_passive_prog.node_0},@{thm q_before_passive_prog.outEdges_0}) (@{thm q_passive_prog.node_0},@{thm q_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 0)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
 
 lemma cfg_block_0:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> q_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> q_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm q_before_passive_prog.node_1},@{thm q_before_passive_prog.outEdges_1}) (@{thm q_passive_prog.node_1},@{thm q_passive_prog.outEdges_1}) @{thm block_0} [
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 1)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_0} [
 @{thm cfg_block_anon0}] 1\<close>))
 
 lemma cfg_block_PreconditionGeneratedEntry:
 assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> q_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> q_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm q_before_passive_prog.node_2},@{thm q_before_passive_prog.outEdges_2}) (@{thm q_passive_prog.node_2},@{thm q_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
+"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
+"((R 1) = (Some (Inl 1)))"
+shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
+by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
 @{thm cfg_block_0}] 1\<close>))
 
 locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
+fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
 assumes 
-Red: "(red_cfg_multi A M ((append global_data.constants_vdecls global_data.globals_vdecls),(append q_before_cfg_to_dag_prog.params_vdecls q_before_cfg_to_dag_prog.locals_vdecls)) \<Gamma> [] q_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
+Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_a::int) (vc_f::(int => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_a))" and 
 Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
 NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A global_data.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> global_data.constants_vdecls ns global_data.axioms)" and 
+FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls ns p_before_ast_to_cfg_prog.axioms)" and 
 ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
 ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
 BinderNs: "((binder_state ns) = Map.empty)" and 
@@ -88,7 +94,7 @@ begin
 
 definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
   where
-    "R_list  = []"
+    "R_list  = [(1,(Inl 1))]"
 definition R_rel
   where
     "R_rel  = (map_of R_list)"
@@ -102,6 +108,7 @@ shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x
 apply (rule convert_fun_to_list[OF R_rel_def])
 apply ((simp add:R_list_def))
 apply ((intro conjI)?)
+apply ((simp add:p_before_ast_to_cfg_prog.l_a(2) p_passive_prog.l_a(2)))
 done
 
 lemma R_wt:
@@ -120,7 +127,7 @@ by ((simp add:BinderNs))
 lemma U0_ns_old_rel:
 shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
 apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv q_before_passive_prog.globals_locals_disj)
+apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
 apply (rule convert_fun_to_list[OF R_old_def])
 unfolding R_old_list_def 
 apply simp
@@ -133,9 +140,9 @@ assumes
 "((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
 shows "(closed (instantiate [] \<tau>))"
 apply (rule lookup_ty_pred[OF assms(1)])
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
 apply simp
-unfolding q_passive_prog.params_vdecls_def q_passive_prog.locals_vdecls_def
+unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
 by simp
 
 lemma U0_non_empty:
@@ -149,12 +156,12 @@ apply (rule inj_R_rel)
 apply simp
 apply (rule ConstsGlobal)
 using R_well_formed apply fastforce
-using q_before_passive_prog.globals_locals_disj apply auto[1]
-using q_passive_prog.globals_locals_disj apply auto[1]
+using p_before_passive_prog.globals_locals_disj apply auto[1]
+using p_passive_prog.globals_locals_disj apply auto[1]
 done
 
 lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
+shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 1)))"
  apply (rule rel_range_fun_to_list)
 apply ((simp add:R_rel_def))
 by ((simp add:R_list_def))
@@ -163,7 +170,7 @@ lemma end_to_end:
 shows "(s' \<noteq> Failure)"
 proof
 assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] q_passive_prog.proc_body u (Inl 2)))))"
+have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 2)))))"
 apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
 unfolding passive_lemma_assms_2_def
 apply (intro conjI)?
@@ -171,13 +178,13 @@ apply (rule U0_ns_rel)
 apply (rule U0_ns_old_rel)
 apply (rule R_wt)
 apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range global_data.globals_max]
+using helper_init_disj[OF max_rel_range p_before_ast_to_cfg_prog.globals_max]
 apply simp
 apply (rule U0_non_empty)
 by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] q_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
+with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
 by (auto simp add: passive_sim_cfg_fail_def)
-from q_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
+from p_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
  apply rule
 using VC apply assumption
 apply (rule Closed)
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passive_prog.thy
new file mode 100644
index 0000000..fb61f54
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passive_prog.thy
@@ -0,0 +1,86 @@
+theory p_passive_prog
+imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog
+begin
+definition block_0
+  where
+    "block_0  = [(Assume (FunExp ''f'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 1)]))]"
+definition block_1
+  where
+    "block_1  = []"
+definition block_2
+  where
+    "block_2  = []"
+definition outEdges
+  where
+    "outEdges  = [[],[0],[1]]"
+definition node_to_blocks
+  where
+    "node_to_blocks  = [block_0,block_1,block_2]"
+definition proc_body
+  where
+    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
+lemma node_0:
+shows "((nth (node_to_block proc_body) 0) = block_0)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_1:
+shows "((nth (node_to_block proc_body) 1) = block_1)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma node_2:
+shows "((nth (node_to_block proc_body) 2) = block_2)"
+by (simp add:proc_body_def node_to_blocks_def)
+
+lemma outEdges_0:
+shows "((nth (out_edges proc_body) 0) = [])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_1:
+shows "((nth (out_edges proc_body) 1) = [0])"
+by (simp add:proc_body_def outEdges_def)
+
+lemma outEdges_2:
+shows "((nth (out_edges proc_body) 2) = [1])"
+by (simp add:proc_body_def outEdges_def)
+
+definition params_vdecls :: "(vdecls)"
+  where
+    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
+definition locals_vdecls :: "(vdecls)"
+  where
+    "locals_vdecls  = [(1,(TPrim TInt),(None ))]"
+lemma locals_min_aux:
+shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 0))"
+unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
+by simp
+
+lemma locals_min:
+shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
+using locals_min_aux helper_min
+by blast
+
+lemma globals_locals_disj:
+shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
+unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
+by simp
+
+lemma m_x:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma m_a:
+shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
+by (simp add:params_vdecls_def locals_vdecls_def)
+
+lemma l_x:
+shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
+using globals_locals_disj m_x
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+lemma l_a:
+shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
+using globals_locals_disj m_a
+by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
+
+
+end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_vcphase_proof.thy
new file mode 100644
index 0000000..43d54a4
--- /dev/null
+++ b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_vcphase_proof.thy
@@ -0,0 +1,188 @@
+theory p_vcphase_proof
+imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
+begin
+locale vc = 
+fixes f :: "(int => bool)"
+begin
+
+definition vc_anon0
+  where
+    "vc_anon0 a = ((f a) \<longrightarrow> (f a))"
+definition vc_PreconditionGeneratedEntry
+  where
+    "vc_PreconditionGeneratedEntry a = (vc_anon0 a)"
+
+end
+
+locale passification = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and f :: "(((ty)list) => (((('a)val)list) => ((('a)val)option)))" and vc_f :: "(int => bool)" and vc_x :: "int" and vc_a :: "int"
+assumes 
+G0: "((\<Gamma> ''f'') = (Some f))" and 
+G1: "(\<And> farg0. ((f [] [(IntV farg0)]) = (Some (BoolV (vc_f farg0)))))" and 
+G2: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
+G3: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_a)))" and 
+G4: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2 G3 G4
+lemmas forall_poly_thm = forall_vc_type[OF G4]
+lemmas exists_poly_thm = exists_vc_type[OF G4]
+declare Nat.One_nat_def[simp del]
+
+ML\<open>
+val block_anon0_hints = [
+(AssumeConjR 0,NONE), 
+(AssertNoConj,NONE)]
+\<close>
+lemma block_anon0AA0:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_f vc_a) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
+unfolding p_passive_prog.block_0_def vc.vc_anon0_def
+apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
+by (auto?)
+
+lemma block_0:
+assumes 
+"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s')" and 
+"(vc.vc_anon0 vc_f vc_a)"
+shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_f vc_a)))))"
+using assms
+unfolding p_passive_prog.block_1_def
+apply cases
+by auto
+
+lemma block_PreconditionGeneratedEntry:
+shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_f vc_a) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_f vc_a)))))))"
+apply (erule red_cmd_list.cases)
+using global_assms
+unfolding p_passive_prog.block_2_def vc.vc_PreconditionGeneratedEntry_def
+apply (handle_cmd_list_full?)
+by (auto?)
+
+lemma cfg_block_anon0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_f vc_a)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
+using block_anon0AA0[OF _ assms(2)] by blast
+
+lemma cfg_block_0:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
+"(vc.vc_anon0 vc_f vc_a)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_1])
+apply (erule block_0[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_1))
+apply (erule member_elim, simp)
+apply (erule cfg_block_anon0, simp?)
+by (simp add: member_rec(2))
+
+lemma cfg_PreconditionGeneratedEntry:
+assumes 
+"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+"(vc.vc_PreconditionGeneratedEntry vc_f vc_a)"
+shows "(s' \<noteq> Failure)"
+apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
+apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_2])
+apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
+apply ((simp add:p_passive_prog.outEdges_2))
+apply (erule member_elim, simp)
+apply (erule cfg_block_0, simp?)
+by (simp add: member_rec(2))
+
+
+end
+
+locale axioms = 
+fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and f :: "(((ty)list) => (((('a)val)list) => ((('a)val)option)))" and vc_f :: "(int => bool)"
+assumes 
+G0: "((\<Gamma> ''f'') = (Some f))" and 
+G1: "(\<And> farg0. ((f [] [(IntV farg0)]) = (Some (BoolV (vc_f farg0)))))" and 
+G2: "(\<And> v. (closed ((type_of_val A) v)))"
+begin
+
+lemmas global_assms = G0 G1 G2
+lemmas forall_poly_thm = forall_vc_type[OF G2]
+lemmas exists_poly_thm = exists_vc_type[OF G2]
+declare Nat.One_nat_def[simp del]
+
+
+end
+
+fun vc_fun_f
+  where
+    "vc_fun_f A f x = (case (f [] [(IntV x)]) of 
+(Some res) \<Rightarrow> (convert_val_to_bool res)
+|(None ) \<Rightarrow> (convert_val_to_bool (val_of_closed_type A (TPrimC TBool)))
+)"
+lemma vc_f_corres:
+assumes 
+FInterp: "(fun_interp_single_wf A (0,[(TPrim TInt)],(TPrim TBool)) f)"
+shows "((f [] [(IntV x)]) = (Some (BoolV (vc_fun_f A f x))))"
+proof -
+from  FInterp obtain z where W:"((f [] [(IntV x)]) = (Some (BoolV z)))"
+  apply (simp only: fun_interp_single_wf.simps) 
+  apply (erule allE[where ?x="[]"])
+  apply (simp add: )
+  apply (erule allE[where ?x="[(IntV x)]"])?
+using tbool_boolv by auto
+from this  show ?thesis 
+by (simp add: W) qed
+
+definition ctor_list
+  where
+    "ctor_list  = []"
+fun ctor :: "((closed_ty) => int)"
+  where
+    "ctor (TConC s _) = (the (map_of ctor_list s))"
+declare One_nat_def[simp del]
+
+lemma end_to_end:
+assumes 
+Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
+VC: "(\<And> (vc_x::int) (vc_a::int) (vc_f::(int => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_a))" and 
+Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
+NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
+FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
+Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
+ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
+ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))"
+shows "(s' \<noteq> Failure)"
+proof -
+let ?n_s_c = "(nstate_global_restriction n_s p_before_ast_to_cfg_prog.constants_vdecls)"
+let ?\<Lambda> = "((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
+let ?\<Lambda>c = "((p_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
+let ?f = "opaque_comp the \<Gamma> ''f''"
+have im_f:"((\<Gamma> ''f'') = (Some ?f))"
+apply (simp only:opaque_comp_def)
+by (rule finterp_member[OF FInterp p_before_ast_to_cfg_prog.mfun_f])
+from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
+apply (subst lookup_var_local[OF p_passive_prog.m_x])+
+by (fastforce dest: tint_intv tbool_boolv)
+from ParamsLocal have sc_a:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
+apply (simp only:state_typ_wf_def)
+apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_a])
+apply (subst lookup_var_local[OF p_passive_prog.m_a])+
+by (fastforce dest: tint_intv tbool_boolv)
+show "(s' \<noteq> Failure)"
+apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
+apply (simp only:passification_def)
+apply (intro conjI)?
+apply (simp add:im_f)
+apply ((rule allI | rule impI)+)?
+apply ((tactic \<open> vc_fun_corres_tac @{context} @{thm vc_f_corres} @{thm FInterp} @{thm p_before_ast_to_cfg_prog.mfun_f} @{thm im_f} 1\<close>))
+apply (rule HOL.conjunct1[OF sc_x])
+apply (rule HOL.conjunct1[OF sc_a])
+apply (simp add:Closed)
+apply (rule VC)
+done
+qed
+
+
+
+end

From 5ab0154dd78a9726a7e40d8660dc96f43f0290d0 Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Mon, 29 Aug 2022 11:08:00 +0200
Subject: [PATCH 20/74] removing the examples folder

---
 .../assert_false_in_if.bpl                    |   9 -
 .../assert_false_in_if_2.bpl                  |  12 -
 .../assert_false_in_if_3.bpl                  |  12 -
 .../assume_false_assert_false.bpl             |  12 -
 .../assume_false_in_if.bpl                    |   9 -
 .../complete_bigblock_loop_in_loop.bpl        |  17 -
 .../consecutive_ifs.bpl                       |  22 -
 .../consecutive_loops.bpl                     |  18 -
 .../consecutive_loops_in_loop.bpl             |  25 -
 .../consecutive_loops_in_loop_2.bpl           |  26 -
 .../empty_branch_if.bpl                       |  14 -
 .../empty_generic_block.bpl                   |  11 -
 .../empty_loop.bpl                            |   8 -
 .../globals.bpl                               |  13 -
 .../if_example.bpl                            |  20 -
 .../if_example_no_else_branch.bpl             |  17 -
 .../if_inside_loop.bpl                        |  20 -
 .../loop_example.bpl                          |  13 -
 .../loop_example_no_inv.bpl                   |  12 -
 .../loop_in_else_branch.bpl                   |  21 -
 .../loop_in_then_branch.bpl                   |  17 -
 .../nested_if.bpl                             |  21 -
 .../nested_loop.bpl                           |  36 -
 .../nested_loop2.bpl                          |  28 -
 .../nested_loop_while_true.bpl                |  25 -
 .../no_guard_empty_branch_if.bpl              |  13 -
 .../no_guard_if.bpl                           |  14 -
 .../no_guard_loop.bpl                         |  29 -
 .../no_guard_loop2.bpl                        |  27 -
 .../no_guard_loop3.bpl                        |  27 -
 .../no_guard_loop4.bpl                        |  27 -
 .../no_inv_loop.bpl                           |   9 -
 .../return_in_loop.bpl                        |  20 -
 .../return_in_loop2.bpl                       |  16 -
 .../simple_return_test.bpl                    |   7 -
 .../start_loop.bpl                            |   8 -
 .../triangle_example.bpl                      |  15 -
 .../trivial_assert_false.bpl                  |   3 -
 .../trivial_assume_false.bpl                  |   3 -
 .../trivial_example.bpl                       |   8 -
 .../assert_false_in_if.bpl                    |   9 -
 .../assert_false_in_if_2.bpl                  |  12 -
 .../assert_false_in_if_3.bpl                  |  12 -
 .../assume_false_assert_false.bpl             |  12 -
 .../assume_false_in_if.bpl                    |   9 -
 .../complete_bigblock_loop_in_loop.bpl        |  17 -
 .../consecutive_ifs.bpl                       |  22 -
 .../consecutive_loops.bpl                     |  18 -
 .../consecutive_loops_in_loop.bpl             |  25 -
 .../consecutive_loops_in_loop_2.bpl           |  26 -
 .../empty_branch_if.bpl                       |  14 -
 .../empty_generic_block.bpl                   |  11 -
 .../empty_loop.bpl                            |   8 -
 .../globals.bpl                               |  13 -
 .../if_example.bpl                            |  20 -
 .../if_example_no_else_branch.bpl             |  17 -
 .../if_inside_loop.bpl                        |  20 -
 .../loop_example.bpl                          |  13 -
 .../loop_example_no_inv.bpl                   |  12 -
 .../loop_in_else_branch.bpl                   |  21 -
 .../loop_in_then_branch.bpl                   |  17 -
 .../nested_if.bpl                             |  21 -
 .../nested_loop.bpl                           |  36 -
 .../nested_loop2.bpl                          |  28 -
 .../nested_loop_while_true.bpl                |  25 -
 .../no_guard_empty_branch_if.bpl              |  13 -
 .../no_guard_if.bpl                           |  14 -
 .../no_guard_loop.bpl                         |  29 -
 .../no_guard_loop2.bpl                        |  27 -
 .../no_guard_loop3.bpl                        |  27 -
 .../no_guard_loop4.bpl                        |  27 -
 .../no_inv_loop.bpl                           |   9 -
 .../return_in_loop.bpl                        |  20 -
 .../return_in_loop2.bpl                       |  16 -
 .../simple_return_test.bpl                    |   7 -
 .../start_loop.bpl                            |   8 -
 .../triangle_example.bpl                      |  15 -
 .../trivial_assert_false.bpl                  |   3 -
 .../trivial_assume_false.bpl                  |   3 -
 .../trivial_example.bpl                       |   8 -
 boogie_examples/other/break_example.bpl       |  16 -
 boogie_examples/other/goto_example.bpl        |  11 -
 boogie_examples/other/if_example_CFG.bpl      |  23 -
 .../other/if_example_duplicate.bpl            |  20 -
 boogie_examples/other/labeled_break.bpl       |  32 -
 .../assert_false_in_if_2.bpl                  |  12 -
 .../assert_false_in_if_3.bpl                  |  12 -
 .../assume_false_assert_false.bpl             |  12 -
 .../20220720_112439_timing_certificates.csv   |  41 -
 .../assert_false_in_if_2_proofs/ROOT          |  12 -
 .../assert_false_in_if_2_asttocfg_proof.thy   | 335 -------
 ...t_false_in_if_2_before_ast_to_cfg_prog.thy | 123 ---
 ...t_false_in_if_2_before_cfg_to_dag_prog.thy | 149 ---
 ...sert_false_in_if_2_before_passive_prog.thy |  95 --
 .../assert_false_in_if_2_cfgtodag_proof.thy   | 284 ------
 ...sert_false_in_if_2_passification_proof.thy | 258 -----
 .../assert_false_in_if_2_passive_prog.thy     | 119 ---
 .../assert_false_in_if_2_vcphase_proof.thy    | 228 -----
 .../global_data.thy                           |  32 -
 .../assert_false_in_if_3_proofs/ROOT          |  12 -
 .../assert_false_in_if_3_asttocfg_proof.thy   | 315 ------
 ...t_false_in_if_3_before_ast_to_cfg_prog.thy | 123 ---
 ...t_false_in_if_3_before_cfg_to_dag_prog.thy | 149 ---
 ...sert_false_in_if_3_before_passive_prog.thy |  95 --
 .../assert_false_in_if_3_cfgtodag_proof.thy   | 284 ------
 ...sert_false_in_if_3_passification_proof.thy | 254 -----
 .../assert_false_in_if_3_passive_prog.thy     | 119 ---
 .../assert_false_in_if_3_vcphase_proof.thy    | 225 -----
 .../global_data.thy                           |  32 -
 .../assert_false_in_if_proofs/ROOT            |  12 -
 .../assert_false_in_if_asttocfg_proof.thy     | 269 ------
 ...ert_false_in_if_before_ast_to_cfg_prog.thy | 117 ---
 ...ert_false_in_if_before_cfg_to_dag_prog.thy | 138 ---
 ...assert_false_in_if_before_passive_prog.thy |  95 --
 .../assert_false_in_if_cfgtodag_proof.thy     | 242 -----
 ...assert_false_in_if_passification_proof.thy | 258 -----
 .../assert_false_in_if_passive_prog.thy       | 119 ---
 .../assert_false_in_if_vcphase_proof.thy      | 223 -----
 .../assert_false_in_if_proofs/global_data.thy |  32 -
 .../assume_false_assert_false_proofs/ROOT     |  12 -
 ...sume_false_assert_false_asttocfg_proof.thy | 335 -------
 ...se_assert_false_before_ast_to_cfg_prog.thy | 123 ---
 ...se_assert_false_before_cfg_to_dag_prog.thy | 149 ---
 ...false_assert_false_before_passive_prog.thy |  95 --
 ...sume_false_assert_false_cfgtodag_proof.thy | 284 ------
 ...false_assert_false_passification_proof.thy | 259 -----
 ...assume_false_assert_false_passive_prog.thy | 128 ---
 ...ssume_false_assert_false_vcphase_proof.thy | 236 -----
 .../global_data.thy                           |  32 -
 .../assume_false_in_if_proofs/ROOT            |  12 -
 .../assume_false_in_if_asttocfg_proof.thy     | 269 ------
 ...ume_false_in_if_before_ast_to_cfg_prog.thy | 117 ---
 ...ume_false_in_if_before_cfg_to_dag_prog.thy | 138 ---
 ...assume_false_in_if_before_passive_prog.thy |  95 --
 .../assume_false_in_if_cfgtodag_proof.thy     | 242 -----
 ...assume_false_in_if_passification_proof.thy | 258 -----
 .../assume_false_in_if_passive_prog.thy       | 119 ---
 .../assume_false_in_if_vcphase_proof.thy      | 218 -----
 .../assume_false_in_if_proofs/global_data.thy |  32 -
 .../ROOT                                      |  12 -
 .../global_data.thy                           |  32 -
 .../while_succ_in_while_asttocfg_proof.thy    | 557 -----------
 ...e_succ_in_while_before_ast_to_cfg_prog.thy | 150 ---
 ...e_succ_in_while_before_cfg_to_dag_prog.thy | 213 -----
 ...hile_succ_in_while_before_passive_prog.thy | 161 ----
 .../while_succ_in_while_cfgtodag_proof.thy    | 634 ------------
 ...hile_succ_in_while_passification_proof.thy | 385 --------
 .../while_succ_in_while_passive_prog.thy      | 248 -----
 .../while_succ_in_while_vcphase_proof.thy     | 423 --------
 .../consecutive_ifs_proofs/ROOT               |  12 -
 .../consecutive_ifs_asttocfg_proof.thy        | 449 ---------
 ...consecutive_ifs_before_ast_to_cfg_prog.thy | 135 ---
 ...consecutive_ifs_before_cfg_to_dag_prog.thy | 171 ----
 .../consecutive_ifs_before_passive_prog.thy   | 128 ---
 .../consecutive_ifs_cfgtodag_proof.thy        | 391 --------
 .../consecutive_ifs_passification_proof.thy   | 317 ------
 .../consecutive_ifs_passive_prog.thy          | 161 ----
 .../consecutive_ifs_vcphase_proof.thy         | 297 ------
 .../consecutive_ifs_proofs/global_data.thy    |  32 -
 .../consecutive_loops_in_loop_2_proofs/ROOT   |  12 -
 ...ecutive_loops_in_loop_2_asttocfg_proof.thy | 774 ---------------
 ...loops_in_loop_2_before_ast_to_cfg_prog.thy | 168 ----
 ...loops_in_loop_2_before_cfg_to_dag_prog.thy | 257 -----
 ...ve_loops_in_loop_2_before_passive_prog.thy | 205 ----
 ...ecutive_loops_in_loop_2_cfgtodag_proof.thy | 900 ------------------
 ...ve_loops_in_loop_2_passification_proof.thy | 485 ----------
 ...nsecutive_loops_in_loop_2_passive_prog.thy | 319 -------
 ...secutive_loops_in_loop_2_vcphase_proof.thy | 551 -----------
 .../global_data.thy                           |  32 -
 .../consecutive_loops_in_loop_proofs/ROOT     |  12 -
 ...nsecutive_loops_in_loop_asttocfg_proof.thy | 746 ---------------
 ...e_loops_in_loop_before_ast_to_cfg_prog.thy | 168 ----
 ...e_loops_in_loop_before_cfg_to_dag_prog.thy | 257 -----
 ...tive_loops_in_loop_before_passive_prog.thy | 205 ----
 ...nsecutive_loops_in_loop_cfgtodag_proof.thy | 900 ------------------
 ...tive_loops_in_loop_passification_proof.thy | 484 ----------
 ...consecutive_loops_in_loop_passive_prog.thy | 310 ------
 ...onsecutive_loops_in_loop_vcphase_proof.thy | 543 -----------
 .../global_data.thy                           |  32 -
 .../consecutive_loops_proofs/ROOT             |  12 -
 .../consecutive_loops_asttocfg_proof.thy      | 537 -----------
 ...nsecutive_loops_before_ast_to_cfg_prog.thy | 141 ---
 ...nsecutive_loops_before_cfg_to_dag_prog.thy | 204 ----
 .../consecutive_loops_before_passive_prog.thy | 161 ----
 .../consecutive_loops_cfgtodag_proof.thy      | 608 ------------
 .../consecutive_loops_passification_proof.thy | 385 --------
 .../consecutive_loops_passive_prog.thy        | 221 -----
 .../consecutive_loops_vcphase_proof.thy       | 407 --------
 .../consecutive_loops_proofs/global_data.thy  |  32 -
 .../empty_branch_if_proofs/ROOT               |  12 -
 .../empty_branch_if_asttocfg_proof.thy        | 341 -------
 ...empty_branch_if_before_ast_to_cfg_prog.thy | 123 ---
 ...empty_branch_if_before_cfg_to_dag_prog.thy | 149 ---
 .../empty_branch_if_before_passive_prog.thy   |  95 --
 .../empty_branch_if_cfgtodag_proof.thy        | 284 ------
 .../empty_branch_if_passification_proof.thy   | 262 -----
 .../empty_branch_if_passive_prog.thy          | 128 ---
 .../empty_branch_if_vcphase_proof.thy         | 241 -----
 .../empty_branch_if_proofs/global_data.thy    |  32 -
 .../empty_generic_block_proofs/ROOT           |  12 -
 .../empty_generic_block_asttocfg_proof.thy    | 233 -----
 ...y_generic_block_before_ast_to_cfg_prog.thy | 117 ---
 ...y_generic_block_before_cfg_to_dag_prog.thy | 138 ---
 ...mpty_generic_block_before_passive_prog.thy |  84 --
 .../empty_generic_block_cfgtodag_proof.thy    | 225 -----
 ...mpty_generic_block_passification_proof.thy | 237 -----
 .../empty_generic_block_passive_prog.thy      |  99 --
 .../empty_generic_block_vcphase_proof.thy     | 194 ----
 .../global_data.thy                           |  32 -
 .../empty_loop_proofs/ROOT                    |  12 -
 .../empty_loop_proofs/global_data.thy         |  32 -
 .../p_proofs/p_asttocfg_proof.thy             | 333 -------
 .../p_proofs/p_before_ast_to_cfg_prog.thy     | 123 ---
 .../p_proofs/p_before_cfg_to_dag_prog.thy     | 160 ----
 .../p_proofs/p_before_passive_prog.thy        | 117 ---
 .../p_proofs/p_cfgtodag_proof.thy             | 382 --------
 .../p_proofs/p_passification_proof.thy        | 299 ------
 .../p_proofs/p_passive_prog.thy               | 132 ---
 .../p_proofs/p_vcphase_proof.thy              | 273 ------
 .../globals_proofs/ROOT                       |  12 -
 .../globals_proofs/global_data.thy            |  48 -
 .../p_proofs/p_asttocfg_proof.thy             | 138 ---
 .../p_proofs/p_before_ast_to_cfg_prog.thy     | 131 ---
 .../p_proofs/p_before_cfg_to_dag_prog.thy     | 142 ---
 .../p_proofs/p_before_passive_prog.thy        |  62 --
 .../p_proofs/p_cfgtodag_proof.thy             | 135 ---
 .../p_proofs/p_passification_proof.thy        | 209 ----
 .../p_proofs/p_passive_prog.thy               |  87 --
 .../p_proofs/p_vcphase_proof.thy              | 228 -----
 .../if_example_no_else_branch_proofs/ROOT     |  12 -
 .../global_data.thy                           |  32 -
 ..._example_no_else_branch_asttocfg_proof.thy | 517 ----------
 ..._no_else_branch_before_ast_to_cfg_prog.thy | 141 ---
 ..._no_else_branch_before_cfg_to_dag_prog.thy | 182 ----
 ...ple_no_else_branch_before_passive_prog.thy | 128 ---
 ..._example_no_else_branch_cfgtodag_proof.thy | 433 ---------
 ...ple_no_else_branch_passification_proof.thy | 328 -------
 ...if_example_no_else_branch_passive_prog.thy | 170 ----
 ...f_example_no_else_branch_vcphase_proof.thy | 327 -------
 .../if_example_proofs/ROOT                    |  12 -
 .../if_example_proofs/global_data.thy         |  32 -
 .../if_example_test_2_asttocfg_proof.thy      | 360 -------
 ..._example_test_2_before_ast_to_cfg_prog.thy | 123 ---
 ..._example_test_2_before_cfg_to_dag_prog.thy | 149 ---
 .../if_example_test_2_before_passive_prog.thy |  95 --
 .../if_example_test_2_cfgtodag_proof.thy      | 284 ------
 .../if_example_test_2_passification_proof.thy | 262 -----
 .../if_example_test_2_passive_prog.thy        | 128 ---
 .../if_example_test_2_vcphase_proof.thy       | 241 -----
 .../if_inside_loop_proofs/ROOT                |  12 -
 .../if_inside_loop_proofs/global_data.thy     |  32 -
 .../if_inside_while_asttocfg_proof.thy        | 510 ----------
 ...if_inside_while_before_ast_to_cfg_prog.thy | 144 ---
 ...if_inside_while_before_cfg_to_dag_prog.thy | 191 ----
 .../if_inside_while_before_passive_prog.thy   | 139 ---
 .../if_inside_while_cfgtodag_proof.thy        | 498 ----------
 .../if_inside_while_passification_proof.thy   | 344 -------
 .../if_inside_while_passive_prog.thy          | 199 ----
 .../if_inside_while_vcphase_proof.thy         | 353 -------
 .../loop_example_no_inv_proofs/ROOT           |  12 -
 .../global_data.thy                           |  32 -
 .../m_proofs/m_asttocfg_proof.thy             | 352 -------
 .../m_proofs/m_before_ast_to_cfg_prog.thy     | 132 ---
 .../m_proofs/m_before_cfg_to_dag_prog.thy     | 169 ----
 .../m_proofs/m_before_passive_prog.thy        | 117 ---
 .../m_proofs/m_cfgtodag_proof.thy             | 375 --------
 .../m_proofs/m_passification_proof.thy        | 314 ------
 .../m_proofs/m_passive_prog.thy               | 159 ----
 .../m_proofs/m_vcphase_proof.thy              | 291 ------
 .../loop_example_proofs/ROOT                  |  12 -
 .../loop_example_proofs/global_data.thy       |  32 -
 .../m_proofs/m_asttocfg_proof.thy             | 352 -------
 .../m_proofs/m_before_ast_to_cfg_prog.thy     | 132 ---
 .../m_proofs/m_before_cfg_to_dag_prog.thy     | 169 ----
 .../m_proofs/m_before_passive_prog.thy        | 117 ---
 .../m_proofs/m_cfgtodag_proof.thy             | 383 --------
 .../m_proofs/m_passification_proof.thy        | 314 ------
 .../m_proofs/m_passive_prog.thy               | 159 ----
 .../m_proofs/m_vcphase_proof.thy              | 296 ------
 .../loop_in_else_branch_proofs/ROOT           |  12 -
 .../global_data.thy                           |  32 -
 .../while_in_if_true_asttocfg_proof.thy       | 492 ----------
 ...hile_in_if_true_before_ast_to_cfg_prog.thy | 144 ---
 ...hile_in_if_true_before_cfg_to_dag_prog.thy | 191 ----
 .../while_in_if_true_before_passive_prog.thy  | 139 ---
 .../while_in_if_true_cfgtodag_proof.thy       | 479 ----------
 .../while_in_if_true_passification_proof.thy  | 351 -------
 .../while_in_if_true_passive_prog.thy         | 217 -----
 .../while_in_if_true_vcphase_proof.thy        | 373 --------
 .../loop_in_then_branch_proofs/ROOT           |  12 -
 .../global_data.thy                           |  32 -
 .../while_in_if_true_asttocfg_proof.thy       | 488 ----------
 ...hile_in_if_true_before_ast_to_cfg_prog.thy | 144 ---
 ...hile_in_if_true_before_cfg_to_dag_prog.thy | 191 ----
 .../while_in_if_true_before_passive_prog.thy  | 139 ---
 .../while_in_if_true_cfgtodag_proof.thy       | 479 ----------
 .../while_in_if_true_passification_proof.thy  | 351 -------
 .../while_in_if_true_passive_prog.thy         | 217 -----
 .../while_in_if_true_vcphase_proof.thy        | 373 --------
 .../nested_if_proofs/ROOT                     |  12 -
 .../nested_if_proofs/global_data.thy          |  32 -
 .../nested_if_asttocfg_proof.thy              | 387 --------
 .../nested_if_before_ast_to_cfg_prog.thy      | 138 ---
 .../nested_if_before_cfg_to_dag_prog.thy      | 169 ----
 .../nested_if_before_passive_prog.thy         | 117 ---
 .../nested_if_cfgtodag_proof.thy              | 334 -------
 .../nested_if_passification_proof.thy         | 322 -------
 .../nested_if_passive_prog.thy                | 150 ---
 .../nested_if_vcphase_proof.thy               | 277 ------
 .../nested_loop2_proofs/ROOT                  |  12 -
 .../nested_loop2_proofs/global_data.thy       |  32 -
 .../nested_loop3_asttocfg_proof.thy           | 713 --------------
 .../nested_loop3_before_ast_to_cfg_prog.thy   | 177 ----
 .../nested_loop3_before_cfg_to_dag_prog.thy   | 255 -----
 .../nested_loop3_before_passive_prog.thy      | 194 ----
 .../nested_loop3_cfgtodag_proof.thy           | 867 -----------------
 .../nested_loop3_passification_proof.thy      | 461 ---------
 .../nested_loop3_passive_prog.thy             | 326 -------
 .../nested_loop3_vcphase_proof.thy            | 542 -----------
 .../nested_loop_proofs/ROOT                   |  12 -
 .../nested_loop_proofs/global_data.thy        |  32 -
 .../nested_loop_asttocfg_proof.thy            | 536 -----------
 .../nested_loop_before_ast_to_cfg_prog.thy    | 150 ---
 .../nested_loop_before_cfg_to_dag_prog.thy    | 202 ----
 .../nested_loop_before_passive_prog.thy       | 150 ---
 .../nested_loop_cfgtodag_proof.thy            | 605 ------------
 .../nested_loop_passification_proof.thy       | 370 -------
 .../nested_loop_passive_prog.thy              | 219 -----
 .../nested_loop_vcphase_proof.thy             | 395 --------
 .../nested_loop_while_true_proofs/ROOT        |  12 -
 .../global_data.thy                           |  32 -
 .../nested_loop2_asttocfg_proof.thy           | 713 --------------
 .../nested_loop2_before_ast_to_cfg_prog.thy   | 168 ----
 .../nested_loop2_before_cfg_to_dag_prog.thy   | 246 -----
 .../nested_loop2_before_passive_prog.thy      | 194 ----
 .../nested_loop2_cfgtodag_proof.thy           | 864 -----------------
 .../nested_loop2_passification_proof.thy      | 451 ---------
 .../nested_loop2_passive_prog.thy             | 281 ------
 .../nested_loop2_vcphase_proof.thy            | 506 ----------
 .../no_guard_empty_branch_if_proofs/ROOT      |  12 -
 .../global_data.thy                           |  32 -
 ...o_guard_empty_branch_if_asttocfg_proof.thy | 251 -----
 ...empty_branch_if_before_ast_to_cfg_prog.thy | 117 ---
 ...empty_branch_if_before_cfg_to_dag_prog.thy | 138 ---
 ...rd_empty_branch_if_before_passive_prog.thy |  95 --
 ...o_guard_empty_branch_if_cfgtodag_proof.thy | 242 -----
 ...rd_empty_branch_if_passification_proof.thy | 254 -----
 .../no_guard_empty_branch_if_passive_prog.thy | 119 ---
 ...no_guard_empty_branch_if_vcphase_proof.thy | 213 -----
 .../no_guard_if_proofs/ROOT                   |  12 -
 .../no_guard_if_proofs/global_data.thy        |  32 -
 .../no_guard_if_asttocfg_proof.thy            | 267 ------
 .../no_guard_if_before_ast_to_cfg_prog.thy    | 117 ---
 .../no_guard_if_before_cfg_to_dag_prog.thy    | 138 ---
 .../no_guard_if_before_passive_prog.thy       |  95 --
 .../no_guard_if_cfgtodag_proof.thy            | 242 -----
 .../no_guard_if_passification_proof.thy       | 254 -----
 .../no_guard_if_passive_prog.thy              | 119 ---
 .../no_guard_if_vcphase_proof.thy             | 213 -----
 .../M_proofs/M_asttocfg_proof.thy             | 716 --------------
 .../M_proofs/M_before_ast_to_cfg_prog.thy     | 177 ----
 .../M_proofs/M_before_cfg_to_dag_prog.thy     | 244 -----
 .../M_proofs/M_before_passive_prog.thy        | 183 ----
 .../M_proofs/M_cfgtodag_proof.thy             | 775 ---------------
 .../M_proofs/M_passification_proof.thy        | 458 ---------
 .../M_proofs/M_passive_prog.thy               | 297 ------
 .../M_proofs/M_vcphase_proof.thy              | 473 ---------
 .../no_guard_loop2_proofs/ROOT                |  12 -
 .../no_guard_loop2_proofs/global_data.thy     |  32 -
 .../M_proofs/M_asttocfg_proof.thy             | 679 -------------
 .../M_proofs/M_before_ast_to_cfg_prog.thy     | 171 ----
 .../M_proofs/M_before_cfg_to_dag_prog.thy     | 233 -----
 .../M_proofs/M_before_passive_prog.thy        | 172 ----
 .../M_proofs/M_cfgtodag_proof.thy             | 712 --------------
 .../M_proofs/M_passification_proof.thy        | 422 --------
 .../M_proofs/M_passive_prog.thy               | 295 ------
 .../M_proofs/M_vcphase_proof.thy              | 455 ---------
 .../no_guard_loop3_proofs/ROOT                |  12 -
 .../no_guard_loop3_proofs/global_data.thy     |  32 -
 .../M_proofs/M_asttocfg_proof.thy             | 678 -------------
 .../M_proofs/M_before_ast_to_cfg_prog.thy     | 171 ----
 .../M_proofs/M_before_cfg_to_dag_prog.thy     | 233 -----
 .../M_proofs/M_before_passive_prog.thy        | 172 ----
 .../M_proofs/M_cfgtodag_proof.thy             | 711 --------------
 .../M_proofs/M_passification_proof.thy        | 429 ---------
 .../M_proofs/M_passive_prog.thy               | 286 ------
 .../M_proofs/M_vcphase_proof.thy              | 447 ---------
 .../no_guard_loop4_proofs/ROOT                |  12 -
 .../no_guard_loop4_proofs/global_data.thy     |  32 -
 .../M_proofs/M_asttocfg_proof.thy             | 732 --------------
 .../M_proofs/M_before_ast_to_cfg_prog.thy     | 177 ----
 .../M_proofs/M_before_cfg_to_dag_prog.thy     | 255 -----
 .../M_proofs/M_before_passive_prog.thy        | 194 ----
 .../M_proofs/M_cfgtodag_proof.thy             | 820 ----------------
 .../M_proofs/M_passification_proof.thy        | 482 ----------
 .../M_proofs/M_passive_prog.thy               | 317 ------
 .../M_proofs/M_vcphase_proof.thy              | 505 ----------
 .../no_guard_loop_proofs/ROOT                 |  12 -
 .../no_guard_loop_proofs/global_data.thy      |  32 -
 .../no_inv_loop_proofs/ROOT                   |  12 -
 .../no_inv_loop_proofs/global_data.thy        |  32 -
 .../no_inv_loop_asttocfg_proof.thy            | 344 -------
 .../no_inv_loop_before_ast_to_cfg_prog.thy    | 123 ---
 .../no_inv_loop_before_cfg_to_dag_prog.thy    | 149 ---
 .../no_inv_loop_before_passive_prog.thy       | 106 ---
 .../no_inv_loop_cfgtodag_proof.thy            | 330 -------
 .../no_inv_loop_passification_proof.thy       | 279 ------
 .../no_inv_loop_passive_prog.thy              | 148 ---
 .../no_inv_loop_vcphase_proof.thy             | 256 -----
 .../return_in_loop2_proofs/ROOT               |  12 -
 .../return_in_loop2_proofs/global_data.thy    |  32 -
 .../return_in_loop_asttocfg_proof.thy         | 518 ----------
 .../return_in_loop_before_ast_to_cfg_prog.thy | 141 ---
 .../return_in_loop_before_cfg_to_dag_prog.thy | 193 ----
 .../return_in_loop_before_passive_prog.thy    | 150 ---
 .../return_in_loop_cfgtodag_proof.thy         | 534 -----------
 .../return_in_loop_passification_proof.thy    | 363 -------
 .../return_in_loop_passive_prog.thy           | 183 ----
 .../return_in_loop_vcphase_proof.thy          | 361 -------
 .../return_in_loop_proofs/ROOT                |  12 -
 .../return_in_loop_proofs/global_data.thy     |  32 -
 .../return_in_loop_asttocfg_proof.thy         | 529 ----------
 .../return_in_loop_before_ast_to_cfg_prog.thy | 141 ---
 .../return_in_loop_before_cfg_to_dag_prog.thy | 204 ----
 .../return_in_loop_before_passive_prog.thy    | 161 ----
 .../return_in_loop_cfgtodag_proof.thy         | 514 ----------
 .../return_in_loop_passification_proof.thy    | 385 --------
 .../return_in_loop_passive_prog.thy           | 203 ----
 .../return_in_loop_vcphase_proof.thy          | 395 --------
 .../simple_return_test_proofs/ROOT            |  12 -
 .../simple_return_test_proofs/global_data.thy |  32 -
 .../return_test_asttocfg_proof.thy            | 138 ---
 .../return_test_before_ast_to_cfg_prog.thy    | 105 --
 .../return_test_before_cfg_to_dag_prog.thy    | 116 ---
 .../return_test_before_passive_prog.thy       |  62 --
 .../return_test_cfgtodag_proof.thy            | 135 ---
 .../return_test_passification_proof.thy       | 195 ----
 .../return_test_passive_prog.thy              |  77 --
 .../return_test_vcphase_proof.thy             | 141 ---
 .../start_loop_proofs/ROOT                    |  12 -
 .../start_loop_proofs/global_data.thy         |  36 -
 .../start_loop_asttocfg_proof.thy             | 315 ------
 .../start_loop_before_ast_to_cfg_prog.thy     | 123 ---
 .../start_loop_before_cfg_to_dag_prog.thy     | 149 ---
 .../start_loop_before_passive_prog.thy        | 106 ---
 .../start_loop_cfgtodag_proof.thy             | 329 -------
 .../start_loop_passification_proof.thy        | 272 ------
 .../start_loop_passive_prog.thy               | 117 ---
 .../start_loop_vcphase_proof.thy              | 235 -----
 .../triangle_example_proofs/ROOT              |  12 -
 .../triangle_example_proofs/global_data.thy   |  32 -
 .../triangle_asttocfg_proof.thy               | 344 -------
 .../triangle_before_ast_to_cfg_prog.thy       | 141 ---
 .../triangle_before_cfg_to_dag_prog.thy       | 167 ----
 .../triangle_before_passive_prog.thy          | 106 ---
 .../triangle_cfgtodag_proof.thy               | 364 -------
 .../triangle_passification_proof.thy          | 303 ------
 .../triangle_proofs/triangle_passive_prog.thy | 184 ----
 .../triangle_vcphase_proof.thy                | 309 ------
 .../trivial_assert_false_proofs/ROOT          |  12 -
 .../global_data.thy                           |  32 -
 .../trivial_assert_false_asttocfg_proof.thy   | 138 ---
 ...al_assert_false_before_ast_to_cfg_prog.thy |  96 --
 ...al_assert_false_before_cfg_to_dag_prog.thy | 107 ---
 ...ivial_assert_false_before_passive_prog.thy |  62 --
 .../trivial_assert_false_cfgtodag_proof.thy   | 135 ---
 ...ivial_assert_false_passification_proof.thy | 195 ----
 .../trivial_assert_false_passive_prog.thy     |  68 --
 .../trivial_assert_false_vcphase_proof.thy    | 141 ---
 .../trivial_assume_false_proofs/ROOT          |  12 -
 .../global_data.thy                           |  32 -
 .../trivial_assume_false_asttocfg_proof.thy   | 138 ---
 ...al_assume_false_before_ast_to_cfg_prog.thy |  96 --
 ...al_assume_false_before_cfg_to_dag_prog.thy | 107 ---
 ...ivial_assume_false_before_passive_prog.thy |  62 --
 .../trivial_assume_false_cfgtodag_proof.thy   | 135 ---
 ...ivial_assume_false_passification_proof.thy | 195 ----
 .../trivial_assume_false_passive_prog.thy     |  68 --
 .../trivial_assume_false_vcphase_proof.thy    | 138 ---
 .../trivial_example_proofs/ROOT               |  12 -
 .../trivial_example_proofs/global_data.thy    |  36 -
 .../p_proofs/p_asttocfg_proof.thy             | 138 ---
 .../p_proofs/p_before_ast_to_cfg_prog.thy     | 118 ---
 .../p_proofs/p_before_cfg_to_dag_prog.thy     | 129 ---
 .../p_proofs/p_before_passive_prog.thy        |  62 --
 .../p_proofs/p_cfgtodag_proof.thy             | 135 ---
 .../p_proofs/p_passification_proof.thy        | 202 ----
 .../p_proofs/p_passive_prog.thy               |  86 --
 .../p_proofs/p_vcphase_proof.thy              | 188 ----
 489 files changed, 88080 deletions(-)
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_2.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_3.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_assert_false.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_in_if.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/complete_bigblock_loop_in_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_ifs.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop_2.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/empty_branch_if.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/empty_generic_block.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/empty_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/globals.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/if_example.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/if_example_no_else_branch.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/if_inside_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example_no_inv.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_else_branch.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_then_branch.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/nested_if.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop2.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop_while_true.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_empty_branch_if.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_if.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop2.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop3.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop4.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/no_inv_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop2.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/simple_return_test.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/start_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/triangle_example.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assert_false.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assume_false.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_example.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_2.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_3.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_assert_false.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_in_if.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/complete_bigblock_loop_in_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_ifs.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop_2.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_branch_if.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_generic_block.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/globals.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example_no_else_branch.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_inside_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example_no_inv.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_else_branch.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_then_branch.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_if.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop2.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop_while_true.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_empty_branch_if.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_if.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop2.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop3.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop4.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_inv_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop2.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/simple_return_test.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/start_loop.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/triangle_example.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assert_false.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assume_false.bpl
 delete mode 100644 boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_example.bpl
 delete mode 100644 boogie_examples/other/break_example.bpl
 delete mode 100644 boogie_examples/other/goto_example.bpl
 delete mode 100644 boogie_examples/other/if_example_CFG.bpl
 delete mode 100644 boogie_examples/other/if_example_duplicate.bpl
 delete mode 100644 boogie_examples/other/labeled_break.bpl
 delete mode 100644 boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_2.bpl
 delete mode 100644 boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_3.bpl
 delete mode 100644 boogie_examples/proofgen_depends_on_pruning/assume_false_assert_false.bpl
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/20220720_112439_timing_certificates.csv
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_vcphase_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/ROOT
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/global_data.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_asttocfg_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_cfgtodag_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passification_proof.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passive_prog.thy
 delete mode 100644 boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_vcphase_proof.thy

diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if.bpl
deleted file mode 100644
index c558e50..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if.bpl
+++ /dev/null
@@ -1,9 +0,0 @@
-procedure assert_false_in_if() {
-    var x: int;
-
-    havoc x;
-    if (x != 8)
-    {
-        assert false;
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_2.bpl
deleted file mode 100644
index d5b5947..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_2.bpl
+++ /dev/null
@@ -1,12 +0,0 @@
-procedure assert_false_in_if_2() {
-    var x: int;
-
-    havoc x;
-    if (x != 8)
-    {
-        assert false;
-    }
-
-    x := 7;
-    assert x == 7;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_3.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_3.bpl
deleted file mode 100644
index 669e2f6..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/assert_false_in_if_3.bpl
+++ /dev/null
@@ -1,12 +0,0 @@
-procedure assert_false_in_if_3() {
-    var x: int;
-
-    havoc x;
-    if (*)
-    {
-        assert false;
-    }
-
-    x := 7;
-    assert x == 7;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_assert_false.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_assert_false.bpl
deleted file mode 100644
index d5ca5c6..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_assert_false.bpl
+++ /dev/null
@@ -1,12 +0,0 @@
-procedure assume_false_assert_false() {
-    var x: int;
-
-    havoc x;
-    if (x > 0)
-    {
-        assume false;
-        x := x - 1;
-    }
-
-    assert false;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_in_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_in_if.bpl
deleted file mode 100644
index e123ebf..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/assume_false_in_if.bpl
+++ /dev/null
@@ -1,9 +0,0 @@
-procedure assume_false_in_if() {
-    var x: int;
-
-    havoc x;
-    if (x != 8)
-    {
-        assume false;
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/complete_bigblock_loop_in_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/complete_bigblock_loop_in_loop.bpl
deleted file mode 100644
index 8f64c6e..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/complete_bigblock_loop_in_loop.bpl
+++ /dev/null
@@ -1,17 +0,0 @@
-procedure while_succ_in_while() {
-    var x: int;
-    var y: int;
-
-    havoc x;
-    havoc y;
-    while (x > 0)
-    {
-        x := x - 1;
-        while (y > 0)
-        {
-            y := y - 1;
-        }
-    }
-
-    assert x == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_ifs.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_ifs.bpl
deleted file mode 100644
index 8293604..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_ifs.bpl
+++ /dev/null
@@ -1,22 +0,0 @@
-procedure consecutive_ifs() {
-    var x : int;
-
-    havoc x;
-    if (x > 0)
-    {
-        x := 5;
-    }
-    else
-    {
-        
-    }
-
-    if (*)
-    {
-        x := 1;
-    } 
-    else
-    {
-        x := -1;
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops.bpl
deleted file mode 100644
index 6996aa4..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops.bpl
+++ /dev/null
@@ -1,18 +0,0 @@
-procedure consecutive_loops() {
-    var x: int;
-
-    havoc x;
-    while (x > 0)
-    {
-        x := x - 1;
-    }
-
-    while (x < 0)
-        invariant x <= 0;
-    {
-        x := x + 1;
-    }
-
-
-    assert x == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop.bpl
deleted file mode 100644
index e612b51..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop.bpl
+++ /dev/null
@@ -1,25 +0,0 @@
-procedure consecutive_loops_in_loop() {
-    var x: int;
-    var y: int;
-
-    havoc y;
-    havoc x;
-
-    while (y > 0)
-    {
-        while (x > 1)
-        {
-            x := x - 1;
-        }
-
-        while (x < 1)
-            invariant x <= 1;
-        {
-            x := x + 1;
-        }
-
-        assert x == 1;
-        y := y - x;
-    }
-    assert y == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop_2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop_2.bpl
deleted file mode 100644
index 9f927a0..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/consecutive_loops_in_loop_2.bpl
+++ /dev/null
@@ -1,26 +0,0 @@
-procedure consecutive_loops_in_loop_2() {
-    var x: int;
-    var y: int;
-
-    havoc y;
-    havoc x;
-
-    while (y > 0)
-    {
-        x := y - 1;
-        while (x > 1)
-        {
-            x := x - 1;
-        }
-
-        while (x < 1)
-            invariant x <= 1;
-        {
-            x := x + 1;
-        }
-
-        assert x == 1;
-        y := y - x;
-    }
-    assert y == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_branch_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_branch_if.bpl
deleted file mode 100644
index 3f61074..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_branch_if.bpl
+++ /dev/null
@@ -1,14 +0,0 @@
-procedure empty_branch_if() {
-    var x : int;
-
-    havoc x;
-    if(x > 5)
-    {
-
-    }
-    else
-    {
-        x := 6;
-    }
-    assert x > 5;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_generic_block.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_generic_block.bpl
deleted file mode 100644
index a0542b6..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_generic_block.bpl
+++ /dev/null
@@ -1,11 +0,0 @@
-procedure empty_generic_block() {
-    var x : int;
-
-    x := 0;
-
-    label1:
-
-    label2:
-
-    assert x == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_loop.bpl
deleted file mode 100644
index ce89c5a..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/empty_loop.bpl
+++ /dev/null
@@ -1,8 +0,0 @@
-procedure p() {
-    var x: int;
-
-    x := 0;
-    while (x > 0)
-        invariant x >= 0; {}
-    assert x == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/globals.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/globals.bpl
deleted file mode 100644
index be7ee48..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/globals.bpl
+++ /dev/null
@@ -1,13 +0,0 @@
-var a : int;
-var b : bool;
-
-function f(a : int) : bool;
-function g(b : bool) : bool;
-
-procedure p(x : int) {
-    assume f(a);
-    assume g(b);
-
-    assert f(a);
-    assert g(b); 
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/if_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/if_example.bpl
deleted file mode 100644
index 66ef53c..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/if_example.bpl
+++ /dev/null
@@ -1,20 +0,0 @@
-procedure if_example_test_2() {
-    var x: int;
-    
-    havoc x; // ---> [Havoc x] --- block 0
-
-//-------------------------------------------------------
-
-    if (x > 5)
-    {
-        x := 10; // ---> [Assume x > 5; x := 10] --- block 3
-    }
-    else
-    {
-        x := 1; // ---> [Assume 5 >= x; x := 1] --- block 1
-    }
-
-//#######################################################
-
-    assert x > 0; // ---> [Assert x > 0] --- block 2
-}
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/if_example_no_else_branch.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/if_example_no_else_branch.bpl
deleted file mode 100644
index b6638f0..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/if_example_no_else_branch.bpl
+++ /dev/null
@@ -1,17 +0,0 @@
-procedure if_example_no_else_branch() {
-    var x: int;
-    
-    havoc x; 
-
-    if (x > 5)
-    {
-        x := 10; 
-    }
-
-    if (x <= 5)
-    {
-        x := 1;
-    }
-
-    assert x > 0; 
-}
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/if_inside_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/if_inside_loop.bpl
deleted file mode 100644
index 639fbb8..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/if_inside_loop.bpl
+++ /dev/null
@@ -1,20 +0,0 @@
-procedure if_inside_while() {
-    var x: int;
-    var y: int;
-
-    havoc x;
-    while (x > 0)
-    {
-        x := x - 1;
-        if (x > 1)
-        {
-            y := 10;
-        }
-        else
-        {
-            y := 20;
-        }
-    }
-
-    assert x == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example.bpl
deleted file mode 100644
index 1ba91a6..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example.bpl
+++ /dev/null
@@ -1,13 +0,0 @@
-procedure m () {
-    var i: int;
-    var n: int;
-
-    i := 0;
-    assume n > 0;
-    while (i < n)
-        invariant i <= n;
-    {
-        i := i+1;
-    }
-    assert i >= n;    
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example_no_inv.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example_no_inv.bpl
deleted file mode 100644
index 89c0efe..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_example_no_inv.bpl
+++ /dev/null
@@ -1,12 +0,0 @@
-procedure m () {
-    var i: int;
-    var n: int;
-
-    i := 0;
-    assume n > 0;
-    while (i < n)
-    {
-        i := i+1;
-    }
-    assert i >= n;    
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_else_branch.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_else_branch.bpl
deleted file mode 100644
index 1e502d8..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_else_branch.bpl
+++ /dev/null
@@ -1,21 +0,0 @@
-procedure while_in_if_true() {
-    var x: int;
-    var y: int;
-
-    havoc x;
-    havoc y;
-    if (x > 0)
-    {
-
-    }
-    else
-    {
-        x := x - 1;
-        while (y > 0)
-        {
-            y := y - 1;
-        }
-    }
-
-    assert x < 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_then_branch.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_then_branch.bpl
deleted file mode 100644
index a4b87f3..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/loop_in_then_branch.bpl
+++ /dev/null
@@ -1,17 +0,0 @@
-procedure while_in_if_true() {
-    var x: int;
-    var y: int;
-
-    havoc x;
-    havoc y;
-    if (x > 0)
-    {
-        x := x - 1;
-        while (y > 0)
-        {
-            y := y - 1;
-        }
-    }
-
-    assert x >= 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_if.bpl
deleted file mode 100644
index d4c19ba..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_if.bpl
+++ /dev/null
@@ -1,21 +0,0 @@
-procedure nested_if() 
-{
-    var n : int;
-    var m : int;
-
-    if(n > 0)
-    {
-        if(m > 0)
-        {
-            m := m+n;
-        }
-        else
-        {
-            m := n;
-        }
-    }
-    else
-    {
-        
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop.bpl
deleted file mode 100644
index 7bd1a73..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop.bpl
+++ /dev/null
@@ -1,36 +0,0 @@
-procedure nested_loop() {
-    var x : int;
-    var y : int;
-
-    ///// bigblock_0 , bigblock_1
-    ///// cont_0 = KSeq bigblock_6 cont_6
-    ///// cont_1 = KEndBlock (KSeq bigblock_6 cont_6)
-    x := 10;
-    y := 10;
-    while (x > 0)
-        invariant x >= 0;
-    {
-
-
-        ///////// bigblock_2, bigblock_3
-        ///////// cont_2 = KSeq bigblock_5 cont_5
-        ///////// cont_3 = KEndBlock (KSeq bigblock_5 cont_5)
-        while (y > 0)
-            invariant y >= 0;
-        {
-            ////// bigblock_4
-            ////// cont_4 = KSeq bigblock_3 cont_3 
-            y := y - 1;
-
-        }
-        ///// bigblock_5
-        ///// --> cont_5 = KSeq bigblock_1 cont_1
-        x := x - 1; 
-
-
-    }
-
-    //bigblock_6
-    //empty final big block --> cont_6 = KStop
-    
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop2.bpl
deleted file mode 100644
index e84f707..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop2.bpl
+++ /dev/null
@@ -1,28 +0,0 @@
-procedure nested_loop3() {
-    var x : int;
-    var y : int;
-    var z : int;
-
-    x := 10;
-    y := 10;
-    z := 10;
-    /////
-    while (z > 0)
-    {
-        /////
-        while (x > 0)
-            invariant x >= 0;
-        {
-            /////////
-            while (y > 0)
-                invariant y >= 0;
-            {
-                //////
-                z := z - 1;
-                y := y - 1;
-            }
-            /////
-            x := x - 1;
-        }
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop_while_true.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop_while_true.bpl
deleted file mode 100644
index 5b1c37d..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/nested_loop_while_true.bpl
+++ /dev/null
@@ -1,25 +0,0 @@
-procedure nested_loop2() {
-    var x : int;
-    var y : int;
-
-    x := 10;
-    y := 10;
-    /////
-    while (true)
-    {
-        /////
-        while (x > 0)
-            invariant x >= 0;
-        {
-            /////////
-            while (y > 0)
-                invariant y >= 0;
-            {
-                //////
-                y := y - 1;
-            }
-            /////
-            x := x - 1;
-        }
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_empty_branch_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_empty_branch_if.bpl
deleted file mode 100644
index 88f9a84..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_empty_branch_if.bpl
+++ /dev/null
@@ -1,13 +0,0 @@
-procedure no_guard_empty_branch_if() {
-    var x : int;
-
-    havoc x;
-    if(*)
-    {
-
-    }
-    else
-    {
-        x := 6;
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_if.bpl
deleted file mode 100644
index c66c20b..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_if.bpl
+++ /dev/null
@@ -1,14 +0,0 @@
-procedure no_guard_if() {
-    var x : int;
-
-    havoc x;
-    if(*)
-    {
-        x := 0;
-    }
-    else
-    {
-        x := 1;
-    }
-    
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop.bpl
deleted file mode 100644
index c213707..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop.bpl
+++ /dev/null
@@ -1,29 +0,0 @@
-procedure  M();
-
-implementation M()
-{
-    var x: int;
-    var y: int;
-    var z: int;
-
-    havoc x;
-    havoc y;
-    havoc z;
-
-    while (*)
-    {
-        while (y > 10)
-        {
-            x := x*10;
-        }
-
-        if(x-10 > 200)
-        {
-            y := z+7;
-        }
-
-        x := x + y + z;
-    }
-
-    z := z - 2;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop2.bpl
deleted file mode 100644
index 0de89b3..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop2.bpl
+++ /dev/null
@@ -1,27 +0,0 @@
-procedure  M();
-
-implementation M()
-{
-    var x: int;
-    var y: int;
-    var z: int;
-
-    havoc x;
-    havoc y;
-    havoc z;
-
-    while (*)
-    {
-        while (y > 10)
-        {
-            x := x*10;
-        }
-
-        if(x-10 > 200)
-        {
-            y := z+7;
-        }
-
-        x := x + y + z;
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop3.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop3.bpl
deleted file mode 100644
index 8ffcc28..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop3.bpl
+++ /dev/null
@@ -1,27 +0,0 @@
-procedure  M();
-
-implementation M()
-{
-    var x: int;
-    var y: int;
-    var z: int;
-
-    havoc x;
-    havoc y;
-    havoc z;
-
-    while (y > 10)
-    {
-        x := x*10;
-
-        while (*)
-        {
-            x := x + y + z;
-            
-            if(x-10 > 200)
-            {
-                y := z+7;
-            }
-        }
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop4.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop4.bpl
deleted file mode 100644
index 742e174..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_guard_loop4.bpl
+++ /dev/null
@@ -1,27 +0,0 @@
-procedure  M();
-
-implementation M()
-{
-    var x: int;
-    var y: int;
-    var z: int;
-
-    havoc x;
-    havoc y;
-    havoc z;
-
-    while (*)
-    {
-        x := x + y + z;
-        
-        while (y > 10)
-        {
-            x := x*10;
-        }
-
-        if(x-10 > 200)
-        {
-            y := z+7;
-        }
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_inv_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/no_inv_loop.bpl
deleted file mode 100644
index 95d69db..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/no_inv_loop.bpl
+++ /dev/null
@@ -1,9 +0,0 @@
-procedure no_inv_loop() {
-    var x : int;
-
-    havoc x;
-    while (x > 0)
-    {
-        x := x - 1;
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop.bpl
deleted file mode 100644
index a63b1f0..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop.bpl
+++ /dev/null
@@ -1,20 +0,0 @@
-procedure return_in_loop() {
-    var x: int;
-
-    havoc x;
-    while (x > 0)
-    {
-        x := x - 1;
-        return;
-    }
-
-    while (x < 0)
-        invariant x <= 0;
-    {
-        x := x + 1;
-        return;
-    }
-
-    x := 0;
-    assert x == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop2.bpl
deleted file mode 100644
index b66cf8e..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/return_in_loop2.bpl
+++ /dev/null
@@ -1,16 +0,0 @@
-procedure return_in_loop() {
-    var x: int;
-
-    x := 10;
-    while (x > 0)
-    {
-        if (x == 5)
-        {
-            assert x == 5;
-            return;
-        }
-        x := x - 1;
-    }
-
-    assert x != 5;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/simple_return_test.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/simple_return_test.bpl
deleted file mode 100644
index 3154efb..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/simple_return_test.bpl
+++ /dev/null
@@ -1,7 +0,0 @@
-procedure return_test() 
-{
-   var m : int;
-
-   m := 0;
-   return; 
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/start_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/start_loop.bpl
deleted file mode 100644
index 24f412b..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/start_loop.bpl
+++ /dev/null
@@ -1,8 +0,0 @@
-var t : int;
-procedure  start_loop()
-    modifies t;
-{
-   while(true) {
-    assume true;
-   } 
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/triangle_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/triangle_example.bpl
deleted file mode 100644
index ae1e8b9..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/triangle_example.bpl
+++ /dev/null
@@ -1,15 +0,0 @@
-procedure triangle(n: int) returns (t: int)
-    requires n >= 0;
-    ensures t == n*(n-1) div 2;
-{
-    var m : int;
-    m := 0;
-    t := 0;
-    while(m < n)
-        invariant t == (m*(m-1)) div 2;
-        invariant m <= n;
-        {
-            t := t + m;
-            m := m + 1;
-        }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assert_false.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assert_false.bpl
deleted file mode 100644
index 93081cb..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assert_false.bpl
+++ /dev/null
@@ -1,3 +0,0 @@
-procedure trivial_assert_false() {
-    assert false;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assume_false.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assume_false.bpl
deleted file mode 100644
index a1c5cd2..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_assume_false.bpl
+++ /dev/null
@@ -1,3 +0,0 @@
-procedure trivial_assume_false() {
-    assume false;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_example.bpl
deleted file mode 100644
index 2ff93d3..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen/trivial_example.bpl
+++ /dev/null
@@ -1,8 +0,0 @@
-function f(x: int) : bool;
-
-procedure p(x: int) {
-    var a : int;
-
-    assume f(a);
-    assert f(a);
-}
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if.bpl
deleted file mode 100644
index c558e50..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if.bpl
+++ /dev/null
@@ -1,9 +0,0 @@
-procedure assert_false_in_if() {
-    var x: int;
-
-    havoc x;
-    if (x != 8)
-    {
-        assert false;
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_2.bpl
deleted file mode 100644
index d5b5947..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_2.bpl
+++ /dev/null
@@ -1,12 +0,0 @@
-procedure assert_false_in_if_2() {
-    var x: int;
-
-    havoc x;
-    if (x != 8)
-    {
-        assert false;
-    }
-
-    x := 7;
-    assert x == 7;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_3.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_3.bpl
deleted file mode 100644
index 669e2f6..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assert_false_in_if_3.bpl
+++ /dev/null
@@ -1,12 +0,0 @@
-procedure assert_false_in_if_3() {
-    var x: int;
-
-    havoc x;
-    if (*)
-    {
-        assert false;
-    }
-
-    x := 7;
-    assert x == 7;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_assert_false.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_assert_false.bpl
deleted file mode 100644
index d5ca5c6..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_assert_false.bpl
+++ /dev/null
@@ -1,12 +0,0 @@
-procedure assume_false_assert_false() {
-    var x: int;
-
-    havoc x;
-    if (x > 0)
-    {
-        assume false;
-        x := x - 1;
-    }
-
-    assert false;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_in_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_in_if.bpl
deleted file mode 100644
index e123ebf..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/assume_false_in_if.bpl
+++ /dev/null
@@ -1,9 +0,0 @@
-procedure assume_false_in_if() {
-    var x: int;
-
-    havoc x;
-    if (x != 8)
-    {
-        assume false;
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/complete_bigblock_loop_in_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/complete_bigblock_loop_in_loop.bpl
deleted file mode 100644
index 8f64c6e..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/complete_bigblock_loop_in_loop.bpl
+++ /dev/null
@@ -1,17 +0,0 @@
-procedure while_succ_in_while() {
-    var x: int;
-    var y: int;
-
-    havoc x;
-    havoc y;
-    while (x > 0)
-    {
-        x := x - 1;
-        while (y > 0)
-        {
-            y := y - 1;
-        }
-    }
-
-    assert x == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_ifs.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_ifs.bpl
deleted file mode 100644
index 8293604..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_ifs.bpl
+++ /dev/null
@@ -1,22 +0,0 @@
-procedure consecutive_ifs() {
-    var x : int;
-
-    havoc x;
-    if (x > 0)
-    {
-        x := 5;
-    }
-    else
-    {
-        
-    }
-
-    if (*)
-    {
-        x := 1;
-    } 
-    else
-    {
-        x := -1;
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops.bpl
deleted file mode 100644
index 6996aa4..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops.bpl
+++ /dev/null
@@ -1,18 +0,0 @@
-procedure consecutive_loops() {
-    var x: int;
-
-    havoc x;
-    while (x > 0)
-    {
-        x := x - 1;
-    }
-
-    while (x < 0)
-        invariant x <= 0;
-    {
-        x := x + 1;
-    }
-
-
-    assert x == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop.bpl
deleted file mode 100644
index e612b51..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop.bpl
+++ /dev/null
@@ -1,25 +0,0 @@
-procedure consecutive_loops_in_loop() {
-    var x: int;
-    var y: int;
-
-    havoc y;
-    havoc x;
-
-    while (y > 0)
-    {
-        while (x > 1)
-        {
-            x := x - 1;
-        }
-
-        while (x < 1)
-            invariant x <= 1;
-        {
-            x := x + 1;
-        }
-
-        assert x == 1;
-        y := y - x;
-    }
-    assert y == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop_2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop_2.bpl
deleted file mode 100644
index 9f927a0..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/consecutive_loops_in_loop_2.bpl
+++ /dev/null
@@ -1,26 +0,0 @@
-procedure consecutive_loops_in_loop_2() {
-    var x: int;
-    var y: int;
-
-    havoc y;
-    havoc x;
-
-    while (y > 0)
-    {
-        x := y - 1;
-        while (x > 1)
-        {
-            x := x - 1;
-        }
-
-        while (x < 1)
-            invariant x <= 1;
-        {
-            x := x + 1;
-        }
-
-        assert x == 1;
-        y := y - x;
-    }
-    assert y == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_branch_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_branch_if.bpl
deleted file mode 100644
index 3f61074..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_branch_if.bpl
+++ /dev/null
@@ -1,14 +0,0 @@
-procedure empty_branch_if() {
-    var x : int;
-
-    havoc x;
-    if(x > 5)
-    {
-
-    }
-    else
-    {
-        x := 6;
-    }
-    assert x > 5;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_generic_block.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_generic_block.bpl
deleted file mode 100644
index a0542b6..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_generic_block.bpl
+++ /dev/null
@@ -1,11 +0,0 @@
-procedure empty_generic_block() {
-    var x : int;
-
-    x := 0;
-
-    label1:
-
-    label2:
-
-    assert x == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_loop.bpl
deleted file mode 100644
index ce89c5a..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/empty_loop.bpl
+++ /dev/null
@@ -1,8 +0,0 @@
-procedure p() {
-    var x: int;
-
-    x := 0;
-    while (x > 0)
-        invariant x >= 0; {}
-    assert x == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/globals.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/globals.bpl
deleted file mode 100644
index be7ee48..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/globals.bpl
+++ /dev/null
@@ -1,13 +0,0 @@
-var a : int;
-var b : bool;
-
-function f(a : int) : bool;
-function g(b : bool) : bool;
-
-procedure p(x : int) {
-    assume f(a);
-    assume g(b);
-
-    assert f(a);
-    assert g(b); 
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example.bpl
deleted file mode 100644
index 66ef53c..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example.bpl
+++ /dev/null
@@ -1,20 +0,0 @@
-procedure if_example_test_2() {
-    var x: int;
-    
-    havoc x; // ---> [Havoc x] --- block 0
-
-//-------------------------------------------------------
-
-    if (x > 5)
-    {
-        x := 10; // ---> [Assume x > 5; x := 10] --- block 3
-    }
-    else
-    {
-        x := 1; // ---> [Assume 5 >= x; x := 1] --- block 1
-    }
-
-//#######################################################
-
-    assert x > 0; // ---> [Assert x > 0] --- block 2
-}
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example_no_else_branch.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example_no_else_branch.bpl
deleted file mode 100644
index b6638f0..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_example_no_else_branch.bpl
+++ /dev/null
@@ -1,17 +0,0 @@
-procedure if_example_no_else_branch() {
-    var x: int;
-    
-    havoc x; 
-
-    if (x > 5)
-    {
-        x := 10; 
-    }
-
-    if (x <= 5)
-    {
-        x := 1;
-    }
-
-    assert x > 0; 
-}
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_inside_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_inside_loop.bpl
deleted file mode 100644
index 639fbb8..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/if_inside_loop.bpl
+++ /dev/null
@@ -1,20 +0,0 @@
-procedure if_inside_while() {
-    var x: int;
-    var y: int;
-
-    havoc x;
-    while (x > 0)
-    {
-        x := x - 1;
-        if (x > 1)
-        {
-            y := 10;
-        }
-        else
-        {
-            y := 20;
-        }
-    }
-
-    assert x == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example.bpl
deleted file mode 100644
index 1ba91a6..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example.bpl
+++ /dev/null
@@ -1,13 +0,0 @@
-procedure m () {
-    var i: int;
-    var n: int;
-
-    i := 0;
-    assume n > 0;
-    while (i < n)
-        invariant i <= n;
-    {
-        i := i+1;
-    }
-    assert i >= n;    
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example_no_inv.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example_no_inv.bpl
deleted file mode 100644
index 89c0efe..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_example_no_inv.bpl
+++ /dev/null
@@ -1,12 +0,0 @@
-procedure m () {
-    var i: int;
-    var n: int;
-
-    i := 0;
-    assume n > 0;
-    while (i < n)
-    {
-        i := i+1;
-    }
-    assert i >= n;    
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_else_branch.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_else_branch.bpl
deleted file mode 100644
index 1e502d8..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_else_branch.bpl
+++ /dev/null
@@ -1,21 +0,0 @@
-procedure while_in_if_true() {
-    var x: int;
-    var y: int;
-
-    havoc x;
-    havoc y;
-    if (x > 0)
-    {
-
-    }
-    else
-    {
-        x := x - 1;
-        while (y > 0)
-        {
-            y := y - 1;
-        }
-    }
-
-    assert x < 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_then_branch.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_then_branch.bpl
deleted file mode 100644
index a4b87f3..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/loop_in_then_branch.bpl
+++ /dev/null
@@ -1,17 +0,0 @@
-procedure while_in_if_true() {
-    var x: int;
-    var y: int;
-
-    havoc x;
-    havoc y;
-    if (x > 0)
-    {
-        x := x - 1;
-        while (y > 0)
-        {
-            y := y - 1;
-        }
-    }
-
-    assert x >= 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_if.bpl
deleted file mode 100644
index d4c19ba..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_if.bpl
+++ /dev/null
@@ -1,21 +0,0 @@
-procedure nested_if() 
-{
-    var n : int;
-    var m : int;
-
-    if(n > 0)
-    {
-        if(m > 0)
-        {
-            m := m+n;
-        }
-        else
-        {
-            m := n;
-        }
-    }
-    else
-    {
-        
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop.bpl
deleted file mode 100644
index 7bd1a73..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop.bpl
+++ /dev/null
@@ -1,36 +0,0 @@
-procedure nested_loop() {
-    var x : int;
-    var y : int;
-
-    ///// bigblock_0 , bigblock_1
-    ///// cont_0 = KSeq bigblock_6 cont_6
-    ///// cont_1 = KEndBlock (KSeq bigblock_6 cont_6)
-    x := 10;
-    y := 10;
-    while (x > 0)
-        invariant x >= 0;
-    {
-
-
-        ///////// bigblock_2, bigblock_3
-        ///////// cont_2 = KSeq bigblock_5 cont_5
-        ///////// cont_3 = KEndBlock (KSeq bigblock_5 cont_5)
-        while (y > 0)
-            invariant y >= 0;
-        {
-            ////// bigblock_4
-            ////// cont_4 = KSeq bigblock_3 cont_3 
-            y := y - 1;
-
-        }
-        ///// bigblock_5
-        ///// --> cont_5 = KSeq bigblock_1 cont_1
-        x := x - 1; 
-
-
-    }
-
-    //bigblock_6
-    //empty final big block --> cont_6 = KStop
-    
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop2.bpl
deleted file mode 100644
index e84f707..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop2.bpl
+++ /dev/null
@@ -1,28 +0,0 @@
-procedure nested_loop3() {
-    var x : int;
-    var y : int;
-    var z : int;
-
-    x := 10;
-    y := 10;
-    z := 10;
-    /////
-    while (z > 0)
-    {
-        /////
-        while (x > 0)
-            invariant x >= 0;
-        {
-            /////////
-            while (y > 0)
-                invariant y >= 0;
-            {
-                //////
-                z := z - 1;
-                y := y - 1;
-            }
-            /////
-            x := x - 1;
-        }
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop_while_true.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop_while_true.bpl
deleted file mode 100644
index 5b1c37d..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/nested_loop_while_true.bpl
+++ /dev/null
@@ -1,25 +0,0 @@
-procedure nested_loop2() {
-    var x : int;
-    var y : int;
-
-    x := 10;
-    y := 10;
-    /////
-    while (true)
-    {
-        /////
-        while (x > 0)
-            invariant x >= 0;
-        {
-            /////////
-            while (y > 0)
-                invariant y >= 0;
-            {
-                //////
-                y := y - 1;
-            }
-            /////
-            x := x - 1;
-        }
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_empty_branch_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_empty_branch_if.bpl
deleted file mode 100644
index 88f9a84..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_empty_branch_if.bpl
+++ /dev/null
@@ -1,13 +0,0 @@
-procedure no_guard_empty_branch_if() {
-    var x : int;
-
-    havoc x;
-    if(*)
-    {
-
-    }
-    else
-    {
-        x := 6;
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_if.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_if.bpl
deleted file mode 100644
index c66c20b..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_if.bpl
+++ /dev/null
@@ -1,14 +0,0 @@
-procedure no_guard_if() {
-    var x : int;
-
-    havoc x;
-    if(*)
-    {
-        x := 0;
-    }
-    else
-    {
-        x := 1;
-    }
-    
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop.bpl
deleted file mode 100644
index c213707..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop.bpl
+++ /dev/null
@@ -1,29 +0,0 @@
-procedure  M();
-
-implementation M()
-{
-    var x: int;
-    var y: int;
-    var z: int;
-
-    havoc x;
-    havoc y;
-    havoc z;
-
-    while (*)
-    {
-        while (y > 10)
-        {
-            x := x*10;
-        }
-
-        if(x-10 > 200)
-        {
-            y := z+7;
-        }
-
-        x := x + y + z;
-    }
-
-    z := z - 2;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop2.bpl
deleted file mode 100644
index 0de89b3..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop2.bpl
+++ /dev/null
@@ -1,27 +0,0 @@
-procedure  M();
-
-implementation M()
-{
-    var x: int;
-    var y: int;
-    var z: int;
-
-    havoc x;
-    havoc y;
-    havoc z;
-
-    while (*)
-    {
-        while (y > 10)
-        {
-            x := x*10;
-        }
-
-        if(x-10 > 200)
-        {
-            y := z+7;
-        }
-
-        x := x + y + z;
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop3.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop3.bpl
deleted file mode 100644
index 8ffcc28..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop3.bpl
+++ /dev/null
@@ -1,27 +0,0 @@
-procedure  M();
-
-implementation M()
-{
-    var x: int;
-    var y: int;
-    var z: int;
-
-    havoc x;
-    havoc y;
-    havoc z;
-
-    while (y > 10)
-    {
-        x := x*10;
-
-        while (*)
-        {
-            x := x + y + z;
-            
-            if(x-10 > 200)
-            {
-                y := z+7;
-            }
-        }
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop4.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop4.bpl
deleted file mode 100644
index 742e174..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_guard_loop4.bpl
+++ /dev/null
@@ -1,27 +0,0 @@
-procedure  M();
-
-implementation M()
-{
-    var x: int;
-    var y: int;
-    var z: int;
-
-    havoc x;
-    havoc y;
-    havoc z;
-
-    while (*)
-    {
-        x := x + y + z;
-        
-        while (y > 10)
-        {
-            x := x*10;
-        }
-
-        if(x-10 > 200)
-        {
-            y := z+7;
-        }
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_inv_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_inv_loop.bpl
deleted file mode 100644
index 95d69db..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/no_inv_loop.bpl
+++ /dev/null
@@ -1,9 +0,0 @@
-procedure no_inv_loop() {
-    var x : int;
-
-    havoc x;
-    while (x > 0)
-    {
-        x := x - 1;
-    }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop.bpl
deleted file mode 100644
index a63b1f0..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop.bpl
+++ /dev/null
@@ -1,20 +0,0 @@
-procedure return_in_loop() {
-    var x: int;
-
-    havoc x;
-    while (x > 0)
-    {
-        x := x - 1;
-        return;
-    }
-
-    while (x < 0)
-        invariant x <= 0;
-    {
-        x := x + 1;
-        return;
-    }
-
-    x := 0;
-    assert x == 0;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop2.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop2.bpl
deleted file mode 100644
index b66cf8e..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/return_in_loop2.bpl
+++ /dev/null
@@ -1,16 +0,0 @@
-procedure return_in_loop() {
-    var x: int;
-
-    x := 10;
-    while (x > 0)
-    {
-        if (x == 5)
-        {
-            assert x == 5;
-            return;
-        }
-        x := x - 1;
-    }
-
-    assert x != 5;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/simple_return_test.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/simple_return_test.bpl
deleted file mode 100644
index 3154efb..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/simple_return_test.bpl
+++ /dev/null
@@ -1,7 +0,0 @@
-procedure return_test() 
-{
-   var m : int;
-
-   m := 0;
-   return; 
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/start_loop.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/start_loop.bpl
deleted file mode 100644
index 24f412b..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/start_loop.bpl
+++ /dev/null
@@ -1,8 +0,0 @@
-var t : int;
-procedure  start_loop()
-    modifies t;
-{
-   while(true) {
-    assume true;
-   } 
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/triangle_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/triangle_example.bpl
deleted file mode 100644
index ae1e8b9..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/triangle_example.bpl
+++ /dev/null
@@ -1,15 +0,0 @@
-procedure triangle(n: int) returns (t: int)
-    requires n >= 0;
-    ensures t == n*(n-1) div 2;
-{
-    var m : int;
-    m := 0;
-    t := 0;
-    while(m < n)
-        invariant t == (m*(m-1)) div 2;
-        invariant m <= n;
-        {
-            t := t + m;
-            m := m + 1;
-        }
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assert_false.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assert_false.bpl
deleted file mode 100644
index 93081cb..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assert_false.bpl
+++ /dev/null
@@ -1,3 +0,0 @@
-procedure trivial_assert_false() {
-    assert false;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assume_false.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assume_false.bpl
deleted file mode 100644
index a1c5cd2..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_assume_false.bpl
+++ /dev/null
@@ -1,3 +0,0 @@
-procedure trivial_assume_false() {
-    assume false;
-}
\ No newline at end of file
diff --git a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_example.bpl b/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_example.bpl
deleted file mode 100644
index 2ff93d3..0000000
--- a/boogie_examples/covered_by_AST_to_CFG_proofgen_clone/trivial_example.bpl
+++ /dev/null
@@ -1,8 +0,0 @@
-function f(x: int) : bool;
-
-procedure p(x: int) {
-    var a : int;
-
-    assume f(a);
-    assert f(a);
-}
diff --git a/boogie_examples/other/break_example.bpl b/boogie_examples/other/break_example.bpl
deleted file mode 100644
index 826b554..0000000
--- a/boogie_examples/other/break_example.bpl
+++ /dev/null
@@ -1,16 +0,0 @@
-procedure p() {
-    var y : int;
-
-    y := 0;
-    while (true)
-        invariant true;
-    {
-        y := y + 1;
-	if(y > 1)
-	{
-            break;
-	}
-    }
-
-    assert y >= 0;
-}
diff --git a/boogie_examples/other/goto_example.bpl b/boogie_examples/other/goto_example.bpl
deleted file mode 100644
index 1859e43..0000000
--- a/boogie_examples/other/goto_example.bpl
+++ /dev/null
@@ -1,11 +0,0 @@
-procedure q() {
-    var x : int;
-
-    x := 0;
-    goto label1;
-
-    x := 2;
-
-label1:
-    assert x == 0;
-}
diff --git a/boogie_examples/other/if_example_CFG.bpl b/boogie_examples/other/if_example_CFG.bpl
deleted file mode 100644
index 96d46e5..0000000
--- a/boogie_examples/other/if_example_CFG.bpl
+++ /dev/null
@@ -1,23 +0,0 @@
-implementation p()
-{
-  var x: int;
-
-
-  anon0:
-    havoc x;
-    goto anon4_Then, anon4_Else;
-
-  anon4_Else:
-    assume {:partition} 5 >= x;
-    x := 1;
-    goto anon3;
-
-  anon3:
-    assert x > 0;
-    return;
-
-  anon4_Then:
-    assume {:partition} x > 5;
-    x := 10;
-    goto anon3;
-}
diff --git a/boogie_examples/other/if_example_duplicate.bpl b/boogie_examples/other/if_example_duplicate.bpl
deleted file mode 100644
index 66ef53c..0000000
--- a/boogie_examples/other/if_example_duplicate.bpl
+++ /dev/null
@@ -1,20 +0,0 @@
-procedure if_example_test_2() {
-    var x: int;
-    
-    havoc x; // ---> [Havoc x] --- block 0
-
-//-------------------------------------------------------
-
-    if (x > 5)
-    {
-        x := 10; // ---> [Assume x > 5; x := 10] --- block 3
-    }
-    else
-    {
-        x := 1; // ---> [Assume 5 >= x; x := 1] --- block 1
-    }
-
-//#######################################################
-
-    assert x > 0; // ---> [Assert x > 0] --- block 2
-}
diff --git a/boogie_examples/other/labeled_break.bpl b/boogie_examples/other/labeled_break.bpl
deleted file mode 100644
index cc7ab90..0000000
--- a/boogie_examples/other/labeled_break.bpl
+++ /dev/null
@@ -1,32 +0,0 @@
-procedure p() {
-    var x : int;
-    var y : int;
-    var n : int;
-
-    x := 0;
-    y := 0;
-    assume n > 0;
-
- ////////////////////////   
-    
-    outer_label:
-
-    while (x > 0) 
-    {
-        /////////////
-        while (y > 0)
-        {
-            //////////
-            y := y+1;
-            break outer_label;
-            //////////
-        }
-        //////////////
-        x := x+1;
-        //////////////
-    }
-
-//////////////////////    
-
-    return;
-}
\ No newline at end of file
diff --git a/boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_2.bpl b/boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_2.bpl
deleted file mode 100644
index d5b5947..0000000
--- a/boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_2.bpl
+++ /dev/null
@@ -1,12 +0,0 @@
-procedure assert_false_in_if_2() {
-    var x: int;
-
-    havoc x;
-    if (x != 8)
-    {
-        assert false;
-    }
-
-    x := 7;
-    assert x == 7;
-}
\ No newline at end of file
diff --git a/boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_3.bpl b/boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_3.bpl
deleted file mode 100644
index 669e2f6..0000000
--- a/boogie_examples/proofgen_depends_on_pruning/assert_false_in_if_3.bpl
+++ /dev/null
@@ -1,12 +0,0 @@
-procedure assert_false_in_if_3() {
-    var x: int;
-
-    havoc x;
-    if (*)
-    {
-        assert false;
-    }
-
-    x := 7;
-    assert x == 7;
-}
\ No newline at end of file
diff --git a/boogie_examples/proofgen_depends_on_pruning/assume_false_assert_false.bpl b/boogie_examples/proofgen_depends_on_pruning/assume_false_assert_false.bpl
deleted file mode 100644
index d5ca5c6..0000000
--- a/boogie_examples/proofgen_depends_on_pruning/assume_false_assert_false.bpl
+++ /dev/null
@@ -1,12 +0,0 @@
-procedure assume_false_assert_false() {
-    var x: int;
-
-    havoc x;
-    if (x > 0)
-    {
-        assume false;
-        x := x - 1;
-    }
-
-    assert false;
-}
\ No newline at end of file
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/20220720_112439_timing_certificates.csv b/boogie_examples/simple_examples_no_optimization_proofs/20220720_112439_timing_certificates.csv
deleted file mode 100644
index cabece3..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/20220720_112439_timing_certificates.csv
+++ /dev/null
@@ -1,41 +0,0 @@
-File,Mean,Median,Pstdev.
-simple_examples_no_optimization_proofs_2/loop_in_else_branch_proofs/ROOT,16.529927492141724,16.529927492141724,0.0
-simple_examples_no_optimization_proofs_2/return_in_loop2_proofs/ROOT,20.6615948677063,20.6615948677063,0.0
-simple_examples_no_optimization_proofs_2/empty_generic_block_proofs/ROOT,17.638909101486206,17.638909101486206,0.0
-simple_examples_no_optimization_proofs_2/if_example_no_else_branch_proofs/ROOT,16.70071840286255,16.70071840286255,0.0
-simple_examples_no_optimization_proofs_2/empty_loop_proofs/ROOT,18.356985569000244,18.356985569000244,0.0
-simple_examples_no_optimization_proofs_2/simple_return_test_proofs/ROOT,15.760504722595215,15.760504722595215,0.0
-simple_examples_no_optimization_proofs_2/no_guard_loop4_proofs/ROOT,22.520811319351196,22.520811319351196,0.0
-simple_examples_no_optimization_proofs_2/nested_loop_while_true_proofs/ROOT,21.14844298362732,21.14844298362732,0.0
-simple_examples_no_optimization_proofs_2/triangle_example_proofs/ROOT,18.182694673538208,18.182694673538208,0.0
-simple_examples_no_optimization_proofs_2/consecutive_loops_in_loop_2_proofs/ROOT,22.464988946914673,22.464988946914673,0.0
-simple_examples_no_optimization_proofs_2/assert_false_in_if_3_proofs/ROOT,16.334786653518677,16.334786653518677,0.0
-simple_examples_no_optimization_proofs_2/no_guard_loop_proofs/ROOT,24.018352031707764,24.018352031707764,0.0
-simple_examples_no_optimization_proofs_2/assume_false_assert_false_proofs/ROOT,16.269209146499634,16.269209146499634,0.0
-simple_examples_no_optimization_proofs_2/consecutive_loops_proofs/ROOT,21.778433084487915,21.778433084487915,0.0
-simple_examples_no_optimization_proofs_2/if_inside_loop_proofs/ROOT,20.71945309638977,20.71945309638977,0.0
-simple_examples_no_optimization_proofs_2/start_loop_proofs/ROOT,20.882461547851562,20.882461547851562,0.0
-simple_examples_no_optimization_proofs_2/loop_example_no_inv_proofs/ROOT,17.588947772979736,17.588947772979736,0.0
-simple_examples_no_optimization_proofs_2/return_in_loop_proofs/ROOT,18.51476764678955,18.51476764678955,0.0
-simple_examples_no_optimization_proofs_2/trivial_assume_false_proofs/ROOT,14.143598794937134,14.143598794937134,0.0
-simple_examples_no_optimization_proofs_2/assume_false_in_if_proofs/ROOT,15.7973051071167,15.7973051071167,0.0
-simple_examples_no_optimization_proofs_2/assert_false_in_if_proofs/ROOT,15.551785707473755,15.551785707473755,0.0
-simple_examples_no_optimization_proofs_2/no_guard_if_proofs/ROOT,15.046565055847168,15.046565055847168,0.0
-simple_examples_no_optimization_proofs_2/no_inv_loop_proofs/ROOT,17.20460557937622,17.20460557937622,0.0
-simple_examples_no_optimization_proofs_2/consecutive_loops_in_loop_proofs/ROOT,21.2952823638916,21.2952823638916,0.0
-simple_examples_no_optimization_proofs_2/nested_loop_proofs/ROOT,20.862541913986206,20.862541913986206,0.0
-simple_examples_no_optimization_proofs_2/consecutive_ifs_proofs/ROOT,15.956636667251587,15.956636667251587,0.0
-simple_examples_no_optimization_proofs_2/loop_in_then_branch_proofs/ROOT,18.217901945114136,18.217901945114136,0.0
-simple_examples_no_optimization_proofs_2/assert_false_in_if_2_proofs/ROOT,15.341740846633911,15.341740846633911,0.0
-simple_examples_no_optimization_proofs_2/globals_proofs/ROOT,20.984867572784424,20.984867572784424,0.0
-simple_examples_no_optimization_proofs_2/if_example_proofs/ROOT,16.11746120452881,16.11746120452881,0.0
-simple_examples_no_optimization_proofs_2/no_guard_empty_branch_if_proofs/ROOT,16.002037286758423,16.002037286758423,0.0
-simple_examples_no_optimization_proofs_2/no_guard_loop2_proofs/ROOT,22.825337171554565,22.825337171554565,0.0
-simple_examples_no_optimization_proofs_2/nested_loop2_proofs/ROOT,21.991888523101807,21.991888523101807,0.0
-simple_examples_no_optimization_proofs_2/trivial_assert_false_proofs/ROOT,15.958161354064941,15.958161354064941,0.0
-simple_examples_no_optimization_proofs_2/loop_example_proofs/ROOT,19.151580333709717,19.151580333709717,0.0
-simple_examples_no_optimization_proofs_2/nested_if_proofs/ROOT,15.94367241859436,15.94367241859436,0.0
-simple_examples_no_optimization_proofs_2/complete_bigblock_loop_in_loop_proofs/ROOT,20.320770740509033,20.320770740509033,0.0
-simple_examples_no_optimization_proofs_2/no_guard_loop3_proofs/ROOT,22.385133504867554,22.385133504867554,0.0
-simple_examples_no_optimization_proofs_2/trivial_example_proofs/ROOT,15.298888921737671,15.298888921737671,0.0
-simple_examples_no_optimization_proofs_2/empty_branch_if_proofs/ROOT,16.03464651107788,16.03464651107788,0.0
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/ROOT
deleted file mode 100644
index de4142c..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session assert_false_in_if_2_proofs = Boogie_Lang + 
-directories assert_false_in_if_2_proofs
-theories
-global_data
-"assert_false_in_if_2_proofs/assert_false_in_if_2_before_passive_prog"
-"assert_false_in_if_2_proofs/assert_false_in_if_2_passification_proof"
-"assert_false_in_if_2_proofs/assert_false_in_if_2_asttocfg_proof"
-"assert_false_in_if_2_proofs/assert_false_in_if_2_before_ast_to_cfg_prog"
-"assert_false_in_if_2_proofs/assert_false_in_if_2_cfgtodag_proof"
-"assert_false_in_if_2_proofs/assert_false_in_if_2_before_cfg_to_dag_prog"
-"assert_false_in_if_2_proofs/assert_false_in_if_2_vcphase_proof"
-"assert_false_in_if_2_proofs/assert_false_in_if_2_passive_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_asttocfg_proof.thy
deleted file mode 100644
index 9e70f48..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_asttocfg_proof.thy
+++ /dev/null
@@ -1,335 +0,0 @@
-theory assert_false_in_if_2_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assert_false_in_if_2_before_ast_to_cfg_prog assert_false_in_if_2_before_cfg_to_dag_prog assert_false_in_if_2_cfgtodag_proof assert_false_in_if_2_passification_proof assert_false_in_if_2_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A assert_false_in_if_2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3_def assert_false_in_if_2_before_cfg_to_dag_prog.block_3_def)
-apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_3_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_3_def assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3_def)+)
-done
-
-
-lemma global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_2_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-apply (rule cont_3_def)
-apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_3)
-apply (rule disjI1)
-apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.block_3_def)
-apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_3)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.node_3)
-apply (rule rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_3)
-apply assumption+
-
-done
-qed
-
-lemma global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_2_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_2_def)
-
-apply (rule astTrace)
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_neq)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.node_2)
-
-
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
-unfolding assert_false_in_if_2_before_cfg_to_dag_prog.block_1_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_1_def)
-apply ((simp add: assms(3) assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1_def)+)
-done
-
-
-lemma global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_2_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1_def)
-apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_1)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.block_1_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_1_def)
-apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.node_1)
-apply (rule rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_1)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0_def assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_2_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0 _ assert_false_in_if_2_before_cfg_to_dag_prog.block_0])
-apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: assert_false_in_if_2_before_cfg_to_dag_prog.node_0)
-apply (rule rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 2])+)
-apply ((simp add: assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_0_def assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assert_false_in_if_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assert_false_in_if_2_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assert_false_in_if_2_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_assert_false_in_if_2_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.pres_def assert_false_in_if_2_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.pres_def assert_false_in_if_2_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (assert_false_in_if_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) assert_false_in_if_2_before_ast_to_cfg_prog.fdecls assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.axioms assert_false_in_if_2_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 assert_false_in_if_2_before_ast_to_cfg_prog.ast_proc_def assert_false_in_if_2_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 3a6dc77..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,123 +0,0 @@
-theory assert_false_in_if_2_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Neq (Lit (LInt 8)))) [(BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [(Assign 0 (Lit (LInt 7))),(Assert (BinOp (Var 0) Eq (Lit (LInt 7))))] (None ) (None ))"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KSeq bigblock_3 cont_3)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assert_false_in_if_2_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec assert_false_in_if_2_before_ast_to_cfg_prog.post),proc_body = (Some (assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls,assert_false_in_if_2_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_cfg_to_dag_prog.thy
deleted file mode 100644
index f0a26a2..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,149 +0,0 @@
-theory assert_false_in_if_2_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 8)))),(Assert (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 8))))]"
-definition block_3
-  where
-    "block_3  = [(Assign 0 (Lit (LInt 7))),(Assert (BinOp (Var 0) Eq (Lit (LInt 7))))]"
-definition outEdges
-  where
-    "outEdges  = [[1,2],[3],[3],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls_def assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_2_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = assert_false_in_if_2_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assert_false_in_if_2_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec assert_false_in_if_2_before_cfg_to_dag_prog.post),proc_body = (Some (assert_false_in_if_2_before_cfg_to_dag_prog.locals_vdecls,assert_false_in_if_2_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_passive_prog.thy
deleted file mode 100644
index dc574a3..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory assert_false_in_if_2_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_2_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 7))),(Assert (BinOp (Var 0) Eq (Lit (LInt 7))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 8)))),(Assert (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 8))))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_cfgtodag_proof.thy
deleted file mode 100644
index 0cec8c7..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_cfgtodag_proof.thy
+++ /dev/null
@@ -1,284 +0,0 @@
-theory assert_false_in_if_2_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assert_false_in_if_2_before_ast_to_cfg_prog assert_false_in_if_2_before_cfg_to_dag_prog assert_false_in_if_2_before_passive_prog assert_false_in_if_2_passification_proof assert_false_in_if_2_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A assert_false_in_if_2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_2_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assert_false_in_if_2_before_cfg_to_dag_prog.block_3_def assert_false_in_if_2_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_3)
-apply (rule assert_false_in_if_2_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.post_def
-apply (rule block_anon3)
-apply assumption+
-by (rule assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_3)
-
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_2_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assert_false_in_if_2_before_cfg_to_dag_prog.block_1_def assert_false_in_if_2_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_1)
-apply (rule assert_false_in_if_2_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon4_Then)
-apply (assumption+)
-apply ((simp add:assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:assert_false_in_if_2_before_passive_prog.outEdges_1))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_2_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assert_false_in_if_2_before_cfg_to_dag_prog.block_2_def assert_false_in_if_2_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_2)
-apply (rule assert_false_in_if_2_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon4_Else)
-apply (assumption+)
-apply ((simp add:assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:assert_false_in_if_2_before_passive_prog.outEdges_2))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_2_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assert_false_in_if_2_before_cfg_to_dag_prog.block_0_def assert_false_in_if_2_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule assert_false_in_if_2_before_cfg_to_dag_prog.node_0)
-apply (rule assert_false_in_if_2_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:assert_false_in_if_2_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:assert_false_in_if_2_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:assert_false_in_if_2_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:assert_false_in_if_2_before_passive_prog.outEdges_4))
-by ((simp add:assert_false_in_if_2_before_passive_prog.node_4 assert_false_in_if_2_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assert_false_in_if_2_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule assert_false_in_if_2_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding assert_false_in_if_2_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=assert_false_in_if_2_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule assert_false_in_if_2_before_passive_prog.outEdges_5)
-apply ((simp add:assert_false_in_if_2_before_passive_prog.node_4 assert_false_in_if_2_before_passive_prog.block_4_def))
-apply (rule assert_false_in_if_2_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assert_false_in_if_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assert_false_in_if_2_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assert_false_in_if_2_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] assert_false_in_if_2_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule assert_false_in_if_2_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passification_proof.thy
deleted file mode 100644
index 61a3026..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passification_proof.thy
+++ /dev/null
@@ -1,258 +0,0 @@
-theory assert_false_in_if_2_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_2_before_ast_to_cfg_prog assert_false_in_if_2_passive_prog Boogie_Lang.PassificationML assert_false_in_if_2_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 7)))]) R_old assert_false_in_if_2_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_2_before_passive_prog.block_0_def assert_false_in_if_2_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_2_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_2_before_passive_prog.block_1_def assert_false_in_if_2_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_2_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_2_before_passive_prog.block_2_def assert_false_in_if_2_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old assert_false_in_if_2_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_2_before_passive_prog.block_3_def assert_false_in_if_2_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:assert_false_in_if_2_before_ast_to_cfg_prog.l_x(2) assert_false_in_if_2_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_2_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_2_before_passive_prog.block_4_def assert_false_in_if_2_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_2_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_2_before_passive_prog.block_5_def assert_false_in_if_2_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_2_before_passive_prog.node_0},@{thm assert_false_in_if_2_before_passive_prog.outEdges_0}) (@{thm assert_false_in_if_2_passive_prog.node_0},@{thm assert_false_in_if_2_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assert_false_in_if_2_before_passive_prog.node_1},@{thm assert_false_in_if_2_before_passive_prog.outEdges_1}) (@{thm assert_false_in_if_2_passive_prog.node_1},@{thm assert_false_in_if_2_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assert_false_in_if_2_before_passive_prog.node_2},@{thm assert_false_in_if_2_before_passive_prog.outEdges_2}) (@{thm assert_false_in_if_2_passive_prog.node_2},@{thm assert_false_in_if_2_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_2_before_passive_prog.node_3},@{thm assert_false_in_if_2_before_passive_prog.outEdges_3}) (@{thm assert_false_in_if_2_passive_prog.node_3},@{thm assert_false_in_if_2_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon4_Then}, 
-@{thm cfg_block_anon4_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_2_before_passive_prog.node_4},@{thm assert_false_in_if_2_before_passive_prog.outEdges_4}) (@{thm assert_false_in_if_2_passive_prog.node_4},@{thm assert_false_in_if_2_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_2_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_2_before_passive_prog.node_5},@{thm assert_false_in_if_2_before_passive_prog.outEdges_5}) (@{thm assert_false_in_if_2_passive_prog.node_5},@{thm assert_false_in_if_2_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_2_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assert_false_in_if_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls ns assert_false_in_if_2_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv assert_false_in_if_2_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding assert_false_in_if_2_passive_prog.params_vdecls_def assert_false_in_if_2_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using assert_false_in_if_2_before_passive_prog.globals_locals_disj apply auto[1]
-using assert_false_in_if_2_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] assert_false_in_if_2_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range assert_false_in_if_2_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] assert_false_in_if_2_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from assert_false_in_if_2_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passive_prog.thy
deleted file mode 100644
index d1b70c3..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_passive_prog.thy
+++ /dev/null
@@ -1,119 +0,0 @@
-theory assert_false_in_if_2_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_2_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Lit (LInt 7)) Eq (Lit (LInt 7))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Neq (Lit (LInt 8)))),(Assert (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Eq (Lit (LInt 8))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assert_false_in_if_2_passive_prog.params_vdecls_def assert_false_in_if_2_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)))) = {})"
-unfolding assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_vcphase_proof.thy
deleted file mode 100644
index aaf62c3..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_proofs/assert_false_in_if_2_vcphase_proof.thy
+++ /dev/null
@@ -1,228 +0,0 @@
-theory assert_false_in_if_2_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML assert_false_in_if_2_passive_prog assert_false_in_if_2_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon4_Then
-  where
-    "vc_anon4_Then x_0 = (\<not> (x_0 \<noteq> (8::int)))"
-definition vc_anon3
-  where
-    "vc_anon3  = ((7::int) = (7::int))"
-definition vc_anon4_Else
-  where
-    "vc_anon4_Else x_0 = ((x_0 = (8::int)) \<longrightarrow> (vc_anon3 ))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 = ((vc_anon4_Then x_0) \<and> (vc_anon4_Else x_0))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2
-lemmas forall_poly_thm = forall_vc_type[OF G2]
-lemmas exists_poly_thm = exists_vc_type[OF G2]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon3_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon3AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding assert_false_in_if_2_passive_prog.block_0_def vc.vc_anon3_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Then_hints = [
-(AssumeNot,NONE)]
-\<close>
-lemma block_anon4_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then vc_x_0) \<Longrightarrow> (s' = Magic)))"
-unfolding assert_false_in_if_2_passive_prog.block_1_def vc.vc_anon4_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Else_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon4_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 )))))))"
-unfolding assert_false_in_if_2_passive_prog.block_2_def vc.vc_anon4_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.block_3 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))))))"
-using assms
-unfolding assert_false_in_if_2_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))))))"
-using assms
-unfolding assert_false_in_if_2_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding assert_false_in_if_2_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) assert_false_in_if_2_passive_prog.node_0 assert_false_in_if_2_passive_prog.outEdges_0])
-using block_anon3AA0[OF _ assms(2)] by blast
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Then vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) assert_false_in_if_2_passive_prog.node_1])
-by (erule block_anon4_ThenAA0[OF _ assms(2)])
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Else vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_2_passive_prog.node_2])
-apply (erule block_anon4_ElseAA0[OF _ assms(2)])
-apply ((simp add:assert_false_in_if_2_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_2_passive_prog.node_3])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:assert_false_in_if_2_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then vc_x_0) \<and> (vc.vc_anon4_Else vc_x_0))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_2_passive_prog.node_4])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:assert_false_in_if_2_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_2_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_2_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:assert_false_in_if_2_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_2_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assert_false_in_if_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) assert_false_in_if_2_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_2_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_2_passive_prog.params_vdecls assert_false_in_if_2_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((assert_false_in_if_2_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assert_false_in_if_2_passive_prog.m_x])
-apply (subst lookup_var_local[OF assert_false_in_if_2_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assert_false_in_if_2_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF assert_false_in_if_2_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_2_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/ROOT
deleted file mode 100644
index 075c5a5..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session assert_false_in_if_3_proofs = Boogie_Lang + 
-directories assert_false_in_if_3_proofs
-theories
-global_data
-"assert_false_in_if_3_proofs/assert_false_in_if_3_passive_prog"
-"assert_false_in_if_3_proofs/assert_false_in_if_3_before_ast_to_cfg_prog"
-"assert_false_in_if_3_proofs/assert_false_in_if_3_before_cfg_to_dag_prog"
-"assert_false_in_if_3_proofs/assert_false_in_if_3_passification_proof"
-"assert_false_in_if_3_proofs/assert_false_in_if_3_vcphase_proof"
-"assert_false_in_if_3_proofs/assert_false_in_if_3_before_passive_prog"
-"assert_false_in_if_3_proofs/assert_false_in_if_3_asttocfg_proof"
-"assert_false_in_if_3_proofs/assert_false_in_if_3_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_asttocfg_proof.thy
deleted file mode 100644
index 48f1d18..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_asttocfg_proof.thy
+++ /dev/null
@@ -1,315 +0,0 @@
-theory assert_false_in_if_3_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assert_false_in_if_3_before_ast_to_cfg_prog assert_false_in_if_3_before_cfg_to_dag_prog assert_false_in_if_3_cfgtodag_proof assert_false_in_if_3_passification_proof assert_false_in_if_3_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A assert_false_in_if_3_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3_def assert_false_in_if_3_before_cfg_to_dag_prog.block_3_def)
-apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_3_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_3_def assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3_def)+)
-done
-
-
-lemma global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_3_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-apply (rule cont_3_def)
-apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_3)
-apply (rule disjI1)
-apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.block_3_def)
-apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_3)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.node_3)
-apply (rule rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_3)
-apply assumption+
-
-done
-qed
-
-lemma global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_3_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_2_def)
-
-apply (rule astTrace)
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_2)
-apply (rule disjI1)
-apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.block_2_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.node_2)
-
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1_def assert_false_in_if_3_before_cfg_to_dag_prog.block_1_def)
-apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_1_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_1_def assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1_def)+)
-done
-
-
-lemma global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_3_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1_def)
-apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_1)
-apply (rule disjI1)
-apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.block_1_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_1_def)
-apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.node_1)
-apply (rule rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_1)
-apply assumption
-apply (simp)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0_def assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_3_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0 _ assert_false_in_if_3_before_cfg_to_dag_prog.block_0])
-apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: assert_false_in_if_3_before_cfg_to_dag_prog.node_0)
-apply (rule rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-
-apply (rule disjE, simp)
-apply ((erule allE[where x = 1])+)
-apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add: assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_0_def assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assert_false_in_if_3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assert_false_in_if_3_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assert_false_in_if_3_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_assert_false_in_if_3_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.pres_def assert_false_in_if_3_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.pres_def assert_false_in_if_3_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (assert_false_in_if_3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) assert_false_in_if_3_before_ast_to_cfg_prog.fdecls assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.axioms assert_false_in_if_3_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 assert_false_in_if_3_before_ast_to_cfg_prog.ast_proc_def assert_false_in_if_3_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 5aa16d5..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,123 +0,0 @@
-theory assert_false_in_if_3_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (None ) [(BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [(Assign 0 (Lit (LInt 7))),(Assert (BinOp (Var 0) Eq (Lit (LInt 7))))] (None ) (None ))"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KSeq bigblock_3 cont_3)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assert_false_in_if_3_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec assert_false_in_if_3_before_ast_to_cfg_prog.post),proc_body = (Some (assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls,assert_false_in_if_3_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_cfg_to_dag_prog.thy
deleted file mode 100644
index db0e136..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,149 +0,0 @@
-theory assert_false_in_if_3_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assert (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = []"
-definition block_3
-  where
-    "block_3  = [(Assign 0 (Lit (LInt 7))),(Assert (BinOp (Var 0) Eq (Lit (LInt 7))))]"
-definition outEdges
-  where
-    "outEdges  = [[1,2],[3],[3],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls_def assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_3_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = assert_false_in_if_3_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assert_false_in_if_3_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec assert_false_in_if_3_before_cfg_to_dag_prog.post),proc_body = (Some (assert_false_in_if_3_before_cfg_to_dag_prog.locals_vdecls,assert_false_in_if_3_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_passive_prog.thy
deleted file mode 100644
index 60f32be..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory assert_false_in_if_3_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_3_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 7))),(Assert (BinOp (Var 0) Eq (Lit (LInt 7))))]"
-definition block_1
-  where
-    "block_1  = [(Assert (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = []"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_cfgtodag_proof.thy
deleted file mode 100644
index 507cb92..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_cfgtodag_proof.thy
+++ /dev/null
@@ -1,284 +0,0 @@
-theory assert_false_in_if_3_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assert_false_in_if_3_before_ast_to_cfg_prog assert_false_in_if_3_before_cfg_to_dag_prog assert_false_in_if_3_before_passive_prog assert_false_in_if_3_passification_proof assert_false_in_if_3_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A assert_false_in_if_3_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_3_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assert_false_in_if_3_before_cfg_to_dag_prog.block_3_def assert_false_in_if_3_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_3)
-apply (rule assert_false_in_if_3_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.post_def
-apply (rule block_anon3)
-apply assumption+
-by (rule assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_3)
-
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_3_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assert_false_in_if_3_before_cfg_to_dag_prog.block_1_def assert_false_in_if_3_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_1)
-apply (rule assert_false_in_if_3_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon4_Then)
-apply (assumption+)
-apply ((simp add:assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:assert_false_in_if_3_before_passive_prog.outEdges_1))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_3_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assert_false_in_if_3_before_cfg_to_dag_prog.block_2_def assert_false_in_if_3_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_2)
-apply (rule assert_false_in_if_3_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon4_Else)
-apply (assumption+)
-apply ((simp add:assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:assert_false_in_if_3_before_passive_prog.outEdges_2))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_3_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assert_false_in_if_3_before_cfg_to_dag_prog.block_0_def assert_false_in_if_3_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule assert_false_in_if_3_before_cfg_to_dag_prog.node_0)
-apply (rule assert_false_in_if_3_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:assert_false_in_if_3_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:assert_false_in_if_3_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:assert_false_in_if_3_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:assert_false_in_if_3_before_passive_prog.outEdges_4))
-by ((simp add:assert_false_in_if_3_before_passive_prog.node_4 assert_false_in_if_3_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assert_false_in_if_3_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule assert_false_in_if_3_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding assert_false_in_if_3_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=assert_false_in_if_3_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule assert_false_in_if_3_before_passive_prog.outEdges_5)
-apply ((simp add:assert_false_in_if_3_before_passive_prog.node_4 assert_false_in_if_3_before_passive_prog.block_4_def))
-apply (rule assert_false_in_if_3_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assert_false_in_if_3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assert_false_in_if_3_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assert_false_in_if_3_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] assert_false_in_if_3_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule assert_false_in_if_3_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passification_proof.thy
deleted file mode 100644
index f5169ad..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passification_proof.thy
+++ /dev/null
@@ -1,254 +0,0 @@
-theory assert_false_in_if_3_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_3_before_ast_to_cfg_prog assert_false_in_if_3_passive_prog Boogie_Lang.PassificationML assert_false_in_if_3_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 7)))]) R_old assert_false_in_if_3_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_3_before_passive_prog.block_0_def assert_false_in_if_3_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_3_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_3_before_passive_prog.block_1_def assert_false_in_if_3_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_3_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_3_before_passive_prog.block_2_def assert_false_in_if_3_passive_prog.block_2_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old assert_false_in_if_3_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_3_before_passive_prog.block_3_def assert_false_in_if_3_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:assert_false_in_if_3_before_ast_to_cfg_prog.l_x(2) assert_false_in_if_3_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_3_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_3_before_passive_prog.block_4_def assert_false_in_if_3_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_3_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_3_before_passive_prog.block_5_def assert_false_in_if_3_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_3_before_passive_prog.node_0},@{thm assert_false_in_if_3_before_passive_prog.outEdges_0}) (@{thm assert_false_in_if_3_passive_prog.node_0},@{thm assert_false_in_if_3_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_3_before_passive_prog.node_1},@{thm assert_false_in_if_3_before_passive_prog.outEdges_1}) (@{thm assert_false_in_if_3_passive_prog.node_1},@{thm assert_false_in_if_3_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_3_before_passive_prog.node_2},@{thm assert_false_in_if_3_before_passive_prog.outEdges_2}) (@{thm assert_false_in_if_3_passive_prog.node_2},@{thm assert_false_in_if_3_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_3_before_passive_prog.node_3},@{thm assert_false_in_if_3_before_passive_prog.outEdges_3}) (@{thm assert_false_in_if_3_passive_prog.node_3},@{thm assert_false_in_if_3_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon4_Then}, 
-@{thm cfg_block_anon4_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_3_before_passive_prog.node_4},@{thm assert_false_in_if_3_before_passive_prog.outEdges_4}) (@{thm assert_false_in_if_3_passive_prog.node_4},@{thm assert_false_in_if_3_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_3_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_3_before_passive_prog.node_5},@{thm assert_false_in_if_3_before_passive_prog.outEdges_5}) (@{thm assert_false_in_if_3_passive_prog.node_5},@{thm assert_false_in_if_3_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_3_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assert_false_in_if_3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls ns assert_false_in_if_3_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv assert_false_in_if_3_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding assert_false_in_if_3_passive_prog.params_vdecls_def assert_false_in_if_3_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using assert_false_in_if_3_before_passive_prog.globals_locals_disj apply auto[1]
-using assert_false_in_if_3_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] assert_false_in_if_3_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range assert_false_in_if_3_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] assert_false_in_if_3_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from assert_false_in_if_3_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passive_prog.thy
deleted file mode 100644
index 2592c16..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_passive_prog.thy
+++ /dev/null
@@ -1,119 +0,0 @@
-theory assert_false_in_if_3_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_3_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Lit (LInt 7)) Eq (Lit (LInt 7))))]"
-definition block_1
-  where
-    "block_1  = [(Assert (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = []"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assert_false_in_if_3_passive_prog.params_vdecls_def assert_false_in_if_3_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)))) = {})"
-unfolding assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_vcphase_proof.thy
deleted file mode 100644
index 6875507..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_proofs/assert_false_in_if_3_vcphase_proof.thy
+++ /dev/null
@@ -1,225 +0,0 @@
-theory assert_false_in_if_3_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML assert_false_in_if_3_passive_prog assert_false_in_if_3_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon4_Then
-  where
-    "vc_anon4_Then  = False"
-definition vc_anon3
-  where
-    "vc_anon3  = ((7::int) = (7::int))"
-definition vc_anon0
-  where
-    "vc_anon0  = ((vc_anon4_Then ) \<and> (vc_anon3 ))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2
-lemmas forall_poly_thm = forall_vc_type[OF G2]
-lemmas exists_poly_thm = exists_vc_type[OF G2]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon3_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon3AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding assert_false_in_if_3_passive_prog.block_0_def vc.vc_anon3_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Then_hints = [
-(AssertFalse,NONE)]
-\<close>
-lemma block_anon4_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then ) \<Longrightarrow> (s' = Magic)))"
-unfolding assert_false_in_if_3_passive_prog.block_1_def vc.vc_anon4_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
-by (auto?)
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.block_2 (Normal n_s) s')" and 
-"(vc.vc_anon3 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 )))))"
-using assms
-unfolding assert_false_in_if_3_passive_prog.block_2_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.block_3 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))))))"
-using assms
-unfolding assert_false_in_if_3_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))))))"
-using assms
-unfolding assert_false_in_if_3_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding assert_false_in_if_3_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) assert_false_in_if_3_passive_prog.node_0 assert_false_in_if_3_passive_prog.outEdges_0])
-using block_anon3AA0[OF _ assms(2)] by blast
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Then )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) assert_false_in_if_3_passive_prog.node_1])
-by (erule block_anon4_ThenAA0[OF _ assms(2)])
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_3_passive_prog.node_2])
-apply (erule block_anon4_Else[OF _ assms(2)])
-apply ((simp add:assert_false_in_if_3_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_3_passive_prog.node_3])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:assert_false_in_if_3_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then ) \<and> (vc.vc_anon3 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_3_passive_prog.node_4])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:assert_false_in_if_3_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_3_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_3_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:assert_false_in_if_3_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_3_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assert_false_in_if_3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) assert_false_in_if_3_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_3_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_3_passive_prog.params_vdecls assert_false_in_if_3_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((assert_false_in_if_3_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assert_false_in_if_3_passive_prog.m_x])
-apply (subst lookup_var_local[OF assert_false_in_if_3_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assert_false_in_if_3_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF assert_false_in_if_3_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_3_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/ROOT
deleted file mode 100644
index 8444fc7..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session assert_false_in_if_proofs = Boogie_Lang + 
-directories assert_false_in_if_proofs
-theories
-global_data
-"assert_false_in_if_proofs/assert_false_in_if_before_passive_prog"
-"assert_false_in_if_proofs/assert_false_in_if_passification_proof"
-"assert_false_in_if_proofs/assert_false_in_if_passive_prog"
-"assert_false_in_if_proofs/assert_false_in_if_before_ast_to_cfg_prog"
-"assert_false_in_if_proofs/assert_false_in_if_vcphase_proof"
-"assert_false_in_if_proofs/assert_false_in_if_before_cfg_to_dag_prog"
-"assert_false_in_if_proofs/assert_false_in_if_cfgtodag_proof"
-"assert_false_in_if_proofs/assert_false_in_if_asttocfg_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_asttocfg_proof.thy
deleted file mode 100644
index 7010dfd..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_asttocfg_proof.thy
+++ /dev/null
@@ -1,269 +0,0 @@
-theory assert_false_in_if_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assert_false_in_if_before_ast_to_cfg_prog assert_false_in_if_before_cfg_to_dag_prog assert_false_in_if_cfgtodag_proof assert_false_in_if_passification_proof assert_false_in_if_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A assert_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma global_rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of assert_false_in_if_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_2_def)
-
-apply (rule astTrace)
-apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (simp)
-apply (rule cont_2_def)
-apply (rule assert_false_in_if_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule assert_false_in_if_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply ( rule neg_neq)
-apply (rule guardHint)
-apply (rule assert_false_in_if_before_cfg_to_dag_prog.outEdges_2)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.node_2)
-apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
-unfolding assert_false_in_if_before_cfg_to_dag_prog.block_1_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assert_false_in_if_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.block_1_def)
-apply ((simp add: assms(3) assert_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)+)
-done
-
-
-lemma global_rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of assert_false_in_if_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (simp)
-apply (rule cont_1_def)
-apply (rule assert_false_in_if_before_cfg_to_dag_prog.node_1)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule assert_false_in_if_before_cfg_to_dag_prog.block_1_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule assert_false_in_if_before_cfg_to_dag_prog.outEdges_1)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.node_1)
-apply (rule rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_1)
-apply assumption+
-apply (rule guardHint)
-done
-qed
-
-lemma rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assert_false_in_if_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_0_def assert_false_in_if_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: assert_false_in_if_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: assert_false_in_if_before_cfg_to_dag_prog.block_0_def assert_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assert_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assert_false_in_if_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of assert_false_in_if_before_ast_to_cfg_prog.bigblock_0 _ assert_false_in_if_before_cfg_to_dag_prog.block_0])
-apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.block_0_def assert_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule assert_false_in_if_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: assert_false_in_if_before_cfg_to_dag_prog.node_0)
-apply (rule rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: assert_false_in_if_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def assert_false_in_if_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 2])+)
-apply ((simp add: assert_false_in_if_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_0_def assert_false_in_if_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (assert_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assert_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assert_false_in_if_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assert_false_in_if_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (assert_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_assert_false_in_if_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.pres_def assert_false_in_if_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.pres_def assert_false_in_if_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (assert_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) assert_false_in_if_before_ast_to_cfg_prog.fdecls assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls assert_false_in_if_before_ast_to_cfg_prog.axioms assert_false_in_if_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding assert_false_in_if_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 assert_false_in_if_before_ast_to_cfg_prog.ast_proc_def assert_false_in_if_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 27e79b0..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,117 +0,0 @@
-theory assert_false_in_if_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Neq (Lit (LInt 8)))) [(BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
-definition cont_0
-  where
-    "cont_0  = KStop"
-definition cont_1
-  where
-    "cont_1  = KStop"
-definition cont_2
-  where
-    "cont_2  = KStop"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = assert_false_in_if_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assert_false_in_if_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec assert_false_in_if_before_ast_to_cfg_prog.post),proc_body = (Some (assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls,assert_false_in_if_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_cfg_to_dag_prog.thy
deleted file mode 100644
index f7bd2cf..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,138 +0,0 @@
-theory assert_false_in_if_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 8)))),(Assert (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 8))))]"
-definition outEdges
-  where
-    "outEdges  = [[1,2],[],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls_def assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding assert_false_in_if_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_before_cfg_to_dag_prog.constants_vdecls assert_false_in_if_before_cfg_to_dag_prog.globals_vdecls),(append assert_false_in_if_before_cfg_to_dag_prog.params_vdecls assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = assert_false_in_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assert_false_in_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec assert_false_in_if_before_cfg_to_dag_prog.post),proc_body = (Some (assert_false_in_if_before_cfg_to_dag_prog.locals_vdecls,assert_false_in_if_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_passive_prog.thy
deleted file mode 100644
index fe880bf..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory assert_false_in_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 8)))),(Assert (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 8))))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assert_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_cfgtodag_proof.thy
deleted file mode 100644
index f1ae58b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_cfgtodag_proof.thy
+++ /dev/null
@@ -1,242 +0,0 @@
-theory assert_false_in_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assert_false_in_if_before_ast_to_cfg_prog assert_false_in_if_before_cfg_to_dag_prog assert_false_in_if_before_passive_prog assert_false_in_if_passification_proof assert_false_in_if_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A assert_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assert_false_in_if_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def assert_false_in_if_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule assert_false_in_if_before_passive_prog.node_0)
-apply simp
-unfolding assert_false_in_if_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assert_false_in_if_before_cfg_to_dag_prog.block_1_def assert_false_in_if_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule assert_false_in_if_before_cfg_to_dag_prog.node_1)
-apply (rule assert_false_in_if_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_Then)
-apply assumption+
-apply (rule assert_false_in_if_before_cfg_to_dag_prog.outEdges_1)
-apply (rule assert_false_in_if_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assert_false_in_if_before_cfg_to_dag_prog.block_2_def assert_false_in_if_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule assert_false_in_if_before_cfg_to_dag_prog.node_2)
-apply (rule assert_false_in_if_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_Else)
-apply assumption+
-apply (rule assert_false_in_if_before_cfg_to_dag_prog.outEdges_2)
-apply (rule assert_false_in_if_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assert_false_in_if_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assert_false_in_if_before_cfg_to_dag_prog.block_0_def assert_false_in_if_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule assert_false_in_if_before_cfg_to_dag_prog.node_0)
-apply (rule assert_false_in_if_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:assert_false_in_if_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:assert_false_in_if_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:assert_false_in_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:assert_false_in_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:assert_false_in_if_before_passive_prog.outEdges_4))
-by ((simp add:assert_false_in_if_before_passive_prog.node_4 assert_false_in_if_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assert_false_in_if_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule assert_false_in_if_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding assert_false_in_if_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=assert_false_in_if_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding assert_false_in_if_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule assert_false_in_if_before_passive_prog.outEdges_5)
-apply ((simp add:assert_false_in_if_before_passive_prog.node_4 assert_false_in_if_before_passive_prog.block_4_def))
-apply (rule assert_false_in_if_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assert_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assert_false_in_if_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assert_false_in_if_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] assert_false_in_if_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule assert_false_in_if_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passification_proof.thy
deleted file mode 100644
index c9dc47b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passification_proof.thy
+++ /dev/null
@@ -1,258 +0,0 @@
-theory assert_false_in_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_before_ast_to_cfg_prog assert_false_in_if_passive_prog Boogie_Lang.PassificationML assert_false_in_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_before_passive_prog.block_0_def assert_false_in_if_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_before_passive_prog.block_1_def assert_false_in_if_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_before_passive_prog.block_2_def assert_false_in_if_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old assert_false_in_if_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_before_passive_prog.block_3_def assert_false_in_if_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:assert_false_in_if_before_ast_to_cfg_prog.l_x(2) assert_false_in_if_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_before_passive_prog.block_4_def assert_false_in_if_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assert_false_in_if_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assert_false_in_if_before_passive_prog.block_5_def assert_false_in_if_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_before_passive_prog.node_0},@{thm assert_false_in_if_before_passive_prog.outEdges_0}) (@{thm assert_false_in_if_passive_prog.node_0},@{thm assert_false_in_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon3_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assert_false_in_if_before_passive_prog.node_1},@{thm assert_false_in_if_before_passive_prog.outEdges_1}) (@{thm assert_false_in_if_passive_prog.node_1},@{thm assert_false_in_if_passive_prog.outEdges_1}) @{thm block_anon3_Then} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assert_false_in_if_before_passive_prog.node_2},@{thm assert_false_in_if_before_passive_prog.outEdges_2}) (@{thm assert_false_in_if_passive_prog.node_2},@{thm assert_false_in_if_passive_prog.outEdges_2}) @{thm block_anon3_Else} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_before_passive_prog.node_3},@{thm assert_false_in_if_before_passive_prog.outEdges_3}) (@{thm assert_false_in_if_passive_prog.node_3},@{thm assert_false_in_if_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon3_Then}, 
-@{thm cfg_block_anon3_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_before_passive_prog.node_4},@{thm assert_false_in_if_before_passive_prog.outEdges_4}) (@{thm assert_false_in_if_passive_prog.node_4},@{thm assert_false_in_if_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assert_false_in_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assert_false_in_if_before_passive_prog.node_5},@{thm assert_false_in_if_before_passive_prog.outEdges_5}) (@{thm assert_false_in_if_passive_prog.node_5},@{thm assert_false_in_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_before_ast_to_cfg_prog.params_vdecls assert_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assert_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls ns assert_false_in_if_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv assert_false_in_if_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding assert_false_in_if_passive_prog.params_vdecls_def assert_false_in_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using assert_false_in_if_before_passive_prog.globals_locals_disj apply auto[1]
-using assert_false_in_if_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] assert_false_in_if_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range assert_false_in_if_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] assert_false_in_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from assert_false_in_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passive_prog.thy
deleted file mode 100644
index d16c4c8..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_passive_prog.thy
+++ /dev/null
@@ -1,119 +0,0 @@
-theory assert_false_in_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util assert_false_in_if_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Neq (Lit (LInt 8)))),(Assert (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Eq (Lit (LInt 8))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assert_false_in_if_passive_prog.params_vdecls_def assert_false_in_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)))) = {})"
-unfolding assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_vcphase_proof.thy
deleted file mode 100644
index 18c9f3b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/assert_false_in_if_proofs/assert_false_in_if_vcphase_proof.thy
+++ /dev/null
@@ -1,223 +0,0 @@
-theory assert_false_in_if_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML assert_false_in_if_passive_prog assert_false_in_if_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon3_Then
-  where
-    "vc_anon3_Then x_0 = (\<not> (x_0 \<noteq> (8::int)))"
-definition vc_anon3_Else
-  where
-    "vc_anon3_Else  = True"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 = ((vc_anon3_Then x_0) \<and> (vc_anon3_Else ))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2
-lemmas forall_poly_thm = forall_vc_type[OF G2]
-lemmas exists_poly_thm = exists_vc_type[OF G2]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding assert_false_in_if_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon3_Then_hints = [
-(AssumeNot,NONE)]
-\<close>
-lemma block_anon3_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_Then vc_x_0) \<Longrightarrow> (s' = Magic)))"
-unfolding assert_false_in_if_passive_prog.block_1_def vc.vc_anon3_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon3_Else_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon3_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_Else ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding assert_false_in_if_passive_prog.block_2_def vc.vc_anon3_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.block_3 (Normal n_s) s')" and 
-"((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))))))"
-using assms
-unfolding assert_false_in_if_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))))))"
-using assms
-unfolding assert_false_in_if_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding assert_false_in_if_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) assert_false_in_if_passive_prog.node_0 assert_false_in_if_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon3_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3_Then vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) assert_false_in_if_passive_prog.node_1])
-by (erule block_anon3_ThenAA0[OF _ assms(2)])
-
-lemma cfg_block_anon3_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3_Else )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) assert_false_in_if_passive_prog.node_2])
-apply (erule block_anon3_ElseAA0[OF _ assms(2)])
-apply ((simp add:assert_false_in_if_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_passive_prog.node_3])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:assert_false_in_if_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon3_Then vc_x_0) \<and> (vc.vc_anon3_Else ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_passive_prog.node_4])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:assert_false_in_if_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assert_false_in_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assert_false_in_if_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:assert_false_in_if_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls)) \<Gamma> [] assert_false_in_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assert_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) assert_false_in_if_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls assert_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assert_false_in_if_passive_prog.params_vdecls assert_false_in_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((assert_false_in_if_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assert_false_in_if_passive_prog.m_x])
-apply (subst lookup_var_local[OF assert_false_in_if_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assert_false_in_if_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF assert_false_in_if_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assert_false_in_if_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/ROOT
deleted file mode 100644
index c37c8fa..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session assume_false_assert_false_proofs = Boogie_Lang + 
-directories assume_false_assert_false_proofs
-theories
-global_data
-"assume_false_assert_false_proofs/assume_false_assert_false_passive_prog"
-"assume_false_assert_false_proofs/assume_false_assert_false_vcphase_proof"
-"assume_false_assert_false_proofs/assume_false_assert_false_before_passive_prog"
-"assume_false_assert_false_proofs/assume_false_assert_false_passification_proof"
-"assume_false_assert_false_proofs/assume_false_assert_false_before_cfg_to_dag_prog"
-"assume_false_assert_false_proofs/assume_false_assert_false_before_ast_to_cfg_prog"
-"assume_false_assert_false_proofs/assume_false_assert_false_asttocfg_proof"
-"assume_false_assert_false_proofs/assume_false_assert_false_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_asttocfg_proof.thy
deleted file mode 100644
index 7e9c7e1..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_asttocfg_proof.thy
+++ /dev/null
@@ -1,335 +0,0 @@
-theory assume_false_assert_false_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assume_false_assert_false_before_ast_to_cfg_prog assume_false_assert_false_before_cfg_to_dag_prog assume_false_assert_false_cfgtodag_proof assume_false_assert_false_passification_proof assume_false_assert_false_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A assume_false_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3_def assume_false_assert_false_before_cfg_to_dag_prog.block_3_def)
-apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_3_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_3_def assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3_def)+)
-done
-
-
-lemma global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_assert_false_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-apply (rule cont_3_def)
-apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_3)
-apply (rule disjI1)
-apply (rule assume_false_assert_false_before_cfg_to_dag_prog.block_3_def)
-apply (rule assume_false_assert_false_before_cfg_to_dag_prog.outEdges_3)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.node_3)
-apply (rule rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_3)
-apply assumption+
-
-done
-qed
-
-lemma global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_assert_false_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_2_def)
-
-apply (rule astTrace)
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule assume_false_assert_false_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.node_2)
-
-
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
-unfolding assume_false_assert_false_before_cfg_to_dag_prog.block_1_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_1_def)
-apply ((simp add: assms(3) assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1_def)+)
-done
-
-
-lemma global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_assert_false_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1_def)
-apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_1)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule assume_false_assert_false_before_cfg_to_dag_prog.block_1_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_1_def)
-apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.node_1)
-apply (rule rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_1)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0_def assume_false_assert_false_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_0_def assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_assert_false_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0 _ assume_false_assert_false_before_cfg_to_dag_prog.block_0])
-apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_0_def assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: assume_false_assert_false_before_cfg_to_dag_prog.node_0)
-apply (rule rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def assume_false_assert_false_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 2])+)
-apply ((simp add: assume_false_assert_false_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_0_def assume_false_assert_false_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assume_false_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assume_false_assert_false_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assume_false_assert_false_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_assume_false_assert_false_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.pres_def assume_false_assert_false_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.pres_def assume_false_assert_false_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (assume_false_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) assume_false_assert_false_before_ast_to_cfg_prog.fdecls assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls assume_false_assert_false_before_ast_to_cfg_prog.axioms assume_false_assert_false_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 assume_false_assert_false_before_ast_to_cfg_prog.ast_proc_def assume_false_assert_false_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_ast_to_cfg_prog.thy
deleted file mode 100644
index b6de00d..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,123 +0,0 @@
-theory assume_false_assert_false_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BigBlock (None ) [(Assume (Lit (LBool False))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [(Assume (Lit (LBool False))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KSeq bigblock_3 cont_3)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assume_false_assert_false_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec assume_false_assert_false_before_ast_to_cfg_prog.post),proc_body = (Some (assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls,assume_false_assert_false_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 5bcaa8e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,149 +0,0 @@
-theory assume_false_assert_false_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assume (Lit (LBool False))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_3
-  where
-    "block_3  = [(Assert (Lit (LBool False)))]"
-definition outEdges
-  where
-    "outEdges  = [[1,2],[3],[3],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls_def assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls),(append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls),(append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_assert_false_before_cfg_to_dag_prog.constants_vdecls assume_false_assert_false_before_cfg_to_dag_prog.globals_vdecls),(append assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = assume_false_assert_false_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assume_false_assert_false_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec assume_false_assert_false_before_cfg_to_dag_prog.post),proc_body = (Some (assume_false_assert_false_before_cfg_to_dag_prog.locals_vdecls,assume_false_assert_false_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_passive_prog.thy
deleted file mode 100644
index 37b1c4a..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory assume_false_assert_false_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util assume_false_assert_false_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (Lit (LBool False)))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assume (Lit (LBool False))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_cfgtodag_proof.thy
deleted file mode 100644
index 1d83d9d..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_cfgtodag_proof.thy
+++ /dev/null
@@ -1,284 +0,0 @@
-theory assume_false_assert_false_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assume_false_assert_false_before_ast_to_cfg_prog assume_false_assert_false_before_cfg_to_dag_prog assume_false_assert_false_before_passive_prog assume_false_assert_false_passification_proof assume_false_assert_false_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A assume_false_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_assert_false_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assume_false_assert_false_before_cfg_to_dag_prog.block_3_def assume_false_assert_false_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_3)
-apply (rule assume_false_assert_false_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.post_def
-apply (rule block_anon3)
-apply assumption+
-by (rule assume_false_assert_false_before_cfg_to_dag_prog.outEdges_3)
-
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_assert_false_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assume_false_assert_false_before_cfg_to_dag_prog.block_1_def assume_false_assert_false_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_1)
-apply (rule assume_false_assert_false_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon4_Then)
-apply (assumption+)
-apply ((simp add:assume_false_assert_false_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:assume_false_assert_false_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:assume_false_assert_false_before_passive_prog.outEdges_1))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_assert_false_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assume_false_assert_false_before_cfg_to_dag_prog.block_2_def assume_false_assert_false_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_2)
-apply (rule assume_false_assert_false_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon4_Else)
-apply (assumption+)
-apply ((simp add:assume_false_assert_false_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:assume_false_assert_false_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:assume_false_assert_false_before_passive_prog.outEdges_2))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_assert_false_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assume_false_assert_false_before_cfg_to_dag_prog.block_0_def assume_false_assert_false_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule assume_false_assert_false_before_cfg_to_dag_prog.node_0)
-apply (rule assume_false_assert_false_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:assume_false_assert_false_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:assume_false_assert_false_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:assume_false_assert_false_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:assume_false_assert_false_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:assume_false_assert_false_before_passive_prog.outEdges_4))
-by ((simp add:assume_false_assert_false_before_passive_prog.node_4 assume_false_assert_false_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assume_false_assert_false_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule assume_false_assert_false_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding assume_false_assert_false_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=assume_false_assert_false_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule assume_false_assert_false_before_passive_prog.outEdges_5)
-apply ((simp add:assume_false_assert_false_before_passive_prog.node_4 assume_false_assert_false_before_passive_prog.block_4_def))
-apply (rule assume_false_assert_false_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assume_false_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assume_false_assert_false_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assume_false_assert_false_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] assume_false_assert_false_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assume_false_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule assume_false_assert_false_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passification_proof.thy
deleted file mode 100644
index 74cd692..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passification_proof.thy
+++ /dev/null
@@ -1,259 +0,0 @@
-theory assume_false_assert_false_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util assume_false_assert_false_before_ast_to_cfg_prog assume_false_assert_false_passive_prog Boogie_Lang.PassificationML assume_false_assert_false_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_assert_false_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assume_false_assert_false_before_passive_prog.block_0_def assume_false_assert_false_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old assume_false_assert_false_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assume_false_assert_false_before_passive_prog.block_1_def assume_false_assert_false_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:assume_false_assert_false_before_ast_to_cfg_prog.l_x(2) assume_false_assert_false_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_assert_false_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assume_false_assert_false_before_passive_prog.block_2_def assume_false_assert_false_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old assume_false_assert_false_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assume_false_assert_false_before_passive_prog.block_3_def assume_false_assert_false_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:assume_false_assert_false_before_ast_to_cfg_prog.l_x(2) assume_false_assert_false_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_assert_false_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assume_false_assert_false_before_passive_prog.block_4_def assume_false_assert_false_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_assert_false_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assume_false_assert_false_before_passive_prog.block_5_def assume_false_assert_false_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_assert_false_before_passive_prog.node_0},@{thm assume_false_assert_false_before_passive_prog.outEdges_0}) (@{thm assume_false_assert_false_passive_prog.node_0},@{thm assume_false_assert_false_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assume_false_assert_false_before_passive_prog.node_1},@{thm assume_false_assert_false_before_passive_prog.outEdges_1}) (@{thm assume_false_assert_false_passive_prog.node_1},@{thm assume_false_assert_false_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assume_false_assert_false_before_passive_prog.node_2},@{thm assume_false_assert_false_before_passive_prog.outEdges_2}) (@{thm assume_false_assert_false_passive_prog.node_2},@{thm assume_false_assert_false_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_assert_false_before_passive_prog.node_3},@{thm assume_false_assert_false_before_passive_prog.outEdges_3}) (@{thm assume_false_assert_false_passive_prog.node_3},@{thm assume_false_assert_false_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon4_Then}, 
-@{thm cfg_block_anon4_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_assert_false_before_passive_prog.node_4},@{thm assume_false_assert_false_before_passive_prog.outEdges_4}) (@{thm assume_false_assert_false_passive_prog.node_4},@{thm assume_false_assert_false_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_assert_false_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_assert_false_before_passive_prog.node_5},@{thm assume_false_assert_false_before_passive_prog.outEdges_5}) (@{thm assume_false_assert_false_passive_prog.node_5},@{thm assume_false_assert_false_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_before_ast_to_cfg_prog.params_vdecls assume_false_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assume_false_assert_false_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assume_false_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls ns assume_false_assert_false_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv assume_false_assert_false_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding assume_false_assert_false_passive_prog.params_vdecls_def assume_false_assert_false_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using assume_false_assert_false_before_passive_prog.globals_locals_disj apply auto[1]
-using assume_false_assert_false_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] assume_false_assert_false_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range assume_false_assert_false_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] assume_false_assert_false_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from assume_false_assert_false_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passive_prog.thy
deleted file mode 100644
index 08ed10e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_passive_prog.thy
+++ /dev/null
@@ -1,128 +0,0 @@
-theory assume_false_assert_false_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util assume_false_assert_false_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (Lit (LBool False)))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assume (Lit (LBool False))),(Assume (BinOp (Var 2) Eq (BinOp (Var 1) Sub (Lit (LInt 1)))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assume_false_assert_false_passive_prog.params_vdecls_def assume_false_assert_false_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)))) = {})"
-unfolding assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls_def assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_vcphase_proof.thy
deleted file mode 100644
index f43ddf7..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/assume_false_assert_false_proofs/assume_false_assert_false_vcphase_proof.thy
+++ /dev/null
@@ -1,236 +0,0 @@
-theory assume_false_assert_false_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML assume_false_assert_false_passive_prog assume_false_assert_false_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon4_Then
-  where
-    "vc_anon4_Then  = True"
-definition vc_anon3
-  where
-    "vc_anon3  = False"
-definition vc_anon4_Else
-  where
-    "vc_anon4_Else x_0 = (((0::int) \<ge> x_0) \<longrightarrow> (vc_anon3 ))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 = ((vc_anon4_Then ) \<and> (vc_anon4_Else x_0))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3
-lemmas forall_poly_thm = forall_vc_type[OF G3]
-lemmas exists_poly_thm = exists_vc_type[OF G3]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon3_hints = [
-(AssertFalse,NONE)]
-\<close>
-lemma block_anon3AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 ) \<Longrightarrow> (s' = Magic)))"
-unfolding assume_false_assert_false_passive_prog.block_0_def vc.vc_anon3_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Then_hints = [
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon4_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then ) \<Longrightarrow> (s' = Magic)))"
-unfolding assume_false_assert_false_passive_prog.block_1_def vc.vc_anon4_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Else_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon4_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 )))))))"
-unfolding assume_false_assert_false_passive_prog.block_2_def vc.vc_anon4_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.block_3 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))))))"
-using assms
-unfolding assume_false_assert_false_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))))))"
-using assms
-unfolding assume_false_assert_false_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding assume_false_assert_false_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) assume_false_assert_false_passive_prog.node_0])
-by (erule block_anon3AA0[OF _ assms(2)])
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Then )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) assume_false_assert_false_passive_prog.node_1])
-by (erule block_anon4_ThenAA0[OF _ assms(2)])
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Else vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_assert_false_passive_prog.node_2])
-apply (erule block_anon4_ElseAA0[OF _ assms(2)])
-apply ((simp add:assume_false_assert_false_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_assert_false_passive_prog.node_3])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:assume_false_assert_false_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then ) \<and> (vc.vc_anon4_Else vc_x_0))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_assert_false_passive_prog.node_4])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:assume_false_assert_false_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_assert_false_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_assert_false_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:assume_false_assert_false_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls)) \<Gamma> [] assume_false_assert_false_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assume_false_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) assume_false_assert_false_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls assume_false_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_assert_false_passive_prog.params_vdecls assume_false_assert_false_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((assume_false_assert_false_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assume_false_assert_false_passive_prog.m_x])
-apply (subst lookup_var_local[OF assume_false_assert_false_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assume_false_assert_false_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF assume_false_assert_false_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assume_false_assert_false_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF assume_false_assert_false_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_assert_false_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/ROOT
deleted file mode 100644
index 1bd673e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session assume_false_in_if_proofs = Boogie_Lang + 
-directories assume_false_in_if_proofs
-theories
-global_data
-"assume_false_in_if_proofs/assume_false_in_if_before_ast_to_cfg_prog"
-"assume_false_in_if_proofs/assume_false_in_if_before_cfg_to_dag_prog"
-"assume_false_in_if_proofs/assume_false_in_if_passive_prog"
-"assume_false_in_if_proofs/assume_false_in_if_vcphase_proof"
-"assume_false_in_if_proofs/assume_false_in_if_asttocfg_proof"
-"assume_false_in_if_proofs/assume_false_in_if_passification_proof"
-"assume_false_in_if_proofs/assume_false_in_if_before_passive_prog"
-"assume_false_in_if_proofs/assume_false_in_if_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_asttocfg_proof.thy
deleted file mode 100644
index 93f519a..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_asttocfg_proof.thy
+++ /dev/null
@@ -1,269 +0,0 @@
-theory assume_false_in_if_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assume_false_in_if_before_ast_to_cfg_prog assume_false_in_if_before_cfg_to_dag_prog assume_false_in_if_cfgtodag_proof assume_false_in_if_passification_proof assume_false_in_if_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A assume_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma global_rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_in_if_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_in_if_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of assume_false_in_if_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_2_def)
-
-apply (rule astTrace)
-apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (simp)
-apply (rule cont_2_def)
-apply (rule assume_false_in_if_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule assume_false_in_if_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply ( rule neg_neq)
-apply (rule guardHint)
-apply (rule assume_false_in_if_before_cfg_to_dag_prog.outEdges_2)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.node_2)
-apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assume_false_in_if_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
-unfolding assume_false_in_if_before_cfg_to_dag_prog.block_1_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assume_false_in_if_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.block_1_def)
-apply ((simp add: assms(3) assume_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)+)
-done
-
-
-lemma global_rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_in_if_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_in_if_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Neq (Lit (LInt 8))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of assume_false_in_if_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (simp)
-apply (rule cont_1_def)
-apply (rule assume_false_in_if_before_cfg_to_dag_prog.node_1)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule assume_false_in_if_before_cfg_to_dag_prog.block_1_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule assume_false_in_if_before_cfg_to_dag_prog.outEdges_1)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.node_1)
-apply (rule rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_1)
-apply assumption+
-apply (rule guardHint)
-done
-qed
-
-lemma rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (assume_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of assume_false_in_if_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_0_def assume_false_in_if_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: assume_false_in_if_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: assume_false_in_if_before_cfg_to_dag_prog.block_0_def assume_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (assume_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end assume_false_in_if_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of assume_false_in_if_before_ast_to_cfg_prog.bigblock_0 _ assume_false_in_if_before_cfg_to_dag_prog.block_0])
-apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.block_0_def assume_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule assume_false_in_if_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: assume_false_in_if_before_cfg_to_dag_prog.node_0)
-apply (rule rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: assume_false_in_if_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def assume_false_in_if_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 2])+)
-apply ((simp add: assume_false_in_if_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_0_def assume_false_in_if_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (assume_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assume_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assume_false_in_if_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assume_false_in_if_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (assume_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_assume_false_in_if_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.pres_def assume_false_in_if_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.pres_def assume_false_in_if_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (assume_false_in_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) assume_false_in_if_before_ast_to_cfg_prog.fdecls assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls assume_false_in_if_before_ast_to_cfg_prog.axioms assume_false_in_if_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding assume_false_in_if_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 assume_false_in_if_before_ast_to_cfg_prog.ast_proc_def assume_false_in_if_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_ast_to_cfg_prog.thy
deleted file mode 100644
index ee24b64..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,117 +0,0 @@
-theory assume_false_in_if_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Neq (Lit (LInt 8)))) [(BigBlock (None ) [(Assume (Lit (LBool False)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [(Assume (Lit (LBool False)))] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
-definition cont_0
-  where
-    "cont_0  = KStop"
-definition cont_1
-  where
-    "cont_1  = KStop"
-definition cont_2
-  where
-    "cont_2  = KStop"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = assume_false_in_if_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assume_false_in_if_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec assume_false_in_if_before_ast_to_cfg_prog.post),proc_body = (Some (assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls,assume_false_in_if_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_cfg_to_dag_prog.thy
deleted file mode 100644
index e3ce4af..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,138 +0,0 @@
-theory assume_false_in_if_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 8)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 8))))]"
-definition outEdges
-  where
-    "outEdges  = [[1,2],[],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls_def assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding assume_false_in_if_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls),(append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls),(append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_in_if_before_cfg_to_dag_prog.constants_vdecls assume_false_in_if_before_cfg_to_dag_prog.globals_vdecls),(append assume_false_in_if_before_cfg_to_dag_prog.params_vdecls assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = assume_false_in_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec assume_false_in_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec assume_false_in_if_before_cfg_to_dag_prog.post),proc_body = (Some (assume_false_in_if_before_cfg_to_dag_prog.locals_vdecls,assume_false_in_if_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_passive_prog.thy
deleted file mode 100644
index 9790c20..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory assume_false_in_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util assume_false_in_if_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 8)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 8))))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assume_false_in_if_before_ast_to_cfg_prog.params_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_cfgtodag_proof.thy
deleted file mode 100644
index e243983..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_cfgtodag_proof.thy
+++ /dev/null
@@ -1,242 +0,0 @@
-theory assume_false_in_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML assume_false_in_if_before_ast_to_cfg_prog assume_false_in_if_before_cfg_to_dag_prog assume_false_in_if_before_passive_prog assume_false_in_if_passification_proof assume_false_in_if_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A assume_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assume_false_in_if_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def assume_false_in_if_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule assume_false_in_if_before_passive_prog.node_0)
-apply simp
-unfolding assume_false_in_if_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_in_if_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assume_false_in_if_before_cfg_to_dag_prog.block_1_def assume_false_in_if_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule assume_false_in_if_before_cfg_to_dag_prog.node_1)
-apply (rule assume_false_in_if_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_Then)
-apply assumption+
-apply (rule assume_false_in_if_before_cfg_to_dag_prog.outEdges_1)
-apply (rule assume_false_in_if_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_in_if_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assume_false_in_if_before_cfg_to_dag_prog.block_2_def assume_false_in_if_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule assume_false_in_if_before_cfg_to_dag_prog.node_2)
-apply (rule assume_false_in_if_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_Else)
-apply assumption+
-apply (rule assume_false_in_if_before_cfg_to_dag_prog.outEdges_2)
-apply (rule assume_false_in_if_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] assume_false_in_if_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding assume_false_in_if_before_cfg_to_dag_prog.block_0_def assume_false_in_if_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule assume_false_in_if_before_cfg_to_dag_prog.node_0)
-apply (rule assume_false_in_if_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:assume_false_in_if_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:assume_false_in_if_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:assume_false_in_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:assume_false_in_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:assume_false_in_if_before_passive_prog.outEdges_4))
-by ((simp add:assume_false_in_if_before_passive_prog.node_4 assume_false_in_if_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 assume_false_in_if_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule assume_false_in_if_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding assume_false_in_if_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=assume_false_in_if_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding assume_false_in_if_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule assume_false_in_if_before_passive_prog.outEdges_5)
-apply ((simp add:assume_false_in_if_before_passive_prog.node_4 assume_false_in_if_before_passive_prog.block_4_def))
-apply (rule assume_false_in_if_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assume_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) assume_false_in_if_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns assume_false_in_if_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] assume_false_in_if_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assume_false_in_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule assume_false_in_if_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passification_proof.thy
deleted file mode 100644
index 17c1c82..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passification_proof.thy
+++ /dev/null
@@ -1,258 +0,0 @@
-theory assume_false_in_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util assume_false_in_if_before_ast_to_cfg_prog assume_false_in_if_passive_prog Boogie_Lang.PassificationML assume_false_in_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_in_if_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assume_false_in_if_before_passive_prog.block_0_def assume_false_in_if_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_in_if_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assume_false_in_if_before_passive_prog.block_1_def assume_false_in_if_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_in_if_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assume_false_in_if_before_passive_prog.block_2_def assume_false_in_if_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old assume_false_in_if_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assume_false_in_if_before_passive_prog.block_3_def assume_false_in_if_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:assume_false_in_if_before_ast_to_cfg_prog.l_x(2) assume_false_in_if_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_in_if_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assume_false_in_if_before_passive_prog.block_4_def assume_false_in_if_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old assume_false_in_if_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding assume_false_in_if_before_passive_prog.block_5_def assume_false_in_if_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_in_if_before_passive_prog.node_0},@{thm assume_false_in_if_before_passive_prog.outEdges_0}) (@{thm assume_false_in_if_passive_prog.node_0},@{thm assume_false_in_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon3_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assume_false_in_if_before_passive_prog.node_1},@{thm assume_false_in_if_before_passive_prog.outEdges_1}) (@{thm assume_false_in_if_passive_prog.node_1},@{thm assume_false_in_if_passive_prog.outEdges_1}) @{thm block_anon3_Then} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm assume_false_in_if_before_passive_prog.node_2},@{thm assume_false_in_if_before_passive_prog.outEdges_2}) (@{thm assume_false_in_if_passive_prog.node_2},@{thm assume_false_in_if_passive_prog.outEdges_2}) @{thm block_anon3_Else} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_in_if_before_passive_prog.node_3},@{thm assume_false_in_if_before_passive_prog.outEdges_3}) (@{thm assume_false_in_if_passive_prog.node_3},@{thm assume_false_in_if_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon3_Then}, 
-@{thm cfg_block_anon3_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_in_if_before_passive_prog.node_4},@{thm assume_false_in_if_before_passive_prog.outEdges_4}) (@{thm assume_false_in_if_passive_prog.node_4},@{thm assume_false_in_if_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> assume_false_in_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm assume_false_in_if_before_passive_prog.node_5},@{thm assume_false_in_if_before_passive_prog.outEdges_5}) (@{thm assume_false_in_if_passive_prog.node_5},@{thm assume_false_in_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_before_ast_to_cfg_prog.params_vdecls assume_false_in_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] assume_false_in_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assume_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls ns assume_false_in_if_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv assume_false_in_if_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding assume_false_in_if_passive_prog.params_vdecls_def assume_false_in_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using assume_false_in_if_before_passive_prog.globals_locals_disj apply auto[1]
-using assume_false_in_if_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] assume_false_in_if_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range assume_false_in_if_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] assume_false_in_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from assume_false_in_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passive_prog.thy
deleted file mode 100644
index 90b37ac..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_passive_prog.thy
+++ /dev/null
@@ -1,119 +0,0 @@
-theory assume_false_in_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util assume_false_in_if_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Neq (Lit (LInt 8)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Eq (Lit (LInt 8))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding assume_false_in_if_passive_prog.params_vdecls_def assume_false_in_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)))) = {})"
-unfolding assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls_def assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_vcphase_proof.thy
deleted file mode 100644
index 007d0c8..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/assume_false_in_if_proofs/assume_false_in_if_vcphase_proof.thy
+++ /dev/null
@@ -1,218 +0,0 @@
-theory assume_false_in_if_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML assume_false_in_if_passive_prog assume_false_in_if_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2
-lemmas forall_poly_thm = forall_vc_type[OF G2]
-lemmas exists_poly_thm = exists_vc_type[OF G2]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding assume_false_in_if_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon3_Then_hints = [
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon3_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding assume_false_in_if_passive_prog.block_1_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon3_Else_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon3_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding assume_false_in_if_passive_prog.block_2_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.block_3 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding assume_false_in_if_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding assume_false_in_if_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding assume_false_in_if_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) assume_false_in_if_passive_prog.node_0 assume_false_in_if_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon3_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) assume_false_in_if_passive_prog.node_1])
-by (erule block_anon3_ThenAA0[OF _ assms(2)])
-
-lemma cfg_block_anon3_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) assume_false_in_if_passive_prog.node_2])
-apply (erule block_anon3_ElseAA0[OF _ assms(2)])
-apply ((simp add:assume_false_in_if_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_in_if_passive_prog.node_3])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:assume_false_in_if_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_in_if_passive_prog.node_4])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:assume_false_in_if_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> assume_false_in_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) assume_false_in_if_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:assume_false_in_if_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls)) \<Gamma> [] assume_false_in_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A assume_false_in_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) assume_false_in_if_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls assume_false_in_if_before_ast_to_cfg_prog.globals_vdecls),(append assume_false_in_if_passive_prog.params_vdecls assume_false_in_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((assume_false_in_if_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assume_false_in_if_passive_prog.m_x])
-apply (subst lookup_var_local[OF assume_false_in_if_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF assume_false_in_if_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF assume_false_in_if_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/assume_false_in_if_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/ROOT
deleted file mode 100644
index 9f71b4d..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session complete_bigblock_loop_in_loop_proofs = Boogie_Lang + 
-directories while_succ_in_while_proofs
-theories
-global_data
-"while_succ_in_while_proofs/while_succ_in_while_before_ast_to_cfg_prog"
-"while_succ_in_while_proofs/while_succ_in_while_asttocfg_proof"
-"while_succ_in_while_proofs/while_succ_in_while_vcphase_proof"
-"while_succ_in_while_proofs/while_succ_in_while_before_passive_prog"
-"while_succ_in_while_proofs/while_succ_in_while_cfgtodag_proof"
-"while_succ_in_while_proofs/while_succ_in_while_before_cfg_to_dag_prog"
-"while_succ_in_while_proofs/while_succ_in_while_passive_prog"
-"while_succ_in_while_proofs/while_succ_in_while_passification_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_asttocfg_proof.thy
deleted file mode 100644
index e506c4b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_asttocfg_proof.thy
+++ /dev/null
@@ -1,557 +0,0 @@
-theory while_succ_in_while_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML while_succ_in_while_before_ast_to_cfg_prog while_succ_in_while_before_cfg_to_dag_prog while_succ_in_while_cfgtodag_proof while_succ_in_while_passification_proof while_succ_in_while_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A while_succ_in_while_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_6_def while_succ_in_while_before_cfg_to_dag_prog.block_8_def)
-apply ((simp add: while_succ_in_while_before_cfg_to_dag_prog.block_8_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: while_succ_in_while_before_cfg_to_dag_prog.block_8_def while_succ_in_while_before_ast_to_cfg_prog.bigblock_6_def)+)
-done
-
-
-lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (simp)
-apply (rule cont_6_def)
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_8)
-apply (rule disjI1)
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.block_8_def)
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.outEdges_8)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_8)
-apply (rule rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_6)
-apply assumption+
-
-done
-qed
-
-lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T while_succ_in_while_before_ast_to_cfg_prog.bigblock_1 cont_1 while_succ_in_while_before_cfg_to_dag_prog.proc_body 1 while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_5_def)
-
-apply (rule astTrace)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_5_def)
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_6)
-apply (rule disjI1)
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.block_6_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_5_def)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_6)
-
-
-
-apply ((erule allE[where x=1])+)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_6)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_4_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: assms(3) while_succ_in_while_before_ast_to_cfg_prog.bigblock_4_def)+)
-done
-
-
-lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T while_succ_in_while_before_ast_to_cfg_prog.bigblock_3 cont_3 while_succ_in_while_before_cfg_to_dag_prog.proc_body 3 while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_4)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.block_4_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_4_def)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_4)
-apply (rule rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_4)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=3])+)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T while_succ_in_while_before_ast_to_cfg_prog.bigblock_1 cont_1 while_succ_in_while_before_cfg_to_dag_prog.proc_body 1 while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_3 _ _ _ while_succ_in_while_before_cfg_to_dag_prog.block_3])
-apply (simp add:while_succ_in_while_before_ast_to_cfg_prog.bigblock_3_def while_succ_in_while_before_cfg_to_dag_prog.block_3_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:while_succ_in_while_before_ast_to_cfg_prog.bigblock_3_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_3])
-apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.bigblock_3_def)+)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.block_3_def while_succ_in_while_before_cfg_to_dag_prog.node_3)+)
-apply (rule cont_3_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def while_succ_in_while_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_3_def cont_4_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 5])+)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_5)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_5)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_5)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: assms(3) while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T while_succ_in_while_before_ast_to_cfg_prog.bigblock_1 cont_1 while_succ_in_while_before_cfg_to_dag_prog.proc_body 1 while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def while_succ_in_while_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def while_succ_in_while_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def while_succ_in_while_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_2_def)
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_2)
-
-apply (rule disjI2)
-apply (rule disjI1)
-
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (simp)
-
-
-apply (rule guardHint)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_2)
-apply (rule rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def)
-apply ((simp)+)
-apply (rule guardHint)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_1 _ _ _ while_succ_in_while_before_cfg_to_dag_prog.block_1])
-apply (simp add:while_succ_in_while_before_ast_to_cfg_prog.bigblock_1_def while_succ_in_while_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:while_succ_in_while_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.block_1_def while_succ_in_while_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def while_succ_in_while_before_ast_to_cfg_prog.bigblock_2_def cont_2_def while_succ_in_while_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 7])+)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_6)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_7)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_7_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_7)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_7)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_7_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_7)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_0_def while_succ_in_while_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: while_succ_in_while_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: while_succ_in_while_before_cfg_to_dag_prog.block_0_def while_succ_in_while_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_succ_in_while_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of while_succ_in_while_before_ast_to_cfg_prog.bigblock_0 _ while_succ_in_while_before_cfg_to_dag_prog.block_0])
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_0_def while_succ_in_while_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_0_def while_succ_in_while_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_0_def while_succ_in_while_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_0_def)
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: while_succ_in_while_before_cfg_to_dag_prog.node_0)
-apply (rule rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: while_succ_in_while_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (while_succ_in_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A while_succ_in_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) while_succ_in_while_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_succ_in_while_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (while_succ_in_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_while_succ_in_while_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.pres_def while_succ_in_while_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.pres_def while_succ_in_while_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_6] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (while_succ_in_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_6_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) while_succ_in_while_before_ast_to_cfg_prog.fdecls while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls while_succ_in_while_before_ast_to_cfg_prog.axioms while_succ_in_while_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding while_succ_in_while_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 while_succ_in_while_before_ast_to_cfg_prog.ast_proc_def while_succ_in_while_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 549eb15..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,150 +0,0 @@
-theory while_succ_in_while_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] (None ) (None ))"
-definition cont_6
-  where
-    "cont_6  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_6 cont_6)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_6 cont_6 ))"
-definition cont_5
-  where
-    "cont_5  = (KSeq bigblock_1 cont_1)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_5 cont_5)"
-definition cont_3
-  where
-    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_6]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = while_succ_in_while_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_succ_in_while_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec while_succ_in_while_before_ast_to_cfg_prog.post),proc_body = (Some (while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls,while_succ_in_while_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_cfg_to_dag_prog.thy
deleted file mode 100644
index a5d18cf..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,213 +0,0 @@
-theory while_succ_in_while_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0),(Havoc 1)]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_8
-  where
-    "block_8  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[7,2],[3],[5,4],[3],[6],[1],[8],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [7,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [5,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls_def while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls),(append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls),(append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls),(append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls),(append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_cfg_to_dag_prog.constants_vdecls while_succ_in_while_before_cfg_to_dag_prog.globals_vdecls),(append while_succ_in_while_before_cfg_to_dag_prog.params_vdecls while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = while_succ_in_while_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_succ_in_while_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec while_succ_in_while_before_cfg_to_dag_prog.post),proc_body = (Some (while_succ_in_while_before_cfg_to_dag_prog.locals_vdecls,while_succ_in_while_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_passive_prog.thy
deleted file mode 100644
index 13aae91..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_before_passive_prog.thy
+++ /dev/null
@@ -1,161 +0,0 @@
-theory while_succ_in_while_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util while_succ_in_while_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_4
-  where
-    "block_4  = [(Havoc 1)]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_6
-  where
-    "block_6  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_8
-  where
-    "block_8  = [(Havoc 1),(Havoc 0)]"
-definition block_9
-  where
-    "block_9  = [(Havoc 0),(Havoc 1)]"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[3,1],[4],[0],[6],[7,5],[8],[9],[10]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 11,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding while_succ_in_while_before_ast_to_cfg_prog.params_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_cfgtodag_proof.thy
deleted file mode 100644
index 747dd14..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_cfgtodag_proof.thy
+++ /dev/null
@@ -1,634 +0,0 @@
-theory while_succ_in_while_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML while_succ_in_while_before_ast_to_cfg_prog while_succ_in_while_before_cfg_to_dag_prog while_succ_in_while_before_passive_prog while_succ_in_while_passification_proof while_succ_in_while_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A while_succ_in_while_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_succ_in_while_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def while_succ_in_while_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule while_succ_in_while_before_passive_prog.node_0)
-apply simp
-unfolding while_succ_in_while_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma Mods_anon6_LoopBody:
-shows "(mods_contained_in (set [1]) while_succ_in_while_before_cfg_to_dag_prog.block_4)"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_1 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_4_def while_succ_in_while_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body [1] [] while_succ_in_while_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_4)
-apply (rule while_succ_in_while_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon6_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon6_LoopBody)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon3:
-shows "(mods_contained_in (set [1,0]) while_succ_in_while_before_cfg_to_dag_prog.block_6)"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_6_def
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_6_def while_succ_in_while_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body [1,0] [] while_succ_in_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_6)
-apply (rule while_succ_in_while_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon3)
-apply (assumption+)
-apply (rule Mods_anon3)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_6))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon5_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopDone:
-shows "(mods_contained_in (set [1,0]) while_succ_in_while_before_cfg_to_dag_prog.block_5)"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_5_def while_succ_in_while_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body [1,0] [] while_succ_in_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_5)
-apply (rule while_succ_in_while_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon6_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon6_LoopDone)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon5_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopHead:
-shows "(mods_contained_in (set [1]) while_succ_in_while_before_cfg_to_dag_prog.block_3)"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_3_def while_succ_in_while_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body [1,0] [] while_succ_in_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_3)
-apply (rule while_succ_in_while_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon6_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon6_LoopHead)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon5_LoopBody:
-shows "(mods_contained_in (set [1,0]) while_succ_in_while_before_cfg_to_dag_prog.block_2)"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_2_def while_succ_in_while_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body [1,0] [] while_succ_in_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_2)
-apply (rule while_succ_in_while_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon5_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon5_LoopBody)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon5_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_8_def while_succ_in_while_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_8)
-apply (rule while_succ_in_while_before_passive_prog.node_6)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon4)
-apply assumption+
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.outEdges_8)
-apply (rule while_succ_in_while_before_passive_prog.outEdges_6)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_7_def while_succ_in_while_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_7)
-apply (rule while_succ_in_while_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon5_LoopDone)
-apply (assumption+)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_7))
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_7))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5_LoopHead:
-shows "(mods_contained_in (set [1,0]) while_succ_in_while_before_cfg_to_dag_prog.block_1)"
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_1_def while_succ_in_while_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_y(1)))
-apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_1)
-apply (rule while_succ_in_while_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon5_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon5_LoopHead)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_succ_in_while_before_passive_prog.block_9 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_succ_in_while_before_cfg_to_dag_prog.block_0_def while_succ_in_while_before_passive_prog.block_9_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_succ_in_while_before_cfg_to_dag_prog.node_0)
-apply (rule while_succ_in_while_before_passive_prog.node_9)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:while_succ_in_while_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=8])
-apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:while_succ_in_while_before_passive_prog.outEdges_10))
-by ((simp add:while_succ_in_while_before_passive_prog.node_10 while_succ_in_while_before_passive_prog.block_10_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_succ_in_while_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule while_succ_in_while_before_passive_prog.node_11)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding while_succ_in_while_before_passive_prog.block_11_def
-apply (rule assume_pres_normal[where ?es=while_succ_in_while_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding while_succ_in_while_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule while_succ_in_while_before_passive_prog.outEdges_11)
-apply ((simp add:while_succ_in_while_before_passive_prog.node_10 while_succ_in_while_before_passive_prog.block_10_def))
-apply (rule while_succ_in_while_before_passive_prog.outEdges_10)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A while_succ_in_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) while_succ_in_while_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_succ_in_while_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] while_succ_in_while_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_succ_in_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule while_succ_in_while_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passification_proof.thy
deleted file mode 100644
index 21eb5d0..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passification_proof.thy
+++ /dev/null
@@ -1,385 +0,0 @@
-theory while_succ_in_while_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util while_succ_in_while_before_ast_to_cfg_prog while_succ_in_while_passive_prog Boogie_Lang.PassificationML while_succ_in_while_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_succ_in_while_before_passive_prog.block_0_def while_succ_in_while_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(1,(Inl 8))]) R_old while_succ_in_while_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_succ_in_while_before_passive_prog.block_1_def while_succ_in_while_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_y(2) while_succ_in_while_passive_prog.l_y_3(2)))
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_succ_in_while_before_passive_prog.block_2_def while_succ_in_while_passive_prog.block_2_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_succ_in_while_before_passive_prog.block_3_def while_succ_in_while_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(1,(Inl 7))]) R_old while_succ_in_while_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_succ_in_while_before_passive_prog.block_4_def while_succ_in_while_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_y(2) while_succ_in_while_passive_prog.l_y_2(2)))
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old while_succ_in_while_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_succ_in_while_before_passive_prog.block_5_def while_succ_in_while_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_x(2) while_succ_in_while_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_succ_in_while_before_passive_prog.block_6_def while_succ_in_while_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_succ_in_while_before_passive_prog.block_7_def while_succ_in_while_passive_prog.block_7_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4,5] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4,5])) (update_nstate_rel R [(1,(Inl 4)),(0,(Inl 5))]) R_old while_succ_in_while_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_succ_in_while_before_passive_prog.block_8_def while_succ_in_while_passive_prog.block_8_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_y(2) while_succ_in_while_passive_prog.l_y_1(2)))
-apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_x(2) while_succ_in_while_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old while_succ_in_while_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_succ_in_while_before_passive_prog.block_9_def while_succ_in_while_passive_prog.block_9_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_x(2) while_succ_in_while_passive_prog.l_x_0(2)))
-apply ((simp add:while_succ_in_while_before_ast_to_cfg_prog.l_y(2) while_succ_in_while_passive_prog.l_y_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_succ_in_while_before_passive_prog.block_10_def while_succ_in_while_passive_prog.block_10_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.block_11 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_succ_in_while_passive_prog.block_11 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_succ_in_while_before_passive_prog.block_11_def while_succ_in_while_passive_prog.block_11_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_0},@{thm while_succ_in_while_before_passive_prog.outEdges_0}) (@{thm while_succ_in_while_passive_prog.node_0},@{thm while_succ_in_while_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_succ_in_while_before_passive_prog.node_1},@{thm while_succ_in_while_before_passive_prog.outEdges_1}) (@{thm while_succ_in_while_passive_prog.node_1},@{thm while_succ_in_while_passive_prog.outEdges_1}) @{thm block_anon6_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_2},@{thm while_succ_in_while_before_passive_prog.outEdges_2}) (@{thm while_succ_in_while_passive_prog.node_2},@{thm while_succ_in_while_passive_prog.outEdges_2}) @{thm block_anon3} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_succ_in_while_before_passive_prog.node_3},@{thm while_succ_in_while_before_passive_prog.outEdges_3}) (@{thm while_succ_in_while_passive_prog.node_3},@{thm while_succ_in_while_passive_prog.outEdges_3}) @{thm block_anon6_LoopDone} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_4},@{thm while_succ_in_while_before_passive_prog.outEdges_4}) (@{thm while_succ_in_while_passive_prog.node_4},@{thm while_succ_in_while_passive_prog.outEdges_4}) @{thm block_anon6_LoopHead} [
-@{thm cfg_block_anon6_LoopDone}, 
-@{thm cfg_block_anon6_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_succ_in_while_before_passive_prog.node_5},@{thm while_succ_in_while_before_passive_prog.outEdges_5}) (@{thm while_succ_in_while_passive_prog.node_5},@{thm while_succ_in_while_passive_prog.outEdges_5}) @{thm block_anon5_LoopBody} [
-@{thm cfg_block_anon6_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_succ_in_while_before_passive_prog.node_6},@{thm while_succ_in_while_before_passive_prog.outEdges_6}) (@{thm while_succ_in_while_passive_prog.node_6},@{thm while_succ_in_while_passive_prog.outEdges_6}) @{thm block_anon4} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_succ_in_while_before_passive_prog.node_7},@{thm while_succ_in_while_before_passive_prog.outEdges_7}) (@{thm while_succ_in_while_passive_prog.node_7},@{thm while_succ_in_while_passive_prog.outEdges_7}) @{thm block_anon5_LoopDone} [
-@{thm cfg_block_anon4}] 1\<close>))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_8},@{thm while_succ_in_while_before_passive_prog.outEdges_8}) (@{thm while_succ_in_while_passive_prog.node_8},@{thm while_succ_in_while_passive_prog.outEdges_8}) @{thm block_anon5_LoopHead} [
-@{thm cfg_block_anon5_LoopDone}, 
-@{thm cfg_block_anon5_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_9},@{thm while_succ_in_while_before_passive_prog.outEdges_9}) (@{thm while_succ_in_while_passive_prog.node_9},@{thm while_succ_in_while_passive_prog.outEdges_9}) @{thm block_anon0} [
-@{thm cfg_block_anon5_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_10},@{thm while_succ_in_while_before_passive_prog.outEdges_10}) (@{thm while_succ_in_while_passive_prog.node_10},@{thm while_succ_in_while_passive_prog.outEdges_10}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_succ_in_while_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body u (Inl 11)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_succ_in_while_before_passive_prog.node_11},@{thm while_succ_in_while_before_passive_prog.outEdges_11}) (@{thm while_succ_in_while_passive_prog.node_11},@{thm while_succ_in_while_passive_prog.outEdges_11}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_before_ast_to_cfg_prog.params_vdecls while_succ_in_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_succ_in_while_before_passive_prog.proc_body ((Inl 11),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A while_succ_in_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls ns while_succ_in_while_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv while_succ_in_while_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding while_succ_in_while_passive_prog.params_vdecls_def while_succ_in_while_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using while_succ_in_while_before_passive_prog.globals_locals_disj apply auto[1]
-using while_succ_in_while_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] while_succ_in_while_passive_prog.proc_body u (Inl 11)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range while_succ_in_while_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] while_succ_in_while_passive_prog.proc_body ((Inl 11),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from while_succ_in_while_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passive_prog.thy
deleted file mode 100644
index bce6ab9..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_passive_prog.thy
+++ /dev/null
@@ -1,248 +0,0 @@
-theory while_succ_in_while_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util while_succ_in_while_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 7) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 8) Eq (BinOp (Var 7) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 7)))]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 5) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 6) Eq (BinOp (Var 5) Sub (Lit (LInt 1)))))]"
-definition block_6
-  where
-    "block_6  = [(Assert (BinOp (Var 5) Eq (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 5)))]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[3,1],[4],[0],[6],[7,5],[8],[9],[10]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 11,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding while_succ_in_while_passive_prog.params_vdecls_def while_succ_in_while_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)))) = {})"
-unfolding while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls_def while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_3:
-shows "((map_of (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_3:
-shows "((lookup_var_decl ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_vcphase_proof.thy
deleted file mode 100644
index 2455790..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/complete_bigblock_loop_in_loop_proofs/while_succ_in_while_proofs/while_succ_in_while_vcphase_proof.thy
+++ /dev/null
@@ -1,423 +0,0 @@
-theory while_succ_in_while_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML while_succ_in_while_passive_prog while_succ_in_while_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon6_LoopBody
-  where
-    "vc_anon6_LoopBody  = True"
-definition vc_anon3
-  where
-    "vc_anon3  = True"
-definition vc_anon6_LoopDone
-  where
-    "vc_anon6_LoopDone y_2 = (((0::int) \<ge> y_2) \<longrightarrow> (vc_anon3 ))"
-definition vc_anon5_LoopBody
-  where
-    "vc_anon5_LoopBody x_1 x_2 y_2 = (((x_1 > (0::int)) \<and> (x_2 = (x_1 - (1::int)))) \<longrightarrow> ((vc_anon6_LoopDone y_2) \<and> (vc_anon6_LoopBody )))"
-definition vc_anon4
-  where
-    "vc_anon4 x_1 = (x_1 = (0::int))"
-definition vc_anon5_LoopDone
-  where
-    "vc_anon5_LoopDone x_1 = (((0::int) \<ge> x_1) \<longrightarrow> (vc_anon4 x_1))"
-definition vc_anon0
-  where
-    "vc_anon0 x_1 x_2 y_2 = ((vc_anon5_LoopDone x_1) \<and> (vc_anon5_LoopBody x_1 x_2 y_2))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_y_2 :: "int" and vc_y_3 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_1)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_1)))" and 
-G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_2)))" and 
-G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_2)))" and 
-G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_y_3)))" and 
-G9: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9
-lemmas forall_poly_thm = forall_vc_type[OF G9]
-lemmas exists_poly_thm = exists_vc_type[OF G9]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding while_succ_in_while_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon6_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody ) \<Longrightarrow> (s' = Magic)))"
-unfolding while_succ_in_while_passive_prog.block_1_def vc.vc_anon6_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon3_hints = [
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon3AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 ) \<Longrightarrow> (s' = Magic)))"
-unfolding while_succ_in_while_passive_prog.block_2_def vc.vc_anon3_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon6_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 )))))))"
-unfolding while_succ_in_while_passive_prog.block_3_def vc.vc_anon6_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon6_LoopDone vc_y_2) \<and> (vc.vc_anon6_LoopBody ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_y_2) \<and> (vc.vc_anon6_LoopBody ))))))"
-using assms
-unfolding while_succ_in_while_passive_prog.block_4_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon5_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_y_2) \<and> (vc.vc_anon6_LoopBody ))))))))"
-unfolding while_succ_in_while_passive_prog.block_5_def vc.vc_anon5_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon4AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding while_succ_in_while_passive_prog.block_6_def vc.vc_anon4_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_1)))))))"
-unfolding while_succ_in_while_passive_prog.block_7_def vc.vc_anon5_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_8 (Normal n_s) s')" and 
-"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))))))"
-using assms
-unfolding while_succ_in_while_passive_prog.block_8_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_9 (Normal n_s) s')" and 
-"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))))))"
-using assms
-unfolding while_succ_in_while_passive_prog.block_9_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_10 (Normal n_s) s')" and 
-"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))))))"
-using assms
-unfolding while_succ_in_while_passive_prog.block_10_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.block_11 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding while_succ_in_while_passive_prog.block_11_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) while_succ_in_while_passive_prog.node_0 while_succ_in_while_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopBody )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) while_succ_in_while_passive_prog.node_1])
-by (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) while_succ_in_while_passive_prog.node_2])
-by (erule block_anon3AA0[OF _ assms(2)])
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopDone vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_3])
-apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:while_succ_in_while_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon6_LoopDone vc_y_2) \<and> (vc.vc_anon6_LoopBody ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_4])
-apply (erule block_anon6_LoopHead[OF _ assms(2)])
-apply ((simp add:while_succ_in_while_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_5])
-apply (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:while_succ_in_while_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) while_succ_in_while_passive_prog.node_6])
-apply (erule block_anon4AA0[OF _ assms(2)])
-apply ((simp add:while_succ_in_while_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopDone vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_7])
-apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:while_succ_in_while_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_8])
-apply (erule block_anon5_LoopHead[OF _ assms(2)])
-apply ((simp add:while_succ_in_while_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_9])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:while_succ_in_while_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2 vc_y_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_10])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:while_succ_in_while_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_succ_in_while_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_succ_in_while_passive_prog.node_11])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:while_succ_in_while_passive_prog.outEdges_11))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls)) \<Gamma> [] while_succ_in_while_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_y_3::int). (vc.vc_anon0 vc_x_1 vc_x_2 vc_y_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A while_succ_in_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) while_succ_in_while_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls while_succ_in_while_before_ast_to_cfg_prog.globals_vdecls),(append while_succ_in_while_passive_prog.params_vdecls while_succ_in_while_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((while_succ_in_while_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_x])
-apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_y])
-apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_3:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_succ_in_while_passive_prog.m_y_3])
-apply (subst lookup_var_local[OF while_succ_in_while_passive_prog.m_y_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (rule HOL.conjunct1[OF sc_y_3])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/ROOT
deleted file mode 100644
index 7aa5836..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session consecutive_ifs_proofs = Boogie_Lang + 
-directories consecutive_ifs_proofs
-theories
-global_data
-"consecutive_ifs_proofs/consecutive_ifs_passive_prog"
-"consecutive_ifs_proofs/consecutive_ifs_before_passive_prog"
-"consecutive_ifs_proofs/consecutive_ifs_vcphase_proof"
-"consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog"
-"consecutive_ifs_proofs/consecutive_ifs_before_ast_to_cfg_prog"
-"consecutive_ifs_proofs/consecutive_ifs_passification_proof"
-"consecutive_ifs_proofs/consecutive_ifs_asttocfg_proof"
-"consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_asttocfg_proof.thy
deleted file mode 100644
index 5fec503..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_asttocfg_proof.thy
+++ /dev/null
@@ -1,449 +0,0 @@
-theory consecutive_ifs_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_ifs_before_ast_to_cfg_prog consecutive_ifs_before_cfg_to_dag_prog consecutive_ifs_cfgtodag_proof consecutive_ifs_passification_proof consecutive_ifs_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A consecutive_ifs_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_5 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_5_def consecutive_ifs_before_cfg_to_dag_prog.block_5_def)
-apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.block_5_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.block_5_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_5_def)+)
-done
-
-
-lemma global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_ifs_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (simp)
-apply (rule cont_5_def)
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_5)
-apply (rule disjI1)
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.block_5_def)
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_5)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_5)
-apply (rule rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_5)
-apply assumption+
-
-done
-qed
-
-lemma rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_4_def consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.block_4_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_4_def)+)
-done
-
-
-lemma global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_ifs_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (simp)
-apply (rule cont_4_def)
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_4)
-apply (rule disjI1)
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.block_4_def)
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_4)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_4)
-apply (rule rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_4)
-apply assumption+
-
-done
-qed
-
-lemma global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_ifs_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Invs[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_3_def)
-
-apply (rule astTrace)
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_3_def)
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_3)
-apply (rule disjI1)
-
-
-
-apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_3_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-
-
-
-
-
-
-apply (rule disjE, simp)
-apply ((erule allE[where x = 4])+)
-apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply blast+
-
-
-
-
-
-
-apply ((erule allE[where x = 5])+)
-apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_5)
-apply (simp add: cont_3_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_ifs_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_2_def)
-
-apply (rule astTrace)
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_2)
-
-
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
-unfolding consecutive_ifs_before_cfg_to_dag_prog.block_1_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_1_def)
-apply ((simp add: assms(3) consecutive_ifs_before_ast_to_cfg_prog.bigblock_1_def)+)
-done
-
-
-lemma global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_ifs_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_1_def)
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_1)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.block_1_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_1_def)
-apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_1)
-apply (rule rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_1)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_0_def consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_ifs_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of consecutive_ifs_before_ast_to_cfg_prog.bigblock_0 _ consecutive_ifs_before_cfg_to_dag_prog.block_0])
-apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: consecutive_ifs_before_cfg_to_dag_prog.node_0)
-apply (rule rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 2])+)
-apply ((simp add: consecutive_ifs_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_0_def consecutive_ifs_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (consecutive_ifs_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_ifs_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_ifs_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_ifs_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (consecutive_ifs_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_consecutive_ifs_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.pres_def consecutive_ifs_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.pres_def consecutive_ifs_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (consecutive_ifs_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) consecutive_ifs_before_ast_to_cfg_prog.fdecls consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls consecutive_ifs_before_ast_to_cfg_prog.axioms consecutive_ifs_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding consecutive_ifs_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 consecutive_ifs_before_ast_to_cfg_prog.ast_proc_def consecutive_ifs_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 43f39d1..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,135 +0,0 @@
-theory consecutive_ifs_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BigBlock (None ) [(Assign 0 (Lit (LInt 5)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [(Assign 0 (Lit (LInt 5)))] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedIf (None ) [(BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))] [(BigBlock (None ) [(Assign 0 (UnOp UMinus (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [(Assign 0 (UnOp UMinus (Lit (LInt 1))))] (None ) (None ))"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_4
-  where
-    "cont_4  = KStop"
-definition cont_5
-  where
-    "cont_5  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KSeq bigblock_3 cont_3)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = consecutive_ifs_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_ifs_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_ifs_before_ast_to_cfg_prog.post),proc_body = (Some (consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls,consecutive_ifs_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 5cbb7e9..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,171 +0,0 @@
-theory consecutive_ifs_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (Lit (LInt 5)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assign 0 (Lit (LInt 1)))]"
-definition block_5
-  where
-    "block_5  = [(Assign 0 (UnOp UMinus (Lit (LInt 1))))]"
-definition outEdges
-  where
-    "outEdges  = [[1,2],[3],[3],[4,5],[],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [4,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls_def consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding consecutive_ifs_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_ifs_before_cfg_to_dag_prog.constants_vdecls consecutive_ifs_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_ifs_before_cfg_to_dag_prog.params_vdecls consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = consecutive_ifs_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_ifs_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_ifs_before_cfg_to_dag_prog.post),proc_body = (Some (consecutive_ifs_before_cfg_to_dag_prog.locals_vdecls,consecutive_ifs_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy
deleted file mode 100644
index 0d4ebc5..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_before_passive_prog.thy
+++ /dev/null
@@ -1,128 +0,0 @@
-theory consecutive_ifs_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_ifs_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assign 0 (Lit (LInt 1)))]"
-definition block_2
-  where
-    "block_2  = [(Assign 0 (UnOp UMinus (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (Lit (LInt 5)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_6
-  where
-    "block_6  = [(Havoc 0)]"
-definition block_7
-  where
-    "block_7  = []"
-definition block_8
-  where
-    "block_8  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[3],[4,5],[6],[7]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 8,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [4,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_ifs_before_ast_to_cfg_prog.params_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy
deleted file mode 100644
index 5fb1496..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_cfgtodag_proof.thy
+++ /dev/null
@@ -1,391 +0,0 @@
-theory consecutive_ifs_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_ifs_before_ast_to_cfg_prog consecutive_ifs_before_cfg_to_dag_prog consecutive_ifs_before_passive_prog consecutive_ifs_passification_proof consecutive_ifs_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A consecutive_ifs_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_ifs_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def consecutive_ifs_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule consecutive_ifs_before_passive_prog.node_0)
-apply simp
-unfolding consecutive_ifs_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon7_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_ifs_before_cfg_to_dag_prog.block_4_def consecutive_ifs_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_4)
-apply (rule consecutive_ifs_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon7_Then)
-apply assumption+
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_4)
-apply (rule consecutive_ifs_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon7_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_ifs_before_cfg_to_dag_prog.block_5_def consecutive_ifs_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_5)
-apply (rule consecutive_ifs_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon7_Else)
-apply assumption+
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.outEdges_5)
-apply (rule consecutive_ifs_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_ifs_before_cfg_to_dag_prog.block_3_def consecutive_ifs_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_3)
-apply (rule consecutive_ifs_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon3)
-apply (assumption+)
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon6_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_ifs_before_cfg_to_dag_prog.block_1_def consecutive_ifs_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_1)
-apply (rule consecutive_ifs_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon6_Then)
-apply (assumption+)
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon6_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_ifs_before_cfg_to_dag_prog.block_2_def consecutive_ifs_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_2)
-apply (rule consecutive_ifs_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon6_Else)
-apply (assumption+)
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_ifs_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_ifs_before_cfg_to_dag_prog.block_0_def consecutive_ifs_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_ifs_before_cfg_to_dag_prog.node_0)
-apply (rule consecutive_ifs_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:consecutive_ifs_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:consecutive_ifs_before_passive_prog.outEdges_7))
-by ((simp add:consecutive_ifs_before_passive_prog.node_7 consecutive_ifs_before_passive_prog.block_7_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_ifs_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule consecutive_ifs_before_passive_prog.node_8)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding consecutive_ifs_before_passive_prog.block_8_def
-apply (rule assume_pres_normal[where ?es=consecutive_ifs_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding consecutive_ifs_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule consecutive_ifs_before_passive_prog.outEdges_8)
-apply ((simp add:consecutive_ifs_before_passive_prog.node_7 consecutive_ifs_before_passive_prog.block_7_def))
-apply (rule consecutive_ifs_before_passive_prog.outEdges_7)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_ifs_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_ifs_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_ifs_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_ifs_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule consecutive_ifs_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy
deleted file mode 100644
index ff5edd5..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passification_proof.thy
+++ /dev/null
@@ -1,317 +0,0 @@
-theory consecutive_ifs_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_ifs_before_ast_to_cfg_prog consecutive_ifs_passive_prog Boogie_Lang.PassificationML consecutive_ifs_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_ifs_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_ifs_before_passive_prog.block_0_def consecutive_ifs_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 1)))]) R_old consecutive_ifs_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_ifs_before_passive_prog.block_1_def consecutive_ifs_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old consecutive_ifs_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_ifs_before_passive_prog.block_2_def consecutive_ifs_passive_prog.block_2_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_ifs_before_ast_to_cfg_prog.l_x(2) consecutive_ifs_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_ifs_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_ifs_before_passive_prog.block_3_def consecutive_ifs_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 5)))]) R_old consecutive_ifs_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_ifs_before_passive_prog.block_4_def consecutive_ifs_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_ifs_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_ifs_before_passive_prog.block_5_def consecutive_ifs_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old consecutive_ifs_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_ifs_before_passive_prog.block_6_def consecutive_ifs_passive_prog.block_6_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_ifs_before_ast_to_cfg_prog.l_x(2) consecutive_ifs_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_ifs_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_ifs_before_passive_prog.block_7_def consecutive_ifs_passive_prog.block_7_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_ifs_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_ifs_before_passive_prog.block_8_def consecutive_ifs_passive_prog.block_8_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_0},@{thm consecutive_ifs_before_passive_prog.outEdges_0}) (@{thm consecutive_ifs_passive_prog.node_0},@{thm consecutive_ifs_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon7_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_1},@{thm consecutive_ifs_before_passive_prog.outEdges_1}) (@{thm consecutive_ifs_passive_prog.node_1},@{thm consecutive_ifs_passive_prog.outEdges_1}) @{thm block_anon7_Then} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon7_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_2},@{thm consecutive_ifs_before_passive_prog.outEdges_2}) (@{thm consecutive_ifs_passive_prog.node_2},@{thm consecutive_ifs_passive_prog.outEdges_2}) @{thm block_anon7_Else} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_3},@{thm consecutive_ifs_before_passive_prog.outEdges_3}) (@{thm consecutive_ifs_passive_prog.node_3},@{thm consecutive_ifs_passive_prog.outEdges_3}) @{thm block_anon3} [
-@{thm cfg_block_anon7_Then}, 
-@{thm cfg_block_anon7_Else}] 1\<close>))
-
-lemma cfg_block_anon6_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_ifs_before_passive_prog.node_4},@{thm consecutive_ifs_before_passive_prog.outEdges_4}) (@{thm consecutive_ifs_passive_prog.node_4},@{thm consecutive_ifs_passive_prog.outEdges_4}) @{thm block_anon6_Then} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon6_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_ifs_before_passive_prog.node_5},@{thm consecutive_ifs_before_passive_prog.outEdges_5}) (@{thm consecutive_ifs_passive_prog.node_5},@{thm consecutive_ifs_passive_prog.outEdges_5}) @{thm block_anon6_Else} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_6},@{thm consecutive_ifs_before_passive_prog.outEdges_6}) (@{thm consecutive_ifs_passive_prog.node_6},@{thm consecutive_ifs_passive_prog.outEdges_6}) @{thm block_anon0} [
-@{thm cfg_block_anon6_Then}, 
-@{thm cfg_block_anon6_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_7},@{thm consecutive_ifs_before_passive_prog.outEdges_7}) (@{thm consecutive_ifs_passive_prog.node_7},@{thm consecutive_ifs_passive_prog.outEdges_7}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_ifs_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_ifs_before_passive_prog.node_8},@{thm consecutive_ifs_before_passive_prog.outEdges_8}) (@{thm consecutive_ifs_passive_prog.node_8},@{thm consecutive_ifs_passive_prog.outEdges_8}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_before_ast_to_cfg_prog.params_vdecls consecutive_ifs_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_before_passive_prog.proc_body ((Inl 8),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_ifs_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls ns consecutive_ifs_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv consecutive_ifs_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding consecutive_ifs_passive_prog.params_vdecls_def consecutive_ifs_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using consecutive_ifs_before_passive_prog.globals_locals_disj apply auto[1]
-using consecutive_ifs_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] consecutive_ifs_passive_prog.proc_body u (Inl 8)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range consecutive_ifs_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] consecutive_ifs_passive_prog.proc_body ((Inl 8),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from consecutive_ifs_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy
deleted file mode 100644
index 19d0f85..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_passive_prog.thy
+++ /dev/null
@@ -1,161 +0,0 @@
-theory consecutive_ifs_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_ifs_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 2) Eq (UnOp UMinus (Lit (LInt 1)))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = []"
-definition block_8
-  where
-    "block_8  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[3],[4,5],[6],[7]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 8,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [4,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_ifs_passive_prog.params_vdecls_def consecutive_ifs_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)))) = {})"
-unfolding consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls_def consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy
deleted file mode 100644
index dfde2fa..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/consecutive_ifs_proofs/consecutive_ifs_vcphase_proof.thy
+++ /dev/null
@@ -1,297 +0,0 @@
-theory consecutive_ifs_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML consecutive_ifs_passive_prog consecutive_ifs_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3
-lemmas forall_poly_thm = forall_vc_type[OF G3]
-lemmas exists_poly_thm = exists_vc_type[OF G3]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding consecutive_ifs_passive_prog.block_0_def
-apply cases
-by auto
-
-lemma block_anon7_Then:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_1 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding consecutive_ifs_passive_prog.block_1_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon7_Else_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon7_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding consecutive_ifs_passive_prog.block_2_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_3 (Normal n_s) s')" and 
-"(vc.vc_anon0 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
-using assms
-unfolding consecutive_ifs_passive_prog.block_3_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon6_Then_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon6_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
-unfolding consecutive_ifs_passive_prog.block_4_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_Else_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon6_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
-unfolding consecutive_ifs_passive_prog.block_5_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_6 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding consecutive_ifs_passive_prog.block_6_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_7 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding consecutive_ifs_passive_prog.block_7_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding consecutive_ifs_passive_prog.block_8_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) consecutive_ifs_passive_prog.node_0 consecutive_ifs_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon7_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) consecutive_ifs_passive_prog.node_1])
-apply (erule block_anon7_Then)
-apply ((simp add:consecutive_ifs_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) consecutive_ifs_passive_prog.node_2])
-apply (erule block_anon7_ElseAA0[OF _ assms(2)])
-apply ((simp add:consecutive_ifs_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_ifs_passive_prog.node_3])
-apply (erule block_anon3[OF _ assms(2)])
-apply ((simp add:consecutive_ifs_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_ifs_passive_prog.node_4])
-apply (erule block_anon6_ThenAA0[OF _ assms(2)])
-apply ((simp add:consecutive_ifs_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_ifs_passive_prog.node_5])
-apply (erule block_anon6_ElseAA0[OF _ assms(2)])
-apply ((simp add:consecutive_ifs_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_ifs_passive_prog.node_6])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:consecutive_ifs_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_ifs_passive_prog.node_7])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:consecutive_ifs_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_ifs_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_ifs_passive_prog.node_8])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:consecutive_ifs_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls)) \<Gamma> [] consecutive_ifs_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_ifs_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) consecutive_ifs_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls consecutive_ifs_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_ifs_passive_prog.params_vdecls consecutive_ifs_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((consecutive_ifs_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_ifs_passive_prog.m_x])
-apply (subst lookup_var_local[OF consecutive_ifs_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_ifs_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF consecutive_ifs_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_ifs_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF consecutive_ifs_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_ifs_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/ROOT
deleted file mode 100644
index 917e282..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session consecutive_loops_in_loop_2_proofs = Boogie_Lang + 
-directories consecutive_loops_in_loop_2_proofs
-theories
-global_data
-"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_vcphase_proof"
-"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_cfg_to_dag_prog"
-"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passification_proof"
-"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_asttocfg_proof"
-"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_passive_prog"
-"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_cfgtodag_proof"
-"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passive_prog"
-"consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_ast_to_cfg_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_asttocfg_proof.thy
deleted file mode 100644
index 063a02e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_asttocfg_proof.thy
+++ /dev/null
@@ -1,774 +0,0 @@
-theory consecutive_loops_in_loop_2_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_loops_in_loop_2_before_ast_to_cfg_prog consecutive_loops_in_loop_2_before_cfg_to_dag_prog consecutive_loops_in_loop_2_cfgtodag_proof consecutive_loops_in_loop_2_passification_proof consecutive_loops_in_loop_2_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_9:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9])
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12_def)
-apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_9:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9,cont_9,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 12),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 12),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9])
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_9_def)
-apply (simp)
-apply (simp)
-apply (rule cont_9_def)
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_12)
-apply (rule disjI1)
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12_def)
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_12)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_12)
-apply (rule rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_9)
-apply assumption+
-
-done
-qed
-
-lemma rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_8:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8])
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10_def)
-apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_8:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8])
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8_def)
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_10)
-apply (rule disjI1)
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_8_def)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_10)
-apply (rule rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_8)
-apply assumption
-apply (simp)
-apply ((erule allE[where x=1])+)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_10)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_7:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 1))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7])
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8_def)
-apply ((simp add: assms(3) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_7:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 1))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6 cont_6 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 7 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7])
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7_def)
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_8)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_7_def)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_8)
-apply (rule rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_7)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=7])+)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_8)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_6_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6 _ _ _ consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7])
-apply (simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6])
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6_def)+)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_7)+)
-apply (rule cont_6_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 8])+)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_7)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_7)
-apply (simp add: cont_6_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_6_def cont_7_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 9])+)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_7)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_8)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_9)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_9_def)
-apply (rule neg_lt)
-apply (simp)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_9)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_9)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_9_def)
-apply (rule neg_lt)
-apply (simp)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_9)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_5_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_6)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_6_def cont_5_def cont_6_def)
-apply (rule correctness_propagates_through_empty)
-using assms(2)
-apply blast
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_6)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_6_def)
-
-
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_6)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_empty2)
-using assms(3)
-apply blast
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_6)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_6_def)
-
-
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_6)
-apply (simp add: member_rec)
-apply ((simp)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule strictly_smaller_helper2)
-apply ((simp)+)
-done
-
-lemma rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: assms(3) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3 cont_3 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 3 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_4)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_4_def)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_4)
-apply (rule rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_4)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=3])+)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3 _ _ _ consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3])
-apply (simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3])
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3_def)+)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_3)+)
-apply (rule cont_3_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_3_def cont_4_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 5])+)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_5)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_5)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_5)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: assms(3) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def)
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_2)
-
-apply (rule disjI2)
-apply (rule disjI1)
-
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (simp)
-
-
-apply (rule guardHint)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_2)
-apply (rule rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def)
-apply ((simp)+)
-apply (rule guardHint)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1 _ _ _ consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1])
-apply (simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_2_def cont_2_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_5_def cont_5_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_8_def cont_8_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 11])+)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_9)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_11)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_11_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_11)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_11)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_11_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_11)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0 _ consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0])
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_0)
-apply (rule rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_x_6::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_consecutive_loops_in_loop_2_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_9] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_9_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_x_6::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.axioms consecutive_loops_in_loop_2_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.ast_proc_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 036e986..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,168 +0,0 @@
-theory consecutive_loops_in_loop_2_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 1),(Havoc 0)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 1) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 1) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 1) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_7
-  where
-    "bigblock_7  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_8
-  where
-    "bigblock_8  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))] (None ) (None ))"
-definition bigblock_9
-  where
-    "bigblock_9  = (BigBlock (None ) [(Assert (BinOp (Var 1) Eq (Lit (LInt 0))))] (None ) (None ))"
-definition cont_9
-  where
-    "cont_9  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_9 cont_9)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_9 cont_9 ))"
-definition cont_8
-  where
-    "cont_8  = (KSeq bigblock_1 cont_1)"
-definition cont_5
-  where
-    "cont_5  = (KSeq bigblock_8 cont_8)"
-definition cont_6
-  where
-    "cont_6  = (KEndBlock (KSeq bigblock_8 cont_8 ))"
-definition cont_7
-  where
-    "cont_7  = (KSeq bigblock_6 cont_6)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_5 cont_5)"
-definition cont_3
-  where
-    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_9]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post),proc_body = (Some (consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls,consecutive_loops_in_loop_2_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 96b1709..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,257 +0,0 @@
-theory consecutive_loops_in_loop_2_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 1),(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 0)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = [(Assert (BinOp (Var 0) Le (Lit (LInt 1))))]"
-definition block_8
-  where
-    "block_8  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
-definition block_9
-  where
-    "block_9  = [(Assume (BinOp (Lit (LInt 1)) Le (Var 0)))]"
-definition block_10
-  where
-    "block_10  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))]"
-definition block_11
-  where
-    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_12
-  where
-    "block_12  = [(Assert (BinOp (Var 1) Eq (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[11,2],[3],[5,4],[3],[6],[7],[9,8],[7],[10],[1],[12],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [11,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [5,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [9,8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = consecutive_loops_in_loop_2_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_loops_in_loop_2_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_loops_in_loop_2_before_cfg_to_dag_prog.post),proc_body = (Some (consecutive_loops_in_loop_2_before_cfg_to_dag_prog.locals_vdecls,consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_passive_prog.thy
deleted file mode 100644
index 11ed748..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_before_passive_prog.thy
+++ /dev/null
@@ -1,205 +0,0 @@
-theory consecutive_loops_in_loop_2_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_in_loop_2_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 1)) Le (Var 0)))]"
-definition block_5
-  where
-    "block_5  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Lit (LInt 1))))]"
-definition block_6
-  where
-    "block_6  = [(Assert (BinOp (Var 0) Le (Lit (LInt 1))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 0)))]"
-definition block_8
-  where
-    "block_8  = [(Havoc 0)]"
-definition block_9
-  where
-    "block_9  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
-definition block_10
-  where
-    "block_10  = [(Assert (BinOp (Var 1) Eq (Lit (LInt 0))))]"
-definition block_11
-  where
-    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_12
-  where
-    "block_12  = [(Havoc 1),(Havoc 0)]"
-definition block_13
-  where
-    "block_13  = [(Havoc 1),(Havoc 0)]"
-definition block_14
-  where
-    "block_14  = []"
-definition block_15
-  where
-    "block_15  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[0],[10],[11,9],[12],[13],[14]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14,block_15]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 15,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_13:
-shows "((nth (node_to_block proc_body) 13) = block_13)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_14:
-shows "((nth (node_to_block proc_body) 14) = block_14)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_15:
-shows "((nth (node_to_block proc_body) 15) = block_15)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11,9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_13:
-shows "((nth (out_edges proc_body) 13) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_14:
-shows "((nth (out_edges proc_body) 14) = [13])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_15:
-shows "((nth (out_edges proc_body) 15) = [14])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_cfgtodag_proof.thy
deleted file mode 100644
index 749c4ab..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_cfgtodag_proof.thy
+++ /dev/null
@@ -1,900 +0,0 @@
-theory consecutive_loops_in_loop_2_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_loops_in_loop_2_before_ast_to_cfg_prog consecutive_loops_in_loop_2_before_cfg_to_dag_prog consecutive_loops_in_loop_2_before_passive_prog consecutive_loops_in_loop_2_passification_proof consecutive_loops_in_loop_2_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_0)
-apply simp
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma Mods_anon8_LoopBody:
-shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4)"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_1 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_4_def consecutive_loops_in_loop_2_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_4)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon8_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon8_LoopBody)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon8_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon9_LoopBody:
-shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8)"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8_def
-by simp
-
-lemma block_anon9_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 1)))] consecutive_loops_in_loop_2_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_8_def consecutive_loops_in_loop_2_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun consecutive_loops_in_loop_2_before_ast_to_cfg_prog.funcs_wf consecutive_loops_in_loop_2_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon9_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon9_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Lit (LInt 1)))] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 7 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_8)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon9_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon9_LoopBody)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_8))
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_8))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon9_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5:
-shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10)"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10_def
-by simp
-
-lemma block_anon5:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_3 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_10_def consecutive_loops_in_loop_2_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_10)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon5)
-apply (assumption+)
-apply (rule Mods_anon5)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_10))
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_10))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon7_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon9_LoopDone:
-shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_9)"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_9_def
-by simp
-
-lemma block_anon9_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_9_def consecutive_loops_in_loop_2_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon9_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_9)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon9_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon9_LoopDone)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_9))
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_9))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon9_LoopHead:
-shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7)"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7_def
-by simp
-
-lemma block_anon9_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 1)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_7_def consecutive_loops_in_loop_2_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon9_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 1)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_7)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon9_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon9_LoopHead)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_7))
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_7))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon9_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon9_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon3:
-shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_6)"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_6_def
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 1)))] consecutive_loops_in_loop_2_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_6_def consecutive_loops_in_loop_2_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun consecutive_loops_in_loop_2_before_ast_to_cfg_prog.funcs_wf consecutive_loops_in_loop_2_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_6)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon3)
-apply (assumption+)
-apply (rule Mods_anon3)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_6))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon9_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_LoopDone:
-shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_5)"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_5_def consecutive_loops_in_loop_2_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_5)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon8_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon8_LoopDone)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_LoopHead:
-shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3)"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_3_def consecutive_loops_in_loop_2_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_3)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon8_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon8_LoopHead)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon7_LoopBody:
-shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2)"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_9 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_2_def consecutive_loops_in_loop_2_before_passive_prog.block_9_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_2)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_9)
-apply (assumption+)
-apply (rule block_anon7_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon7_LoopBody)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=8])
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon6:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_10 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_12_def consecutive_loops_in_loop_2_before_passive_prog.block_10_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 12),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_12)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_10)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon6)
-apply assumption+
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_12)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.outEdges_10)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_11 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_11 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_11 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_11_def consecutive_loops_in_loop_2_before_passive_prog.block_11_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_11)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_11)
-apply (assumption+)
-apply (rule block_anon7_LoopDone)
-apply (assumption+)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_11))
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_11))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=10])
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_11))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_LoopHead:
-shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1)"
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_12 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_12 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_1_def consecutive_loops_in_loop_2_before_passive_prog.block_12_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_y(1)))
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_1)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_12)
-apply (assumption+)
-apply (rule block_anon7_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon7_LoopHead)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=11])
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_12))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=9])
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_12))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.block_13 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_2_before_passive_prog.block_13 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_2_before_cfg_to_dag_prog.block_0_def consecutive_loops_in_loop_2_before_passive_prog.block_13_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_2_before_cfg_to_dag_prog.node_0)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_13)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:consecutive_loops_in_loop_2_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=12])
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_13))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 14),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.outEdges_14))
-by ((simp add:consecutive_loops_in_loop_2_before_passive_prog.node_14 consecutive_loops_in_loop_2_before_passive_prog.block_14_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 15),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.node_15)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_15_def
-apply (rule assume_pres_normal[where ?es=consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.outEdges_15)
-apply ((simp add:consecutive_loops_in_loop_2_before_passive_prog.node_14 consecutive_loops_in_loop_2_before_passive_prog.block_14_def))
-apply (rule consecutive_loops_in_loop_2_before_passive_prog.outEdges_14)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_x_6::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_loops_in_loop_2_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_loops_in_loop_2_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule consecutive_loops_in_loop_2_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passification_proof.thy
deleted file mode 100644
index dffc9b0..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passification_proof.thy
+++ /dev/null
@@ -1,485 +0,0 @@
-theory consecutive_loops_in_loop_2_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_in_loop_2_before_ast_to_cfg_prog consecutive_loops_in_loop_2_passive_prog Boogie_Lang.PassificationML consecutive_loops_in_loop_2_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_0_def consecutive_loops_in_loop_2_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9])) (update_nstate_rel R [(0,(Inl 9))]) R_old consecutive_loops_in_loop_2_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_1_def consecutive_loops_in_loop_2_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_4(2)))
-by simp
-
-lemma block_anon9_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [10] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [10])) (update_nstate_rel R [(0,(Inl 10))]) R_old consecutive_loops_in_loop_2_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_2_def consecutive_loops_in_loop_2_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_6(2)))
-by simp
-
-lemma block_anon5:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [11] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 8)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [11])) (update_nstate_rel R [(1,(Inl 11))]) R_old consecutive_loops_in_loop_2_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_3_def consecutive_loops_in_loop_2_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_y(2) consecutive_loops_in_loop_2_passive_prog.l_y_2(2)))
-by simp
-
-lemma block_anon9_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 8)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_4_def consecutive_loops_in_loop_2_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon9_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old consecutive_loops_in_loop_2_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_5_def consecutive_loops_in_loop_2_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_5(2)))
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_6_def consecutive_loops_in_loop_2_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_7_def consecutive_loops_in_loop_2_passive_prog.block_7_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(0,(Inl 7))]) R_old consecutive_loops_in_loop_2_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_8_def consecutive_loops_in_loop_2_passive_prog.block_8_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_3(2)))
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old consecutive_loops_in_loop_2_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_9_def consecutive_loops_in_loop_2_passive_prog.block_9_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon6:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_10_def consecutive_loops_in_loop_2_passive_prog.block_10_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_11 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_11 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_11_def consecutive_loops_in_loop_2_passive_prog.block_11_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_12 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4,5] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4,5])) (update_nstate_rel R [(1,(Inl 4)),(0,(Inl 5))]) R_old consecutive_loops_in_loop_2_passive_prog.block_12 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_12_def consecutive_loops_in_loop_2_passive_prog.block_12_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_y(2) consecutive_loops_in_loop_2_passive_prog.l_y_1(2)))
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_13 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(1,(Inl 2)),(0,(Inl 3))]) R_old consecutive_loops_in_loop_2_passive_prog.block_13 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_13_def consecutive_loops_in_loop_2_passive_prog.block_13_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_y(2) consecutive_loops_in_loop_2_passive_prog.l_y_0(2)))
-apply ((simp add:consecutive_loops_in_loop_2_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_2_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_14 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_14 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_14_def consecutive_loops_in_loop_2_passive_prog.block_14_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.block_15 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_2_passive_prog.block_15 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_2_before_passive_prog.block_15_def consecutive_loops_in_loop_2_passive_prog.block_15_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_0},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_0}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_0},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_1},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_1}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_1},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_1}) @{thm block_anon8_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon9_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 10 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_2},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_2}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_2},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_2}) @{thm block_anon9_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 8)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_3},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_3}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_3},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_3}) @{thm block_anon5} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon9_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 8)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_4},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_4}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_4},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_4}) @{thm block_anon9_LoopDone} [
-@{thm cfg_block_anon5}] 1\<close>))
-
-lemma cfg_block_anon9_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_5},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_5}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_5},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_5}) @{thm block_anon9_LoopHead} [
-@{thm cfg_block_anon9_LoopDone}, 
-@{thm cfg_block_anon9_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_6},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_6}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_6},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_6}) @{thm block_anon3} [
-@{thm cfg_block_anon9_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_7},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_7}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_7},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_7}) @{thm block_anon8_LoopDone} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_8},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_8}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_8},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_8}) @{thm block_anon8_LoopHead} [
-@{thm cfg_block_anon8_LoopDone}, 
-@{thm cfg_block_anon8_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_9},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_9}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_9},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_9}) @{thm block_anon7_LoopBody} [
-@{thm cfg_block_anon8_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon6:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_10},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_10}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_10},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_10}) @{thm block_anon6} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 11)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_11},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_11}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_11},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_11}) @{thm block_anon7_LoopDone} [
-@{thm cfg_block_anon6}] 1\<close>))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 12)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_12},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_12}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_12},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_12}) @{thm block_anon7_LoopHead} [
-@{thm cfg_block_anon7_LoopDone}, 
-@{thm cfg_block_anon7_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 13)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_13},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_13}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_13},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_13}) @{thm block_anon0} [
-@{thm cfg_block_anon7_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 14)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_14},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_14}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_14},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_14}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 15),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 15)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_2_before_passive_prog.node_15},@{thm consecutive_loops_in_loop_2_before_passive_prog.outEdges_15}) (@{thm consecutive_loops_in_loop_2_passive_prog.node_15},@{thm consecutive_loops_in_loop_2_passive_prog.outEdges_15}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_2_before_passive_prog.proc_body ((Inl 15),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_x_6::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls ns consecutive_loops_in_loop_2_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv consecutive_loops_in_loop_2_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding consecutive_loops_in_loop_2_passive_prog.params_vdecls_def consecutive_loops_in_loop_2_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using consecutive_loops_in_loop_2_before_passive_prog.globals_locals_disj apply auto[1]
-using consecutive_loops_in_loop_2_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] consecutive_loops_in_loop_2_passive_prog.proc_body u (Inl 15)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 15),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from consecutive_loops_in_loop_2_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passive_prog.thy
deleted file mode 100644
index 51b8006..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_passive_prog.thy
+++ /dev/null
@@ -1,319 +0,0 @@
-theory consecutive_loops_in_loop_2_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_in_loop_2_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 7) Gt (Lit (LInt 1)))),(Assume (BinOp (Var 9) Eq (BinOp (Var 7) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 8) Lt (Lit (LInt 1)))),(Assume (BinOp (Var 10) Eq (BinOp (Var 8) Add (Lit (LInt 1))))),(Assert (BinOp (Var 10) Le (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Var 8) Eq (Lit (LInt 1)))),(Assume (BinOp (Var 11) Eq (BinOp (Var 4) Sub (Var 8)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 1)) Le (Var 8)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 8) Le (Lit (LInt 1))))]"
-definition block_6
-  where
-    "block_6  = [(Assert (BinOp (Var 7) Le (Lit (LInt 1))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 7)))]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 6) Eq (BinOp (Var 4) Sub (Lit (LInt 1)))))]"
-definition block_10
-  where
-    "block_10  = [(Assert (BinOp (Var 4) Eq (Lit (LInt 0))))]"
-definition block_11
-  where
-    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4)))]"
-definition block_12
-  where
-    "block_12  = []"
-definition block_13
-  where
-    "block_13  = []"
-definition block_14
-  where
-    "block_14  = []"
-definition block_15
-  where
-    "block_15  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[0],[10],[11,9],[12],[13],[14]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14,block_15]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 15,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_13:
-shows "((nth (node_to_block proc_body) 13) = block_13)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_14:
-shows "((nth (node_to_block proc_body) 14) = block_14)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_15:
-shows "((nth (node_to_block proc_body) 15) = block_15)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11,9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_13:
-shows "((nth (out_edges proc_body) 13) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_14:
-shows "((nth (out_edges proc_body) 14) = [13])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_15:
-shows "((nth (out_edges proc_body) 15) = [14])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(10,(TPrim TInt),(None )),(11,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_loops_in_loop_2_passive_prog.params_vdecls_def consecutive_loops_in_loop_2_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)))) = {})"
-unfolding consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_3:
-shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_4:
-shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_5:
-shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_6:
-shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls) 11) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_3:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_4:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_4
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_5:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_5
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_6:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_6
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 11) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) 11) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_vcphase_proof.thy
deleted file mode 100644
index 4e20db9..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_proofs/consecutive_loops_in_loop_2_vcphase_proof.thy
+++ /dev/null
@@ -1,551 +0,0 @@
-theory consecutive_loops_in_loop_2_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML consecutive_loops_in_loop_2_passive_prog consecutive_loops_in_loop_2_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon8_LoopBody
-  where
-    "vc_anon8_LoopBody  = True"
-definition vc_anon9_LoopBody
-  where
-    "vc_anon9_LoopBody x_5 x_6 = (((x_5 < (1::int)) \<and> (x_6 = (x_5 + (1::int)))) \<longrightarrow> (x_6 \<le> (1::int)))"
-definition vc_anon5
-  where
-    "vc_anon5 x_5 = (x_5 = (1::int))"
-definition vc_anon9_LoopDone
-  where
-    "vc_anon9_LoopDone x_5 = (((1::int) \<le> x_5) \<longrightarrow> (vc_anon5 x_5))"
-definition vc_anon9_LoopHead
-  where
-    "vc_anon9_LoopHead x_5 x_6 = ((x_5 \<le> (1::int)) \<longrightarrow> ((vc_anon9_LoopDone x_5) \<and> (vc_anon9_LoopBody x_5 x_6)))"
-definition vc_anon3
-  where
-    "vc_anon3 x_3 x_5 x_6 = ((x_3 \<le> (1::int)) \<and> ((x_3 \<le> (1::int)) \<longrightarrow> (vc_anon9_LoopHead x_5 x_6)))"
-definition vc_anon8_LoopDone
-  where
-    "vc_anon8_LoopDone x_3 x_5 x_6 = (((1::int) \<ge> x_3) \<longrightarrow> (vc_anon3 x_3 x_5 x_6))"
-definition vc_anon7_LoopBody
-  where
-    "vc_anon7_LoopBody y_1 x_2 x_3 x_5 x_6 = (((y_1 > (0::int)) \<and> (x_2 = (y_1 - (1::int)))) \<longrightarrow> ((vc_anon8_LoopDone x_3 x_5 x_6) \<and> (vc_anon8_LoopBody )))"
-definition vc_anon6
-  where
-    "vc_anon6 y_1 = (y_1 = (0::int))"
-definition vc_anon7_LoopDone
-  where
-    "vc_anon7_LoopDone y_1 = (((0::int) \<ge> y_1) \<longrightarrow> (vc_anon6 y_1))"
-definition vc_anon0
-  where
-    "vc_anon0 y_1 x_2 x_3 x_5 x_6 = ((vc_anon7_LoopDone y_1) \<and> (vc_anon7_LoopBody y_1 x_2 x_3 x_5 x_6))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_y_0 :: "int" and vc_x_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int" and vc_x_5 :: "int" and vc_x_6 :: "int" and vc_y_2 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_y_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_1)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_1)))" and 
-G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_2)))" and 
-G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_x_3)))" and 
-G8: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_x_4)))" and 
-G9: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_5)))" and 
-G10: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_x_6)))" and 
-G11: "((lookup_var \<Lambda> n_s 11) = (Some (IntV vc_y_2)))" and 
-G12: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11 G12
-lemmas forall_poly_thm = forall_vc_type[OF G12]
-lemmas exists_poly_thm = exists_vc_type[OF G12]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding consecutive_loops_in_loop_2_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon8_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon8_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopBody ) \<Longrightarrow> (s' = Magic)))"
-unfolding consecutive_loops_in_loop_2_passive_prog.block_1_def vc.vc_anon8_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon9_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon9_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon9_LoopBody vc_x_5 vc_x_6) \<Longrightarrow> (s' = Magic)))"
-unfolding consecutive_loops_in_loop_2_passive_prog.block_2_def vc.vc_anon9_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_hints = [
-(AssertNoConj,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon5AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5 vc_x_5) \<Longrightarrow> (s' = Magic)))"
-unfolding consecutive_loops_in_loop_2_passive_prog.block_3_def vc.vc_anon5_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon9_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon9_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon9_LoopDone vc_x_5) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5 vc_x_5)))))))"
-unfolding consecutive_loops_in_loop_2_passive_prog.block_4_def vc.vc_anon9_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon9_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon9_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon9_LoopHead vc_x_5 vc_x_6) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon9_LoopDone vc_x_5) \<and> (vc.vc_anon9_LoopBody vc_x_5 vc_x_6))))))))"
-unfolding consecutive_loops_in_loop_2_passive_prog.block_5_def vc.vc_anon9_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon3_hints = [
-(AssertSub,NONE)]
-\<close>
-lemma block_anon3AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_3 vc_x_5 vc_x_6) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon9_LoopHead vc_x_5 vc_x_6)))))))"
-unfolding consecutive_loops_in_loop_2_passive_prog.block_6_def vc.vc_anon3_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon8_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopDone vc_x_3 vc_x_5 vc_x_6) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_3 vc_x_5 vc_x_6)))))))"
-unfolding consecutive_loops_in_loop_2_passive_prog.block_7_def vc.vc_anon8_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_8 (Normal n_s) s')" and 
-"((vc.vc_anon8_LoopDone vc_x_3 vc_x_5 vc_x_6) \<and> (vc.vc_anon8_LoopBody ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_LoopDone vc_x_3 vc_x_5 vc_x_6) \<and> (vc.vc_anon8_LoopBody ))))))"
-using assms
-unfolding consecutive_loops_in_loop_2_passive_prog.block_8_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon7_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon7_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_LoopDone vc_x_3 vc_x_5 vc_x_6) \<and> (vc.vc_anon8_LoopBody ))))))))"
-unfolding consecutive_loops_in_loop_2_passive_prog.block_9_def vc.vc_anon7_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon6AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_10 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6 vc_y_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding consecutive_loops_in_loop_2_passive_prog.block_10_def vc.vc_anon6_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon7_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon7_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_11 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopDone vc_y_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6 vc_y_1)))))))"
-unfolding consecutive_loops_in_loop_2_passive_prog.block_11_def vc.vc_anon7_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_12 (Normal n_s) s')" and 
-"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))))))"
-using assms
-unfolding consecutive_loops_in_loop_2_passive_prog.block_12_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_13 (Normal n_s) s')" and 
-"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))))))"
-using assms
-unfolding consecutive_loops_in_loop_2_passive_prog.block_13_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_14 (Normal n_s) s')" and 
-"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))))))"
-using assms
-unfolding consecutive_loops_in_loop_2_passive_prog.block_14_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.block_15 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding consecutive_loops_in_loop_2_passive_prog.block_15_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_0 consecutive_loops_in_loop_2_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_LoopBody )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_1])
-by (erule block_anon8_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon9_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon9_LoopBody vc_x_5 vc_x_6)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_2])
-by (erule block_anon9_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon5:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5 vc_x_5)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_3])
-by (erule block_anon5AA0[OF _ assms(2)])
-
-lemma cfg_block_anon9_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon9_LoopDone vc_x_5)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_4])
-apply (erule block_anon9_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon9_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon9_LoopHead vc_x_5 vc_x_6)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_5])
-apply (erule block_anon9_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon9_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon9_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3 vc_x_3 vc_x_5 vc_x_6)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_6])
-apply (erule block_anon3AA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon9_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_LoopDone vc_x_3 vc_x_5 vc_x_6)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_7])
-apply (erule block_anon8_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon8_LoopDone vc_x_3 vc_x_5 vc_x_6) \<and> (vc.vc_anon8_LoopBody ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_8])
-apply (erule block_anon8_LoopHead[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_9])
-apply (erule block_anon7_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6 vc_y_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_10])
-apply (erule block_anon6AA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_LoopDone vc_y_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_11])
-apply (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_11))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_12])
-apply (erule block_anon7_LoopHead[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_12))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_13])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_13))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_14])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_14))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 15),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_2_passive_prog.node_15])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_2_passive_prog.outEdges_15))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_2_passive_prog.proc_body ((Inl 15),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_x_6::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_3 vc_x_5 vc_x_6))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_loops_in_loop_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) consecutive_loops_in_loop_2_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_2_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_2_passive_prog.params_vdecls consecutive_loops_in_loop_2_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((consecutive_loops_in_loop_2_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_y])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_3])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_4])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_4])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_5:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_5])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_5])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_6:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_x_6])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_x_6])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 11) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 11)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 11))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_2_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_2_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (rule HOL.conjunct1[OF sc_x_3])
-apply (rule HOL.conjunct1[OF sc_x_4])
-apply (rule HOL.conjunct1[OF sc_x_5])
-apply (rule HOL.conjunct1[OF sc_x_6])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_2_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/ROOT
deleted file mode 100644
index 1cf7a19..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session consecutive_loops_in_loop_proofs = Boogie_Lang + 
-directories consecutive_loops_in_loop_proofs
-theories
-global_data
-"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_vcphase_proof"
-"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_cfgtodag_proof"
-"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passification_proof"
-"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_asttocfg_proof"
-"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_cfg_to_dag_prog"
-"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passive_prog"
-"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_passive_prog"
-"consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_ast_to_cfg_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_asttocfg_proof.thy
deleted file mode 100644
index 5f02b83..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_asttocfg_proof.thy
+++ /dev/null
@@ -1,746 +0,0 @@
-theory consecutive_loops_in_loop_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_loops_in_loop_before_ast_to_cfg_prog consecutive_loops_in_loop_before_cfg_to_dag_prog consecutive_loops_in_loop_cfgtodag_proof consecutive_loops_in_loop_passification_proof consecutive_loops_in_loop_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_9:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9])
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12_def)
-apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_9:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9,cont_9,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 12),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 12),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9])
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_9_def)
-apply (simp)
-apply (simp)
-apply (rule cont_9_def)
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_12)
-apply (rule disjI1)
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12_def)
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_12)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_12)
-apply (rule rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_9)
-apply assumption+
-
-done
-qed
-
-lemma rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_8:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8])
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10_def)
-apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_8:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8])
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8_def)
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_10)
-apply (rule disjI1)
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_8_def)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_10)
-apply (rule rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_8)
-apply assumption
-apply (simp)
-apply ((erule allE[where x=1])+)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_10)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_7:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 1))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7])
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8_def)
-apply ((simp add: assms(3) consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_7:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 1))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6 cont_6 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 7 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7])
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7_def)
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_8)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_7_def)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_8)
-apply (rule rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_7)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=7])+)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_8)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_6_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6 _ _ _ consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7])
-apply (simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6])
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6_def)+)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7_def consecutive_loops_in_loop_before_cfg_to_dag_prog.node_7)+)
-apply (rule cont_6_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 8])+)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_7)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_7)
-apply (simp add: cont_6_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_6_def cont_7_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 9])+)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_7)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_8)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_9)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_9_def)
-apply (rule neg_lt)
-apply (simp)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_9)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_9)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_9_def)
-apply (rule neg_lt)
-apply (simp)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_9)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_5_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_6)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_6_def cont_5_def cont_6_def)
-apply (rule correctness_propagates_through_empty)
-using assms(2)
-apply blast
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_6)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_6_def)
-
-
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_6)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_empty2)
-using assms(3)
-apply blast
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_6)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_6_def)
-
-
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_6)
-apply (simp add: member_rec)
-apply ((simp)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule strictly_smaller_helper2)
-apply ((simp)+)
-done
-
-lemma rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: assms(3) consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3 cont_3 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 3 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_4)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_4_def)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_4)
-apply (rule rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_4)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=3])+)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3 _ _ _ consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3])
-apply (simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3])
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3_def)+)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3_def consecutive_loops_in_loop_before_cfg_to_dag_prog.node_3)+)
-apply (rule cont_3_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_3_def cont_4_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 5])+)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_5)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_5)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_5)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
-apply (rule correctness_propagates_through_assumption2)
-using assms(2)
-apply blast
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_2)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_2_def)
-
-apply (rule guardHint)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_assumption4)
-using assms(3)
-apply blast
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_2)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_2_def)
-
-apply (rule guardHint)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec)
-apply ((simp)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule strictly_smaller_helper2)
-apply ((simp)+)
-done
-
-lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1 _ _ _ consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1])
-apply (simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1_def consecutive_loops_in_loop_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_2_def cont_2_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_5_def cont_5_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_8_def cont_8_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 11])+)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_9)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_11)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_11_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_11)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_11)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_11_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_11)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_in_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0 _ consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0])
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.node_0)
-apply (rule rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_loops_in_loop_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_loops_in_loop_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_consecutive_loops_in_loop_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.pres_def consecutive_loops_in_loop_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.pres_def consecutive_loops_in_loop_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_9] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (consecutive_loops_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_9_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.axioms consecutive_loops_in_loop_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 consecutive_loops_in_loop_before_ast_to_cfg_prog.ast_proc_def consecutive_loops_in_loop_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 129c0be..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,168 +0,0 @@
-theory consecutive_loops_in_loop_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 1),(Havoc 0)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 1)))) [(BinOp (Var 0) Le (Lit (LInt 1)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_7
-  where
-    "bigblock_7  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_8
-  where
-    "bigblock_8  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))] (None ) (None ))"
-definition bigblock_9
-  where
-    "bigblock_9  = (BigBlock (None ) [(Assert (BinOp (Var 1) Eq (Lit (LInt 0))))] (None ) (None ))"
-definition cont_9
-  where
-    "cont_9  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_9 cont_9)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_9 cont_9 ))"
-definition cont_8
-  where
-    "cont_8  = (KSeq bigblock_1 cont_1)"
-definition cont_5
-  where
-    "cont_5  = (KSeq bigblock_8 cont_8)"
-definition cont_6
-  where
-    "cont_6  = (KEndBlock (KSeq bigblock_8 cont_8 ))"
-definition cont_7
-  where
-    "cont_7  = (KSeq bigblock_6 cont_6)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_5 cont_5)"
-definition cont_3
-  where
-    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_9]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_loops_in_loop_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_loops_in_loop_before_ast_to_cfg_prog.post),proc_body = (Some (consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls,consecutive_loops_in_loop_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 0e5d701..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,257 +0,0 @@
-theory consecutive_loops_in_loop_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 1),(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 0)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = [(Assert (BinOp (Var 0) Le (Lit (LInt 1))))]"
-definition block_8
-  where
-    "block_8  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
-definition block_9
-  where
-    "block_9  = [(Assume (BinOp (Lit (LInt 1)) Le (Var 0)))]"
-definition block_10
-  where
-    "block_10  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0)))]"
-definition block_11
-  where
-    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_12
-  where
-    "block_12  = [(Assert (BinOp (Var 1) Eq (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[11,2],[3],[5,4],[3],[6],[7],[9,8],[7],[10],[1],[12],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [11,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [5,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [9,8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls_def consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = consecutive_loops_in_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_loops_in_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_loops_in_loop_before_cfg_to_dag_prog.post),proc_body = (Some (consecutive_loops_in_loop_before_cfg_to_dag_prog.locals_vdecls,consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_passive_prog.thy
deleted file mode 100644
index 1bec7f3..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_before_passive_prog.thy
+++ /dev/null
@@ -1,205 +0,0 @@
-theory consecutive_loops_in_loop_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_in_loop_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 1)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Var 0))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 1)) Le (Var 0)))]"
-definition block_5
-  where
-    "block_5  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Lit (LInt 1))))]"
-definition block_6
-  where
-    "block_6  = [(Assert (BinOp (Var 0) Le (Lit (LInt 1))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 0)))]"
-definition block_8
-  where
-    "block_8  = [(Havoc 0)]"
-definition block_9
-  where
-    "block_9  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
-definition block_10
-  where
-    "block_10  = [(Assert (BinOp (Var 1) Eq (Lit (LInt 0))))]"
-definition block_11
-  where
-    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_12
-  where
-    "block_12  = [(Havoc 1),(Havoc 0)]"
-definition block_13
-  where
-    "block_13  = [(Havoc 1),(Havoc 0)]"
-definition block_14
-  where
-    "block_14  = []"
-definition block_15
-  where
-    "block_15  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[0],[10],[11,9],[12],[13],[14]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14,block_15]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 15,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_13:
-shows "((nth (node_to_block proc_body) 13) = block_13)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_14:
-shows "((nth (node_to_block proc_body) 14) = block_14)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_15:
-shows "((nth (node_to_block proc_body) 15) = block_15)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11,9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_13:
-shows "((nth (out_edges proc_body) 13) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_14:
-shows "((nth (out_edges proc_body) 14) = [13])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_15:
-shows "((nth (out_edges proc_body) 15) = [14])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_cfgtodag_proof.thy
deleted file mode 100644
index 1b4468a..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_cfgtodag_proof.thy
+++ /dev/null
@@ -1,900 +0,0 @@
-theory consecutive_loops_in_loop_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_loops_in_loop_before_ast_to_cfg_prog consecutive_loops_in_loop_before_cfg_to_dag_prog consecutive_loops_in_loop_before_passive_prog consecutive_loops_in_loop_passification_proof consecutive_loops_in_loop_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_loops_in_loop_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def consecutive_loops_in_loop_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_0)
-apply simp
-unfolding consecutive_loops_in_loop_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma Mods_anon8_LoopBody:
-shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4)"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_1 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_4_def consecutive_loops_in_loop_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_4)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon8_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon8_LoopBody)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon8_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon9_LoopBody:
-shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8)"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8_def
-by simp
-
-lemma block_anon9_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 1)))] consecutive_loops_in_loop_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_8_def consecutive_loops_in_loop_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun consecutive_loops_in_loop_before_ast_to_cfg_prog.funcs_wf consecutive_loops_in_loop_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon9_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon9_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Lit (LInt 1)))] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 7 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_8)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon9_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon9_LoopBody)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_8))
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_8))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon9_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5:
-shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10)"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10_def
-by simp
-
-lemma block_anon5:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_3 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_10_def consecutive_loops_in_loop_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_10)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon5)
-apply (assumption+)
-apply (rule Mods_anon5)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_10))
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_10))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon7_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon9_LoopDone:
-shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_9)"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_9_def
-by simp
-
-lemma block_anon9_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_9_def consecutive_loops_in_loop_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon9_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_9)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon9_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon9_LoopDone)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_9))
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_9))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon9_LoopHead:
-shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7)"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7_def
-by simp
-
-lemma block_anon9_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 1)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_7_def consecutive_loops_in_loop_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon9_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 1)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_7)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon9_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon9_LoopHead)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_7))
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_7))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon9_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon9_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon3:
-shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_6)"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_6_def
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 1)))] consecutive_loops_in_loop_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_6_def consecutive_loops_in_loop_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun consecutive_loops_in_loop_before_ast_to_cfg_prog.funcs_wf consecutive_loops_in_loop_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_6)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon3)
-apply (assumption+)
-apply (rule Mods_anon3)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_6))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon9_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_LoopDone:
-shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_5)"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_5_def consecutive_loops_in_loop_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_5)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon8_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon8_LoopDone)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_LoopHead:
-shows "(mods_contained_in (set [0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3)"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_3_def consecutive_loops_in_loop_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_3)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon8_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon8_LoopHead)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon7_LoopBody:
-shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_2)"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_9 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_2_def consecutive_loops_in_loop_before_passive_prog.block_9_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body [1,0] [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_2)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_9)
-apply (assumption+)
-apply (rule block_anon7_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon7_LoopBody)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=8])
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon6:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_10 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_12_def consecutive_loops_in_loop_before_passive_prog.block_10_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 12),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_12)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_10)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon6)
-apply assumption+
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_12)
-apply (rule consecutive_loops_in_loop_before_passive_prog.outEdges_10)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_11 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_11 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_11 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_11_def consecutive_loops_in_loop_before_passive_prog.block_11_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_11)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_11)
-apply (assumption+)
-apply (rule block_anon7_LoopDone)
-apply (assumption+)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_11))
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_11))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=10])
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_11))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_LoopHead:
-shows "(mods_contained_in (set [1,0]) consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1)"
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_12 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_12 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_1_def consecutive_loops_in_loop_before_passive_prog.block_12_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_y(1)))
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_1)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_12)
-apply (assumption+)
-apply (rule block_anon7_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon7_LoopHead)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=11])
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_12))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=9])
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_12))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.block_13 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_in_loop_before_passive_prog.block_13 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_in_loop_before_cfg_to_dag_prog.block_0_def consecutive_loops_in_loop_before_passive_prog.block_13_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_in_loop_before_cfg_to_dag_prog.node_0)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_13)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:consecutive_loops_in_loop_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=12])
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_13))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 14),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.outEdges_14))
-by ((simp add:consecutive_loops_in_loop_before_passive_prog.node_14 consecutive_loops_in_loop_before_passive_prog.block_14_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 15),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_loops_in_loop_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule consecutive_loops_in_loop_before_passive_prog.node_15)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding consecutive_loops_in_loop_before_passive_prog.block_15_def
-apply (rule assume_pres_normal[where ?es=consecutive_loops_in_loop_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule consecutive_loops_in_loop_before_passive_prog.outEdges_15)
-apply ((simp add:consecutive_loops_in_loop_before_passive_prog.node_14 consecutive_loops_in_loop_before_passive_prog.block_14_def))
-apply (rule consecutive_loops_in_loop_before_passive_prog.outEdges_14)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_loops_in_loop_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_loops_in_loop_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_loops_in_loop_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule consecutive_loops_in_loop_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passification_proof.thy
deleted file mode 100644
index ebac7f0..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passification_proof.thy
+++ /dev/null
@@ -1,484 +0,0 @@
-theory consecutive_loops_in_loop_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_in_loop_before_ast_to_cfg_prog consecutive_loops_in_loop_passive_prog Boogie_Lang.PassificationML consecutive_loops_in_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_0_def consecutive_loops_in_loop_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old consecutive_loops_in_loop_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_1_def consecutive_loops_in_loop_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_passive_prog.l_x_3(2)))
-by simp
-
-lemma block_anon9_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9])) (update_nstate_rel R [(0,(Inl 9))]) R_old consecutive_loops_in_loop_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_2_def consecutive_loops_in_loop_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_passive_prog.l_x_5(2)))
-by simp
-
-lemma block_anon5:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [10] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [10])) (update_nstate_rel R [(1,(Inl 10))]) R_old consecutive_loops_in_loop_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_3_def consecutive_loops_in_loop_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_y(2) consecutive_loops_in_loop_passive_prog.l_y_2(2)))
-by simp
-
-lemma block_anon9_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_4_def consecutive_loops_in_loop_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon9_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(0,(Inl 7))]) R_old consecutive_loops_in_loop_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_5_def consecutive_loops_in_loop_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_passive_prog.l_x_4(2)))
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_6_def consecutive_loops_in_loop_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_7_def consecutive_loops_in_loop_passive_prog.block_7_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old consecutive_loops_in_loop_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_8_def consecutive_loops_in_loop_passive_prog.block_8_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_9_def consecutive_loops_in_loop_passive_prog.block_9_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_10_def consecutive_loops_in_loop_passive_prog.block_10_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_11 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_11 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_11_def consecutive_loops_in_loop_passive_prog.block_11_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_12 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4,5] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4,5])) (update_nstate_rel R [(1,(Inl 4)),(0,(Inl 5))]) R_old consecutive_loops_in_loop_passive_prog.block_12 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_12_def consecutive_loops_in_loop_passive_prog.block_12_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_y(2) consecutive_loops_in_loop_passive_prog.l_y_1(2)))
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_13 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(1,(Inl 2)),(0,(Inl 3))]) R_old consecutive_loops_in_loop_passive_prog.block_13 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_13_def consecutive_loops_in_loop_passive_prog.block_13_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_y(2) consecutive_loops_in_loop_passive_prog.l_y_0(2)))
-apply ((simp add:consecutive_loops_in_loop_before_ast_to_cfg_prog.l_x(2) consecutive_loops_in_loop_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_14 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_14 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_14_def consecutive_loops_in_loop_passive_prog.block_14_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.block_15 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_in_loop_passive_prog.block_15 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_in_loop_before_passive_prog.block_15_def consecutive_loops_in_loop_passive_prog.block_15_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_before_passive_prog.node_0},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_0}) (@{thm consecutive_loops_in_loop_passive_prog.node_0},@{thm consecutive_loops_in_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_1},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_1}) (@{thm consecutive_loops_in_loop_passive_prog.node_1},@{thm consecutive_loops_in_loop_passive_prog.outEdges_1}) @{thm block_anon8_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon9_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_2},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_2}) (@{thm consecutive_loops_in_loop_passive_prog.node_2},@{thm consecutive_loops_in_loop_passive_prog.outEdges_2}) @{thm block_anon9_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 10 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_3},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_3}) (@{thm consecutive_loops_in_loop_passive_prog.node_3},@{thm consecutive_loops_in_loop_passive_prog.outEdges_3}) @{thm block_anon5} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon9_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 10 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_4},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_4}) (@{thm consecutive_loops_in_loop_passive_prog.node_4},@{thm consecutive_loops_in_loop_passive_prog.outEdges_4}) @{thm block_anon9_LoopDone} [
-@{thm cfg_block_anon5}] 1\<close>))
-
-lemma cfg_block_anon9_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_5},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_5}) (@{thm consecutive_loops_in_loop_passive_prog.node_5},@{thm consecutive_loops_in_loop_passive_prog.outEdges_5}) @{thm block_anon9_LoopHead} [
-@{thm cfg_block_anon9_LoopDone}, 
-@{thm cfg_block_anon9_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_6},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_6}) (@{thm consecutive_loops_in_loop_passive_prog.node_6},@{thm consecutive_loops_in_loop_passive_prog.outEdges_6}) @{thm block_anon3} [
-@{thm cfg_block_anon9_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))" and 
-"((R 0) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_7},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_7}) (@{thm consecutive_loops_in_loop_passive_prog.node_7},@{thm consecutive_loops_in_loop_passive_prog.outEdges_7}) @{thm block_anon8_LoopDone} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_8},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_8}) (@{thm consecutive_loops_in_loop_passive_prog.node_8},@{thm consecutive_loops_in_loop_passive_prog.outEdges_8}) @{thm block_anon8_LoopHead} [
-@{thm cfg_block_anon8_LoopDone}, 
-@{thm cfg_block_anon8_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_9},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_9}) (@{thm consecutive_loops_in_loop_passive_prog.node_9},@{thm consecutive_loops_in_loop_passive_prog.outEdges_9}) @{thm block_anon7_LoopBody} [
-@{thm cfg_block_anon8_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon6:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_10},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_10}) (@{thm consecutive_loops_in_loop_passive_prog.node_10},@{thm consecutive_loops_in_loop_passive_prog.outEdges_10}) @{thm block_anon6} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 11)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_in_loop_before_passive_prog.node_11},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_11}) (@{thm consecutive_loops_in_loop_passive_prog.node_11},@{thm consecutive_loops_in_loop_passive_prog.outEdges_11}) @{thm block_anon7_LoopDone} [
-@{thm cfg_block_anon6}] 1\<close>))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 12)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_before_passive_prog.node_12},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_12}) (@{thm consecutive_loops_in_loop_passive_prog.node_12},@{thm consecutive_loops_in_loop_passive_prog.outEdges_12}) @{thm block_anon7_LoopHead} [
-@{thm cfg_block_anon7_LoopDone}, 
-@{thm cfg_block_anon7_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 13)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_before_passive_prog.node_13},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_13}) (@{thm consecutive_loops_in_loop_passive_prog.node_13},@{thm consecutive_loops_in_loop_passive_prog.outEdges_13}) @{thm block_anon0} [
-@{thm cfg_block_anon7_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 14)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_before_passive_prog.node_14},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_14}) (@{thm consecutive_loops_in_loop_passive_prog.node_14},@{thm consecutive_loops_in_loop_passive_prog.outEdges_14}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 15),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body u (Inl 15)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_in_loop_before_passive_prog.node_15},@{thm consecutive_loops_in_loop_before_passive_prog.outEdges_15}) (@{thm consecutive_loops_in_loop_passive_prog.node_15},@{thm consecutive_loops_in_loop_passive_prog.outEdges_15}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_before_ast_to_cfg_prog.params_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_before_passive_prog.proc_body ((Inl 15),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls ns consecutive_loops_in_loop_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv consecutive_loops_in_loop_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding consecutive_loops_in_loop_passive_prog.params_vdecls_def consecutive_loops_in_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using consecutive_loops_in_loop_before_passive_prog.globals_locals_disj apply auto[1]
-using consecutive_loops_in_loop_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] consecutive_loops_in_loop_passive_prog.proc_body u (Inl 15)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] consecutive_loops_in_loop_passive_prog.proc_body ((Inl 15),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from consecutive_loops_in_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passive_prog.thy
deleted file mode 100644
index a5b6f00..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_passive_prog.thy
+++ /dev/null
@@ -1,310 +0,0 @@
-theory consecutive_loops_in_loop_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_in_loop_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 6) Gt (Lit (LInt 1)))),(Assume (BinOp (Var 8) Eq (BinOp (Var 6) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 7) Lt (Lit (LInt 1)))),(Assume (BinOp (Var 9) Eq (BinOp (Var 7) Add (Lit (LInt 1))))),(Assert (BinOp (Var 9) Le (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Var 7) Eq (Lit (LInt 1)))),(Assume (BinOp (Var 10) Eq (BinOp (Var 4) Sub (Var 7)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 1)) Le (Var 7)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 7) Le (Lit (LInt 1))))]"
-definition block_6
-  where
-    "block_6  = [(Assert (BinOp (Var 6) Le (Lit (LInt 1))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 6)))]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0))))]"
-definition block_10
-  where
-    "block_10  = [(Assert (BinOp (Var 4) Eq (Lit (LInt 0))))]"
-definition block_11
-  where
-    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4)))]"
-definition block_12
-  where
-    "block_12  = []"
-definition block_13
-  where
-    "block_13  = []"
-definition block_14
-  where
-    "block_14  = []"
-definition block_15
-  where
-    "block_15  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[0],[10],[11,9],[12],[13],[14]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14,block_15]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 15,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_13:
-shows "((nth (node_to_block proc_body) 13) = block_13)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_14:
-shows "((nth (node_to_block proc_body) 14) = block_14)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_15:
-shows "((nth (node_to_block proc_body) 15) = block_15)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11,9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_13:
-shows "((nth (out_edges proc_body) 13) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_14:
-shows "((nth (out_edges proc_body) 14) = [13])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_15:
-shows "((nth (out_edges proc_body) 15) = [14])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(10,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_loops_in_loop_passive_prog.params_vdecls_def consecutive_loops_in_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)))) = {})"
-unfolding consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_3:
-shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_4:
-shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_5:
-shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_3:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_4:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_4
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_5:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_5
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_vcphase_proof.thy
deleted file mode 100644
index c71a81c..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_proofs/consecutive_loops_in_loop_vcphase_proof.thy
+++ /dev/null
@@ -1,543 +0,0 @@
-theory consecutive_loops_in_loop_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML consecutive_loops_in_loop_passive_prog consecutive_loops_in_loop_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon8_LoopBody
-  where
-    "vc_anon8_LoopBody  = True"
-definition vc_anon9_LoopBody
-  where
-    "vc_anon9_LoopBody x_4 x_5 = (((x_4 < (1::int)) \<and> (x_5 = (x_4 + (1::int)))) \<longrightarrow> (x_5 \<le> (1::int)))"
-definition vc_anon5
-  where
-    "vc_anon5 x_4 = (x_4 = (1::int))"
-definition vc_anon9_LoopDone
-  where
-    "vc_anon9_LoopDone x_4 = (((1::int) \<le> x_4) \<longrightarrow> (vc_anon5 x_4))"
-definition vc_anon9_LoopHead
-  where
-    "vc_anon9_LoopHead x_4 x_5 = ((x_4 \<le> (1::int)) \<longrightarrow> ((vc_anon9_LoopDone x_4) \<and> (vc_anon9_LoopBody x_4 x_5)))"
-definition vc_anon3
-  where
-    "vc_anon3 x_2 x_4 x_5 = ((x_2 \<le> (1::int)) \<and> ((x_2 \<le> (1::int)) \<longrightarrow> (vc_anon9_LoopHead x_4 x_5)))"
-definition vc_anon8_LoopDone
-  where
-    "vc_anon8_LoopDone x_2 x_4 x_5 = (((1::int) \<ge> x_2) \<longrightarrow> (vc_anon3 x_2 x_4 x_5))"
-definition vc_anon7_LoopBody
-  where
-    "vc_anon7_LoopBody y_1 x_2 x_4 x_5 = ((y_1 > (0::int)) \<longrightarrow> ((vc_anon8_LoopDone x_2 x_4 x_5) \<and> (vc_anon8_LoopBody )))"
-definition vc_anon6
-  where
-    "vc_anon6 y_1 = (y_1 = (0::int))"
-definition vc_anon7_LoopDone
-  where
-    "vc_anon7_LoopDone y_1 = (((0::int) \<ge> y_1) \<longrightarrow> (vc_anon6 y_1))"
-definition vc_anon0
-  where
-    "vc_anon0 y_1 x_2 x_4 x_5 = ((vc_anon7_LoopDone y_1) \<and> (vc_anon7_LoopBody y_1 x_2 x_4 x_5))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_y_0 :: "int" and vc_x_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int" and vc_x_5 :: "int" and vc_y_2 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_y_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_1)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_1)))" and 
-G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_2)))" and 
-G7: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_3)))" and 
-G8: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_x_4)))" and 
-G9: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_x_5)))" and 
-G10: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_y_2)))" and 
-G11: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11
-lemmas forall_poly_thm = forall_vc_type[OF G11]
-lemmas exists_poly_thm = exists_vc_type[OF G11]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding consecutive_loops_in_loop_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon8_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon8_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopBody ) \<Longrightarrow> (s' = Magic)))"
-unfolding consecutive_loops_in_loop_passive_prog.block_1_def vc.vc_anon8_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon9_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon9_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon9_LoopBody vc_x_4 vc_x_5) \<Longrightarrow> (s' = Magic)))"
-unfolding consecutive_loops_in_loop_passive_prog.block_2_def vc.vc_anon9_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_hints = [
-(AssertNoConj,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon5AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5 vc_x_4) \<Longrightarrow> (s' = Magic)))"
-unfolding consecutive_loops_in_loop_passive_prog.block_3_def vc.vc_anon5_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon9_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon9_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon9_LoopDone vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5 vc_x_4)))))))"
-unfolding consecutive_loops_in_loop_passive_prog.block_4_def vc.vc_anon9_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon9_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon9_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon9_LoopHead vc_x_4 vc_x_5) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon9_LoopDone vc_x_4) \<and> (vc.vc_anon9_LoopBody vc_x_4 vc_x_5))))))))"
-unfolding consecutive_loops_in_loop_passive_prog.block_5_def vc.vc_anon9_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon3_hints = [
-(AssertSub,NONE)]
-\<close>
-lemma block_anon3AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_2 vc_x_4 vc_x_5) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon9_LoopHead vc_x_4 vc_x_5)))))))"
-unfolding consecutive_loops_in_loop_passive_prog.block_6_def vc.vc_anon3_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon8_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopDone vc_x_2 vc_x_4 vc_x_5) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_2 vc_x_4 vc_x_5)))))))"
-unfolding consecutive_loops_in_loop_passive_prog.block_7_def vc.vc_anon8_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_8 (Normal n_s) s')" and 
-"((vc.vc_anon8_LoopDone vc_x_2 vc_x_4 vc_x_5) \<and> (vc.vc_anon8_LoopBody ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_LoopDone vc_x_2 vc_x_4 vc_x_5) \<and> (vc.vc_anon8_LoopBody ))))))"
-using assms
-unfolding consecutive_loops_in_loop_passive_prog.block_8_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon7_LoopBody_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon7_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_LoopDone vc_x_2 vc_x_4 vc_x_5) \<and> (vc.vc_anon8_LoopBody ))))))))"
-unfolding consecutive_loops_in_loop_passive_prog.block_9_def vc.vc_anon7_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon6AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_10 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6 vc_y_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding consecutive_loops_in_loop_passive_prog.block_10_def vc.vc_anon6_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon7_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon7_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_11 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopDone vc_y_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6 vc_y_1)))))))"
-unfolding consecutive_loops_in_loop_passive_prog.block_11_def vc.vc_anon7_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_12 (Normal n_s) s')" and 
-"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))))))"
-using assms
-unfolding consecutive_loops_in_loop_passive_prog.block_12_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_13 (Normal n_s) s')" and 
-"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))))))"
-using assms
-unfolding consecutive_loops_in_loop_passive_prog.block_13_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_14 (Normal n_s) s')" and 
-"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))))))"
-using assms
-unfolding consecutive_loops_in_loop_passive_prog.block_14_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.block_15 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding consecutive_loops_in_loop_passive_prog.block_15_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) consecutive_loops_in_loop_passive_prog.node_0 consecutive_loops_in_loop_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_LoopBody )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_in_loop_passive_prog.node_1])
-by (erule block_anon8_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon9_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon9_LoopBody vc_x_4 vc_x_5)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_in_loop_passive_prog.node_2])
-by (erule block_anon9_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon5:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5 vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_in_loop_passive_prog.node_3])
-by (erule block_anon5AA0[OF _ assms(2)])
-
-lemma cfg_block_anon9_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon9_LoopDone vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_4])
-apply (erule block_anon9_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon9_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon9_LoopHead vc_x_4 vc_x_5)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_5])
-apply (erule block_anon9_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon9_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon9_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3 vc_x_2 vc_x_4 vc_x_5)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_6])
-apply (erule block_anon3AA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon9_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_LoopDone vc_x_2 vc_x_4 vc_x_5)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_7])
-apply (erule block_anon8_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon8_LoopDone vc_x_2 vc_x_4 vc_x_5) \<and> (vc.vc_anon8_LoopBody ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_8])
-apply (erule block_anon8_LoopHead[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_9])
-apply (erule block_anon7_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6 vc_y_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) consecutive_loops_in_loop_passive_prog.node_10])
-apply (erule block_anon6AA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_LoopDone vc_y_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_11])
-apply (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_11))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_12])
-apply (erule block_anon7_LoopHead[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_12))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_13])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_13))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon7_LoopDone vc_y_1) \<and> (vc.vc_anon7_LoopBody vc_y_1 vc_x_2 vc_x_4 vc_x_5))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_14])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_14))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_in_loop_passive_prog.proc_body ((Inl 15),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_in_loop_passive_prog.node_15])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_in_loop_passive_prog.outEdges_15))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_in_loop_passive_prog.proc_body ((Inl 15),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_y_0::int) (vc_x_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_x_5::int) (vc_y_2::int). (vc.vc_anon0 vc_y_1 vc_x_2 vc_x_4 vc_x_5))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_loops_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) consecutive_loops_in_loop_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_in_loop_passive_prog.params_vdecls consecutive_loops_in_loop_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((consecutive_loops_in_loop_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_y])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x_3])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x_4])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x_4])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_5:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_x_5])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_x_5])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_in_loop_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF consecutive_loops_in_loop_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (rule HOL.conjunct1[OF sc_x_3])
-apply (rule HOL.conjunct1[OF sc_x_4])
-apply (rule HOL.conjunct1[OF sc_x_5])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_in_loop_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/ROOT
deleted file mode 100644
index c24baea..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session consecutive_loops_proofs = Boogie_Lang + 
-directories consecutive_loops_proofs
-theories
-global_data
-"consecutive_loops_proofs/consecutive_loops_before_ast_to_cfg_prog"
-"consecutive_loops_proofs/consecutive_loops_asttocfg_proof"
-"consecutive_loops_proofs/consecutive_loops_before_cfg_to_dag_prog"
-"consecutive_loops_proofs/consecutive_loops_before_passive_prog"
-"consecutive_loops_proofs/consecutive_loops_passification_proof"
-"consecutive_loops_proofs/consecutive_loops_cfgtodag_proof"
-"consecutive_loops_proofs/consecutive_loops_passive_prog"
-"consecutive_loops_proofs/consecutive_loops_vcphase_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_asttocfg_proof.thy
deleted file mode 100644
index 67fb4b8..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_asttocfg_proof.thy
+++ /dev/null
@@ -1,537 +0,0 @@
-theory consecutive_loops_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_loops_before_ast_to_cfg_prog consecutive_loops_before_cfg_to_dag_prog consecutive_loops_cfgtodag_proof consecutive_loops_passification_proof consecutive_loops_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A consecutive_loops_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_6_def consecutive_loops_before_cfg_to_dag_prog.block_8_def)
-apply ((simp add: consecutive_loops_before_cfg_to_dag_prog.block_8_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: consecutive_loops_before_cfg_to_dag_prog.block_8_def consecutive_loops_before_ast_to_cfg_prog.bigblock_6_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (simp)
-apply (rule cont_6_def)
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_8)
-apply (rule disjI1)
-apply (rule consecutive_loops_before_cfg_to_dag_prog.block_8_def)
-apply (rule consecutive_loops_before_cfg_to_dag_prog.outEdges_8)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_8)
-apply (rule rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_6)
-apply assumption+
-
-done
-qed
-
-lemma rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_6_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_6_def)
-apply ((simp add: assms(3) consecutive_loops_before_ast_to_cfg_prog.bigblock_5_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_before_ast_to_cfg_prog.bigblock_4 cont_4 consecutive_loops_before_cfg_to_dag_prog.proc_body 5 consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_5_def)
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_6)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule consecutive_loops_before_cfg_to_dag_prog.block_6_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_5_def)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_6)
-apply (rule rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_5)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=5])+)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_6)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_4_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of consecutive_loops_before_ast_to_cfg_prog.bigblock_4 _ _ _ consecutive_loops_before_cfg_to_dag_prog.block_5])
-apply (simp add:consecutive_loops_before_ast_to_cfg_prog.bigblock_4_def consecutive_loops_before_cfg_to_dag_prog.block_5_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:consecutive_loops_before_ast_to_cfg_prog.bigblock_4_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of consecutive_loops_before_ast_to_cfg_prog.bigblock_4])
-apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.bigblock_4_def)+)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.block_5_def consecutive_loops_before_cfg_to_dag_prog.node_5)+)
-apply (rule cont_4_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 6])+)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_5)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_5)
-apply (simp add: cont_4_def consecutive_loops_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_4_def cont_5_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 7])+)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_5)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_6)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_7)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_7_def)
-apply (rule neg_lt)
-apply (simp)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_7)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_7)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_7_def)
-apply (rule neg_lt)
-apply (simp)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_7)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_3_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_4_def cont_3_def cont_4_def)
-apply (rule correctness_propagates_through_empty)
-using assms(2)
-apply blast
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_4)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_4_def)
-
-
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_empty2)
-using assms(3)
-apply blast
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_4)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_4_def)
-
-
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec)
-apply ((simp)+)
-done
-
-lemma rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: assms(3) consecutive_loops_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T consecutive_loops_before_ast_to_cfg_prog.bigblock_1 cont_1 consecutive_loops_before_cfg_to_dag_prog.proc_body 1 consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule consecutive_loops_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_2)
-apply (rule rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_2)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=1])+)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of consecutive_loops_before_ast_to_cfg_prog.bigblock_1 _ _ _ consecutive_loops_before_cfg_to_dag_prog.block_1])
-apply (simp add:consecutive_loops_before_ast_to_cfg_prog.bigblock_1_def consecutive_loops_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:consecutive_loops_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of consecutive_loops_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.block_1_def consecutive_loops_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def consecutive_loops_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_3)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_3)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_3_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_3)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_3)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_3_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_3)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: consecutive_loops_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: consecutive_loops_before_cfg_to_dag_prog.block_0_def consecutive_loops_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end consecutive_loops_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of consecutive_loops_before_ast_to_cfg_prog.bigblock_0 _ consecutive_loops_before_cfg_to_dag_prog.block_0])
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_0_def consecutive_loops_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_0_def)
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: consecutive_loops_before_cfg_to_dag_prog.node_0)
-apply (rule rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: consecutive_loops_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (consecutive_loops_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_loops_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_loops_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_loops_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_loops_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (consecutive_loops_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_consecutive_loops_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def consecutive_loops_before_ast_to_cfg_prog.pres_def consecutive_loops_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def consecutive_loops_before_ast_to_cfg_prog.pres_def consecutive_loops_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3,bigblock_6] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (consecutive_loops_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def cont_6_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) consecutive_loops_before_ast_to_cfg_prog.fdecls consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls consecutive_loops_before_ast_to_cfg_prog.axioms consecutive_loops_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding consecutive_loops_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 consecutive_loops_before_ast_to_cfg_prog.ast_proc_def consecutive_loops_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_ast_to_cfg_prog.thy
deleted file mode 100644
index f552fbb..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,141 +0,0 @@
-theory consecutive_loops_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) [(BinOp (Var 0) Le (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) [(BinOp (Var 0) Le (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] (None ) (None ))"
-definition cont_6
-  where
-    "cont_6  = KStop"
-definition cont_3
-  where
-    "cont_3  = (KSeq bigblock_6 cont_6)"
-definition cont_4
-  where
-    "cont_4  = (KEndBlock (KSeq bigblock_6 cont_6 ))"
-definition cont_5
-  where
-    "cont_5  = (KSeq bigblock_4 cont_4)"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_1 cont_1)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3,bigblock_6]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding consecutive_loops_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding consecutive_loops_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding consecutive_loops_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding consecutive_loops_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = consecutive_loops_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_loops_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_loops_before_ast_to_cfg_prog.post),proc_body = (Some (consecutive_loops_before_ast_to_cfg_prog.locals_vdecls,consecutive_loops_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_cfg_to_dag_prog.thy
deleted file mode 100644
index a20892f..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,204 +0,0 @@
-theory consecutive_loops_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = [(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0)))]"
-definition block_8
-  where
-    "block_8  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[3,2],[1],[4],[5],[7,6],[5],[8],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [7,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding consecutive_loops_before_cfg_to_dag_prog.constants_vdecls_def consecutive_loops_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding consecutive_loops_before_cfg_to_dag_prog.constants_vdecls_def consecutive_loops_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding consecutive_loops_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding consecutive_loops_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding consecutive_loops_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) consecutive_loops_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding consecutive_loops_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_cfg_to_dag_prog.constants_vdecls consecutive_loops_before_cfg_to_dag_prog.globals_vdecls),(append consecutive_loops_before_cfg_to_dag_prog.params_vdecls consecutive_loops_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = consecutive_loops_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec consecutive_loops_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec consecutive_loops_before_cfg_to_dag_prog.post),proc_body = (Some (consecutive_loops_before_cfg_to_dag_prog.locals_vdecls,consecutive_loops_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_passive_prog.thy
deleted file mode 100644
index 0693818..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_before_passive_prog.thy
+++ /dev/null
@@ -1,161 +0,0 @@
-theory consecutive_loops_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0)))]"
-definition block_5
-  where
-    "block_5  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_8
-  where
-    "block_8  = [(Havoc 0)]"
-definition block_9
-  where
-    "block_9  = [(Havoc 0)]"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[9],[10]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 11,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_loops_before_ast_to_cfg_prog.params_vdecls_def consecutive_loops_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding consecutive_loops_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_cfgtodag_proof.thy
deleted file mode 100644
index 8f51f95..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_cfgtodag_proof.thy
+++ /dev/null
@@ -1,608 +0,0 @@
-theory consecutive_loops_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML consecutive_loops_before_ast_to_cfg_prog consecutive_loops_before_cfg_to_dag_prog consecutive_loops_before_passive_prog consecutive_loops_passification_proof consecutive_loops_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A consecutive_loops_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_loops_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def consecutive_loops_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule consecutive_loops_before_passive_prog.node_0)
-apply simp
-unfolding consecutive_loops_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma Mods_anon5_LoopBody:
-shows "(mods_contained_in (set [0]) consecutive_loops_before_cfg_to_dag_prog.block_2)"
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_1 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_2_def consecutive_loops_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body [0] [] consecutive_loops_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_2)
-apply (rule consecutive_loops_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon5_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon5_LoopBody)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon5_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopBody:
-shows "(mods_contained_in (set [0]) consecutive_loops_before_cfg_to_dag_prog.block_6)"
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_6_def
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 0)))] consecutive_loops_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_6_def consecutive_loops_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun consecutive_loops_before_ast_to_cfg_prog.funcs_wf consecutive_loops_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms consecutive_loops_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] consecutive_loops_before_ast_to_cfg_prog.post ns1 s' 5 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_6)
-apply (rule consecutive_loops_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon6_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon6_LoopBody)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_6))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_8_def consecutive_loops_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_8)
-apply (rule consecutive_loops_before_passive_prog.node_3)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon4)
-apply assumption+
-apply (rule consecutive_loops_before_cfg_to_dag_prog.outEdges_8)
-apply (rule consecutive_loops_before_passive_prog.outEdges_3)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_7_def consecutive_loops_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_7)
-apply (rule consecutive_loops_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon6_LoopDone)
-apply (assumption+)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_7))
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_7))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:consecutive_loops_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopHead:
-shows "(mods_contained_in (set [0]) consecutive_loops_before_cfg_to_dag_prog.block_5)"
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_5_def consecutive_loops_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_5)
-apply (rule consecutive_loops_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon6_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon6_LoopHead)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:consecutive_loops_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:consecutive_loops_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon2:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Lit (LInt 0)))] consecutive_loops_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_4_def consecutive_loops_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun consecutive_loops_before_ast_to_cfg_prog.funcs_wf consecutive_loops_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms consecutive_loops_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon2:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_4)
-apply (rule consecutive_loops_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon2)
-apply (assumption+)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:consecutive_loops_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_3_def consecutive_loops_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_3)
-apply (rule consecutive_loops_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon5_LoopDone)
-apply (assumption+)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:consecutive_loops_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5_LoopHead:
-shows "(mods_contained_in (set [0]) consecutive_loops_before_cfg_to_dag_prog.block_1)"
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_1_def consecutive_loops_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_1)
-apply (rule consecutive_loops_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon5_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon5_LoopHead)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:consecutive_loops_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:consecutive_loops_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] consecutive_loops_before_passive_prog.block_9 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding consecutive_loops_before_cfg_to_dag_prog.block_0_def consecutive_loops_before_passive_prog.block_9_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule consecutive_loops_before_cfg_to_dag_prog.node_0)
-apply (rule consecutive_loops_before_passive_prog.node_9)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:consecutive_loops_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=8])
-apply ((simp add:consecutive_loops_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:consecutive_loops_before_passive_prog.outEdges_10))
-by ((simp add:consecutive_loops_before_passive_prog.node_10 consecutive_loops_before_passive_prog.block_10_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 consecutive_loops_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule consecutive_loops_before_passive_prog.node_11)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding consecutive_loops_before_passive_prog.block_11_def
-apply (rule assume_pres_normal[where ?es=consecutive_loops_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding consecutive_loops_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule consecutive_loops_before_passive_prog.outEdges_11)
-apply ((simp add:consecutive_loops_before_passive_prog.node_10 consecutive_loops_before_passive_prog.block_10_def))
-apply (rule consecutive_loops_before_passive_prog.outEdges_10)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_loops_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_loops_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) consecutive_loops_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns consecutive_loops_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] consecutive_loops_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule consecutive_loops_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passification_proof.thy
deleted file mode 100644
index 4991a82..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passification_proof.thy
+++ /dev/null
@@ -1,385 +0,0 @@
-theory consecutive_loops_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_before_ast_to_cfg_prog consecutive_loops_passive_prog Boogie_Lang.PassificationML consecutive_loops_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_before_passive_prog.block_0_def consecutive_loops_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(0,(Inl 4))]) R_old consecutive_loops_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_before_passive_prog.block_1_def consecutive_loops_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(2) consecutive_loops_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(0,(Inl 5))]) R_old consecutive_loops_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_before_passive_prog.block_2_def consecutive_loops_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(2) consecutive_loops_passive_prog.l_x_4(2)))
-by simp
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_before_passive_prog.block_3_def consecutive_loops_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_before_passive_prog.block_4_def consecutive_loops_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old consecutive_loops_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_before_passive_prog.block_5_def consecutive_loops_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(2) consecutive_loops_passive_prog.l_x_3(2)))
-by simp
-
-lemma block_anon2:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_before_passive_prog.block_6_def consecutive_loops_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_before_passive_prog.block_7_def consecutive_loops_passive_prog.block_7_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old consecutive_loops_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_before_passive_prog.block_8_def consecutive_loops_passive_prog.block_8_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(2) consecutive_loops_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old consecutive_loops_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_before_passive_prog.block_9_def consecutive_loops_passive_prog.block_9_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:consecutive_loops_before_ast_to_cfg_prog.l_x(2) consecutive_loops_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_before_passive_prog.block_10_def consecutive_loops_passive_prog.block_10_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.block_11 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old consecutive_loops_passive_prog.block_11 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding consecutive_loops_before_passive_prog.block_11_def consecutive_loops_passive_prog.block_11_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_before_passive_prog.node_0},@{thm consecutive_loops_before_passive_prog.outEdges_0}) (@{thm consecutive_loops_passive_prog.node_0},@{thm consecutive_loops_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_before_passive_prog.node_1},@{thm consecutive_loops_before_passive_prog.outEdges_1}) (@{thm consecutive_loops_passive_prog.node_1},@{thm consecutive_loops_passive_prog.outEdges_1}) @{thm block_anon5_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_before_passive_prog.node_2},@{thm consecutive_loops_before_passive_prog.outEdges_2}) (@{thm consecutive_loops_passive_prog.node_2},@{thm consecutive_loops_passive_prog.outEdges_2}) @{thm block_anon6_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_before_passive_prog.node_3},@{thm consecutive_loops_before_passive_prog.outEdges_3}) (@{thm consecutive_loops_passive_prog.node_3},@{thm consecutive_loops_passive_prog.outEdges_3}) @{thm block_anon4} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_before_passive_prog.node_4},@{thm consecutive_loops_before_passive_prog.outEdges_4}) (@{thm consecutive_loops_passive_prog.node_4},@{thm consecutive_loops_passive_prog.outEdges_4}) @{thm block_anon6_LoopDone} [
-@{thm cfg_block_anon4}] 1\<close>))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_before_passive_prog.node_5},@{thm consecutive_loops_before_passive_prog.outEdges_5}) (@{thm consecutive_loops_passive_prog.node_5},@{thm consecutive_loops_passive_prog.outEdges_5}) @{thm block_anon6_LoopHead} [
-@{thm cfg_block_anon6_LoopDone}, 
-@{thm cfg_block_anon6_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon2:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_before_passive_prog.node_6},@{thm consecutive_loops_before_passive_prog.outEdges_6}) (@{thm consecutive_loops_passive_prog.node_6},@{thm consecutive_loops_passive_prog.outEdges_6}) @{thm block_anon2} [
-@{thm cfg_block_anon6_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm consecutive_loops_before_passive_prog.node_7},@{thm consecutive_loops_before_passive_prog.outEdges_7}) (@{thm consecutive_loops_passive_prog.node_7},@{thm consecutive_loops_passive_prog.outEdges_7}) @{thm block_anon5_LoopDone} [
-@{thm cfg_block_anon2}] 1\<close>))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_before_passive_prog.node_8},@{thm consecutive_loops_before_passive_prog.outEdges_8}) (@{thm consecutive_loops_passive_prog.node_8},@{thm consecutive_loops_passive_prog.outEdges_8}) @{thm block_anon5_LoopHead} [
-@{thm cfg_block_anon5_LoopDone}, 
-@{thm cfg_block_anon5_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_before_passive_prog.node_9},@{thm consecutive_loops_before_passive_prog.outEdges_9}) (@{thm consecutive_loops_passive_prog.node_9},@{thm consecutive_loops_passive_prog.outEdges_9}) @{thm block_anon0} [
-@{thm cfg_block_anon5_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_before_passive_prog.node_10},@{thm consecutive_loops_before_passive_prog.outEdges_10}) (@{thm consecutive_loops_passive_prog.node_10},@{thm consecutive_loops_passive_prog.outEdges_10}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> consecutive_loops_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body u (Inl 11)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm consecutive_loops_before_passive_prog.node_11},@{thm consecutive_loops_before_passive_prog.outEdges_11}) (@{thm consecutive_loops_passive_prog.node_11},@{thm consecutive_loops_passive_prog.outEdges_11}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_before_ast_to_cfg_prog.params_vdecls consecutive_loops_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_before_passive_prog.proc_body ((Inl 11),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_loops_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_loops_before_ast_to_cfg_prog.constants_vdecls ns consecutive_loops_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv consecutive_loops_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding consecutive_loops_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding consecutive_loops_passive_prog.params_vdecls_def consecutive_loops_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using consecutive_loops_before_passive_prog.globals_locals_disj apply auto[1]
-using consecutive_loops_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] consecutive_loops_passive_prog.proc_body u (Inl 11)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range consecutive_loops_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] consecutive_loops_passive_prog.proc_body ((Inl 11),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from consecutive_loops_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passive_prog.thy
deleted file mode 100644
index 05ddc29..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_passive_prog.thy
+++ /dev/null
@@ -1,221 +0,0 @@
-theory consecutive_loops_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util consecutive_loops_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 4) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 3) Lt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 3) Add (Lit (LInt 1))))),(Assert (BinOp (Var 5) Le (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Var 3) Eq (Lit (LInt 0))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 3)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 3) Le (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assert (BinOp (Var 2) Le (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[9],[10]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 11,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(5,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding consecutive_loops_passive_prog.params_vdecls_def consecutive_loops_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)))) = {})"
-unfolding consecutive_loops_before_ast_to_cfg_prog.constants_vdecls_def consecutive_loops_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_3:
-shows "((map_of (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_4:
-shows "((map_of (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_3:
-shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_4:
-shows "((lookup_var_decl ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_4
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_vcphase_proof.thy
deleted file mode 100644
index d9a7bc9..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/consecutive_loops_proofs/consecutive_loops_vcphase_proof.thy
+++ /dev/null
@@ -1,407 +0,0 @@
-theory consecutive_loops_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML consecutive_loops_passive_prog consecutive_loops_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon5_LoopBody
-  where
-    "vc_anon5_LoopBody  = True"
-definition vc_anon6_LoopBody
-  where
-    "vc_anon6_LoopBody x_3 x_4 = (((x_3 < (0::int)) \<and> (x_4 = (x_3 + (1::int)))) \<longrightarrow> (x_4 \<le> (0::int)))"
-definition vc_anon4
-  where
-    "vc_anon4 x_3 = (x_3 = (0::int))"
-definition vc_anon6_LoopDone
-  where
-    "vc_anon6_LoopDone x_3 = (((0::int) \<le> x_3) \<longrightarrow> (vc_anon4 x_3))"
-definition vc_anon6_LoopHead
-  where
-    "vc_anon6_LoopHead x_3 x_4 = ((x_3 \<le> (0::int)) \<longrightarrow> ((vc_anon6_LoopDone x_3) \<and> (vc_anon6_LoopBody x_3 x_4)))"
-definition vc_anon2
-  where
-    "vc_anon2 x_1 x_3 x_4 = ((x_1 \<le> (0::int)) \<and> ((x_1 \<le> (0::int)) \<longrightarrow> (vc_anon6_LoopHead x_3 x_4)))"
-definition vc_anon5_LoopDone
-  where
-    "vc_anon5_LoopDone x_1 x_3 x_4 = (((0::int) \<ge> x_1) \<longrightarrow> (vc_anon2 x_1 x_3 x_4))"
-definition vc_anon0
-  where
-    "vc_anon0 x_1 x_3 x_4 = ((vc_anon5_LoopDone x_1 x_3 x_4) \<and> (vc_anon5_LoopBody ))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_2)))" and 
-G4: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_3)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_4)))" and 
-G6: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6
-lemmas forall_poly_thm = forall_vc_type[OF G6]
-lemmas exists_poly_thm = exists_vc_type[OF G6]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding consecutive_loops_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon5_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon5_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody ) \<Longrightarrow> (s' = Magic)))"
-unfolding consecutive_loops_passive_prog.block_1_def vc.vc_anon5_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_x_3 vc_x_4) \<Longrightarrow> (s' = Magic)))"
-unfolding consecutive_loops_passive_prog.block_2_def vc.vc_anon6_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon4AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding consecutive_loops_passive_prog.block_3_def vc.vc_anon4_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon6_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_x_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_3)))))))"
-unfolding consecutive_loops_passive_prog.block_4_def vc.vc_anon6_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon6_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopHead vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_3) \<and> (vc.vc_anon6_LoopBody vc_x_3 vc_x_4))))))))"
-unfolding consecutive_loops_passive_prog.block_5_def vc.vc_anon6_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon2_hints = [
-(AssertSub,NONE)]
-\<close>
-lemma block_anon2AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2 vc_x_1 vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6_LoopHead vc_x_3 vc_x_4)))))))"
-unfolding consecutive_loops_passive_prog.block_6_def vc.vc_anon2_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon2 vc_x_1 vc_x_3 vc_x_4)))))))"
-unfolding consecutive_loops_passive_prog.block_7_def vc.vc_anon5_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_8 (Normal n_s) s')" and 
-"((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))))))"
-using assms
-unfolding consecutive_loops_passive_prog.block_8_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_9 (Normal n_s) s')" and 
-"((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))))))"
-using assms
-unfolding consecutive_loops_passive_prog.block_9_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_10 (Normal n_s) s')" and 
-"((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))))))"
-using assms
-unfolding consecutive_loops_passive_prog.block_10_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.block_11 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding consecutive_loops_passive_prog.block_11_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) consecutive_loops_passive_prog.node_0 consecutive_loops_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopBody )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_passive_prog.node_1])
-by (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopBody vc_x_3 vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) consecutive_loops_passive_prog.node_2])
-by (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4 vc_x_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) consecutive_loops_passive_prog.node_3])
-apply (erule block_anon4AA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopDone vc_x_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_4])
-apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopHead vc_x_3 vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_5])
-apply (erule block_anon6_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon2:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon2 vc_x_1 vc_x_3 vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_6])
-apply (erule block_anon2AA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_7])
-apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_8])
-apply (erule block_anon5_LoopHead[OF _ assms(2)])
-apply ((simp add:consecutive_loops_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_9])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_LoopDone vc_x_1 vc_x_3 vc_x_4) \<and> (vc.vc_anon5_LoopBody ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_10])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> consecutive_loops_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) consecutive_loops_passive_prog.node_11])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:consecutive_loops_passive_prog.outEdges_11))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls)) \<Gamma> [] consecutive_loops_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int). (vc.vc_anon0 vc_x_1 vc_x_3 vc_x_4))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A consecutive_loops_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> consecutive_loops_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) consecutive_loops_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s consecutive_loops_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append consecutive_loops_before_ast_to_cfg_prog.constants_vdecls consecutive_loops_before_ast_to_cfg_prog.globals_vdecls),(append consecutive_loops_passive_prog.params_vdecls consecutive_loops_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((consecutive_loops_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_passive_prog.m_x])
-apply (subst lookup_var_local[OF consecutive_loops_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF consecutive_loops_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF consecutive_loops_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF consecutive_loops_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_passive_prog.m_x_3])
-apply (subst lookup_var_local[OF consecutive_loops_passive_prog.m_x_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF consecutive_loops_passive_prog.m_x_4])
-apply (subst lookup_var_local[OF consecutive_loops_passive_prog.m_x_4])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (rule HOL.conjunct1[OF sc_x_3])
-apply (rule HOL.conjunct1[OF sc_x_4])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/consecutive_loops_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/ROOT
deleted file mode 100644
index 38ab999..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session empty_branch_if_proofs = Boogie_Lang + 
-directories empty_branch_if_proofs
-theories
-global_data
-"empty_branch_if_proofs/empty_branch_if_passification_proof"
-"empty_branch_if_proofs/empty_branch_if_passive_prog"
-"empty_branch_if_proofs/empty_branch_if_asttocfg_proof"
-"empty_branch_if_proofs/empty_branch_if_before_ast_to_cfg_prog"
-"empty_branch_if_proofs/empty_branch_if_before_passive_prog"
-"empty_branch_if_proofs/empty_branch_if_vcphase_proof"
-"empty_branch_if_proofs/empty_branch_if_cfgtodag_proof"
-"empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_asttocfg_proof.thy
deleted file mode 100644
index 2568dc3..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_asttocfg_proof.thy
+++ /dev/null
@@ -1,341 +0,0 @@
-theory empty_branch_if_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_branch_if_before_ast_to_cfg_prog empty_branch_if_before_cfg_to_dag_prog empty_branch_if_cfgtodag_proof empty_branch_if_passification_proof empty_branch_if_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of empty_branch_if_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_3_def empty_branch_if_before_cfg_to_dag_prog.block_3_def)
-apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.block_3_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.block_3_def empty_branch_if_before_ast_to_cfg_prog.bigblock_3_def)+)
-done
-
-
-lemma global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_branch_if_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of empty_branch_if_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-apply (rule cont_3_def)
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_3)
-apply (rule disjI1)
-apply (rule empty_branch_if_before_cfg_to_dag_prog.block_3_def)
-apply (rule empty_branch_if_before_cfg_to_dag_prog.outEdges_3)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_3)
-apply (rule rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_3)
-apply assumption+
-
-done
-qed
-
-lemma rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV False))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding empty_branch_if_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_fails_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of empty_branch_if_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_2_def)
-apply (rule push_through_assumption1)
-apply (simp)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply ((simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)+)
-apply (rule neg_gt)
-apply (rule guardHint)
-done
-
-
-lemma global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_branch_if_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of empty_branch_if_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule empty_branch_if_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_2)
-apply (rule rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_2)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_branch_if_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of empty_branch_if_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def)
-
-apply (rule astTrace)
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def)
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_1)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule empty_branch_if_before_cfg_to_dag_prog.block_1_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_1_def)
-apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_1)
-
-
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of empty_branch_if_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_branch_if_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of empty_branch_if_before_ast_to_cfg_prog.bigblock_0 _ empty_branch_if_before_cfg_to_dag_prog.block_0])
-apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: empty_branch_if_before_cfg_to_dag_prog.node_0)
-apply (rule rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 2])+)
-apply ((simp add: empty_branch_if_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_0_def empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> empty_branch_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_branch_if_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_empty_branch_if_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def empty_branch_if_before_ast_to_cfg_prog.pres_def empty_branch_if_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def empty_branch_if_before_ast_to_cfg_prog.pres_def empty_branch_if_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) empty_branch_if_before_ast_to_cfg_prog.fdecls empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls empty_branch_if_before_ast_to_cfg_prog.axioms empty_branch_if_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding empty_branch_if_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 empty_branch_if_before_ast_to_cfg_prog.ast_proc_def empty_branch_if_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 68330b0..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,123 +0,0 @@
-theory empty_branch_if_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) [(BigBlock (None ) [] (None ) (None ))] [(BigBlock (None ) [(Assign 0 (Lit (LInt 6)))] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (Lit (LInt 6)))] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))] (None ) (None ))"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KSeq bigblock_3 cont_3)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_ast_to_cfg_prog.post),proc_body = (Some (empty_branch_if_before_ast_to_cfg_prog.locals_vdecls,empty_branch_if_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
deleted file mode 100644
index b4c593a..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,149 +0,0 @@
-theory empty_branch_if_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))]"
-definition outEdges
-  where
-    "outEdges  = [[1,2],[3],[3],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding empty_branch_if_before_cfg_to_dag_prog.constants_vdecls_def empty_branch_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding empty_branch_if_before_cfg_to_dag_prog.constants_vdecls_def empty_branch_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding empty_branch_if_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding empty_branch_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_branch_if_before_cfg_to_dag_prog.constants_vdecls empty_branch_if_before_cfg_to_dag_prog.globals_vdecls),(append empty_branch_if_before_cfg_to_dag_prog.params_vdecls empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = empty_branch_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_branch_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_branch_if_before_cfg_to_dag_prog.post),proc_body = (Some (empty_branch_if_before_cfg_to_dag_prog.locals_vdecls,empty_branch_if_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
deleted file mode 100644
index 14d7289..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory empty_branch_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 5))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 6)))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
deleted file mode 100644
index 037d49d..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_cfgtodag_proof.thy
+++ /dev/null
@@ -1,284 +0,0 @@
-theory empty_branch_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_branch_if_before_ast_to_cfg_prog empty_branch_if_before_cfg_to_dag_prog empty_branch_if_before_passive_prog empty_branch_if_passification_proof empty_branch_if_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_branch_if_before_cfg_to_dag_prog.block_3_def empty_branch_if_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_3)
-apply (rule empty_branch_if_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding empty_branch_if_before_ast_to_cfg_prog.post_def
-apply (rule block_anon3)
-apply assumption+
-by (rule empty_branch_if_before_cfg_to_dag_prog.outEdges_3)
-
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_branch_if_before_cfg_to_dag_prog.block_1_def empty_branch_if_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_1)
-apply (rule empty_branch_if_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon4_Then)
-apply (assumption+)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:empty_branch_if_before_passive_prog.outEdges_1))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_branch_if_before_cfg_to_dag_prog.block_2_def empty_branch_if_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_2)
-apply (rule empty_branch_if_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon4_Else)
-apply (assumption+)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:empty_branch_if_before_passive_prog.outEdges_2))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_branch_if_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_branch_if_before_cfg_to_dag_prog.block_0_def empty_branch_if_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule empty_branch_if_before_cfg_to_dag_prog.node_0)
-apply (rule empty_branch_if_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:empty_branch_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:empty_branch_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:empty_branch_if_before_passive_prog.outEdges_4))
-by ((simp add:empty_branch_if_before_passive_prog.node_4 empty_branch_if_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 empty_branch_if_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule empty_branch_if_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding empty_branch_if_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=empty_branch_if_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding empty_branch_if_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule empty_branch_if_before_passive_prog.outEdges_5)
-apply ((simp add:empty_branch_if_before_passive_prog.node_4 empty_branch_if_before_passive_prog.block_4_def))
-apply (rule empty_branch_if_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> empty_branch_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_branch_if_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] empty_branch_if_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule empty_branch_if_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
deleted file mode 100644
index 3af9ef0..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passification_proof.thy
+++ /dev/null
@@ -1,262 +0,0 @@
-theory empty_branch_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_ast_to_cfg_prog empty_branch_if_passive_prog Boogie_Lang.PassificationML empty_branch_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_branch_if_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_branch_if_before_passive_prog.block_0_def empty_branch_if_passive_prog.block_0_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old empty_branch_if_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_branch_if_before_passive_prog.block_1_def empty_branch_if_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:empty_branch_if_before_ast_to_cfg_prog.l_x(2) empty_branch_if_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 6))),(0,(Inl 2))]) R_old empty_branch_if_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_branch_if_before_passive_prog.block_2_def empty_branch_if_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:empty_branch_if_before_ast_to_cfg_prog.l_x(2) empty_branch_if_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old empty_branch_if_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_branch_if_before_passive_prog.block_3_def empty_branch_if_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:empty_branch_if_before_ast_to_cfg_prog.l_x(2) empty_branch_if_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_branch_if_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_branch_if_before_passive_prog.block_4_def empty_branch_if_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_branch_if_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_branch_if_before_passive_prog.block_5_def empty_branch_if_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_branch_if_before_passive_prog.node_0},@{thm empty_branch_if_before_passive_prog.outEdges_0}) (@{thm empty_branch_if_passive_prog.node_0},@{thm empty_branch_if_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_branch_if_before_passive_prog.node_1},@{thm empty_branch_if_before_passive_prog.outEdges_1}) (@{thm empty_branch_if_passive_prog.node_1},@{thm empty_branch_if_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_branch_if_before_passive_prog.node_2},@{thm empty_branch_if_before_passive_prog.outEdges_2}) (@{thm empty_branch_if_passive_prog.node_2},@{thm empty_branch_if_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_branch_if_before_passive_prog.node_3},@{thm empty_branch_if_before_passive_prog.outEdges_3}) (@{thm empty_branch_if_passive_prog.node_3},@{thm empty_branch_if_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon4_Then}, 
-@{thm cfg_block_anon4_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_branch_if_before_passive_prog.node_4},@{thm empty_branch_if_before_passive_prog.outEdges_4}) (@{thm empty_branch_if_passive_prog.node_4},@{thm empty_branch_if_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_branch_if_before_passive_prog.node_5},@{thm empty_branch_if_before_passive_prog.outEdges_5}) (@{thm empty_branch_if_passive_prog.node_5},@{thm empty_branch_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_before_ast_to_cfg_prog.params_vdecls empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> empty_branch_if_before_ast_to_cfg_prog.constants_vdecls ns empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv empty_branch_if_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding empty_branch_if_passive_prog.params_vdecls_def empty_branch_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using empty_branch_if_before_passive_prog.globals_locals_disj apply auto[1]
-using empty_branch_if_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range empty_branch_if_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from empty_branch_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
deleted file mode 100644
index d439534..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_passive_prog.thy
+++ /dev/null
@@ -1,128 +0,0 @@
-theory empty_branch_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_branch_if_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 2) Gt (Lit (LInt 5))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 5)))),(Assume (BinOp (Var 2) Eq (Var 1)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 1))),(Assume (BinOp (Var 2) Eq (Lit (LInt 6))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_branch_if_passive_prog.params_vdecls_def empty_branch_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)))) = {})"
-unfolding empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
deleted file mode 100644
index c15de25..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/empty_branch_if_proofs/empty_branch_if_vcphase_proof.thy
+++ /dev/null
@@ -1,241 +0,0 @@
-theory empty_branch_if_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML empty_branch_if_passive_prog empty_branch_if_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon3
-  where
-    "vc_anon3 x_1 = (x_1 > (5::int))"
-definition vc_anon4_Then
-  where
-    "vc_anon4_Then x_0 x_1 = (((x_0 > (5::int)) \<and> (x_1 = x_0)) \<longrightarrow> (vc_anon3 x_1))"
-definition vc_anon4_Else
-  where
-    "vc_anon4_Else x_0 x_1 = ((((5::int) \<ge> x_0) \<and> (x_1 = (6::int))) \<longrightarrow> (vc_anon3 x_1))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 x_1 = ((vc_anon4_Then x_0 x_1) \<and> (vc_anon4_Else x_0 x_1))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3
-lemmas forall_poly_thm = forall_vc_type[OF G3]
-lemmas exists_poly_thm = exists_vc_type[OF G3]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon3_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon3AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding empty_branch_if_passive_prog.block_0_def vc.vc_anon3_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Then_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon4_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
-unfolding empty_branch_if_passive_prog.block_1_def vc.vc_anon4_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Else_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon4_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
-unfolding empty_branch_if_passive_prog.block_2_def vc.vc_anon4_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_3 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
-using assms
-unfolding empty_branch_if_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
-using assms
-unfolding empty_branch_if_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding empty_branch_if_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) empty_branch_if_passive_prog.node_0 empty_branch_if_passive_prog.outEdges_0])
-using block_anon3AA0[OF _ assms(2)] by blast
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Then vc_x_0 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_1])
-apply (erule block_anon4_ThenAA0[OF _ assms(2)])
-apply ((simp add:empty_branch_if_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Else vc_x_0 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_2])
-apply (erule block_anon4_ElseAA0[OF _ assms(2)])
-apply ((simp add:empty_branch_if_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_3])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:empty_branch_if_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_4])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:empty_branch_if_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_branch_if_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:empty_branch_if_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls)) \<Gamma> [] empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> empty_branch_if_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s empty_branch_if_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append empty_branch_if_before_ast_to_cfg_prog.constants_vdecls empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append empty_branch_if_passive_prog.params_vdecls empty_branch_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((empty_branch_if_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x])
-apply (subst lookup_var_local[OF empty_branch_if_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF empty_branch_if_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_branch_if_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF empty_branch_if_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_branch_if_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/ROOT
deleted file mode 100644
index 373e371..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session empty_generic_block_proofs = Boogie_Lang + 
-directories empty_generic_block_proofs
-theories
-global_data
-"empty_generic_block_proofs/empty_generic_block_vcphase_proof"
-"empty_generic_block_proofs/empty_generic_block_passive_prog"
-"empty_generic_block_proofs/empty_generic_block_before_ast_to_cfg_prog"
-"empty_generic_block_proofs/empty_generic_block_passification_proof"
-"empty_generic_block_proofs/empty_generic_block_before_passive_prog"
-"empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog"
-"empty_generic_block_proofs/empty_generic_block_cfgtodag_proof"
-"empty_generic_block_proofs/empty_generic_block_asttocfg_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_asttocfg_proof.thy
deleted file mode 100644
index b154cfa..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_asttocfg_proof.thy
+++ /dev/null
@@ -1,233 +0,0 @@
-theory empty_generic_block_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_generic_block_before_ast_to_cfg_prog empty_generic_block_before_cfg_to_dag_prog empty_generic_block_cfgtodag_proof empty_generic_block_passification_proof empty_generic_block_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A empty_generic_block_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (empty_generic_block_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of empty_generic_block_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_2_def empty_generic_block_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: empty_generic_block_before_cfg_to_dag_prog.block_2_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: empty_generic_block_before_cfg_to_dag_prog.block_2_def empty_generic_block_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_generic_block_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_generic_block_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of empty_generic_block_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (simp)
-apply (rule cont_2_def)
-apply (rule empty_generic_block_before_cfg_to_dag_prog.node_2)
-apply (rule disjI1)
-apply (rule empty_generic_block_before_cfg_to_dag_prog.block_2_def)
-apply (rule empty_generic_block_before_cfg_to_dag_prog.outEdges_2)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: empty_generic_block_before_cfg_to_dag_prog.node_2)
-apply (rule rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_2)
-apply assumption+
-
-done
-qed
-
-lemma global_rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_generic_block_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_generic_block_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of empty_generic_block_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_1_def)
-
-apply (rule astTrace)
-apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_1_def)
-apply (rule empty_generic_block_before_cfg_to_dag_prog.node_1)
-apply (rule disjI1)
-apply (rule empty_generic_block_before_cfg_to_dag_prog.block_1_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_1_def)
-apply (simp add: empty_generic_block_before_cfg_to_dag_prog.node_1)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add: empty_generic_block_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_2)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (empty_generic_block_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of empty_generic_block_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_0_def empty_generic_block_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: empty_generic_block_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: empty_generic_block_before_cfg_to_dag_prog.block_0_def empty_generic_block_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (empty_generic_block_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end empty_generic_block_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of empty_generic_block_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: empty_generic_block_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule empty_generic_block_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-apply (rule empty_generic_block_before_cfg_to_dag_prog.block_0_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_0_def)
-apply (simp add: empty_generic_block_before_cfg_to_dag_prog.node_0)
-apply (rule rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_0)
-apply assumption
-apply (simp)
-apply ((erule allE[where x = 1])+)
-apply ((simp add: empty_generic_block_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_1)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (empty_generic_block_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A empty_generic_block_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> empty_generic_block_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) empty_generic_block_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_generic_block_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (empty_generic_block_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_empty_generic_block_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def empty_generic_block_before_ast_to_cfg_prog.pres_def empty_generic_block_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def empty_generic_block_before_ast_to_cfg_prog.pres_def empty_generic_block_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_1,bigblock_2] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (empty_generic_block_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_1_def cont_2_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) empty_generic_block_before_ast_to_cfg_prog.fdecls empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls empty_generic_block_before_ast_to_cfg_prog.axioms empty_generic_block_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding empty_generic_block_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 empty_generic_block_before_ast_to_cfg_prog.ast_proc_def empty_generic_block_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_to_cfg_prog.thy
deleted file mode 100644
index cb770da..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,117 +0,0 @@
-theory empty_generic_block_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0)))] (None ) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (Some ''label1'') [] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (Some ''label2'') [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] (None ) (None ))"
-definition cont_2
-  where
-    "cont_2  = KStop"
-definition cont_1
-  where
-    "cont_1  = (KSeq bigblock_2 cont_2)"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_1 cont_1)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_1,bigblock_2]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding empty_generic_block_before_ast_to_cfg_prog.constants_vdecls_def empty_generic_block_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding empty_generic_block_before_ast_to_cfg_prog.constants_vdecls_def empty_generic_block_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding empty_generic_block_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding empty_generic_block_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = empty_generic_block_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_generic_block_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_generic_block_before_ast_to_cfg_prog.post),proc_body = (Some (empty_generic_block_before_ast_to_cfg_prog.locals_vdecls,empty_generic_block_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 59623f2..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,138 +0,0 @@
-theory empty_generic_block_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 0)))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[2],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding empty_generic_block_before_cfg_to_dag_prog.constants_vdecls_def empty_generic_block_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding empty_generic_block_before_cfg_to_dag_prog.constants_vdecls_def empty_generic_block_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding empty_generic_block_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding empty_generic_block_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding empty_generic_block_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) empty_generic_block_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding empty_generic_block_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_generic_block_before_cfg_to_dag_prog.constants_vdecls empty_generic_block_before_cfg_to_dag_prog.globals_vdecls),(append empty_generic_block_before_cfg_to_dag_prog.params_vdecls empty_generic_block_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = empty_generic_block_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec empty_generic_block_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec empty_generic_block_before_cfg_to_dag_prog.post),proc_body = (Some (empty_generic_block_before_cfg_to_dag_prog.locals_vdecls,empty_generic_block_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy
deleted file mode 100644
index 43a6a6a..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_before_passive_prog.thy
+++ /dev/null
@@ -1,84 +0,0 @@
-theory empty_generic_block_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_generic_block_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assign 0 (Lit (LInt 0)))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1],[2],[3]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 4,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_generic_block_before_ast_to_cfg_prog.params_vdecls_def empty_generic_block_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding empty_generic_block_before_ast_to_cfg_prog.constants_vdecls_def empty_generic_block_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy
deleted file mode 100644
index 1cc87b2..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_cfgtodag_proof.thy
+++ /dev/null
@@ -1,225 +0,0 @@
-theory empty_generic_block_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML empty_generic_block_before_ast_to_cfg_prog empty_generic_block_before_cfg_to_dag_prog empty_generic_block_before_passive_prog empty_generic_block_passification_proof empty_generic_block_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A empty_generic_block_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_label2:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_generic_block_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_generic_block_before_cfg_to_dag_prog.block_2_def empty_generic_block_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_label2:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule empty_generic_block_before_cfg_to_dag_prog.node_2)
-apply (rule empty_generic_block_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding empty_generic_block_before_ast_to_cfg_prog.post_def
-apply (rule block_label2)
-apply assumption+
-by (rule empty_generic_block_before_cfg_to_dag_prog.outEdges_2)
-
-
-lemma block_label1:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_generic_block_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_generic_block_before_cfg_to_dag_prog.block_1_def empty_generic_block_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_label1:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule empty_generic_block_before_cfg_to_dag_prog.node_1)
-apply (rule empty_generic_block_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_label1)
-apply (assumption+)
-apply ((simp add:empty_generic_block_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:empty_generic_block_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:empty_generic_block_before_passive_prog.outEdges_1))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_label2)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] empty_generic_block_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding empty_generic_block_before_cfg_to_dag_prog.block_0_def empty_generic_block_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule empty_generic_block_before_cfg_to_dag_prog.node_0)
-apply (rule empty_generic_block_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:empty_generic_block_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:empty_generic_block_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:empty_generic_block_before_passive_prog.outEdges_2))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_label1)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:empty_generic_block_before_passive_prog.outEdges_3))
-by ((simp add:empty_generic_block_before_passive_prog.node_3 empty_generic_block_before_passive_prog.block_3_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 empty_generic_block_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule empty_generic_block_before_passive_prog.node_4)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding empty_generic_block_before_passive_prog.block_4_def
-apply (rule assume_pres_normal[where ?es=empty_generic_block_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding empty_generic_block_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule empty_generic_block_before_passive_prog.outEdges_4)
-apply ((simp add:empty_generic_block_before_passive_prog.node_3 empty_generic_block_before_passive_prog.block_3_def))
-apply (rule empty_generic_block_before_passive_prog.outEdges_3)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A empty_generic_block_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> empty_generic_block_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) empty_generic_block_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns empty_generic_block_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] empty_generic_block_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule empty_generic_block_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy
deleted file mode 100644
index 66125a9..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passification_proof.thy
+++ /dev/null
@@ -1,237 +0,0 @@
-theory empty_generic_block_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_generic_block_before_ast_to_cfg_prog empty_generic_block_passive_prog Boogie_Lang.PassificationML empty_generic_block_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_label2:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inr (LInt 0))))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_generic_block_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_generic_block_before_passive_prog.block_0_def empty_generic_block_passive_prog.block_0_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_label1:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inr (LInt 0))))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_generic_block_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_generic_block_before_passive_prog.block_1_def empty_generic_block_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old empty_generic_block_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_generic_block_before_passive_prog.block_2_def empty_generic_block_passive_prog.block_2_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_generic_block_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_generic_block_before_passive_prog.block_3_def empty_generic_block_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old empty_generic_block_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding empty_generic_block_before_passive_prog.block_4_def empty_generic_block_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_label2:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inr (LInt 0))))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_generic_block_before_passive_prog.node_0},@{thm empty_generic_block_before_passive_prog.outEdges_0}) (@{thm empty_generic_block_passive_prog.node_0},@{thm empty_generic_block_passive_prog.outEdges_0}) @{thm block_label2} [] 1\<close>))
-
-lemma cfg_block_label1:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inr (LInt 0))))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm empty_generic_block_before_passive_prog.node_1},@{thm empty_generic_block_before_passive_prog.outEdges_1}) (@{thm empty_generic_block_passive_prog.node_1},@{thm empty_generic_block_passive_prog.outEdges_1}) @{thm block_label1} [
-@{thm cfg_block_label2}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_generic_block_before_passive_prog.node_2},@{thm empty_generic_block_before_passive_prog.outEdges_2}) (@{thm empty_generic_block_passive_prog.node_2},@{thm empty_generic_block_passive_prog.outEdges_2}) @{thm block_anon0} [
-@{thm cfg_block_label1}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_generic_block_before_passive_prog.node_3},@{thm empty_generic_block_before_passive_prog.outEdges_3}) (@{thm empty_generic_block_passive_prog.node_3},@{thm empty_generic_block_passive_prog.outEdges_3}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> empty_generic_block_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm empty_generic_block_before_passive_prog.node_4},@{thm empty_generic_block_before_passive_prog.outEdges_4}) (@{thm empty_generic_block_passive_prog.node_4},@{thm empty_generic_block_passive_prog.outEdges_4}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_before_ast_to_cfg_prog.params_vdecls empty_generic_block_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_before_passive_prog.proc_body ((Inl 4),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A empty_generic_block_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> empty_generic_block_before_ast_to_cfg_prog.constants_vdecls ns empty_generic_block_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv empty_generic_block_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding empty_generic_block_before_ast_to_cfg_prog.constants_vdecls_def empty_generic_block_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding empty_generic_block_passive_prog.params_vdecls_def empty_generic_block_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using empty_generic_block_before_passive_prog.globals_locals_disj apply auto[1]
-using empty_generic_block_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] empty_generic_block_passive_prog.proc_body u (Inl 4)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range empty_generic_block_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] empty_generic_block_passive_prog.proc_body ((Inl 4),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from empty_generic_block_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy
deleted file mode 100644
index 8b72020..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_passive_prog.thy
+++ /dev/null
@@ -1,99 +0,0 @@
-theory empty_generic_block_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util empty_generic_block_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Lit (LInt 0)) Eq (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1],[2],[3]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 4,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding empty_generic_block_passive_prog.params_vdecls_def empty_generic_block_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)))) = {})"
-unfolding empty_generic_block_before_ast_to_cfg_prog.constants_vdecls_def empty_generic_block_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy
deleted file mode 100644
index de30103..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/empty_generic_block_proofs/empty_generic_block_vcphase_proof.thy
+++ /dev/null
@@ -1,194 +0,0 @@
-theory empty_generic_block_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML empty_generic_block_passive_prog empty_generic_block_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_label2
-  where
-    "vc_label2  = ((0::int) = (0::int))"
-definition vc_anon0
-  where
-    "vc_anon0  = (vc_label2 )"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1
-lemmas forall_poly_thm = forall_vc_type[OF G1]
-lemmas exists_poly_thm = exists_vc_type[OF G1]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_label2_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_label2AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_label2 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding empty_generic_block_passive_prog.block_0_def vc.vc_label2_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_label2_hints \<close>)
-by (auto?)
-
-lemma block_label1:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_1 (Normal n_s) s')" and 
-"(vc.vc_label2 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_label2 )))))"
-using assms
-unfolding empty_generic_block_passive_prog.block_1_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_2 (Normal n_s) s')" and 
-"(vc.vc_label2 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_label2 )))))"
-using assms
-unfolding empty_generic_block_passive_prog.block_2_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_3 (Normal n_s) s')" and 
-"(vc.vc_label2 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_label2 )))))"
-using assms
-unfolding empty_generic_block_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_label2 )))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding empty_generic_block_passive_prog.block_4_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_label2:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_label2 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) empty_generic_block_passive_prog.node_0 empty_generic_block_passive_prog.outEdges_0])
-using block_label2AA0[OF _ assms(2)] by blast
-
-lemma cfg_block_label1:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_label2 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_generic_block_passive_prog.node_1])
-apply (erule block_label1[OF _ assms(2)])
-apply ((simp add:empty_generic_block_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_label2, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_label2 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_generic_block_passive_prog.node_2])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:empty_generic_block_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_label1, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_label2 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_generic_block_passive_prog.node_3])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:empty_generic_block_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> empty_generic_block_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) empty_generic_block_passive_prog.node_4])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:empty_generic_block_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls)) \<Gamma> [] empty_generic_block_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A empty_generic_block_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> empty_generic_block_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) empty_generic_block_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s empty_generic_block_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append empty_generic_block_before_ast_to_cfg_prog.constants_vdecls empty_generic_block_before_ast_to_cfg_prog.globals_vdecls),(append empty_generic_block_passive_prog.params_vdecls empty_generic_block_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((empty_generic_block_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF empty_generic_block_passive_prog.m_x])
-apply (subst lookup_var_local[OF empty_generic_block_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_generic_block_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/ROOT
deleted file mode 100644
index 236f6e6..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session empty_loop_proofs = Boogie_Lang + 
-directories p_proofs
-theories
-global_data
-"p_proofs/p_passification_proof"
-"p_proofs/p_vcphase_proof"
-"p_proofs/p_cfgtodag_proof"
-"p_proofs/p_passive_prog"
-"p_proofs/p_before_passive_prog"
-"p_proofs/p_asttocfg_proof"
-"p_proofs/p_before_ast_to_cfg_prog"
-"p_proofs/p_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_asttocfg_proof.thy
deleted file mode 100644
index c15a69c..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_asttocfg_proof.thy
+++ /dev/null
@@ -1,333 +0,0 @@
-theory p_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_ast_to_cfg_prog p_before_cfg_to_dag_prog p_cfgtodag_proof p_passification_proof p_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_p_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_3_def p_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: p_before_cfg_to_dag_prog.block_4_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: p_before_cfg_to_dag_prog.block_4_def p_before_ast_to_cfg_prog.bigblock_3_def)+)
-done
-
-
-lemma global_rel_p_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end p_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-apply (rule cont_3_def)
-apply (rule p_before_cfg_to_dag_prog.node_4)
-apply (rule disjI1)
-apply (rule p_before_cfg_to_dag_prog.block_4_def)
-apply (rule p_before_cfg_to_dag_prog.outEdges_4)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: p_before_cfg_to_dag_prog.node_4)
-apply (rule rel_p_before_ast_to_cfg_prog_bigblock_3)
-apply assumption+
-
-done
-qed
-
-lemma global_rel_p_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end p_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T p_before_ast_to_cfg_prog.bigblock_1 cont_1 p_before_cfg_to_dag_prog.proc_body 1 p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of p_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_2_def)
-
-apply (rule astTrace)
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule p_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule p_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: p_before_cfg_to_dag_prog.node_2)
-
-
-
-
-apply ((erule allE[where x=1])+)
-apply (simp add: p_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_p_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end p_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of p_before_ast_to_cfg_prog.bigblock_1 _ _ _ p_before_cfg_to_dag_prog.block_1])
-apply (simp add:p_before_ast_to_cfg_prog.bigblock_1_def p_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:p_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of p_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:p_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:p_before_cfg_to_dag_prog.block_1_def p_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_p_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def p_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_p_before_ast_to_cfg_prog_bigblock_3)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: p_before_cfg_to_dag_prog.node_3)
-apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: p_before_cfg_to_dag_prog.node_3)
-apply (simp add: p_before_cfg_to_dag_prog.block_3_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: p_before_cfg_to_dag_prog.outEdges_3)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_p_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def p_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: p_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: p_before_cfg_to_dag_prog.block_0_def p_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_p_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end p_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_0 _ p_before_cfg_to_dag_prog.block_0])
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def p_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def p_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def p_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
-apply (rule p_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: p_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: p_before_cfg_to_dag_prog.node_0)
-apply (rule rel_p_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: p_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_p_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_p_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_ast_to_cfg_prog.pres_def p_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_ast_to_cfg_prog.pres_def p_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) p_before_ast_to_cfg_prog.fdecls p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls p_before_ast_to_cfg_prog.axioms p_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding p_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_ast_to_cfg_prog.ast_proc_def p_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
deleted file mode 100644
index a645853..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,123 +0,0 @@
-theory p_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] (None ) (None ))"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_1 cont_1)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding p_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding p_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding p_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = p_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_ast_to_cfg_prog.post),proc_body = (Some (p_before_ast_to_cfg_prog.locals_vdecls,p_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 17f29c7..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,160 +0,0 @@
-theory p_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 0)))]"
-definition block_1
-  where
-    "block_1  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_4
-  where
-    "block_4  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[3,2],[1],[4],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_passive_prog.thy
deleted file mode 100644
index e08d121..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_before_passive_prog.thy
+++ /dev/null
@@ -1,117 +0,0 @@
-theory p_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[3,1],[4],[5],[6]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_cfgtodag_proof.thy
deleted file mode 100644
index 374ba90..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_cfgtodag_proof.thy
+++ /dev/null
@@ -1,382 +0,0 @@
-theory p_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_ast_to_cfg_prog p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def p_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule p_before_passive_prog.node_0)
-apply simp
-unfolding p_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma Mods_anon3_LoopBody:
-shows "(mods_contained_in (set []) p_before_cfg_to_dag_prog.block_2)"
-unfolding p_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon3_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_passive_prog.block_1 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_2_def p_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun p_before_ast_to_cfg_prog.funcs_wf p_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon3_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon3_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_2)
-apply (rule p_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon3_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon3_LoopBody)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon3_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon2:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_4_def p_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon2:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule p_before_cfg_to_dag_prog.node_4)
-apply (rule p_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon2)
-apply assumption+
-apply (rule p_before_cfg_to_dag_prog.outEdges_4)
-apply (rule p_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon3_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_3_def p_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_3)
-apply (rule p_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon3_LoopDone)
-apply (assumption+)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:p_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon3_LoopHead:
-shows "(mods_contained_in (set []) p_before_cfg_to_dag_prog.block_1)"
-unfolding p_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon3_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_1_def p_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set []))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule p_before_cfg_to_dag_prog.node_1)
-apply (rule p_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon3_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon3_LoopHead)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:p_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:p_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] p_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun p_before_ast_to_cfg_prog.funcs_wf p_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms p_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule p_before_cfg_to_dag_prog.node_0)
-apply (rule p_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:p_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:p_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:p_before_passive_prog.outEdges_6))
-by ((simp add:p_before_passive_prog.node_6 p_before_passive_prog.block_6_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule p_before_passive_prog.node_7)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding p_before_passive_prog.block_7_def
-apply (rule assume_pres_normal[where ?es=p_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding p_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule p_before_passive_prog.outEdges_7)
-apply ((simp add:p_before_passive_prog.node_6 p_before_passive_prog.block_6_def))
-apply (rule p_before_passive_prog.outEdges_6)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule p_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passification_proof.thy
deleted file mode 100644
index 8f482ce..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passification_proof.thy
+++ /dev/null
@@ -1,299 +0,0 @@
-theory p_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_0_def p_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inr (LInt 0))))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon2:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inr (LInt 0))))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_2_def p_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inr (LInt 0))))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_3_def p_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inr (LInt 0))))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_4_def p_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old p_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_5_def p_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_6_def p_passive_prog.block_6_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_7_def p_passive_prog.block_7_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon3_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inr (LInt 0))))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_anon3_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon2:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inr (LInt 0))))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_anon2} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inr (LInt 0))))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_3},@{thm p_before_passive_prog.outEdges_3}) (@{thm p_passive_prog.node_3},@{thm p_passive_prog.outEdges_3}) @{thm block_anon3_LoopDone} [
-@{thm cfg_block_anon2}] 1\<close>))
-
-lemma cfg_block_anon3_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inr (LInt 0))))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_4},@{thm p_before_passive_prog.outEdges_4}) (@{thm p_passive_prog.node_4},@{thm p_passive_prog.outEdges_4}) @{thm block_anon3_LoopHead} [
-@{thm cfg_block_anon3_LoopDone}, 
-@{thm cfg_block_anon3_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_5},@{thm p_before_passive_prog.outEdges_5}) (@{thm p_passive_prog.node_5},@{thm p_passive_prog.outEdges_5}) @{thm block_anon0} [
-@{thm cfg_block_anon3_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_6},@{thm p_before_passive_prog.outEdges_6}) (@{thm p_passive_prog.node_6},@{thm p_passive_prog.outEdges_6}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm p_before_passive_prog.node_7},@{thm p_before_passive_prog.outEdges_7}) (@{thm p_passive_prog.node_7},@{thm p_passive_prog.outEdges_7}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 7),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls ns p_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using p_before_passive_prog.globals_locals_disj apply auto[1]
-using p_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 7)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range p_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 7),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from p_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passive_prog.thy
deleted file mode 100644
index c0d8cfe..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_passive_prog.thy
+++ /dev/null
@@ -1,132 +0,0 @@
-theory p_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Gt (Lit (LInt 0)))),(Assert (BinOp (Lit (LInt 0)) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assert (BinOp (Lit (LInt 0)) Eq (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Lit (LInt 0))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assert (BinOp (Lit (LInt 0)) Ge (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[3,1],[4],[5],[6]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_vcphase_proof.thy
deleted file mode 100644
index a6aa0b3..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/empty_loop_proofs/p_proofs/p_vcphase_proof.thy
+++ /dev/null
@@ -1,273 +0,0 @@
-theory p_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon3_LoopBody
-  where
-    "vc_anon3_LoopBody  = (((0::int) > (0::int)) \<longrightarrow> ((0::int) \<ge> (0::int)))"
-definition vc_anon2
-  where
-    "vc_anon2  = ((0::int) = (0::int))"
-definition vc_anon3_LoopDone
-  where
-    "vc_anon3_LoopDone  = (((0::int) \<ge> (0::int)) \<longrightarrow> (vc_anon2 ))"
-definition vc_anon3_LoopHead
-  where
-    "vc_anon3_LoopHead  = (((0::int) \<ge> (0::int)) \<longrightarrow> ((vc_anon3_LoopDone ) \<and> (vc_anon3_LoopBody )))"
-definition vc_anon0
-  where
-    "vc_anon0  = (((0::int) \<ge> (0::int)) \<and> (((0::int) \<ge> (0::int)) \<longrightarrow> (vc_anon3_LoopHead )))"
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry  = (vc_anon0 )"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1
-lemmas forall_poly_thm = forall_vc_type[OF G1]
-lemmas exists_poly_thm = exists_vc_type[OF G1]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding p_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon3_LoopBody_hints = [
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon3_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopBody ) \<Longrightarrow> (s' = Magic)))"
-unfolding p_passive_prog.block_1_def vc.vc_anon3_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon2_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon2AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding p_passive_prog.block_2_def vc.vc_anon2_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon3_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon3_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopDone ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon2 )))))))"
-unfolding p_passive_prog.block_3_def vc.vc_anon3_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon3_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon3_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopHead ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_LoopDone ) \<and> (vc.vc_anon3_LoopBody ))))))))"
-unfolding p_passive_prog.block_4_def vc.vc_anon3_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon0_hints = [
-(AssertSub,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3_LoopHead )))))))"
-unfolding p_passive_prog.block_5_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_6 (Normal n_s) s')" and 
-"(vc.vc_anon0 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
-using assms
-unfolding p_passive_prog.block_6_def
-apply cases
-by auto
-
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding p_passive_prog.block_7_def vc.vc_PreconditionGeneratedEntry_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon3_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3_LoopBody )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) p_passive_prog.node_1])
-by (erule block_anon3_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon2:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon2 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) p_passive_prog.node_2])
-apply (erule block_anon2AA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3_LoopDone )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_3])
-apply (erule block_anon3_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3_LoopHead )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_4])
-apply (erule block_anon3_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_6])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_7])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int). (vc.vc_PreconditionGeneratedEntry ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s p_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((p_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
-apply (subst lookup_var_local[OF p_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/ROOT
deleted file mode 100644
index df0bed0..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session globals_proofs = Boogie_Lang + 
-directories p_proofs
-theories
-global_data
-"p_proofs/p_passification_proof"
-"p_proofs/p_vcphase_proof"
-"p_proofs/p_cfgtodag_proof"
-"p_proofs/p_passive_prog"
-"p_proofs/p_before_passive_prog"
-"p_proofs/p_asttocfg_proof"
-"p_proofs/p_before_ast_to_cfg_prog"
-"p_proofs/p_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/global_data.thy
deleted file mode 100644
index 7453e2c..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/global_data.thy
+++ /dev/null
@@ -1,48 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = [(''f'',0,[(TPrim TInt)],(TPrim TBool)),(''g'',0,[(TPrim TBool)],(TPrim TBool))]"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TBool),(None ))]"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 1))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 1)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma mfun_f:
-shows "((map_of fdecls ''f'') = (Some (0,[(TPrim TInt)],(TPrim TBool))))"
-by (simp add:fdecls_def)
-
-lemma mfun_g:
-shows "((map_of fdecls ''g'') = (Some (0,[(TPrim TBool)],(TPrim TBool))))"
-by (simp add:fdecls_def)
-
-lemma m_a:
-shows "((map_of (append global_data.constants_vdecls global_data.globals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:global_data.constants_vdecls_def global_data.globals_vdecls_def)
-
-lemma m_b:
-shows "((map_of (append global_data.constants_vdecls global_data.globals_vdecls) 1) = (Some ((TPrim TBool),(None ))))"
-by (simp add:global_data.constants_vdecls_def global_data.globals_vdecls_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_asttocfg_proof.thy
deleted file mode 100644
index 635c201..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_asttocfg_proof.thy
+++ /dev/null
@@ -1,138 +0,0 @@
-theory p_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_ast_to_cfg_prog p_before_cfg_to_dag_prog p_cfgtodag_proof p_passification_proof p_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_p_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def p_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: p_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: p_before_cfg_to_dag_prog.block_0_def p_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_p_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end p_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp)
-apply (simp)
-apply (rule cont_0_def)
-apply (rule p_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-apply (rule p_before_cfg_to_dag_prog.block_0_def)
-apply (rule p_before_cfg_to_dag_prog.outEdges_0)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: p_before_cfg_to_dag_prog.node_0)
-apply (rule rel_p_before_ast_to_cfg_prog_bigblock_0)
-apply assumption+
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_a::int) (vc_b::bool) (vc_x::int) (vc_f::(int => bool)) (vc_g::(bool => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_p_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_ast_to_cfg_prog.pres_def p_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_ast_to_cfg_prog.pres_def p_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_a::int) (vc_b::bool) (vc_x::int) (vc_f::(int => bool)) (vc_g::(bool => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) p_before_ast_to_cfg_prog.fdecls p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls p_before_ast_to_cfg_prog.axioms p_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding p_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_ast_to_cfg_prog.ast_proc_def p_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 5bbfb29..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,131 +0,0 @@
-theory p_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assume (FunExp ''f'' [] [(Var 0)])),(Assume (FunExp ''g'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 0)])),(Assert (FunExp ''g'' [] [(Var 1)]))] (None ) (None ))"
-definition cont_0
-  where
-    "cont_0  = KStop"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = [(2,(TPrim TInt),(None ))]"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = []"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = [(''f'',0,[(TPrim TInt)],(TPrim TBool)),(''g'',0,[(TPrim TBool)],(TPrim TBool))]"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TBool),(None ))]"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 1))"
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 1)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 2))"
-unfolding p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 2)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-using p_before_ast_to_cfg_prog.locals_min p_before_ast_to_cfg_prog.globals_max
-by fastforce
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding p_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding p_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding p_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma mfun_f:
-shows "((map_of fdecls ''f'') = (Some (0,[(TPrim TInt)],(TPrim TBool))))"
-by (simp add:fdecls_def)
-
-lemma mfun_g:
-shows "((map_of fdecls ''g'') = (Some (0,[(TPrim TBool)],(TPrim TBool))))"
-by (simp add:fdecls_def)
-
-lemma m_a:
-shows "((map_of (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def)
-
-lemma m_b:
-shows "((map_of (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls) 1) = (Some ((TPrim TBool),(None ))))"
-by (simp add:p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_a:
-shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_a
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_b:
-shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TBool),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TBool)))"
-using globals_locals_disj m_b
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = p_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_ast_to_cfg_prog.post),proc_body = (Some (p_before_ast_to_cfg_prog.locals_vdecls,p_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
deleted file mode 100644
index bcc4c51..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,142 +0,0 @@
-theory p_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assume (FunExp ''f'' [] [(Var 0)])),(Assume (FunExp ''g'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 0)])),(Assert (FunExp ''g'' [] [(Var 1)]))]"
-definition outEdges
-  where
-    "outEdges  = [[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = [(2,(TPrim TInt),(None ))]"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = []"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = [(''f'',0,[(TPrim TInt)],(TPrim TBool)),(''g'',0,[(TPrim TBool)],(TPrim TBool))]"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TBool),(None ))]"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 1))"
-unfolding p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 1)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 2))"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 2)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-using p_before_cfg_to_dag_prog.locals_min p_before_cfg_to_dag_prog.globals_max
-by fastforce
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma mfun_f:
-shows "((map_of fdecls ''f'') = (Some (0,[(TPrim TInt)],(TPrim TBool))))"
-by (simp add:fdecls_def)
-
-lemma mfun_g:
-shows "((map_of fdecls ''g'') = (Some (0,[(TPrim TBool)],(TPrim TBool))))"
-by (simp add:fdecls_def)
-
-lemma m_a:
-shows "((map_of (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def)
-
-lemma m_b:
-shows "((map_of (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls) 1) = (Some ((TPrim TBool),(None ))))"
-by (simp add:p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_a:
-shows "((lookup_var_decl ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_a
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_b:
-shows "((lookup_var_decl ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TBool),(None ))))" and "((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TBool)))"
-using globals_locals_disj m_b
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_passive_prog.thy
deleted file mode 100644
index b23d295..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_before_passive_prog.thy
+++ /dev/null
@@ -1,62 +0,0 @@
-theory p_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assume (FunExp ''f'' [] [(Var 0)])),(Assume (FunExp ''g'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 0)])),(Assert (FunExp ''g'' [] [(Var 1)]))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 2))"
-unfolding p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 2)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-using p_before_ast_to_cfg_prog.locals_min p_before_ast_to_cfg_prog.globals_max
-by fastforce
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_cfgtodag_proof.thy
deleted file mode 100644
index 37c6ded..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_cfgtodag_proof.thy
+++ /dev/null
@@ -1,135 +0,0 @@
-theory p_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_ast_to_cfg_prog p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule p_before_cfg_to_dag_prog.node_0)
-apply (rule p_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding p_before_ast_to_cfg_prog.post_def
-apply (rule block_anon0)
-apply assumption+
-by (rule p_before_cfg_to_dag_prog.outEdges_0)
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:p_before_passive_prog.outEdges_1))
-by ((simp add:p_before_passive_prog.node_1 p_before_passive_prog.block_1_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule p_before_passive_prog.node_2)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding p_before_passive_prog.block_2_def
-apply (rule assume_pres_normal[where ?es=p_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding p_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule p_before_passive_prog.outEdges_2)
-apply ((simp add:p_before_passive_prog.node_1 p_before_passive_prog.block_1_def))
-apply (rule p_before_passive_prog.outEdges_1)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_a::int) (vc_b::bool) (vc_x::int) (vc_f::(int => bool)) (vc_g::(bool => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule p_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passification_proof.thy
deleted file mode 100644
index f073e04..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passification_proof.thy
+++ /dev/null
@@ -1,209 +0,0 @@
-theory p_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_0_def p_passive_prog.block_0_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_2_def p_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_a::int) (vc_b::bool) (vc_x::int) (vc_f::(int => bool)) (vc_g::(bool => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls ns p_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = [(0,(Inl 0)),(1,(Inl 1))]"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-apply ((simp add:p_before_ast_to_cfg_prog.l_a(2) p_passive_prog.l_a(2)))
-apply ((simp add:p_before_ast_to_cfg_prog.l_b(2) p_passive_prog.l_b(2)))
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using p_before_passive_prog.globals_locals_disj apply auto[1]
-using p_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 1)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 2)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range p_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from p_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passive_prog.thy
deleted file mode 100644
index 0a47d9a..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_passive_prog.thy
+++ /dev/null
@@ -1,87 +0,0 @@
-theory p_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assume (FunExp ''f'' [] [(Var 0)])),(Assume (FunExp ''g'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 0)])),(Assert (FunExp ''g'' [] [(Var 1)]))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = [(2,(TPrim TInt),(None ))]"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = []"
-lemma locals_min_aux:
-shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 2))"
-unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 2)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
-using p_passive_prog.locals_min p_before_ast_to_cfg_prog.globals_max
-by fastforce
-
-lemma m_x:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_a:
-shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj p_before_ast_to_cfg_prog.m_a
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_b:
-shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TBool),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some (TPrim TBool)))"
-using globals_locals_disj p_before_ast_to_cfg_prog.m_b
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_vcphase_proof.thy
deleted file mode 100644
index 89f9a42..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/globals_proofs/p_proofs/p_vcphase_proof.thy
+++ /dev/null
@@ -1,228 +0,0 @@
-theory p_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
-begin
-locale vc = 
-fixes f :: "(int => bool)" and g :: "(bool => bool)"
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0 a b = (((f a) \<and> (g b)) \<longrightarrow> ((f a) \<and> ((f a) \<longrightarrow> (g b))))"
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry a b = (vc_anon0 a b)"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and f :: "(((ty)list) => (((('a)val)list) => ((('a)val)option)))" and vc_f :: "(int => bool)" and g :: "(((ty)list) => (((('a)val)list) => ((('a)val)option)))" and vc_g :: "(bool => bool)" and vc_a :: "int" and vc_b :: "bool" and vc_x :: "int"
-assumes 
-G0: "((\<Gamma> ''f'') = (Some f))" and 
-G1: "(\<And> farg0. ((f [] [(IntV farg0)]) = (Some (BoolV (vc_f farg0)))))" and 
-G2: "((\<Gamma> ''g'') = (Some g))" and 
-G3: "(\<And> farg0. ((g [] [(BoolV farg0)]) = (Some (BoolV (vc_g farg0)))))" and 
-G4: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_a)))" and 
-G5: "((lookup_var \<Lambda> n_s 1) = (Some (BoolV vc_b)))" and 
-G6: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x)))" and 
-G7: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7
-lemmas forall_poly_thm = forall_vc_type[OF G7]
-lemmas exists_poly_thm = exists_vc_type[OF G7]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon0_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertSub,NONE), 
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_f vc_g vc_a vc_b) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding p_passive_prog.block_0_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s')" and 
-"(vc.vc_anon0 vc_f vc_g vc_a vc_b)"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_f vc_g vc_a vc_b)))))"
-using assms
-unfolding p_passive_prog.block_1_def
-apply cases
-by auto
-
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_f vc_g vc_a vc_b)))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding p_passive_prog.block_2_def vc.vc_PreconditionGeneratedEntry_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_f vc_g vc_a vc_b)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
-using block_anon0AA0[OF _ assms(2)] by blast
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_f vc_g vc_a vc_b)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_1])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_2])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and f :: "(((ty)list) => (((('a)val)list) => ((('a)val)option)))" and vc_f :: "(int => bool)" and g :: "(((ty)list) => (((('a)val)list) => ((('a)val)option)))" and vc_g :: "(bool => bool)"
-assumes 
-G0: "((\<Gamma> ''f'') = (Some f))" and 
-G1: "(\<And> farg0. ((f [] [(IntV farg0)]) = (Some (BoolV (vc_f farg0)))))" and 
-G2: "((\<Gamma> ''g'') = (Some g))" and 
-G3: "(\<And> farg0. ((g [] [(BoolV farg0)]) = (Some (BoolV (vc_g farg0)))))" and 
-G4: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4
-lemmas forall_poly_thm = forall_vc_type[OF G4]
-lemmas exists_poly_thm = exists_vc_type[OF G4]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-fun vc_fun_f
-  where
-    "vc_fun_f A f a = (case (f [] [(IntV a)]) of 
-(Some res) \<Rightarrow> (convert_val_to_bool res)
-|(None ) \<Rightarrow> (convert_val_to_bool (val_of_closed_type A (TPrimC TBool)))
-)"
-fun vc_fun_g
-  where
-    "vc_fun_g A g b = (case (g [] [(BoolV b)]) of 
-(Some res) \<Rightarrow> (convert_val_to_bool res)
-|(None ) \<Rightarrow> (convert_val_to_bool (val_of_closed_type A (TPrimC TBool)))
-)"
-lemma vc_f_corres:
-assumes 
-FInterp: "(fun_interp_single_wf A (0,[(TPrim TInt)],(TPrim TBool)) f)"
-shows "((f [] [(IntV a)]) = (Some (BoolV (vc_fun_f A f a))))"
-proof -
-from  FInterp obtain z where W:"((f [] [(IntV a)]) = (Some (BoolV z)))"
-  apply (simp only: fun_interp_single_wf.simps) 
-  apply (erule allE[where ?x="[]"])
-  apply (simp add: )
-  apply (erule allE[where ?x="[(IntV a)]"])?
-using tbool_boolv by auto
-from this  show ?thesis 
-by (simp add: W) qed
-
-lemma vc_g_corres:
-assumes 
-FInterp: "(fun_interp_single_wf A (0,[(TPrim TBool)],(TPrim TBool)) g)"
-shows "((g [] [(BoolV b)]) = (Some (BoolV (vc_fun_g A g b))))"
-proof -
-from  FInterp obtain z where W:"((g [] [(BoolV b)]) = (Some (BoolV z)))"
-  apply (simp only: fun_interp_single_wf.simps) 
-  apply (erule allE[where ?x="[]"])
-  apply (simp add: )
-  apply (erule allE[where ?x="[(BoolV b)]"])?
-using tbool_boolv by auto
-from this  show ?thesis 
-by (simp add: W) qed
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_a::int) (vc_b::bool) (vc_x::int) (vc_f::(int => bool)) (vc_g::(bool => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_g vc_a vc_b))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s p_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((p_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-let ?f = "opaque_comp the \<Gamma> ''f''"
-have im_f:"((\<Gamma> ''f'') = (Some ?f))"
-apply (simp only:opaque_comp_def)
-by (rule finterp_member[OF FInterp p_before_ast_to_cfg_prog.mfun_f])
-let ?g = "opaque_comp the \<Gamma> ''g''"
-have im_g:"((\<Gamma> ''g'') = (Some ?g))"
-apply (simp only:opaque_comp_def)
-by (rule finterp_member[OF FInterp p_before_ast_to_cfg_prog.mfun_g])
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
-apply (subst lookup_var_local[OF p_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ConstsGlobal have sc_a:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_before_ast_to_cfg_prog.m_a])
-apply (subst lookup_var_global_disj[OF p_passive_prog.globals_locals_disj p_before_ast_to_cfg_prog.m_a])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ConstsGlobal have sc_b:"(((lookup_var ?\<Lambda> n_s 1) = (Some (BoolV (convert_val_to_bool (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TBool)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_before_ast_to_cfg_prog.m_b])
-apply (subst lookup_var_global_disj[OF p_passive_prog.globals_locals_disj p_before_ast_to_cfg_prog.m_b])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (simp add:im_f)
-apply ((rule allI | rule impI)+)?
-apply ((tactic \<open> vc_fun_corres_tac @{context} @{thm vc_f_corres} @{thm FInterp} @{thm p_before_ast_to_cfg_prog.mfun_f} @{thm im_f} 1\<close>))
-apply (simp add:im_g)
-apply ((rule allI | rule impI)+)?
-apply ((tactic \<open> vc_fun_corres_tac @{context} @{thm vc_g_corres} @{thm FInterp} @{thm p_before_ast_to_cfg_prog.mfun_g} @{thm im_g} 1\<close>))
-apply (rule HOL.conjunct1[OF sc_a])
-apply (rule HOL.conjunct1[OF sc_b])
-apply (rule HOL.conjunct1[OF sc_x])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/ROOT
deleted file mode 100644
index 5059ebc..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session if_example_no_else_branch_proofs = Boogie_Lang + 
-directories if_example_no_else_branch_proofs
-theories
-global_data
-"if_example_no_else_branch_proofs/if_example_no_else_branch_vcphase_proof"
-"if_example_no_else_branch_proofs/if_example_no_else_branch_passification_proof"
-"if_example_no_else_branch_proofs/if_example_no_else_branch_before_ast_to_cfg_prog"
-"if_example_no_else_branch_proofs/if_example_no_else_branch_passive_prog"
-"if_example_no_else_branch_proofs/if_example_no_else_branch_before_passive_prog"
-"if_example_no_else_branch_proofs/if_example_no_else_branch_asttocfg_proof"
-"if_example_no_else_branch_proofs/if_example_no_else_branch_cfgtodag_proof"
-"if_example_no_else_branch_proofs/if_example_no_else_branch_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_asttocfg_proof.thy
deleted file mode 100644
index 9c00a55..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_asttocfg_proof.thy
+++ /dev/null
@@ -1,517 +0,0 @@
-theory if_example_no_else_branch_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML if_example_no_else_branch_before_ast_to_cfg_prog if_example_no_else_branch_before_cfg_to_dag_prog if_example_no_else_branch_cfgtodag_proof if_example_no_else_branch_passification_proof if_example_no_else_branch_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A if_example_no_else_branch_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6_def if_example_no_else_branch_before_cfg_to_dag_prog.block_6_def)
-apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_6_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_6_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6_def)+)
-done
-
-
-lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (simp)
-apply (rule cont_6_def)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_6)
-apply (rule disjI1)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.block_6_def)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_6)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.node_6)
-apply (rule rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_6)
-apply assumption+
-
-done
-qed
-
-lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Le (Lit (LInt 5))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_5_def)
-
-apply (rule astTrace)
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_5_def)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_5)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.block_5_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_le)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_5_def)
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.node_5)
-
-
-
-
-apply ((erule allE[where x = 6])+)
-apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_5)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_6)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Le (Lit (LInt 5))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_4_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: assms(3) if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4_def)+)
-done
-
-
-lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Le (Lit (LInt 5))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_4)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.block_4_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_4_def)
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.node_4)
-apply (rule rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_4)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x = 6])+)
-apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_4)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_6)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Invs[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_3_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_3_def)
-
-apply (rule astTrace)
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_3_def)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_3)
-apply (rule disjI1)
-
-
-
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_3_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-
-
-
-
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 5])+)
-apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_5)
-apply (simp add: cont_3_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_2_def)
-
-apply (rule astTrace)
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.node_2)
-
-
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_1_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_1_def)
-apply ((simp add: assms(3) if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1_def)+)
-done
-
-
-lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1_def)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_1)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.block_1_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_1_def)
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.node_1)
-apply (rule rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_1)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0_def if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_no_else_branch_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0 _ if_example_no_else_branch_before_cfg_to_dag_prog.block_0])
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: if_example_no_else_branch_before_cfg_to_dag_prog.node_0)
-apply (rule rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 2])+)
-apply ((simp add: if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_0_def if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A if_example_no_else_branch_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) if_example_no_else_branch_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_example_no_else_branch_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_if_example_no_else_branch_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.pres_def if_example_no_else_branch_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.pres_def if_example_no_else_branch_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3,bigblock_6] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (if_example_no_else_branch_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def cont_6_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) if_example_no_else_branch_before_ast_to_cfg_prog.fdecls if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.axioms if_example_no_else_branch_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 if_example_no_else_branch_before_ast_to_cfg_prog.ast_proc_def if_example_no_else_branch_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 04a1cfd..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,141 +0,0 @@
-theory if_example_no_else_branch_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) [(BigBlock (None ) [(Assign 0 (Lit (LInt 10)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [(Assign 0 (Lit (LInt 10)))] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 0) Le (Lit (LInt 5)))) [(BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))] (None ) (None ))"
-definition cont_6
-  where
-    "cont_6  = KStop"
-definition cont_3
-  where
-    "cont_3  = (KSeq bigblock_6 cont_6)"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_6 cont_6)"
-definition cont_5
-  where
-    "cont_5  = (KSeq bigblock_6 cont_6)"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KSeq bigblock_3 cont_3)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3,bigblock_6]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_example_no_else_branch_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec if_example_no_else_branch_before_ast_to_cfg_prog.post),proc_body = (Some (if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls,if_example_no_else_branch_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 166f702..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,182 +0,0 @@
-theory if_example_no_else_branch_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0)))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 0) Le (Lit (LInt 5)))),(Assign 0 (Lit (LInt 1)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 5)) Lt (Var 0)))]"
-definition block_6
-  where
-    "block_6  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1,2],[3],[3],[4,5],[6],[6],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [4,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls_def if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls),(append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls),(append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_no_else_branch_before_cfg_to_dag_prog.constants_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.globals_vdecls),(append if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = if_example_no_else_branch_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_example_no_else_branch_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec if_example_no_else_branch_before_cfg_to_dag_prog.post),proc_body = (Some (if_example_no_else_branch_before_cfg_to_dag_prog.locals_vdecls,if_example_no_else_branch_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_passive_prog.thy
deleted file mode 100644
index 5502ba7..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_before_passive_prog.thy
+++ /dev/null
@@ -1,128 +0,0 @@
-theory if_example_no_else_branch_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util if_example_no_else_branch_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Le (Lit (LInt 5)))),(Assign 0 (Lit (LInt 1)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Lt (Var 0)))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0)))]"
-definition block_6
-  where
-    "block_6  = [(Havoc 0)]"
-definition block_7
-  where
-    "block_7  = []"
-definition block_8
-  where
-    "block_8  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[3],[4,5],[6],[7]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 8,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [4,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_cfgtodag_proof.thy
deleted file mode 100644
index bae361e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_cfgtodag_proof.thy
+++ /dev/null
@@ -1,433 +0,0 @@
-theory if_example_no_else_branch_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML if_example_no_else_branch_before_ast_to_cfg_prog if_example_no_else_branch_before_cfg_to_dag_prog if_example_no_else_branch_before_passive_prog if_example_no_else_branch_passification_proof if_example_no_else_branch_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A if_example_no_else_branch_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon6:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_6_def if_example_no_else_branch_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_6)
-apply (rule if_example_no_else_branch_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.post_def
-apply (rule block_anon6)
-apply assumption+
-by (rule if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_6)
-
-
-lemma block_anon8_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_4_def if_example_no_else_branch_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_4)
-apply (rule if_example_no_else_branch_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon8_Then)
-apply (assumption+)
-apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_1))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon8_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_5_def if_example_no_else_branch_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_5)
-apply (rule if_example_no_else_branch_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon8_Else)
-apply (assumption+)
-apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_2))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_3_def if_example_no_else_branch_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_3)
-apply (rule if_example_no_else_branch_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon3)
-apply (assumption+)
-apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon7_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_1_def if_example_no_else_branch_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_1)
-apply (rule if_example_no_else_branch_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon7_Then)
-apply (assumption+)
-apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon7_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_2_def if_example_no_else_branch_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_2)
-apply (rule if_example_no_else_branch_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon7_Else)
-apply (assumption+)
-apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_no_else_branch_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_example_no_else_branch_before_cfg_to_dag_prog.block_0_def if_example_no_else_branch_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_example_no_else_branch_before_cfg_to_dag_prog.node_0)
-apply (rule if_example_no_else_branch_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:if_example_no_else_branch_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:if_example_no_else_branch_before_passive_prog.outEdges_7))
-by ((simp add:if_example_no_else_branch_before_passive_prog.node_7 if_example_no_else_branch_before_passive_prog.block_7_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 if_example_no_else_branch_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule if_example_no_else_branch_before_passive_prog.node_8)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding if_example_no_else_branch_before_passive_prog.block_8_def
-apply (rule assume_pres_normal[where ?es=if_example_no_else_branch_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule if_example_no_else_branch_before_passive_prog.outEdges_8)
-apply ((simp add:if_example_no_else_branch_before_passive_prog.node_7 if_example_no_else_branch_before_passive_prog.block_7_def))
-apply (rule if_example_no_else_branch_before_passive_prog.outEdges_7)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A if_example_no_else_branch_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) if_example_no_else_branch_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_example_no_else_branch_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] if_example_no_else_branch_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_example_no_else_branch_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule if_example_no_else_branch_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passification_proof.thy
deleted file mode 100644
index 23acd96..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passification_proof.thy
+++ /dev/null
@@ -1,328 +0,0 @@
-theory if_example_no_else_branch_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util if_example_no_else_branch_before_ast_to_cfg_prog if_example_no_else_branch_passive_prog Boogie_Lang.PassificationML if_example_no_else_branch_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon6:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_no_else_branch_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_no_else_branch_before_passive_prog.block_0_def if_example_no_else_branch_passive_prog.block_0_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inr (LInt 1))),(0,(Inl 3))]) R_old if_example_no_else_branch_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_no_else_branch_before_passive_prog.block_1_def if_example_no_else_branch_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:if_example_no_else_branch_before_ast_to_cfg_prog.l_x(2) if_example_no_else_branch_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon8_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old if_example_no_else_branch_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_no_else_branch_before_passive_prog.block_2_def if_example_no_else_branch_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:if_example_no_else_branch_before_ast_to_cfg_prog.l_x(2) if_example_no_else_branch_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_no_else_branch_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_no_else_branch_before_passive_prog.block_3_def if_example_no_else_branch_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 10))),(0,(Inl 2))]) R_old if_example_no_else_branch_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_no_else_branch_before_passive_prog.block_4_def if_example_no_else_branch_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:if_example_no_else_branch_before_ast_to_cfg_prog.l_x(2) if_example_no_else_branch_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon7_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old if_example_no_else_branch_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_no_else_branch_before_passive_prog.block_5_def if_example_no_else_branch_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:if_example_no_else_branch_before_ast_to_cfg_prog.l_x(2) if_example_no_else_branch_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old if_example_no_else_branch_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_no_else_branch_before_passive_prog.block_6_def if_example_no_else_branch_passive_prog.block_6_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:if_example_no_else_branch_before_ast_to_cfg_prog.l_x(2) if_example_no_else_branch_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_no_else_branch_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_no_else_branch_before_passive_prog.block_7_def if_example_no_else_branch_passive_prog.block_7_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_no_else_branch_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_no_else_branch_before_passive_prog.block_8_def if_example_no_else_branch_passive_prog.block_8_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon6:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_no_else_branch_before_passive_prog.node_0},@{thm if_example_no_else_branch_before_passive_prog.outEdges_0}) (@{thm if_example_no_else_branch_passive_prog.node_0},@{thm if_example_no_else_branch_passive_prog.outEdges_0}) @{thm block_anon6} [] 1\<close>))
-
-lemma cfg_block_anon8_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_no_else_branch_before_passive_prog.node_1},@{thm if_example_no_else_branch_before_passive_prog.outEdges_1}) (@{thm if_example_no_else_branch_passive_prog.node_1},@{thm if_example_no_else_branch_passive_prog.outEdges_1}) @{thm block_anon8_Then} [
-@{thm cfg_block_anon6}] 1\<close>))
-
-lemma cfg_block_anon8_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_no_else_branch_before_passive_prog.node_2},@{thm if_example_no_else_branch_before_passive_prog.outEdges_2}) (@{thm if_example_no_else_branch_passive_prog.node_2},@{thm if_example_no_else_branch_passive_prog.outEdges_2}) @{thm block_anon8_Else} [
-@{thm cfg_block_anon6}] 1\<close>))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_no_else_branch_before_passive_prog.node_3},@{thm if_example_no_else_branch_before_passive_prog.outEdges_3}) (@{thm if_example_no_else_branch_passive_prog.node_3},@{thm if_example_no_else_branch_passive_prog.outEdges_3}) @{thm block_anon3} [
-@{thm cfg_block_anon8_Then}, 
-@{thm cfg_block_anon8_Else}] 1\<close>))
-
-lemma cfg_block_anon7_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_no_else_branch_before_passive_prog.node_4},@{thm if_example_no_else_branch_before_passive_prog.outEdges_4}) (@{thm if_example_no_else_branch_passive_prog.node_4},@{thm if_example_no_else_branch_passive_prog.outEdges_4}) @{thm block_anon7_Then} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon7_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_no_else_branch_before_passive_prog.node_5},@{thm if_example_no_else_branch_before_passive_prog.outEdges_5}) (@{thm if_example_no_else_branch_passive_prog.node_5},@{thm if_example_no_else_branch_passive_prog.outEdges_5}) @{thm block_anon7_Else} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_example_no_else_branch_before_passive_prog.node_6},@{thm if_example_no_else_branch_before_passive_prog.outEdges_6}) (@{thm if_example_no_else_branch_passive_prog.node_6},@{thm if_example_no_else_branch_passive_prog.outEdges_6}) @{thm block_anon0} [
-@{thm cfg_block_anon7_Then}, 
-@{thm cfg_block_anon7_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_example_no_else_branch_before_passive_prog.node_7},@{thm if_example_no_else_branch_before_passive_prog.outEdges_7}) (@{thm if_example_no_else_branch_passive_prog.node_7},@{thm if_example_no_else_branch_passive_prog.outEdges_7}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_no_else_branch_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_example_no_else_branch_before_passive_prog.node_8},@{thm if_example_no_else_branch_before_passive_prog.outEdges_8}) (@{thm if_example_no_else_branch_passive_prog.node_8},@{thm if_example_no_else_branch_passive_prog.outEdges_8}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_before_ast_to_cfg_prog.params_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_example_no_else_branch_before_passive_prog.proc_body ((Inl 8),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A if_example_no_else_branch_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls ns if_example_no_else_branch_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv if_example_no_else_branch_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding if_example_no_else_branch_passive_prog.params_vdecls_def if_example_no_else_branch_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using if_example_no_else_branch_before_passive_prog.globals_locals_disj apply auto[1]
-using if_example_no_else_branch_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] if_example_no_else_branch_passive_prog.proc_body u (Inl 8)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range if_example_no_else_branch_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] if_example_no_else_branch_passive_prog.proc_body ((Inl 8),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from if_example_no_else_branch_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passive_prog.thy
deleted file mode 100644
index 449fbbb..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_passive_prog.thy
+++ /dev/null
@@ -1,170 +0,0 @@
-theory if_example_no_else_branch_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util if_example_no_else_branch_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 3) Gt (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 2) Le (Lit (LInt 5)))),(Assume (BinOp (Var 3) Eq (Lit (LInt 1))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Lt (Var 2))),(Assume (BinOp (Var 3) Eq (Var 2)))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 5)))),(Assume (BinOp (Var 2) Eq (Lit (LInt 10))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 1))),(Assume (BinOp (Var 2) Eq (Var 1)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = []"
-definition block_8
-  where
-    "block_8  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[3],[4,5],[6],[7]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 8,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [4,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding if_example_no_else_branch_passive_prog.params_vdecls_def if_example_no_else_branch_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)))) = {})"
-unfolding if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls_def if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_vcphase_proof.thy
deleted file mode 100644
index efd582d..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_proofs/if_example_no_else_branch_vcphase_proof.thy
+++ /dev/null
@@ -1,327 +0,0 @@
-theory if_example_no_else_branch_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML if_example_no_else_branch_passive_prog if_example_no_else_branch_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon6
-  where
-    "vc_anon6 x_2 = (x_2 > (0::int))"
-definition vc_anon8_Then
-  where
-    "vc_anon8_Then x_1 x_2 = (((x_1 \<le> (5::int)) \<and> (x_2 = (1::int))) \<longrightarrow> (vc_anon6 x_2))"
-definition vc_anon8_Else
-  where
-    "vc_anon8_Else x_1 x_2 = ((((5::int) < x_1) \<and> (x_2 = x_1)) \<longrightarrow> (vc_anon6 x_2))"
-definition vc_anon7_Then
-  where
-    "vc_anon7_Then x_0 x_1 x_2 = (((x_0 > (5::int)) \<and> (x_1 = (10::int))) \<longrightarrow> ((vc_anon8_Then x_1 x_2) \<and> (vc_anon8_Else x_1 x_2)))"
-definition vc_anon7_Else
-  where
-    "vc_anon7_Else x_0 x_1 x_2 = ((((5::int) \<ge> x_0) \<and> (x_1 = x_0)) \<longrightarrow> ((vc_anon8_Then x_1 x_2) \<and> (vc_anon8_Else x_1 x_2)))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 x_1 x_2 = ((vc_anon7_Then x_0 x_1 x_2) \<and> (vc_anon7_Else x_0 x_1 x_2))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_2)))" and 
-G4: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4
-lemmas forall_poly_thm = forall_vc_type[OF G4]
-lemmas exists_poly_thm = exists_vc_type[OF G4]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon6_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon6AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding if_example_no_else_branch_passive_prog.block_0_def vc.vc_anon6_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_Then_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon8_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_Then vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6 vc_x_2)))))))"
-unfolding if_example_no_else_branch_passive_prog.block_1_def vc.vc_anon8_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_Else_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon8_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_Else vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6 vc_x_2)))))))"
-unfolding if_example_no_else_branch_passive_prog.block_2_def vc.vc_anon8_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_3 (Normal n_s) s')" and 
-"((vc.vc_anon8_Then vc_x_1 vc_x_2) \<and> (vc.vc_anon8_Else vc_x_1 vc_x_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_Then vc_x_1 vc_x_2) \<and> (vc.vc_anon8_Else vc_x_1 vc_x_2))))))"
-using assms
-unfolding if_example_no_else_branch_passive_prog.block_3_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon7_Then_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon7_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_Then vc_x_1 vc_x_2) \<and> (vc.vc_anon8_Else vc_x_1 vc_x_2))))))))"
-unfolding if_example_no_else_branch_passive_prog.block_4_def vc.vc_anon7_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon7_Else_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon7_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_Then vc_x_1 vc_x_2) \<and> (vc.vc_anon8_Else vc_x_1 vc_x_2))))))))"
-unfolding if_example_no_else_branch_passive_prog.block_5_def vc.vc_anon7_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_6 (Normal n_s) s')" and 
-"((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))))))"
-using assms
-unfolding if_example_no_else_branch_passive_prog.block_6_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_7 (Normal n_s) s')" and 
-"((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))))))"
-using assms
-unfolding if_example_no_else_branch_passive_prog.block_7_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding if_example_no_else_branch_passive_prog.block_8_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon6:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) if_example_no_else_branch_passive_prog.node_0 if_example_no_else_branch_passive_prog.outEdges_0])
-using block_anon6AA0[OF _ assms(2)] by blast
-
-lemma cfg_block_anon8_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_Then vc_x_1 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_1])
-apply (erule block_anon8_ThenAA0[OF _ assms(2)])
-apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_Else vc_x_1 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_2])
-apply (erule block_anon8_ElseAA0[OF _ assms(2)])
-apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon8_Then vc_x_1 vc_x_2) \<and> (vc.vc_anon8_Else vc_x_1 vc_x_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_3])
-apply (erule block_anon3[OF _ assms(2)])
-apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_4])
-apply (erule block_anon7_ThenAA0[OF _ assms(2)])
-apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_5])
-apply (erule block_anon7_ElseAA0[OF _ assms(2)])
-apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_6])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon7_Then vc_x_0 vc_x_1 vc_x_2) \<and> (vc.vc_anon7_Else vc_x_0 vc_x_1 vc_x_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_7])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_no_else_branch_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_no_else_branch_passive_prog.node_8])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:if_example_no_else_branch_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls)) \<Gamma> [] if_example_no_else_branch_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A if_example_no_else_branch_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) if_example_no_else_branch_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls if_example_no_else_branch_before_ast_to_cfg_prog.globals_vdecls),(append if_example_no_else_branch_passive_prog.params_vdecls if_example_no_else_branch_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((if_example_no_else_branch_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_no_else_branch_passive_prog.m_x])
-apply (subst lookup_var_local[OF if_example_no_else_branch_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_no_else_branch_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF if_example_no_else_branch_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_no_else_branch_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF if_example_no_else_branch_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_no_else_branch_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF if_example_no_else_branch_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/ROOT
deleted file mode 100644
index 939a0b0..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session if_example_proofs = Boogie_Lang + 
-directories if_example_test_2_proofs
-theories
-global_data
-"if_example_test_2_proofs/if_example_test_2_before_cfg_to_dag_prog"
-"if_example_test_2_proofs/if_example_test_2_passification_proof"
-"if_example_test_2_proofs/if_example_test_2_before_ast_to_cfg_prog"
-"if_example_test_2_proofs/if_example_test_2_cfgtodag_proof"
-"if_example_test_2_proofs/if_example_test_2_asttocfg_proof"
-"if_example_test_2_proofs/if_example_test_2_before_passive_prog"
-"if_example_test_2_proofs/if_example_test_2_vcphase_proof"
-"if_example_test_2_proofs/if_example_test_2_passive_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_asttocfg_proof.thy
deleted file mode 100644
index bb83437..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_asttocfg_proof.thy
+++ /dev/null
@@ -1,360 +0,0 @@
-theory if_example_test_2_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML if_example_test_2_before_ast_to_cfg_prog if_example_test_2_before_cfg_to_dag_prog if_example_test_2_cfgtodag_proof if_example_test_2_passification_proof if_example_test_2_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A if_example_test_2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_3_def if_example_test_2_before_cfg_to_dag_prog.block_3_def)
-apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.block_3_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.block_3_def if_example_test_2_before_ast_to_cfg_prog.bigblock_3_def)+)
-done
-
-
-lemma global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_test_2_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-apply (rule cont_3_def)
-apply (rule if_example_test_2_before_cfg_to_dag_prog.node_3)
-apply (rule disjI1)
-apply (rule if_example_test_2_before_cfg_to_dag_prog.block_3_def)
-apply (rule if_example_test_2_before_cfg_to_dag_prog.outEdges_3)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: if_example_test_2_before_cfg_to_dag_prog.node_3)
-apply (rule rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_3)
-apply assumption+
-
-done
-qed
-
-lemma rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV False))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding if_example_test_2_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_fails_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply (simp add: if_example_test_2_before_cfg_to_dag_prog.block_2_def)
-apply (rule push_through_assumption1)
-apply (simp)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply ((simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_2_def)+)
-apply (rule neg_gt)
-apply (rule guardHint)
-done
-
-
-lemma global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_test_2_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule if_example_test_2_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule if_example_test_2_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: if_example_test_2_before_cfg_to_dag_prog.node_2)
-apply (rule rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_2)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
-unfolding if_example_test_2_before_cfg_to_dag_prog.block_1_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: if_example_test_2_before_cfg_to_dag_prog.block_1_def)
-apply ((simp add: assms(3) if_example_test_2_before_ast_to_cfg_prog.bigblock_1_def)+)
-done
-
-
-lemma global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_test_2_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 5))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_1_def)
-apply (rule if_example_test_2_before_cfg_to_dag_prog.node_1)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule if_example_test_2_before_cfg_to_dag_prog.block_1_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_1_def)
-apply (simp add: if_example_test_2_before_cfg_to_dag_prog.node_1)
-apply (rule rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_1)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_3)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_0_def if_example_test_2_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.block_0_def if_example_test_2_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_example_test_2_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of if_example_test_2_before_ast_to_cfg_prog.bigblock_0 _ if_example_test_2_before_cfg_to_dag_prog.block_0])
-apply (simp add: if_example_test_2_before_cfg_to_dag_prog.block_0_def if_example_test_2_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: if_example_test_2_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule if_example_test_2_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: if_example_test_2_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: if_example_test_2_before_cfg_to_dag_prog.node_0)
-apply (rule rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def if_example_test_2_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 2])+)
-apply ((simp add: if_example_test_2_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_0_def if_example_test_2_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (if_example_test_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A if_example_test_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> if_example_test_2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) if_example_test_2_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_example_test_2_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (if_example_test_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_if_example_test_2_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def if_example_test_2_before_ast_to_cfg_prog.pres_def if_example_test_2_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def if_example_test_2_before_ast_to_cfg_prog.pres_def if_example_test_2_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (if_example_test_2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) if_example_test_2_before_ast_to_cfg_prog.fdecls if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls if_example_test_2_before_ast_to_cfg_prog.axioms if_example_test_2_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding if_example_test_2_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 if_example_test_2_before_ast_to_cfg_prog.ast_proc_def if_example_test_2_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 78fef09..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,123 +0,0 @@
-theory if_example_test_2_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 5)))) [(BigBlock (None ) [(Assign 0 (Lit (LInt 10)))] (None ) (None ))] [(BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [(Assign 0 (Lit (LInt 10)))] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))] (None ) (None ))"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KSeq bigblock_3 cont_3)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding if_example_test_2_before_ast_to_cfg_prog.constants_vdecls_def if_example_test_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding if_example_test_2_before_ast_to_cfg_prog.constants_vdecls_def if_example_test_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding if_example_test_2_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding if_example_test_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = if_example_test_2_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_example_test_2_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec if_example_test_2_before_ast_to_cfg_prog.post),proc_body = (Some (if_example_test_2_before_ast_to_cfg_prog.locals_vdecls,if_example_test_2_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 8e67200..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,149 +0,0 @@
-theory if_example_test_2_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1,2],[3],[3],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding if_example_test_2_before_cfg_to_dag_prog.constants_vdecls_def if_example_test_2_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding if_example_test_2_before_cfg_to_dag_prog.constants_vdecls_def if_example_test_2_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding if_example_test_2_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding if_example_test_2_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding if_example_test_2_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_example_test_2_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding if_example_test_2_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls),(append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls),(append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_test_2_before_cfg_to_dag_prog.constants_vdecls if_example_test_2_before_cfg_to_dag_prog.globals_vdecls),(append if_example_test_2_before_cfg_to_dag_prog.params_vdecls if_example_test_2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = if_example_test_2_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_example_test_2_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec if_example_test_2_before_cfg_to_dag_prog.post),proc_body = (Some (if_example_test_2_before_cfg_to_dag_prog.locals_vdecls,if_example_test_2_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_passive_prog.thy
deleted file mode 100644
index 7bff80d..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory if_example_test_2_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util if_example_test_2_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 5)))),(Assign 0 (Lit (LInt 10)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 0))),(Assign 0 (Lit (LInt 1)))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding if_example_test_2_before_ast_to_cfg_prog.params_vdecls_def if_example_test_2_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding if_example_test_2_before_ast_to_cfg_prog.constants_vdecls_def if_example_test_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_cfgtodag_proof.thy
deleted file mode 100644
index 271e527..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_cfgtodag_proof.thy
+++ /dev/null
@@ -1,284 +0,0 @@
-theory if_example_test_2_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML if_example_test_2_before_ast_to_cfg_prog if_example_test_2_before_cfg_to_dag_prog if_example_test_2_before_passive_prog if_example_test_2_passification_proof if_example_test_2_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A if_example_test_2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_test_2_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_example_test_2_before_cfg_to_dag_prog.block_3_def if_example_test_2_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule if_example_test_2_before_cfg_to_dag_prog.node_3)
-apply (rule if_example_test_2_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding if_example_test_2_before_ast_to_cfg_prog.post_def
-apply (rule block_anon3)
-apply assumption+
-by (rule if_example_test_2_before_cfg_to_dag_prog.outEdges_3)
-
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_test_2_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_example_test_2_before_cfg_to_dag_prog.block_1_def if_example_test_2_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_example_test_2_before_cfg_to_dag_prog.node_1)
-apply (rule if_example_test_2_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon4_Then)
-apply (assumption+)
-apply ((simp add:if_example_test_2_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:if_example_test_2_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:if_example_test_2_before_passive_prog.outEdges_1))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_test_2_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_example_test_2_before_cfg_to_dag_prog.block_2_def if_example_test_2_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_example_test_2_before_cfg_to_dag_prog.node_2)
-apply (rule if_example_test_2_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon4_Else)
-apply (assumption+)
-apply ((simp add:if_example_test_2_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:if_example_test_2_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=0])
-apply ((simp add:if_example_test_2_before_passive_prog.outEdges_2))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_example_test_2_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_example_test_2_before_cfg_to_dag_prog.block_0_def if_example_test_2_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_example_test_2_before_cfg_to_dag_prog.node_0)
-apply (rule if_example_test_2_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:if_example_test_2_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:if_example_test_2_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:if_example_test_2_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:if_example_test_2_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:if_example_test_2_before_passive_prog.outEdges_4))
-by ((simp add:if_example_test_2_before_passive_prog.node_4 if_example_test_2_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 if_example_test_2_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule if_example_test_2_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding if_example_test_2_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=if_example_test_2_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding if_example_test_2_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule if_example_test_2_before_passive_prog.outEdges_5)
-apply ((simp add:if_example_test_2_before_passive_prog.node_4 if_example_test_2_before_passive_prog.block_4_def))
-apply (rule if_example_test_2_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A if_example_test_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> if_example_test_2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) if_example_test_2_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_example_test_2_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] if_example_test_2_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_example_test_2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule if_example_test_2_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passification_proof.thy
deleted file mode 100644
index daed1f0..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passification_proof.thy
+++ /dev/null
@@ -1,262 +0,0 @@
-theory if_example_test_2_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util if_example_test_2_before_ast_to_cfg_prog if_example_test_2_passive_prog Boogie_Lang.PassificationML if_example_test_2_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_test_2_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_test_2_before_passive_prog.block_0_def if_example_test_2_passive_prog.block_0_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 10))),(0,(Inl 2))]) R_old if_example_test_2_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_test_2_before_passive_prog.block_1_def if_example_test_2_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:if_example_test_2_before_ast_to_cfg_prog.l_x(2) if_example_test_2_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon4_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inr (LInt 1))),(0,(Inl 2))]) R_old if_example_test_2_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_test_2_before_passive_prog.block_2_def if_example_test_2_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:if_example_test_2_before_ast_to_cfg_prog.l_x(2) if_example_test_2_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old if_example_test_2_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_test_2_before_passive_prog.block_3_def if_example_test_2_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:if_example_test_2_before_ast_to_cfg_prog.l_x(2) if_example_test_2_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_test_2_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_test_2_before_passive_prog.block_4_def if_example_test_2_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_example_test_2_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_example_test_2_before_passive_prog.block_5_def if_example_test_2_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_test_2_before_passive_prog.node_0},@{thm if_example_test_2_before_passive_prog.outEdges_0}) (@{thm if_example_test_2_passive_prog.node_0},@{thm if_example_test_2_passive_prog.outEdges_0}) @{thm block_anon3} [] 1\<close>))
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_test_2_before_passive_prog.node_1},@{thm if_example_test_2_before_passive_prog.outEdges_1}) (@{thm if_example_test_2_passive_prog.node_1},@{thm if_example_test_2_passive_prog.outEdges_1}) @{thm block_anon4_Then} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_example_test_2_before_passive_prog.node_2},@{thm if_example_test_2_before_passive_prog.outEdges_2}) (@{thm if_example_test_2_passive_prog.node_2},@{thm if_example_test_2_passive_prog.outEdges_2}) @{thm block_anon4_Else} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_example_test_2_before_passive_prog.node_3},@{thm if_example_test_2_before_passive_prog.outEdges_3}) (@{thm if_example_test_2_passive_prog.node_3},@{thm if_example_test_2_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon4_Then}, 
-@{thm cfg_block_anon4_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_example_test_2_before_passive_prog.node_4},@{thm if_example_test_2_before_passive_prog.outEdges_4}) (@{thm if_example_test_2_passive_prog.node_4},@{thm if_example_test_2_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_example_test_2_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_example_test_2_before_passive_prog.node_5},@{thm if_example_test_2_before_passive_prog.outEdges_5}) (@{thm if_example_test_2_passive_prog.node_5},@{thm if_example_test_2_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_before_ast_to_cfg_prog.params_vdecls if_example_test_2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_example_test_2_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A if_example_test_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> if_example_test_2_before_ast_to_cfg_prog.constants_vdecls ns if_example_test_2_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv if_example_test_2_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding if_example_test_2_before_ast_to_cfg_prog.constants_vdecls_def if_example_test_2_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding if_example_test_2_passive_prog.params_vdecls_def if_example_test_2_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using if_example_test_2_before_passive_prog.globals_locals_disj apply auto[1]
-using if_example_test_2_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] if_example_test_2_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range if_example_test_2_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] if_example_test_2_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from if_example_test_2_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passive_prog.thy
deleted file mode 100644
index e717c53..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_passive_prog.thy
+++ /dev/null
@@ -1,128 +0,0 @@
-theory if_example_test_2_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util if_example_test_2_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 2) Gt (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 5)))),(Assume (BinOp (Var 2) Eq (Lit (LInt 10))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 5)) Ge (Var 1))),(Assume (BinOp (Var 2) Eq (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding if_example_test_2_passive_prog.params_vdecls_def if_example_test_2_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)))) = {})"
-unfolding if_example_test_2_before_ast_to_cfg_prog.constants_vdecls_def if_example_test_2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_vcphase_proof.thy
deleted file mode 100644
index c29b279..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_example_proofs/if_example_test_2_proofs/if_example_test_2_vcphase_proof.thy
+++ /dev/null
@@ -1,241 +0,0 @@
-theory if_example_test_2_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML if_example_test_2_passive_prog if_example_test_2_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon3
-  where
-    "vc_anon3 x_1 = (x_1 > (0::int))"
-definition vc_anon4_Then
-  where
-    "vc_anon4_Then x_0 x_1 = (((x_0 > (5::int)) \<and> (x_1 = (10::int))) \<longrightarrow> (vc_anon3 x_1))"
-definition vc_anon4_Else
-  where
-    "vc_anon4_Else x_0 x_1 = ((((5::int) \<ge> x_0) \<and> (x_1 = (1::int))) \<longrightarrow> (vc_anon3 x_1))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 x_1 = ((vc_anon4_Then x_0 x_1) \<and> (vc_anon4_Else x_0 x_1))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3
-lemmas forall_poly_thm = forall_vc_type[OF G3]
-lemmas exists_poly_thm = exists_vc_type[OF G3]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon3_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon3AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding if_example_test_2_passive_prog.block_0_def vc.vc_anon3_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Then_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon4_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
-unfolding if_example_test_2_passive_prog.block_1_def vc.vc_anon4_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_Else_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon4_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_Else vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1)))))))"
-unfolding if_example_test_2_passive_prog.block_2_def vc.vc_anon4_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.block_3 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
-using assms
-unfolding if_example_test_2_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))"
-using assms
-unfolding if_example_test_2_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding if_example_test_2_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) if_example_test_2_passive_prog.node_0 if_example_test_2_passive_prog.outEdges_0])
-using block_anon3AA0[OF _ assms(2)] by blast
-
-lemma cfg_block_anon4_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Then vc_x_0 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_test_2_passive_prog.node_1])
-apply (erule block_anon4_ThenAA0[OF _ assms(2)])
-apply ((simp add:if_example_test_2_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon4_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_Else vc_x_0 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_test_2_passive_prog.node_2])
-apply (erule block_anon4_ElseAA0[OF _ assms(2)])
-apply ((simp add:if_example_test_2_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_test_2_passive_prog.node_3])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:if_example_test_2_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon4_Then vc_x_0 vc_x_1) \<and> (vc.vc_anon4_Else vc_x_0 vc_x_1))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_test_2_passive_prog.node_4])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:if_example_test_2_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_example_test_2_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_example_test_2_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:if_example_test_2_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls)) \<Gamma> [] if_example_test_2_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0 vc_x_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A if_example_test_2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> if_example_test_2_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) if_example_test_2_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s if_example_test_2_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append if_example_test_2_before_ast_to_cfg_prog.constants_vdecls if_example_test_2_before_ast_to_cfg_prog.globals_vdecls),(append if_example_test_2_passive_prog.params_vdecls if_example_test_2_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((if_example_test_2_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_test_2_passive_prog.m_x])
-apply (subst lookup_var_local[OF if_example_test_2_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_test_2_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF if_example_test_2_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_example_test_2_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF if_example_test_2_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/ROOT
deleted file mode 100644
index 6cafaa5..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session if_inside_loop_proofs = Boogie_Lang + 
-directories if_inside_while_proofs
-theories
-global_data
-"if_inside_while_proofs/if_inside_while_passive_prog"
-"if_inside_while_proofs/if_inside_while_vcphase_proof"
-"if_inside_while_proofs/if_inside_while_before_ast_to_cfg_prog"
-"if_inside_while_proofs/if_inside_while_cfgtodag_proof"
-"if_inside_while_proofs/if_inside_while_before_passive_prog"
-"if_inside_while_proofs/if_inside_while_passification_proof"
-"if_inside_while_proofs/if_inside_while_asttocfg_proof"
-"if_inside_while_proofs/if_inside_while_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_asttocfg_proof.thy
deleted file mode 100644
index 743942d..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_asttocfg_proof.thy
+++ /dev/null
@@ -1,510 +0,0 @@
-theory if_inside_while_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML if_inside_while_before_ast_to_cfg_prog if_inside_while_before_cfg_to_dag_prog if_inside_while_cfgtodag_proof if_inside_while_passification_proof if_inside_while_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A if_inside_while_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_if_inside_while_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_5_def if_inside_while_before_cfg_to_dag_prog.block_6_def)
-apply ((simp add: if_inside_while_before_cfg_to_dag_prog.block_6_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: if_inside_while_before_cfg_to_dag_prog.block_6_def if_inside_while_before_ast_to_cfg_prog.bigblock_5_def)+)
-done
-
-
-lemma global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_inside_while_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (simp)
-apply (rule cont_5_def)
-apply (rule if_inside_while_before_cfg_to_dag_prog.node_6)
-apply (rule disjI1)
-apply (rule if_inside_while_before_cfg_to_dag_prog.block_6_def)
-apply (rule if_inside_while_before_cfg_to_dag_prog.outEdges_6)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_6)
-apply (rule rel_if_inside_while_before_ast_to_cfg_prog_bigblock_5)
-apply assumption+
-
-done
-qed
-
-lemma rel_if_inside_while_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV False))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-unfolding if_inside_while_before_cfg_to_dag_prog.block_4_def
-apply (rule guard_fails_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_4_def)
-apply (rule push_through_assumption1)
-apply (simp)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply ((simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_4_def)+)
-apply (rule neg_gt)
-apply (rule guardHint)
-done
-
-
-lemma global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_inside_while_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV False))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T if_inside_while_before_ast_to_cfg_prog.bigblock_1 cont_1 if_inside_while_before_cfg_to_dag_prog.proc_body 1 if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule if_inside_while_before_cfg_to_dag_prog.node_4)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule if_inside_while_before_cfg_to_dag_prog.block_4_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_4_def)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_4)
-apply (rule rel_if_inside_while_before_ast_to_cfg_prog_bigblock_4)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=1])+)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_if_inside_while_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
-unfolding if_inside_while_before_cfg_to_dag_prog.block_3_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_3_def)
-apply ((simp add: assms(3) if_inside_while_before_ast_to_cfg_prog.bigblock_3_def)+)
-done
-
-
-lemma global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_inside_while_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 1))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T if_inside_while_before_ast_to_cfg_prog.bigblock_1 cont_1 if_inside_while_before_cfg_to_dag_prog.proc_body 1 if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_3_def)
-apply (rule if_inside_while_before_cfg_to_dag_prog.node_3)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule if_inside_while_before_cfg_to_dag_prog.block_3_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_3_def)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_3)
-apply (rule rel_if_inside_while_before_ast_to_cfg_prog_bigblock_3)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=1])+)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_3)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_if_inside_while_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding if_inside_while_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: assms(3) if_inside_while_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_inside_while_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T if_inside_while_before_ast_to_cfg_prog.bigblock_1 cont_1 if_inside_while_before_cfg_to_dag_prog.proc_body 1 if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_2_def if_inside_while_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_2_def)
-apply (rule astTrace)
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule if_inside_while_before_cfg_to_dag_prog.node_2)
-
-apply (rule disjI2)
-apply (rule disjI1)
-
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (simp)
-
-
-apply (rule guardHint)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_2)
-apply (rule rel_if_inside_while_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_2_def)
-apply ((simp)+)
-apply (rule guardHint)
-apply (erule disjE)
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: cont_2_def if_inside_while_before_ast_to_cfg_prog.bigblock_3_def cont_3_def )
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_2_def if_inside_while_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_inside_while_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of if_inside_while_before_ast_to_cfg_prog.bigblock_1 _ _ _ if_inside_while_before_cfg_to_dag_prog.block_1])
-apply (simp add:if_inside_while_before_ast_to_cfg_prog.bigblock_1_def if_inside_while_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:if_inside_while_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of if_inside_while_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:if_inside_while_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.block_1_def if_inside_while_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def if_inside_while_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 5])+)
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_5)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_5)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_5)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_if_inside_while_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_0_def if_inside_while_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: if_inside_while_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: if_inside_while_before_cfg_to_dag_prog.block_0_def if_inside_while_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end if_inside_while_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of if_inside_while_before_ast_to_cfg_prog.bigblock_0 _ if_inside_while_before_cfg_to_dag_prog.block_0])
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_0_def if_inside_while_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_0_def if_inside_while_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_0_def if_inside_while_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_0_def)
-apply (rule if_inside_while_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: if_inside_while_before_cfg_to_dag_prog.node_0)
-apply (rule rel_if_inside_while_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: if_inside_while_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (if_inside_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_1 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A if_inside_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> if_inside_while_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) if_inside_while_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_inside_while_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (if_inside_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_if_inside_while_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def if_inside_while_before_ast_to_cfg_prog.pres_def if_inside_while_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def if_inside_while_before_ast_to_cfg_prog.pres_def if_inside_while_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_5] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (if_inside_while_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_5_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_1 vc_x_2))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) if_inside_while_before_ast_to_cfg_prog.fdecls if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls if_inside_while_before_ast_to_cfg_prog.axioms if_inside_while_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding if_inside_while_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 if_inside_while_before_ast_to_cfg_prog.ast_proc_def if_inside_while_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 17f5c2a..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,144 +0,0 @@
-theory if_inside_while_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [(BigBlock (None ) [(Assign 1 (Lit (LInt 10)))] (None ) (None ))] [(BigBlock (None ) [(Assign 1 (Lit (LInt 20)))] (None ) (None ))])) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [(BigBlock (None ) [(Assign 1 (Lit (LInt 10)))] (None ) (None ))] [(BigBlock (None ) [(Assign 1 (Lit (LInt 20)))] (None ) (None ))])) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 1)))) [(BigBlock (None ) [(Assign 1 (Lit (LInt 10)))] (None ) (None ))] [(BigBlock (None ) [(Assign 1 (Lit (LInt 20)))] (None ) (None ))])) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [(Assign 1 (Lit (LInt 10)))] (None ) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [(Assign 1 (Lit (LInt 20)))] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] (None ) (None ))"
-definition cont_5
-  where
-    "cont_5  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_5 cont_5)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_1 cont_1)"
-definition cont_3
-  where
-    "cont_3  = (KSeq bigblock_1 cont_1)"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_1 cont_1)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_5]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding if_inside_while_before_ast_to_cfg_prog.constants_vdecls_def if_inside_while_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding if_inside_while_before_ast_to_cfg_prog.constants_vdecls_def if_inside_while_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding if_inside_while_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding if_inside_while_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding if_inside_while_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = if_inside_while_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_inside_while_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec if_inside_while_before_ast_to_cfg_prog.post),proc_body = (Some (if_inside_while_before_ast_to_cfg_prog.locals_vdecls,if_inside_while_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 6bb2bd2..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,191 +0,0 @@
-theory if_inside_while_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 1)))),(Assign 1 (Lit (LInt 10)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 0))),(Assign 1 (Lit (LInt 20)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_6
-  where
-    "block_6  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[5,2],[3,4],[1],[1],[6],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [5,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding if_inside_while_before_cfg_to_dag_prog.constants_vdecls_def if_inside_while_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding if_inside_while_before_cfg_to_dag_prog.params_vdecls_def if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding if_inside_while_before_cfg_to_dag_prog.constants_vdecls_def if_inside_while_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding if_inside_while_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding if_inside_while_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding if_inside_while_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) if_inside_while_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding if_inside_while_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls),(append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls),(append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls),(append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls),(append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_cfg_to_dag_prog.constants_vdecls if_inside_while_before_cfg_to_dag_prog.globals_vdecls),(append if_inside_while_before_cfg_to_dag_prog.params_vdecls if_inside_while_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = if_inside_while_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec if_inside_while_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec if_inside_while_before_cfg_to_dag_prog.post),proc_body = (Some (if_inside_while_before_cfg_to_dag_prog.locals_vdecls,if_inside_while_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_passive_prog.thy
deleted file mode 100644
index c82e03f..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_before_passive_prog.thy
+++ /dev/null
@@ -1,139 +0,0 @@
-theory if_inside_while_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util if_inside_while_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 1)))),(Assign 1 (Lit (LInt 10))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 0))),(Assign 1 (Lit (LInt 20))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_4
-  where
-    "block_4  = [(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_6
-  where
-    "block_6  = [(Havoc 1),(Havoc 0)]"
-definition block_7
-  where
-    "block_7  = [(Havoc 0)]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[0],[4],[5,3],[6],[7],[8]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding if_inside_while_before_ast_to_cfg_prog.params_vdecls_def if_inside_while_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding if_inside_while_before_ast_to_cfg_prog.constants_vdecls_def if_inside_while_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_cfgtodag_proof.thy
deleted file mode 100644
index 2eeb816..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_cfgtodag_proof.thy
+++ /dev/null
@@ -1,498 +0,0 @@
-theory if_inside_while_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML if_inside_while_before_ast_to_cfg_prog if_inside_while_before_cfg_to_dag_prog if_inside_while_before_passive_prog if_inside_while_passification_proof if_inside_while_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A if_inside_while_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 if_inside_while_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def if_inside_while_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule if_inside_while_before_passive_prog.node_0)
-apply simp
-unfolding if_inside_while_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma Mods_anon6_Then:
-shows "(mods_contained_in (set [1,0]) if_inside_while_before_cfg_to_dag_prog.block_3)"
-unfolding if_inside_while_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon6_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_1 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_inside_while_before_cfg_to_dag_prog.block_3_def if_inside_while_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body [1,0] [] if_inside_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_inside_while_before_cfg_to_dag_prog.node_3)
-apply (rule if_inside_while_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon6_Then)
-apply (assumption+)
-apply (rule Mods_anon6_Then)
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon5_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_Else:
-shows "(mods_contained_in (set [1,0]) if_inside_while_before_cfg_to_dag_prog.block_4)"
-unfolding if_inside_while_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon6_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_inside_while_before_cfg_to_dag_prog.block_4_def if_inside_while_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body [1,0] [] if_inside_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_inside_while_before_cfg_to_dag_prog.node_4)
-apply (rule if_inside_while_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon6_Else)
-apply (assumption+)
-apply (rule Mods_anon6_Else)
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon5_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5_LoopBody:
-shows "(mods_contained_in (set [1,0]) if_inside_while_before_cfg_to_dag_prog.block_2)"
-unfolding if_inside_while_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_inside_while_before_cfg_to_dag_prog.block_2_def if_inside_while_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body [1,0] [] if_inside_while_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_inside_while_before_cfg_to_dag_prog.node_2)
-apply (rule if_inside_while_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon5_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon5_LoopBody)
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:if_inside_while_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon5_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:if_inside_while_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon5_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_inside_while_before_cfg_to_dag_prog.block_6_def if_inside_while_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule if_inside_while_before_cfg_to_dag_prog.node_6)
-apply (rule if_inside_while_before_passive_prog.node_4)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon4)
-apply assumption+
-apply (rule if_inside_while_before_cfg_to_dag_prog.outEdges_6)
-apply (rule if_inside_while_before_passive_prog.outEdges_4)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_inside_while_before_cfg_to_dag_prog.block_5_def if_inside_while_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_inside_while_before_cfg_to_dag_prog.node_5)
-apply (rule if_inside_while_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon5_LoopDone)
-apply (assumption+)
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:if_inside_while_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5_LoopHead:
-shows "(mods_contained_in (set [1,0]) if_inside_while_before_cfg_to_dag_prog.block_1)"
-unfolding if_inside_while_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_inside_while_before_cfg_to_dag_prog.block_1_def if_inside_while_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:if_inside_while_before_ast_to_cfg_prog.l_y(1)))
-apply ((simp add:if_inside_while_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule if_inside_while_before_cfg_to_dag_prog.node_1)
-apply (rule if_inside_while_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon5_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon5_LoopHead)
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:if_inside_while_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:if_inside_while_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] if_inside_while_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding if_inside_while_before_cfg_to_dag_prog.block_0_def if_inside_while_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule if_inside_while_before_cfg_to_dag_prog.node_0)
-apply (rule if_inside_while_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:if_inside_while_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:if_inside_while_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:if_inside_while_before_passive_prog.outEdges_8))
-by ((simp add:if_inside_while_before_passive_prog.node_8 if_inside_while_before_passive_prog.block_8_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 if_inside_while_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule if_inside_while_before_passive_prog.node_9)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding if_inside_while_before_passive_prog.block_9_def
-apply (rule assume_pres_normal[where ?es=if_inside_while_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding if_inside_while_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule if_inside_while_before_passive_prog.outEdges_9)
-apply ((simp add:if_inside_while_before_passive_prog.node_8 if_inside_while_before_passive_prog.block_8_def))
-apply (rule if_inside_while_before_passive_prog.outEdges_8)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_1 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A if_inside_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> if_inside_while_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) if_inside_while_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns if_inside_while_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] if_inside_while_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_inside_while_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule if_inside_while_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passification_proof.thy
deleted file mode 100644
index b6d5e5d..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passification_proof.thy
+++ /dev/null
@@ -1,344 +0,0 @@
-theory if_inside_while_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util if_inside_while_before_ast_to_cfg_prog if_inside_while_passive_prog Boogie_Lang.PassificationML if_inside_while_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_inside_while_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_inside_while_before_passive_prog.block_0_def if_inside_while_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(1,(Inr (LInt 10)))]) R_old if_inside_while_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_inside_while_before_passive_prog.block_1_def if_inside_while_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(1,(Inr (LInt 20)))]) R_old if_inside_while_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_inside_while_before_passive_prog.block_2_def if_inside_while_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(0,(Inl 5))]) R_old if_inside_while_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_inside_while_before_passive_prog.block_3_def if_inside_while_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:if_inside_while_before_ast_to_cfg_prog.l_x(2) if_inside_while_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_inside_while_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_inside_while_before_passive_prog.block_4_def if_inside_while_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_inside_while_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_inside_while_before_passive_prog.block_5_def if_inside_while_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4])) (update_nstate_rel R [(1,(Inl 3)),(0,(Inl 4))]) R_old if_inside_while_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_inside_while_before_passive_prog.block_6_def if_inside_while_passive_prog.block_6_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:if_inside_while_before_ast_to_cfg_prog.l_y(2) if_inside_while_passive_prog.l_y_0(2)))
-apply ((simp add:if_inside_while_before_ast_to_cfg_prog.l_x(2) if_inside_while_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old if_inside_while_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_inside_while_before_passive_prog.block_7_def if_inside_while_passive_prog.block_7_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:if_inside_while_before_ast_to_cfg_prog.l_x(2) if_inside_while_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_inside_while_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_inside_while_before_passive_prog.block_8_def if_inside_while_passive_prog.block_8_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old if_inside_while_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding if_inside_while_before_passive_prog.block_9_def if_inside_while_passive_prog.block_9_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_inside_while_before_passive_prog.node_0},@{thm if_inside_while_before_passive_prog.outEdges_0}) (@{thm if_inside_while_passive_prog.node_0},@{thm if_inside_while_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon6_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_inside_while_before_passive_prog.node_1},@{thm if_inside_while_before_passive_prog.outEdges_1}) (@{thm if_inside_while_passive_prog.node_1},@{thm if_inside_while_passive_prog.outEdges_1}) @{thm block_anon6_Then} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon6_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_inside_while_before_passive_prog.node_2},@{thm if_inside_while_before_passive_prog.outEdges_2}) (@{thm if_inside_while_passive_prog.node_2},@{thm if_inside_while_passive_prog.outEdges_2}) @{thm block_anon6_Else} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_inside_while_before_passive_prog.node_3},@{thm if_inside_while_before_passive_prog.outEdges_3}) (@{thm if_inside_while_passive_prog.node_3},@{thm if_inside_while_passive_prog.outEdges_3}) @{thm block_anon5_LoopBody} [
-@{thm cfg_block_anon6_Then}, 
-@{thm cfg_block_anon6_Else}] 1\<close>))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_inside_while_before_passive_prog.node_4},@{thm if_inside_while_before_passive_prog.outEdges_4}) (@{thm if_inside_while_passive_prog.node_4},@{thm if_inside_while_passive_prog.outEdges_4}) @{thm block_anon4} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm if_inside_while_before_passive_prog.node_5},@{thm if_inside_while_before_passive_prog.outEdges_5}) (@{thm if_inside_while_passive_prog.node_5},@{thm if_inside_while_passive_prog.outEdges_5}) @{thm block_anon5_LoopDone} [
-@{thm cfg_block_anon4}] 1\<close>))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_inside_while_before_passive_prog.node_6},@{thm if_inside_while_before_passive_prog.outEdges_6}) (@{thm if_inside_while_passive_prog.node_6},@{thm if_inside_while_passive_prog.outEdges_6}) @{thm block_anon5_LoopHead} [
-@{thm cfg_block_anon5_LoopDone}, 
-@{thm cfg_block_anon5_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_inside_while_before_passive_prog.node_7},@{thm if_inside_while_before_passive_prog.outEdges_7}) (@{thm if_inside_while_passive_prog.node_7},@{thm if_inside_while_passive_prog.outEdges_7}) @{thm block_anon0} [
-@{thm cfg_block_anon5_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_inside_while_before_passive_prog.node_8},@{thm if_inside_while_before_passive_prog.outEdges_8}) (@{thm if_inside_while_passive_prog.node_8},@{thm if_inside_while_passive_prog.outEdges_8}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> if_inside_while_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm if_inside_while_before_passive_prog.node_9},@{thm if_inside_while_before_passive_prog.outEdges_9}) (@{thm if_inside_while_passive_prog.node_9},@{thm if_inside_while_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_before_ast_to_cfg_prog.params_vdecls if_inside_while_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] if_inside_while_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_1 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A if_inside_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> if_inside_while_before_ast_to_cfg_prog.constants_vdecls ns if_inside_while_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv if_inside_while_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding if_inside_while_before_ast_to_cfg_prog.constants_vdecls_def if_inside_while_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding if_inside_while_passive_prog.params_vdecls_def if_inside_while_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using if_inside_while_before_passive_prog.globals_locals_disj apply auto[1]
-using if_inside_while_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] if_inside_while_passive_prog.proc_body u (Inl 9)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range if_inside_while_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] if_inside_while_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from if_inside_while_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passive_prog.thy
deleted file mode 100644
index 94585db..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_passive_prog.thy
+++ /dev/null
@@ -1,199 +0,0 @@
-theory if_inside_while_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util if_inside_while_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 5) Gt (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 1)) Ge (Var 5))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 4) Sub (Lit (LInt 1)))))]"
-definition block_4
-  where
-    "block_4  = [(Assert (BinOp (Var 4) Eq (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = []"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[0],[4],[5,3],[6],[7],[8]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding if_inside_while_passive_prog.params_vdecls_def if_inside_while_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)))) = {})"
-unfolding if_inside_while_before_ast_to_cfg_prog.constants_vdecls_def if_inside_while_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_vcphase_proof.thy
deleted file mode 100644
index c40f194..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/if_inside_loop_proofs/if_inside_while_proofs/if_inside_while_vcphase_proof.thy
+++ /dev/null
@@ -1,353 +0,0 @@
-theory if_inside_while_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML if_inside_while_passive_prog if_inside_while_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon6_Then
-  where
-    "vc_anon6_Then  = True"
-definition vc_anon6_Else
-  where
-    "vc_anon6_Else  = True"
-definition vc_anon5_LoopBody
-  where
-    "vc_anon5_LoopBody x_1 x_2 = (((x_1 > (0::int)) \<and> (x_2 = (x_1 - (1::int)))) \<longrightarrow> ((vc_anon6_Then ) \<and> (vc_anon6_Else )))"
-definition vc_anon4
-  where
-    "vc_anon4 x_1 = (x_1 = (0::int))"
-definition vc_anon5_LoopDone
-  where
-    "vc_anon5_LoopDone x_1 = (((0::int) \<ge> x_1) \<longrightarrow> (vc_anon4 x_1))"
-definition vc_anon0
-  where
-    "vc_anon0 x_1 x_2 = ((vc_anon5_LoopDone x_1) \<and> (vc_anon5_LoopBody x_1 x_2))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_1)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_x_2)))" and 
-G6: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6
-lemmas forall_poly_thm = forall_vc_type[OF G6]
-lemmas exists_poly_thm = exists_vc_type[OF G6]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding if_inside_while_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon6_Then_hints = [
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon6_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_Then ) \<Longrightarrow> (s' = Magic)))"
-unfolding if_inside_while_passive_prog.block_1_def vc.vc_anon6_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_Else_hints = [
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon6_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_Else ) \<Longrightarrow> (s' = Magic)))"
-unfolding if_inside_while_passive_prog.block_2_def vc.vc_anon6_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_Else_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_Then ) \<and> (vc.vc_anon6_Else ))))))))"
-unfolding if_inside_while_passive_prog.block_3_def vc.vc_anon5_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon4AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding if_inside_while_passive_prog.block_4_def vc.vc_anon4_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_1)))))))"
-unfolding if_inside_while_passive_prog.block_5_def vc.vc_anon5_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_6 (Normal n_s) s')" and 
-"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))))))"
-using assms
-unfolding if_inside_while_passive_prog.block_6_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_7 (Normal n_s) s')" and 
-"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))))))"
-using assms
-unfolding if_inside_while_passive_prog.block_7_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_8 (Normal n_s) s')" and 
-"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))))))"
-using assms
-unfolding if_inside_while_passive_prog.block_8_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding if_inside_while_passive_prog.block_9_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) if_inside_while_passive_prog.node_0 if_inside_while_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon6_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_Then )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) if_inside_while_passive_prog.node_1])
-by (erule block_anon6_ThenAA0[OF _ assms(2)])
-
-lemma cfg_block_anon6_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_Else )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) if_inside_while_passive_prog.node_2])
-by (erule block_anon6_ElseAA0[OF _ assms(2)])
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopBody vc_x_1 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_inside_while_passive_prog.node_3])
-apply (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:if_inside_while_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) if_inside_while_passive_prog.node_4])
-apply (erule block_anon4AA0[OF _ assms(2)])
-apply ((simp add:if_inside_while_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopDone vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_inside_while_passive_prog.node_5])
-apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:if_inside_while_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_inside_while_passive_prog.node_6])
-apply (erule block_anon5_LoopHead[OF _ assms(2)])
-apply ((simp add:if_inside_while_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_inside_while_passive_prog.node_7])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:if_inside_while_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_LoopDone vc_x_1) \<and> (vc.vc_anon5_LoopBody vc_x_1 vc_x_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_inside_while_passive_prog.node_8])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:if_inside_while_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> if_inside_while_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_1 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) if_inside_while_passive_prog.node_9])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:if_inside_while_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls)) \<Gamma> [] if_inside_while_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_1 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A if_inside_while_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> if_inside_while_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) if_inside_while_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s if_inside_while_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append if_inside_while_before_ast_to_cfg_prog.constants_vdecls if_inside_while_before_ast_to_cfg_prog.globals_vdecls),(append if_inside_while_passive_prog.params_vdecls if_inside_while_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((if_inside_while_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_inside_while_passive_prog.m_x])
-apply (subst lookup_var_local[OF if_inside_while_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_inside_while_passive_prog.m_y])
-apply (subst lookup_var_local[OF if_inside_while_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_inside_while_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF if_inside_while_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_inside_while_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF if_inside_while_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_inside_while_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF if_inside_while_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF if_inside_while_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF if_inside_while_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/ROOT
deleted file mode 100644
index a70eed0..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session loop_example_no_inv_proofs = Boogie_Lang + 
-directories m_proofs
-theories
-global_data
-"m_proofs/m_asttocfg_proof"
-"m_proofs/m_before_cfg_to_dag_prog"
-"m_proofs/m_passification_proof"
-"m_proofs/m_vcphase_proof"
-"m_proofs/m_before_passive_prog"
-"m_proofs/m_passive_prog"
-"m_proofs/m_cfgtodag_proof"
-"m_proofs/m_before_ast_to_cfg_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_asttocfg_proof.thy
deleted file mode 100644
index 88ccfc3..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_asttocfg_proof.thy
+++ /dev/null
@@ -1,352 +0,0 @@
-theory m_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML m_before_ast_to_cfg_prog m_before_cfg_to_dag_prog m_cfgtodag_proof m_passification_proof m_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_m_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_3_def m_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: m_before_cfg_to_dag_prog.block_4_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: m_before_cfg_to_dag_prog.block_4_def m_before_ast_to_cfg_prog.bigblock_3_def)+)
-done
-
-
-lemma global_rel_m_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-apply (rule cont_3_def)
-apply (rule m_before_cfg_to_dag_prog.node_4)
-apply (rule disjI1)
-apply (rule m_before_cfg_to_dag_prog.block_4_def)
-apply (rule m_before_cfg_to_dag_prog.outEdges_4)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: m_before_cfg_to_dag_prog.node_4)
-apply (rule rel_m_before_ast_to_cfg_prog_bigblock_3)
-apply assumption+
-
-done
-qed
-
-lemma rel_m_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Var 1)) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding m_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: m_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: assms(3) m_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_m_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Var 1)) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T m_before_ast_to_cfg_prog.bigblock_1 cont_1 m_before_cfg_to_dag_prog.proc_body 1 m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule m_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule m_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: m_before_cfg_to_dag_prog.node_2)
-apply (rule rel_m_before_ast_to_cfg_prog_bigblock_2)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=1])+)
-apply (simp add: m_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_m_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of m_before_ast_to_cfg_prog.bigblock_1 _ _ _ m_before_cfg_to_dag_prog.block_1])
-apply (simp add:m_before_ast_to_cfg_prog.bigblock_1_def m_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:m_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of m_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:m_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:m_before_cfg_to_dag_prog.block_1_def m_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_m_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def m_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_m_before_ast_to_cfg_prog_bigblock_3)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: m_before_cfg_to_dag_prog.node_3)
-apply (simp add: m_before_cfg_to_dag_prog.block_3_def)
-apply (rule neg_lt)
-apply (simp)
-apply (simp add: m_before_cfg_to_dag_prog.outEdges_3)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: m_before_cfg_to_dag_prog.node_3)
-apply (simp add: m_before_cfg_to_dag_prog.block_3_def)
-apply (rule neg_lt)
-apply (simp)
-apply (simp add: m_before_cfg_to_dag_prog.outEdges_3)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_m_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: m_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: m_before_cfg_to_dag_prog.block_0_def m_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_m_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_0 _ m_before_cfg_to_dag_prog.block_0])
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: m_before_cfg_to_dag_prog.block_0_def)
-apply (rule m_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: m_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: m_before_cfg_to_dag_prog.node_0)
-apply (rule rel_m_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: m_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_m_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) m_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns m_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_m_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def m_before_ast_to_cfg_prog.pres_def m_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def m_before_ast_to_cfg_prog.pres_def m_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) m_before_ast_to_cfg_prog.fdecls m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls m_before_ast_to_cfg_prog.axioms m_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding m_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 m_before_ast_to_cfg_prog.ast_proc_def m_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 61078eb..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,132 +0,0 @@
-theory m_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Var 1))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Var 1))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [(Assert (BinOp (Var 0) Ge (Var 1)))] (None ) (None ))"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_1 cont_1)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding m_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding m_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding m_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding m_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_i:
-shows "((map_of (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_n:
-shows "((map_of (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_i:
-shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_i
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_n:
-shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = m_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec m_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec m_before_ast_to_cfg_prog.post),proc_body = (Some (m_before_ast_to_cfg_prog.locals_vdecls,m_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 905eaaa..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,169 +0,0 @@
-theory m_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Lt (Var 1))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 1) Le (Var 0)))]"
-definition block_4
-  where
-    "block_4  = [(Assert (BinOp (Var 0) Ge (Var 1)))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[3,2],[1],[4],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding m_before_cfg_to_dag_prog.constants_vdecls_def m_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding m_before_cfg_to_dag_prog.constants_vdecls_def m_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding m_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding m_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding m_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding m_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_i:
-shows "((map_of (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_n:
-shows "((map_of (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_i:
-shows "((lookup_var_decl ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_i
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_n:
-shows "((lookup_var_decl ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = m_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec m_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec m_before_cfg_to_dag_prog.post),proc_body = (Some (m_before_cfg_to_dag_prog.locals_vdecls,m_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_passive_prog.thy
deleted file mode 100644
index 714a490..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_before_passive_prog.thy
+++ /dev/null
@@ -1,117 +0,0 @@
-theory m_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Lt (Var 1))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assert (BinOp (Var 0) Ge (Var 1)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 1) Le (Var 0)))]"
-definition block_4
-  where
-    "block_4  = [(Havoc 0)]"
-definition block_5
-  where
-    "block_5  = [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[3,1],[4],[5],[6]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_cfgtodag_proof.thy
deleted file mode 100644
index 6d10f17..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_cfgtodag_proof.thy
+++ /dev/null
@@ -1,375 +0,0 @@
-theory m_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML m_before_ast_to_cfg_prog m_before_cfg_to_dag_prog m_before_passive_prog m_passification_proof m_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 m_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def m_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule m_before_passive_prog.node_0)
-apply simp
-unfolding m_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma Mods_anon3_LoopBody:
-shows "(mods_contained_in (set [0]) m_before_cfg_to_dag_prog.block_2)"
-unfolding m_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon3_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_1 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_2_def m_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon3_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body [0] [] m_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule m_before_cfg_to_dag_prog.node_2)
-apply (rule m_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon3_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon3_LoopBody)
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon3_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon2:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_4_def m_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon2:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule m_before_cfg_to_dag_prog.node_4)
-apply (rule m_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon2)
-apply assumption+
-apply (rule m_before_cfg_to_dag_prog.outEdges_4)
-apply (rule m_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon3_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_3_def m_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule m_before_cfg_to_dag_prog.node_3)
-apply (rule m_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon3_LoopDone)
-apply (assumption+)
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:m_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon3_LoopHead:
-shows "(mods_contained_in (set [0]) m_before_cfg_to_dag_prog.block_1)"
-unfolding m_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon3_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_1_def m_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:m_before_ast_to_cfg_prog.l_i(1)))
-apply simp
-done
-
-lemma cfg_block_anon3_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule m_before_cfg_to_dag_prog.node_1)
-apply (rule m_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon3_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon3_LoopHead)
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:m_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:m_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_0_def m_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule m_before_cfg_to_dag_prog.node_0)
-apply (rule m_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:m_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:m_before_passive_prog.outEdges_6))
-by ((simp add:m_before_passive_prog.node_6 m_before_passive_prog.block_6_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 m_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule m_before_passive_prog.node_7)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding m_before_passive_prog.block_7_def
-apply (rule assume_pres_normal[where ?es=m_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding m_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule m_before_passive_prog.outEdges_7)
-apply ((simp add:m_before_passive_prog.node_6 m_before_passive_prog.block_6_def))
-apply (rule m_before_passive_prog.outEdges_6)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) m_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns m_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule m_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passification_proof.thy
deleted file mode 100644
index 7730eca..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passification_proof.thy
+++ /dev/null
@@ -1,314 +0,0 @@
-theory m_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_ast_to_cfg_prog m_passive_prog Boogie_Lang.PassificationML m_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_0_def m_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old m_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_1_def m_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:m_before_ast_to_cfg_prog.l_i(2) m_passive_prog.l_i_1(2)))
-by simp
-
-lemma block_anon2:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_2_def m_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_3_def m_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old m_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_4_def m_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:m_before_ast_to_cfg_prog.l_i(2) m_passive_prog.l_i_0(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old m_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_5_def m_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_6_def m_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_7_def m_passive_prog.block_7_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm m_before_passive_prog.node_0},@{thm m_before_passive_prog.outEdges_0}) (@{thm m_passive_prog.node_0},@{thm m_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon3_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_1},@{thm m_before_passive_prog.outEdges_1}) (@{thm m_passive_prog.node_1},@{thm m_passive_prog.outEdges_1}) @{thm block_anon3_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon2:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_2},@{thm m_before_passive_prog.outEdges_2}) (@{thm m_passive_prog.node_2},@{thm m_passive_prog.outEdges_2}) @{thm block_anon2} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_3},@{thm m_before_passive_prog.outEdges_3}) (@{thm m_passive_prog.node_3},@{thm m_passive_prog.outEdges_3}) @{thm block_anon3_LoopDone} [
-@{thm cfg_block_anon2}] 1\<close>))
-
-lemma cfg_block_anon3_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_4},@{thm m_before_passive_prog.outEdges_4}) (@{thm m_passive_prog.node_4},@{thm m_passive_prog.outEdges_4}) @{thm block_anon3_LoopHead} [
-@{thm cfg_block_anon3_LoopDone}, 
-@{thm cfg_block_anon3_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_5},@{thm m_before_passive_prog.outEdges_5}) (@{thm m_passive_prog.node_5},@{thm m_passive_prog.outEdges_5}) @{thm block_anon0} [
-@{thm cfg_block_anon3_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_6},@{thm m_before_passive_prog.outEdges_6}) (@{thm m_passive_prog.node_6},@{thm m_passive_prog.outEdges_6}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_7},@{thm m_before_passive_prog.outEdges_7}) (@{thm m_passive_prog.node_7},@{thm m_passive_prog.outEdges_7}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] m_before_passive_prog.proc_body ((Inl 7),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls ns m_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = [(1,(Inl 1))]"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-apply ((simp add:m_before_ast_to_cfg_prog.l_n(2) m_passive_prog.l_n(2)))
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv m_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding m_passive_prog.params_vdecls_def m_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using m_before_passive_prog.globals_locals_disj apply auto[1]
-using m_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 1)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] m_passive_prog.proc_body u (Inl 7)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range m_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] m_passive_prog.proc_body ((Inl 7),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from m_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passive_prog.thy
deleted file mode 100644
index 562a3a2..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_passive_prog.thy
+++ /dev/null
@@ -1,159 +0,0 @@
-theory m_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 2) Lt (Var 1))),(Assume (BinOp (Var 3) Eq (BinOp (Var 2) Add (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assert (BinOp (Var 2) Ge (Var 1)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 1) Le (Var 2)))]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[3,1],[4],[5],[6]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding m_passive_prog.params_vdecls_def m_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) = {})"
-unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_i:
-shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_n:
-shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_i_0:
-shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_i_1:
-shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_i:
-shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_i
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_n:
-shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_i_0:
-shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_i_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_i_1:
-shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_i_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_vcphase_proof.thy
deleted file mode 100644
index afb76d1..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_no_inv_proofs/m_proofs/m_vcphase_proof.thy
+++ /dev/null
@@ -1,291 +0,0 @@
-theory m_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML m_passive_prog m_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon3_LoopBody
-  where
-    "vc_anon3_LoopBody  = True"
-definition vc_anon2
-  where
-    "vc_anon2 i_0 n = (i_0 \<ge> n)"
-definition vc_anon3_LoopDone
-  where
-    "vc_anon3_LoopDone n i_0 = ((n \<le> i_0) \<longrightarrow> (vc_anon2 i_0 n))"
-definition vc_anon0
-  where
-    "vc_anon0 n i_0 = ((n > (0::int)) \<longrightarrow> ((vc_anon3_LoopDone n i_0) \<and> (vc_anon3_LoopBody )))"
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry n i_0 = (vc_anon0 n i_0)"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_i :: "int" and vc_n :: "int" and vc_i_0 :: "int" and vc_i_1 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_i)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_n)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_i_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_i_1)))" and 
-G4: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4
-lemmas forall_poly_thm = forall_vc_type[OF G4]
-lemmas exists_poly_thm = exists_vc_type[OF G4]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding m_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon3_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon3_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopBody ) \<Longrightarrow> (s' = Magic)))"
-unfolding m_passive_prog.block_1_def vc.vc_anon3_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon2_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon2AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2 vc_i_0 vc_n) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding m_passive_prog.block_2_def vc.vc_anon2_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon3_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon3_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon2 vc_i_0 vc_n)))))))"
-unfolding m_passive_prog.block_3_def vc.vc_anon3_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon3_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon3_LoopDone vc_n vc_i_0) \<and> (vc.vc_anon3_LoopBody ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<and> (vc.vc_anon3_LoopBody ))))))"
-using assms
-unfolding m_passive_prog.block_4_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon0_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_n vc_i_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<and> (vc.vc_anon3_LoopBody ))))))))"
-unfolding m_passive_prog.block_5_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_6 (Normal n_s) s')" and 
-"(vc.vc_anon0 vc_n vc_i_0)"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_i_0)))))"
-using assms
-unfolding m_passive_prog.block_6_def
-apply cases
-by auto
-
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_n vc_i_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_i_0)))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding m_passive_prog.block_7_def vc.vc_PreconditionGeneratedEntry_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) m_passive_prog.node_0 m_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon3_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3_LoopBody )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) m_passive_prog.node_1])
-by (erule block_anon3_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon2:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon2 vc_i_0 vc_n)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) m_passive_prog.node_2])
-apply (erule block_anon2AA0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3_LoopDone vc_n vc_i_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_3])
-apply (erule block_anon3_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon3_LoopDone vc_n vc_i_0) \<and> (vc.vc_anon3_LoopBody ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_4])
-apply (erule block_anon3_LoopHead[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_n vc_i_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_n vc_i_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_6])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry vc_n vc_i_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_7])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) \<Gamma> [] m_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) m_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s m_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((m_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_i:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i])
-apply (subst lookup_var_local[OF m_passive_prog.m_i])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_n:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_n])
-apply (subst lookup_var_local[OF m_passive_prog.m_n])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_i_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i_0])
-apply (subst lookup_var_local[OF m_passive_prog.m_i_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_i_1:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i_1])
-apply (subst lookup_var_local[OF m_passive_prog.m_i_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_i])
-apply (rule HOL.conjunct1[OF sc_n])
-apply (rule HOL.conjunct1[OF sc_i_0])
-apply (rule HOL.conjunct1[OF sc_i_1])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/ROOT
deleted file mode 100644
index 4a63813..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session loop_example_proofs = Boogie_Lang + 
-directories m_proofs
-theories
-global_data
-"m_proofs/m_asttocfg_proof"
-"m_proofs/m_before_cfg_to_dag_prog"
-"m_proofs/m_passification_proof"
-"m_proofs/m_vcphase_proof"
-"m_proofs/m_before_passive_prog"
-"m_proofs/m_passive_prog"
-"m_proofs/m_cfgtodag_proof"
-"m_proofs/m_before_ast_to_cfg_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_asttocfg_proof.thy
deleted file mode 100644
index f74f3cf..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_asttocfg_proof.thy
+++ /dev/null
@@ -1,352 +0,0 @@
-theory m_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML m_before_ast_to_cfg_prog m_before_cfg_to_dag_prog m_cfgtodag_proof m_passification_proof m_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_m_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_3_def m_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: m_before_cfg_to_dag_prog.block_4_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: m_before_cfg_to_dag_prog.block_4_def m_before_ast_to_cfg_prog.bigblock_3_def)+)
-done
-
-
-lemma global_rel_m_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-apply (rule cont_3_def)
-apply (rule m_before_cfg_to_dag_prog.node_4)
-apply (rule disjI1)
-apply (rule m_before_cfg_to_dag_prog.block_4_def)
-apply (rule m_before_cfg_to_dag_prog.outEdges_4)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: m_before_cfg_to_dag_prog.node_4)
-apply (rule rel_m_before_ast_to_cfg_prog_bigblock_3)
-apply assumption+
-
-done
-qed
-
-lemma rel_m_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Var 1)) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding m_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: m_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: assms(3) m_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_m_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Var 1)) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T m_before_ast_to_cfg_prog.bigblock_1 cont_1 m_before_cfg_to_dag_prog.proc_body 1 m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule m_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule m_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: m_before_cfg_to_dag_prog.node_2)
-apply (rule rel_m_before_ast_to_cfg_prog_bigblock_2)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=1])+)
-apply (simp add: m_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_m_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of m_before_ast_to_cfg_prog.bigblock_1 _ _ _ m_before_cfg_to_dag_prog.block_1])
-apply (simp add:m_before_ast_to_cfg_prog.bigblock_1_def m_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:m_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of m_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:m_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:m_before_cfg_to_dag_prog.block_1_def m_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_m_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def m_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_m_before_ast_to_cfg_prog_bigblock_3)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: m_before_cfg_to_dag_prog.node_3)
-apply (simp add: m_before_cfg_to_dag_prog.block_3_def)
-apply (rule neg_lt)
-apply (simp)
-apply (simp add: m_before_cfg_to_dag_prog.outEdges_3)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: m_before_cfg_to_dag_prog.node_3)
-apply (simp add: m_before_cfg_to_dag_prog.block_3_def)
-apply (rule neg_lt)
-apply (simp)
-apply (simp add: m_before_cfg_to_dag_prog.outEdges_3)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_m_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: m_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: m_before_cfg_to_dag_prog.block_0_def m_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_m_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end m_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of m_before_ast_to_cfg_prog.bigblock_0 _ m_before_cfg_to_dag_prog.block_0])
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def m_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: m_before_cfg_to_dag_prog.block_0_def)
-apply (rule m_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: m_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: m_before_cfg_to_dag_prog.node_0)
-apply (rule rel_m_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: m_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_m_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: m_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) m_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns m_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] m_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_m_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def m_before_ast_to_cfg_prog.pres_def m_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def m_before_ast_to_cfg_prog.pres_def m_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (m_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) m_before_ast_to_cfg_prog.fdecls m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls m_before_ast_to_cfg_prog.axioms m_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding m_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 m_before_ast_to_cfg_prog.ast_proc_def m_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_ast_to_cfg_prog.thy
deleted file mode 100644
index fcf6444..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,132 +0,0 @@
-theory m_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Var 1))) [(BinOp (Var 0) Le (Var 1))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Var 1))) [(BinOp (Var 0) Le (Var 1))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [(Assert (BinOp (Var 0) Ge (Var 1)))] (None ) (None ))"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_1 cont_1)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding m_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding m_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding m_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding m_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_i:
-shows "((map_of (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_n:
-shows "((map_of (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_i:
-shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_i
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_n:
-shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = m_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec m_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec m_before_ast_to_cfg_prog.post),proc_body = (Some (m_before_ast_to_cfg_prog.locals_vdecls,m_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
deleted file mode 100644
index fa002c2..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,169 +0,0 @@
-theory m_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
-definition block_1
-  where
-    "block_1  = [(Assert (BinOp (Var 0) Le (Var 1)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Lt (Var 1))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 1) Le (Var 0)))]"
-definition block_4
-  where
-    "block_4  = [(Assert (BinOp (Var 0) Ge (Var 1)))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[3,2],[1],[4],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding m_before_cfg_to_dag_prog.constants_vdecls_def m_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding m_before_cfg_to_dag_prog.params_vdecls_def m_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding m_before_cfg_to_dag_prog.constants_vdecls_def m_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding m_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding m_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding m_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) m_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding m_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_i:
-shows "((map_of (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_n:
-shows "((map_of (append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_i:
-shows "((lookup_var_decl ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_i
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_n:
-shows "((lookup_var_decl ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_cfg_to_dag_prog.constants_vdecls m_before_cfg_to_dag_prog.globals_vdecls),(append m_before_cfg_to_dag_prog.params_vdecls m_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = m_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec m_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec m_before_cfg_to_dag_prog.post),proc_body = (Some (m_before_cfg_to_dag_prog.locals_vdecls,m_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_passive_prog.thy
deleted file mode 100644
index 6b18296..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_before_passive_prog.thy
+++ /dev/null
@@ -1,117 +0,0 @@
-theory m_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Lt (Var 1))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1)))),(Assert (BinOp (Var 0) Le (Var 1))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assert (BinOp (Var 0) Ge (Var 1)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 1) Le (Var 0)))]"
-definition block_4
-  where
-    "block_4  = [(Havoc 0),(Assume (BinOp (Var 0) Le (Var 1)))]"
-definition block_5
-  where
-    "block_5  = [(Assign 0 (Lit (LInt 0))),(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 0) Le (Var 1)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[3,1],[4],[5],[6]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding m_before_ast_to_cfg_prog.params_vdecls_def m_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_cfgtodag_proof.thy
deleted file mode 100644
index 2577575..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_cfgtodag_proof.thy
+++ /dev/null
@@ -1,383 +0,0 @@
-theory m_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML m_before_ast_to_cfg_prog m_before_cfg_to_dag_prog m_before_passive_prog m_passification_proof m_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 m_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def m_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule m_before_passive_prog.node_0)
-apply simp
-unfolding m_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma Mods_anon3_LoopBody:
-shows "(mods_contained_in (set [0]) m_before_cfg_to_dag_prog.block_2)"
-unfolding m_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon3_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Var 1))] m_before_passive_prog.block_1 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_2_def m_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun m_before_ast_to_cfg_prog.funcs_wf m_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms m_before_ast_to_cfg_prog.l_i(2) m_before_ast_to_cfg_prog.l_n(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon3_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon3_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body [0] [(BinOp (Var 0) Le (Var 1))] m_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule m_before_cfg_to_dag_prog.node_2)
-apply (rule m_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon3_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon3_LoopBody)
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon3_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon2:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_4_def m_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon2:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule m_before_cfg_to_dag_prog.node_4)
-apply (rule m_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon2)
-apply assumption+
-apply (rule m_before_cfg_to_dag_prog.outEdges_4)
-apply (rule m_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon3_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_3_def m_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule m_before_cfg_to_dag_prog.node_3)
-apply (rule m_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon3_LoopDone)
-apply (assumption+)
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:m_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon3_LoopHead:
-shows "(mods_contained_in (set [0]) m_before_cfg_to_dag_prog.block_1)"
-unfolding m_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon3_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Var 1))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] m_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_1_def m_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:m_before_ast_to_cfg_prog.l_i(1)))
-apply simp
-done
-
-lemma cfg_block_anon3_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [(BinOp (Var 0) Le (Var 1))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule m_before_cfg_to_dag_prog.node_1)
-apply (rule m_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon3_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon3_LoopHead)
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:m_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:m_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Le (Var 1))] m_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding m_before_cfg_to_dag_prog.block_0_def m_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun m_before_ast_to_cfg_prog.funcs_wf m_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms m_before_ast_to_cfg_prog.l_i(2) m_before_ast_to_cfg_prog.l_n(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule m_before_cfg_to_dag_prog.node_0)
-apply (rule m_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:m_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:m_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:m_before_passive_prog.outEdges_6))
-by ((simp add:m_before_passive_prog.node_6 m_before_passive_prog.block_6_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] m_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 m_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule m_before_passive_prog.node_7)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding m_before_passive_prog.block_7_def
-apply (rule assume_pres_normal[where ?es=m_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding m_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule m_before_passive_prog.outEdges_7)
-apply ((simp add:m_before_passive_prog.node_6 m_before_passive_prog.block_6_def))
-apply (rule m_before_passive_prog.outEdges_6)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) m_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns m_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] m_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] m_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule m_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passification_proof.thy
deleted file mode 100644
index bc659c1..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passification_proof.thy
+++ /dev/null
@@ -1,314 +0,0 @@
-theory m_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_ast_to_cfg_prog m_passive_prog Boogie_Lang.PassificationML m_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_0_def m_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old m_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_1_def m_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:m_before_ast_to_cfg_prog.l_i(2) m_passive_prog.l_i_1(2)))
-by simp
-
-lemma block_anon2:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_2_def m_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_3_def m_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old m_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_4_def m_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:m_before_ast_to_cfg_prog.l_i(2) m_passive_prog.l_i_0(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old m_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_5_def m_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_6_def m_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old m_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding m_before_passive_prog.block_7_def m_passive_prog.block_7_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm m_before_passive_prog.node_0},@{thm m_before_passive_prog.outEdges_0}) (@{thm m_passive_prog.node_0},@{thm m_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon3_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_1},@{thm m_before_passive_prog.outEdges_1}) (@{thm m_passive_prog.node_1},@{thm m_passive_prog.outEdges_1}) @{thm block_anon3_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon2:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_2},@{thm m_before_passive_prog.outEdges_2}) (@{thm m_passive_prog.node_2},@{thm m_passive_prog.outEdges_2}) @{thm block_anon2} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_3},@{thm m_before_passive_prog.outEdges_3}) (@{thm m_passive_prog.node_3},@{thm m_passive_prog.outEdges_3}) @{thm block_anon3_LoopDone} [
-@{thm cfg_block_anon2}] 1\<close>))
-
-lemma cfg_block_anon3_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_4},@{thm m_before_passive_prog.outEdges_4}) (@{thm m_passive_prog.node_4},@{thm m_passive_prog.outEdges_4}) @{thm block_anon3_LoopHead} [
-@{thm cfg_block_anon3_LoopDone}, 
-@{thm cfg_block_anon3_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_5},@{thm m_before_passive_prog.outEdges_5}) (@{thm m_passive_prog.node_5},@{thm m_passive_prog.outEdges_5}) @{thm block_anon0} [
-@{thm cfg_block_anon3_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_6},@{thm m_before_passive_prog.outEdges_6}) (@{thm m_passive_prog.node_6},@{thm m_passive_prog.outEdges_6}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> m_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> m_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm m_before_passive_prog.node_7},@{thm m_before_passive_prog.outEdges_7}) (@{thm m_passive_prog.node_7},@{thm m_passive_prog.outEdges_7}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_before_ast_to_cfg_prog.params_vdecls m_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] m_before_passive_prog.proc_body ((Inl 7),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls ns m_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = [(1,(Inl 1))]"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-apply ((simp add:m_before_ast_to_cfg_prog.l_n(2) m_passive_prog.l_n(2)))
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv m_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding m_passive_prog.params_vdecls_def m_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using m_before_passive_prog.globals_locals_disj apply auto[1]
-using m_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 1)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] m_passive_prog.proc_body u (Inl 7)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range m_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] m_passive_prog.proc_body ((Inl 7),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from m_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passive_prog.thy
deleted file mode 100644
index bb45bae..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_passive_prog.thy
+++ /dev/null
@@ -1,159 +0,0 @@
-theory m_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util m_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 2) Lt (Var 1))),(Assume (BinOp (Var 3) Eq (BinOp (Var 2) Add (Lit (LInt 1))))),(Assert (BinOp (Var 3) Le (Var 1))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assert (BinOp (Var 2) Ge (Var 1)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 1) Le (Var 2)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 2) Le (Var 1)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assert (BinOp (Lit (LInt 0)) Le (Var 1)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[3,1],[4],[5],[6]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding m_passive_prog.params_vdecls_def m_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)))) = {})"
-unfolding m_before_ast_to_cfg_prog.constants_vdecls_def m_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_i:
-shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_n:
-shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_i_0:
-shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_i_1:
-shows "((map_of (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_i:
-shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_i
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_n:
-shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_i_0:
-shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_i_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_i_1:
-shows "((lookup_var_decl ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_i_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_vcphase_proof.thy
deleted file mode 100644
index c820d27..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_example_proofs/m_proofs/m_vcphase_proof.thy
+++ /dev/null
@@ -1,296 +0,0 @@
-theory m_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML m_passive_prog m_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon3_LoopBody
-  where
-    "vc_anon3_LoopBody i_0 n i_1 = (((i_0 < n) \<and> (i_1 = (i_0 + (1::int)))) \<longrightarrow> (i_1 \<le> n))"
-definition vc_anon2
-  where
-    "vc_anon2 i_0 n = (i_0 \<ge> n)"
-definition vc_anon3_LoopDone
-  where
-    "vc_anon3_LoopDone n i_0 = ((n \<le> i_0) \<longrightarrow> (vc_anon2 i_0 n))"
-definition vc_anon3_LoopHead
-  where
-    "vc_anon3_LoopHead i_0 n i_1 = ((i_0 \<le> n) \<longrightarrow> ((vc_anon3_LoopDone n i_0) \<and> (vc_anon3_LoopBody i_0 n i_1)))"
-definition vc_anon0
-  where
-    "vc_anon0 n i_0 i_1 = ((n > (0::int)) \<longrightarrow> (((0::int) \<le> n) \<and> (((0::int) \<le> n) \<longrightarrow> (vc_anon3_LoopHead i_0 n i_1))))"
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry n i_0 i_1 = (vc_anon0 n i_0 i_1)"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_i :: "int" and vc_n :: "int" and vc_i_0 :: "int" and vc_i_1 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_i)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_n)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_i_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_i_1)))" and 
-G4: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4
-lemmas forall_poly_thm = forall_vc_type[OF G4]
-lemmas exists_poly_thm = exists_vc_type[OF G4]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding m_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon3_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon3_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopBody vc_i_0 vc_n vc_i_1) \<Longrightarrow> (s' = Magic)))"
-unfolding m_passive_prog.block_1_def vc.vc_anon3_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon2_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon2AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2 vc_i_0 vc_n) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding m_passive_prog.block_2_def vc.vc_anon2_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon3_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon3_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon2 vc_i_0 vc_n)))))))"
-unfolding m_passive_prog.block_3_def vc.vc_anon3_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon3_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon3_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3_LoopHead vc_i_0 vc_n vc_i_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon3_LoopDone vc_n vc_i_0) \<and> (vc.vc_anon3_LoopBody vc_i_0 vc_n vc_i_1))))))))"
-unfolding m_passive_prog.block_4_def vc.vc_anon3_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon0_hints = [
-(AssumeConjR 0,NONE), 
-(AssertSub,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_n vc_i_0 vc_i_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3_LoopHead vc_i_0 vc_n vc_i_1)))))))"
-unfolding m_passive_prog.block_5_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_6 (Normal n_s) s')" and 
-"(vc.vc_anon0 vc_n vc_i_0 vc_i_1)"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_i_0 vc_i_1)))))"
-using assms
-unfolding m_passive_prog.block_6_def
-apply cases
-by auto
-
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_i_0 vc_i_1)))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding m_passive_prog.block_7_def vc.vc_PreconditionGeneratedEntry_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) m_passive_prog.node_0 m_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon3_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3_LoopBody vc_i_0 vc_n vc_i_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) m_passive_prog.node_1])
-by (erule block_anon3_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon2:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon2 vc_i_0 vc_n)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) m_passive_prog.node_2])
-apply (erule block_anon2AA0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3_LoopDone vc_n vc_i_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_3])
-apply (erule block_anon3_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3_LoopHead vc_i_0 vc_n vc_i_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_4])
-apply (erule block_anon3_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_n vc_i_0 vc_i_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_n vc_i_0 vc_i_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_6])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> m_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) m_passive_prog.node_7])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:m_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls)) \<Gamma> [] m_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_i::int) (vc_n::int) (vc_i_0::int) (vc_i_1::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_i_0 vc_i_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A m_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> m_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) m_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s m_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append m_before_ast_to_cfg_prog.constants_vdecls m_before_ast_to_cfg_prog.globals_vdecls),(append m_passive_prog.params_vdecls m_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((m_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_i:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i])
-apply (subst lookup_var_local[OF m_passive_prog.m_i])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_n:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_n])
-apply (subst lookup_var_local[OF m_passive_prog.m_n])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_i_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i_0])
-apply (subst lookup_var_local[OF m_passive_prog.m_i_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_i_1:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF m_passive_prog.m_i_1])
-apply (subst lookup_var_local[OF m_passive_prog.m_i_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_i])
-apply (rule HOL.conjunct1[OF sc_n])
-apply (rule HOL.conjunct1[OF sc_i_0])
-apply (rule HOL.conjunct1[OF sc_i_1])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/ROOT
deleted file mode 100644
index fcc22e8..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session loop_in_else_branch_proofs = Boogie_Lang + 
-directories while_in_if_true_proofs
-theories
-global_data
-"while_in_if_true_proofs/while_in_if_true_passive_prog"
-"while_in_if_true_proofs/while_in_if_true_asttocfg_proof"
-"while_in_if_true_proofs/while_in_if_true_before_passive_prog"
-"while_in_if_true_proofs/while_in_if_true_vcphase_proof"
-"while_in_if_true_proofs/while_in_if_true_cfgtodag_proof"
-"while_in_if_true_proofs/while_in_if_true_passification_proof"
-"while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog"
-"while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy
deleted file mode 100644
index bb87e13..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy
+++ /dev/null
@@ -1,492 +0,0 @@
-theory while_in_if_true_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML while_in_if_true_before_ast_to_cfg_prog while_in_if_true_before_cfg_to_dag_prog while_in_if_true_cfgtodag_proof while_in_if_true_passification_proof while_in_if_true_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def while_in_if_true_before_cfg_to_dag_prog.block_6_def)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_6_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_6_def while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def)+)
-done
-
-
-lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (simp)
-apply (rule cont_5_def)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_6)
-apply (rule disjI1)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.block_6_def)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.outEdges_6)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_6)
-apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5)
-apply assumption+
-
-done
-qed
-
-lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_4_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: assms(3) while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def)+)
-done
-
-
-lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T while_in_if_true_before_ast_to_cfg_prog.bigblock_3 cont_3 while_in_if_true_before_cfg_to_dag_prog.proc_body 3 while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_4)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.block_4_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_4_def)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_4)
-apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_4)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=3])+)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of while_in_if_true_before_ast_to_cfg_prog.bigblock_3 _ _ _ while_in_if_true_before_cfg_to_dag_prog.block_3])
-apply (simp add:while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def while_in_if_true_before_cfg_to_dag_prog.block_3_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of while_in_if_true_before_ast_to_cfg_prog.bigblock_3])
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def)+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.block_3_def while_in_if_true_before_cfg_to_dag_prog.node_3)+)
-apply (rule cont_3_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_3_def cont_4_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 5])+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_5)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_5)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_fails_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_2_def)
-apply (rule push_through_assumption1)
-apply (simp)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply ((simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def)+)
-apply (rule neg_gt)
-apply (rule guardHint)
-done
-
-
-lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def while_in_if_true_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def while_in_if_true_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def while_in_if_true_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_2_def)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_2)
-
-apply (rule disjI2)
-
-apply (rule disjI2)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_2)
-apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def)
-apply ((simp)+)
-apply (rule guardHint)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of while_in_if_true_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def)
-
-apply (rule astTrace)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_1)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.block_1_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_1_def)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_1)
-
-
-
-
-apply ((erule allE[where x = 6])+)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def while_in_if_true_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_0 _ while_in_if_true_before_cfg_to_dag_prog.block_0])
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_0)
-apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 2])+)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_y_2::int). (vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_in_if_true_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def while_in_if_true_before_ast_to_cfg_prog.pres_def while_in_if_true_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def while_in_if_true_before_ast_to_cfg_prog.pres_def while_in_if_true_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_5] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_5_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_y_2::int). (vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) while_in_if_true_before_ast_to_cfg_prog.fdecls while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls while_in_if_true_before_ast_to_cfg_prog.axioms while_in_if_true_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding while_in_if_true_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 while_in_if_true_before_ast_to_cfg_prog.ast_proc_def while_in_if_true_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 99b2a09..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,144 +0,0 @@
-theory while_in_if_true_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BigBlock (None ) [] (None ) (None ))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [(Assert (BinOp (Var 0) Lt (Lit (LInt 0))))] (None ) (None ))"
-definition cont_5
-  where
-    "cont_5  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_5 cont_5)"
-definition cont_1
-  where
-    "cont_1  = (KSeq bigblock_5 cont_5)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_5 cont_5)"
-definition cont_3
-  where
-    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_5]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = while_in_if_true_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_in_if_true_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec while_in_if_true_before_ast_to_cfg_prog.post),proc_body = (Some (while_in_if_true_before_ast_to_cfg_prog.locals_vdecls,while_in_if_true_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 48961c3..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,191 +0,0 @@
-theory while_in_if_true_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0),(Havoc 1)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_6
-  where
-    "block_6  = [(Assert (BinOp (Var 0) Lt (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1,2],[6],[3],[5,4],[3],[6],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [5,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding while_in_if_true_before_cfg_to_dag_prog.constants_vdecls_def while_in_if_true_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding while_in_if_true_before_cfg_to_dag_prog.constants_vdecls_def while_in_if_true_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding while_in_if_true_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding while_in_if_true_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = while_in_if_true_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_in_if_true_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec while_in_if_true_before_cfg_to_dag_prog.post),proc_body = (Some (while_in_if_true_before_cfg_to_dag_prog.locals_vdecls,while_in_if_true_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy
deleted file mode 100644
index 27f96bc..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy
+++ /dev/null
@@ -1,139 +0,0 @@
-theory while_in_if_true_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util while_in_if_true_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assert (BinOp (Var 0) Lt (Lit (LInt 0))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_5
-  where
-    "block_5  = [(Havoc 1)]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_7
-  where
-    "block_7  = [(Havoc 0),(Havoc 1)]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1],[1],[0],[3,4],[5],[2,6],[7],[8]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [2,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy
deleted file mode 100644
index d5e1568..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy
+++ /dev/null
@@ -1,479 +0,0 @@
-theory while_in_if_true_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML while_in_if_true_before_ast_to_cfg_prog while_in_if_true_before_cfg_to_dag_prog while_in_if_true_before_passive_prog while_in_if_true_passification_proof while_in_if_true_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_in_if_true_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def while_in_if_true_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule while_in_if_true_before_passive_prog.node_0)
-apply simp
-unfolding while_in_if_true_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_6_def while_in_if_true_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_6)
-apply (rule while_in_if_true_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon4)
-apply assumption+
-apply (rule while_in_if_true_before_cfg_to_dag_prog.outEdges_6)
-apply (rule while_in_if_true_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon5_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_1_def while_in_if_true_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_1)
-apply (rule while_in_if_true_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon5_Then)
-apply (assumption+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_2))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_5_def while_in_if_true_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_5)
-apply (rule while_in_if_true_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon6_LoopDone)
-apply (assumption+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopBody:
-shows "(mods_contained_in (set [1]) while_in_if_true_before_cfg_to_dag_prog.block_4)"
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_4 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_4_def while_in_if_true_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body [1] [] while_in_if_true_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_4)
-apply (rule while_in_if_true_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon6_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon6_LoopBody)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopHead:
-shows "(mods_contained_in (set [1]) while_in_if_true_before_cfg_to_dag_prog.block_3)"
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_3_def while_in_if_true_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_3)
-apply (rule while_in_if_true_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon6_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon6_LoopHead)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon5_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_2_def while_in_if_true_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_2)
-apply (rule while_in_if_true_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon5_Else)
-apply (assumption+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_0_def while_in_if_true_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_0)
-apply (rule while_in_if_true_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_8))
-by ((simp add:while_in_if_true_before_passive_prog.node_8 while_in_if_true_before_passive_prog.block_8_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_in_if_true_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule while_in_if_true_before_passive_prog.node_9)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding while_in_if_true_before_passive_prog.block_9_def
-apply (rule assume_pres_normal[where ?es=while_in_if_true_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding while_in_if_true_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule while_in_if_true_before_passive_prog.outEdges_9)
-apply ((simp add:while_in_if_true_before_passive_prog.node_8 while_in_if_true_before_passive_prog.block_8_def))
-apply (rule while_in_if_true_before_passive_prog.outEdges_8)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_y_2::int). (vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_in_if_true_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule while_in_if_true_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy
deleted file mode 100644
index a882711..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy
+++ /dev/null
@@ -1,351 +0,0 @@
-theory while_in_if_true_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util while_in_if_true_before_ast_to_cfg_prog while_in_if_true_passive_prog Boogie_Lang.PassificationML while_in_if_true_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_0_def while_in_if_true_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_1_def while_in_if_true_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old while_in_if_true_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_2_def while_in_if_true_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))" and 
-"((R 1) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old while_in_if_true_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_3_def while_in_if_true_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(1,(Inl 7))]) R_old while_in_if_true_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_4_def while_in_if_true_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(2) while_in_if_true_passive_prog.l_y_2(2)))
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(1,(Inl 5))]) R_old while_in_if_true_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_5_def while_in_if_true_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(2) while_in_if_true_passive_prog.l_y_1(2)))
-by simp
-
-lemma block_anon5_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(0,(Inl 4))]) R_old while_in_if_true_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_6_def while_in_if_true_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old while_in_if_true_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_7_def while_in_if_true_passive_prog.block_7_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_0(2)))
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(2) while_in_if_true_passive_prog.l_y_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_8_def while_in_if_true_passive_prog.block_8_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_9_def while_in_if_true_passive_prog.block_9_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_0},@{thm while_in_if_true_before_passive_prog.outEdges_0}) (@{thm while_in_if_true_passive_prog.node_0},@{thm while_in_if_true_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_1},@{thm while_in_if_true_before_passive_prog.outEdges_1}) (@{thm while_in_if_true_passive_prog.node_1},@{thm while_in_if_true_passive_prog.outEdges_1}) @{thm block_anon4} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_2},@{thm while_in_if_true_before_passive_prog.outEdges_2}) (@{thm while_in_if_true_passive_prog.node_2},@{thm while_in_if_true_passive_prog.outEdges_2}) @{thm block_anon5_Then} [
-@{thm cfg_block_anon4}] 1\<close>))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))" and 
-"((R 1) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_3},@{thm while_in_if_true_before_passive_prog.outEdges_3}) (@{thm while_in_if_true_passive_prog.node_3},@{thm while_in_if_true_passive_prog.outEdges_3}) @{thm block_anon6_LoopDone} [
-@{thm cfg_block_anon4}] 1\<close>))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_4},@{thm while_in_if_true_before_passive_prog.outEdges_4}) (@{thm while_in_if_true_passive_prog.node_4},@{thm while_in_if_true_passive_prog.outEdges_4}) @{thm block_anon6_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_5},@{thm while_in_if_true_before_passive_prog.outEdges_5}) (@{thm while_in_if_true_passive_prog.node_5},@{thm while_in_if_true_passive_prog.outEdges_5}) @{thm block_anon6_LoopHead} [
-@{thm cfg_block_anon6_LoopDone}, 
-@{thm cfg_block_anon6_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon5_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_6},@{thm while_in_if_true_before_passive_prog.outEdges_6}) (@{thm while_in_if_true_passive_prog.node_6},@{thm while_in_if_true_passive_prog.outEdges_6}) @{thm block_anon5_Else} [
-@{thm cfg_block_anon6_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_7},@{thm while_in_if_true_before_passive_prog.outEdges_7}) (@{thm while_in_if_true_passive_prog.node_7},@{thm while_in_if_true_passive_prog.outEdges_7}) @{thm block_anon0} [
-@{thm cfg_block_anon5_Then}, 
-@{thm cfg_block_anon5_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_8},@{thm while_in_if_true_before_passive_prog.outEdges_8}) (@{thm while_in_if_true_passive_prog.node_8},@{thm while_in_if_true_passive_prog.outEdges_8}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_9},@{thm while_in_if_true_before_passive_prog.outEdges_9}) (@{thm while_in_if_true_passive_prog.node_9},@{thm while_in_if_true_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_y_2::int). (vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls ns while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv while_in_if_true_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding while_in_if_true_passive_prog.params_vdecls_def while_in_if_true_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using while_in_if_true_before_passive_prog.globals_locals_disj apply auto[1]
-using while_in_if_true_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] while_in_if_true_passive_prog.proc_body u (Inl 9)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range while_in_if_true_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] while_in_if_true_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from while_in_if_true_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy
deleted file mode 100644
index ae3c1bb..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy
+++ /dev/null
@@ -1,217 +0,0 @@
-theory while_in_if_true_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util while_in_if_true_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assert (BinOp (Var 6) Lt (Lit (LInt 0))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 6) Eq (Var 2)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 5))),(Assume (BinOp (Var 6) Eq (Var 4)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 5) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 7) Eq (BinOp (Var 5) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2))),(Assume (BinOp (Var 4) Eq (BinOp (Var 2) Sub (Lit (LInt 1)))))]"
-definition block_7
-  where
-    "block_7  = []"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1],[1],[0],[3,4],[5],[2,6],[7],[8]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [2,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding while_in_if_true_passive_prog.params_vdecls_def while_in_if_true_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)))) = {})"
-unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy
deleted file mode 100644
index a29e095..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_else_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy
+++ /dev/null
@@ -1,373 +0,0 @@
-theory while_in_if_true_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML while_in_if_true_passive_prog while_in_if_true_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon6_LoopBody
-  where
-    "vc_anon6_LoopBody  = True"
-definition vc_anon4
-  where
-    "vc_anon4 x_2 = (x_2 < (0::int))"
-definition vc_anon5_Then
-  where
-    "vc_anon5_Then x_0 x_2 = (((x_0 > (0::int)) \<and> (x_2 = x_0)) \<longrightarrow> (vc_anon4 x_2))"
-definition vc_anon6_LoopDone
-  where
-    "vc_anon6_LoopDone y_1 x_2 x_1 = ((((0::int) \<ge> y_1) \<and> (x_2 = x_1)) \<longrightarrow> (vc_anon4 x_2))"
-definition vc_anon5_Else
-  where
-    "vc_anon5_Else x_0 x_1 y_1 x_2 = ((((0::int) \<ge> x_0) \<and> (x_1 = (x_0 - (1::int)))) \<longrightarrow> ((vc_anon6_LoopDone y_1 x_2 x_1) \<and> (vc_anon6_LoopBody )))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 x_2 x_1 y_1 = ((vc_anon5_Then x_0 x_2) \<and> (vc_anon5_Else x_0 x_1 y_1 x_2))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_x_1 :: "int" and vc_y_1 :: "int" and vc_x_2 :: "int" and vc_y_2 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_1)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_1)))" and 
-G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_2)))" and 
-G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_2)))" and 
-G8: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8
-lemmas forall_poly_thm = forall_vc_type[OF G8]
-lemmas exists_poly_thm = exists_vc_type[OF G8]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding while_in_if_true_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon4_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon4AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding while_in_if_true_passive_prog.block_1_def vc.vc_anon4_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_Then_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_Then vc_x_0 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_2)))))))"
-unfolding while_in_if_true_passive_prog.block_2_def vc.vc_anon5_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopDone_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon6_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_2)))))))"
-unfolding while_in_if_true_passive_prog.block_3_def vc.vc_anon6_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody ) \<Longrightarrow> (s' = Magic)))"
-unfolding while_in_if_true_passive_prog.block_4_def vc.vc_anon6_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
-by (auto?)
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_5 (Normal n_s) s')" and 
-"((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))))))"
-using assms
-unfolding while_in_if_true_passive_prog.block_5_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon5_Else_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))))))))"
-unfolding while_in_if_true_passive_prog.block_6_def vc.vc_anon5_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_7 (Normal n_s) s')" and 
-"((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))))))"
-using assms
-unfolding while_in_if_true_passive_prog.block_7_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_8 (Normal n_s) s')" and 
-"((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))))))"
-using assms
-unfolding while_in_if_true_passive_prog.block_8_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding while_in_if_true_passive_prog.block_9_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) while_in_if_true_passive_prog.node_0 while_in_if_true_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) while_in_if_true_passive_prog.node_1])
-apply (erule block_anon4AA0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_Then vc_x_0 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_2])
-apply (erule block_anon5_ThenAA0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_3])
-apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopBody )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) while_in_if_true_passive_prog.node_4])
-by (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_5])
-apply (erule block_anon6_LoopHead[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_6])
-apply (erule block_anon5_ElseAA0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_7])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_Then vc_x_0 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_1 vc_y_1 vc_x_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_8])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_9])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_y_2::int). (vc.vc_anon0 vc_x_0 vc_x_2 vc_x_1 vc_y_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s while_in_if_true_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((while_in_if_true_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/ROOT
deleted file mode 100644
index 927fd96..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session loop_in_then_branch_proofs = Boogie_Lang + 
-directories while_in_if_true_proofs
-theories
-global_data
-"while_in_if_true_proofs/while_in_if_true_passive_prog"
-"while_in_if_true_proofs/while_in_if_true_asttocfg_proof"
-"while_in_if_true_proofs/while_in_if_true_before_passive_prog"
-"while_in_if_true_proofs/while_in_if_true_vcphase_proof"
-"while_in_if_true_proofs/while_in_if_true_cfgtodag_proof"
-"while_in_if_true_proofs/while_in_if_true_passification_proof"
-"while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog"
-"while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy
deleted file mode 100644
index 69f2caa..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_asttocfg_proof.thy
+++ /dev/null
@@ -1,488 +0,0 @@
-theory while_in_if_true_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML while_in_if_true_before_ast_to_cfg_prog while_in_if_true_before_cfg_to_dag_prog while_in_if_true_cfgtodag_proof while_in_if_true_passification_proof while_in_if_true_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def while_in_if_true_before_cfg_to_dag_prog.block_6_def)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_6_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_6_def while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def)+)
-done
-
-
-lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (simp)
-apply (rule cont_5_def)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_6)
-apply (rule disjI1)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.block_6_def)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.outEdges_6)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_6)
-apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5)
-apply assumption+
-
-done
-qed
-
-lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of while_in_if_true_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def)
-
-apply (rule astTrace)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_5)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.block_5_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_4_def)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_5)
-
-
-
-
-apply ((erule allE[where x = 6])+)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_5)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5)
-apply (simp)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_3_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_3_def)
-apply ((simp add: assms(3) while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def)+)
-done
-
-
-lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T while_in_if_true_before_ast_to_cfg_prog.bigblock_2 cont_2 while_in_if_true_before_cfg_to_dag_prog.proc_body 2 while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_3)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.block_3_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_3_def)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_3)
-apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_3)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=2])+)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_3)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_2_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of while_in_if_true_before_ast_to_cfg_prog.bigblock_2 _ _ _ while_in_if_true_before_cfg_to_dag_prog.block_2])
-apply (simp add:while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def while_in_if_true_before_cfg_to_dag_prog.block_2_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of while_in_if_true_before_ast_to_cfg_prog.bigblock_2])
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def)+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.block_2_def while_in_if_true_before_cfg_to_dag_prog.node_2)+)
-apply (rule cont_2_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: cont_2_def while_in_if_true_before_ast_to_cfg_prog.bigblock_3_def cont_3_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_2_def cont_3_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_5)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_4)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_4_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_4)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_4)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_4_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_4)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_1_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_1_def)
-apply ((simp add: assms(3) while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def)+)
-done
-
-
-lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def while_in_if_true_before_cfg_to_dag_prog.block_1_def)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def while_in_if_true_before_cfg_to_dag_prog.block_1_def)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def while_in_if_true_before_cfg_to_dag_prog.block_1_def)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_1_def)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_1)
-
-apply (rule disjI2)
-apply (rule disjI1)
-
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_1_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (simp)
-
-
-apply (rule guardHint)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_1)
-apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def)
-apply ((simp)+)
-apply (rule guardHint)
-apply ((erule allE[where x = 2])+)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_2_def cont_1_def cont_2_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def while_in_if_true_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end while_in_if_true_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of while_in_if_true_before_ast_to_cfg_prog.bigblock_0 _ while_in_if_true_before_cfg_to_dag_prog.block_0])
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: while_in_if_true_before_cfg_to_dag_prog.node_0)
-apply (rule rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 5])+)
-apply ((simp add: while_in_if_true_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_0_def while_in_if_true_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_in_if_true_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_while_in_if_true_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def while_in_if_true_before_ast_to_cfg_prog.pres_def while_in_if_true_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def while_in_if_true_before_ast_to_cfg_prog.pres_def while_in_if_true_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_5] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (while_in_if_true_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_5_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) while_in_if_true_before_ast_to_cfg_prog.fdecls while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls while_in_if_true_before_ast_to_cfg_prog.axioms while_in_if_true_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding while_in_if_true_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 while_in_if_true_before_ast_to_cfg_prog.ast_proc_def while_in_if_true_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 742c956..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,144 +0,0 @@
-theory while_in_if_true_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1)] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))] (None ) (None ))"
-definition cont_5
-  where
-    "cont_5  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_5 cont_5)"
-definition cont_1
-  where
-    "cont_1  = (KSeq bigblock_5 cont_5)"
-definition cont_2
-  where
-    "cont_2  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
-definition cont_3
-  where
-    "cont_3  = (KSeq bigblock_2 cont_2)"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_5 cont_5)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_5]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = while_in_if_true_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_in_if_true_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec while_in_if_true_before_ast_to_cfg_prog.post),proc_body = (Some (while_in_if_true_before_ast_to_cfg_prog.locals_vdecls,while_in_if_true_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 1095a15..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,191 +0,0 @@
-theory while_in_if_true_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0),(Havoc 1)]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_2
-  where
-    "block_2  = []"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_6
-  where
-    "block_6  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1,5],[2],[4,3],[2],[6],[6],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [4,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding while_in_if_true_before_cfg_to_dag_prog.constants_vdecls_def while_in_if_true_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding while_in_if_true_before_cfg_to_dag_prog.constants_vdecls_def while_in_if_true_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding while_in_if_true_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding while_in_if_true_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding while_in_if_true_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) while_in_if_true_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding while_in_if_true_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_cfg_to_dag_prog.constants_vdecls while_in_if_true_before_cfg_to_dag_prog.globals_vdecls),(append while_in_if_true_before_cfg_to_dag_prog.params_vdecls while_in_if_true_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = while_in_if_true_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec while_in_if_true_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec while_in_if_true_before_cfg_to_dag_prog.post),proc_body = (Some (while_in_if_true_before_cfg_to_dag_prog.locals_vdecls,while_in_if_true_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy
deleted file mode 100644
index 8b7d6eb..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_before_passive_prog.thy
+++ /dev/null
@@ -1,139 +0,0 @@
-theory while_in_if_true_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util while_in_if_true_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_5
-  where
-    "block_5  = [(Havoc 1)]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_7
-  where
-    "block_7  = [(Havoc 0),(Havoc 1)]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[2],[4,1],[5],[6,3],[7],[8]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding while_in_if_true_before_ast_to_cfg_prog.params_vdecls_def while_in_if_true_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy
deleted file mode 100644
index 0d136c4..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_cfgtodag_proof.thy
+++ /dev/null
@@ -1,479 +0,0 @@
-theory while_in_if_true_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML while_in_if_true_before_ast_to_cfg_prog while_in_if_true_before_cfg_to_dag_prog while_in_if_true_before_passive_prog while_in_if_true_passification_proof while_in_if_true_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_in_if_true_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def while_in_if_true_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule while_in_if_true_before_passive_prog.node_0)
-apply simp
-unfolding while_in_if_true_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma Mods_anon6_LoopBody:
-shows "(mods_contained_in (set [1]) while_in_if_true_before_cfg_to_dag_prog.block_3)"
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_1 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_3_def while_in_if_true_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body [1] [] while_in_if_true_before_ast_to_cfg_prog.post ns1 s' 2 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_3)
-apply (rule while_in_if_true_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon6_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon6_LoopBody)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_6_def while_in_if_true_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_6)
-apply (rule while_in_if_true_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon4)
-apply assumption+
-apply (rule while_in_if_true_before_cfg_to_dag_prog.outEdges_6)
-apply (rule while_in_if_true_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon5_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_5_def while_in_if_true_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_5)
-apply (rule while_in_if_true_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon5_Else)
-apply (assumption+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_4_def while_in_if_true_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_4)
-apply (rule while_in_if_true_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon6_LoopDone)
-apply (assumption+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopHead:
-shows "(mods_contained_in (set [1]) while_in_if_true_before_cfg_to_dag_prog.block_2)"
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_2_def while_in_if_true_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_2)
-apply (rule while_in_if_true_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon6_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon6_LoopHead)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon5_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_1_def while_in_if_true_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_1)
-apply (rule while_in_if_true_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon5_Then)
-apply (assumption+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] while_in_if_true_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding while_in_if_true_before_cfg_to_dag_prog.block_0_def while_in_if_true_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule while_in_if_true_before_cfg_to_dag_prog.node_0)
-apply (rule while_in_if_true_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:while_in_if_true_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:while_in_if_true_before_passive_prog.outEdges_8))
-by ((simp add:while_in_if_true_before_passive_prog.node_8 while_in_if_true_before_passive_prog.block_8_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 while_in_if_true_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule while_in_if_true_before_passive_prog.node_9)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding while_in_if_true_before_passive_prog.block_9_def
-apply (rule assume_pres_normal[where ?es=while_in_if_true_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding while_in_if_true_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule while_in_if_true_before_passive_prog.outEdges_9)
-apply ((simp add:while_in_if_true_before_passive_prog.node_8 while_in_if_true_before_passive_prog.block_8_def))
-apply (rule while_in_if_true_before_passive_prog.outEdges_8)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns while_in_if_true_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] while_in_if_true_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule while_in_if_true_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy
deleted file mode 100644
index 70486eb..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passification_proof.thy
+++ /dev/null
@@ -1,351 +0,0 @@
-theory while_in_if_true_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util while_in_if_true_before_ast_to_cfg_prog while_in_if_true_passive_prog Boogie_Lang.PassificationML while_in_if_true_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_0_def while_in_if_true_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(1,(Inl 7))]) R_old while_in_if_true_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_1_def while_in_if_true_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(2) while_in_if_true_passive_prog.l_y_2(2)))
-by simp
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_2_def while_in_if_true_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old while_in_if_true_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_3_def while_in_if_true_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))" and 
-"((R 1) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old while_in_if_true_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_4_def while_in_if_true_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(1,(Inl 5))]) R_old while_in_if_true_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_5_def while_in_if_true_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(2) while_in_if_true_passive_prog.l_y_1(2)))
-by simp
-
-lemma block_anon5_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(0,(Inl 4))]) R_old while_in_if_true_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_6_def while_in_if_true_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old while_in_if_true_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_7_def while_in_if_true_passive_prog.block_7_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_x(2) while_in_if_true_passive_prog.l_x_0(2)))
-apply ((simp add:while_in_if_true_before_ast_to_cfg_prog.l_y(2) while_in_if_true_passive_prog.l_y_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_8_def while_in_if_true_passive_prog.block_8_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old while_in_if_true_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding while_in_if_true_before_passive_prog.block_9_def while_in_if_true_passive_prog.block_9_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_0},@{thm while_in_if_true_before_passive_prog.outEdges_0}) (@{thm while_in_if_true_passive_prog.node_0},@{thm while_in_if_true_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_1},@{thm while_in_if_true_before_passive_prog.outEdges_1}) (@{thm while_in_if_true_passive_prog.node_1},@{thm while_in_if_true_passive_prog.outEdges_1}) @{thm block_anon6_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_2},@{thm while_in_if_true_before_passive_prog.outEdges_2}) (@{thm while_in_if_true_passive_prog.node_2},@{thm while_in_if_true_passive_prog.outEdges_2}) @{thm block_anon4} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_3},@{thm while_in_if_true_before_passive_prog.outEdges_3}) (@{thm while_in_if_true_passive_prog.node_3},@{thm while_in_if_true_passive_prog.outEdges_3}) @{thm block_anon5_Else} [
-@{thm cfg_block_anon4}] 1\<close>))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))" and 
-"((R 1) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_4},@{thm while_in_if_true_before_passive_prog.outEdges_4}) (@{thm while_in_if_true_passive_prog.node_4},@{thm while_in_if_true_passive_prog.outEdges_4}) @{thm block_anon6_LoopDone} [
-@{thm cfg_block_anon4}] 1\<close>))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_5},@{thm while_in_if_true_before_passive_prog.outEdges_5}) (@{thm while_in_if_true_passive_prog.node_5},@{thm while_in_if_true_passive_prog.outEdges_5}) @{thm block_anon6_LoopHead} [
-@{thm cfg_block_anon6_LoopDone}, 
-@{thm cfg_block_anon6_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon5_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm while_in_if_true_before_passive_prog.node_6},@{thm while_in_if_true_before_passive_prog.outEdges_6}) (@{thm while_in_if_true_passive_prog.node_6},@{thm while_in_if_true_passive_prog.outEdges_6}) @{thm block_anon5_Then} [
-@{thm cfg_block_anon6_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_7},@{thm while_in_if_true_before_passive_prog.outEdges_7}) (@{thm while_in_if_true_passive_prog.node_7},@{thm while_in_if_true_passive_prog.outEdges_7}) @{thm block_anon0} [
-@{thm cfg_block_anon5_Then}, 
-@{thm cfg_block_anon5_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_8},@{thm while_in_if_true_before_passive_prog.outEdges_8}) (@{thm while_in_if_true_passive_prog.node_8},@{thm while_in_if_true_passive_prog.outEdges_8}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> while_in_if_true_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm while_in_if_true_before_passive_prog.node_9},@{thm while_in_if_true_before_passive_prog.outEdges_9}) (@{thm while_in_if_true_passive_prog.node_9},@{thm while_in_if_true_passive_prog.outEdges_9}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_before_ast_to_cfg_prog.params_vdecls while_in_if_true_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_before_passive_prog.proc_body ((Inl 9),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls ns while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv while_in_if_true_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding while_in_if_true_passive_prog.params_vdecls_def while_in_if_true_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using while_in_if_true_before_passive_prog.globals_locals_disj apply auto[1]
-using while_in_if_true_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] while_in_if_true_passive_prog.proc_body u (Inl 9)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range while_in_if_true_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] while_in_if_true_passive_prog.proc_body ((Inl 9),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from while_in_if_true_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy
deleted file mode 100644
index df4688e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_passive_prog.thy
+++ /dev/null
@@ -1,217 +0,0 @@
-theory while_in_if_true_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util while_in_if_true_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 5) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 7) Eq (BinOp (Var 5) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assert (BinOp (Var 6) Ge (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2))),(Assume (BinOp (Var 6) Eq (Var 2)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 5))),(Assume (BinOp (Var 6) Eq (Var 4)))]"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 4) Eq (BinOp (Var 2) Sub (Lit (LInt 1)))))]"
-definition block_7
-  where
-    "block_7  = []"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[2],[4,1],[5],[6,3],[7],[8]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 9,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(6,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding while_in_if_true_passive_prog.params_vdecls_def while_in_if_true_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)))) = {})"
-unfolding while_in_if_true_before_ast_to_cfg_prog.constants_vdecls_def while_in_if_true_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy
deleted file mode 100644
index 08b3d54..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/loop_in_then_branch_proofs/while_in_if_true_proofs/while_in_if_true_vcphase_proof.thy
+++ /dev/null
@@ -1,373 +0,0 @@
-theory while_in_if_true_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML while_in_if_true_passive_prog while_in_if_true_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon4
-  where
-    "vc_anon4 x_2 = (x_2 \<ge> (0::int))"
-definition vc_anon5_Else
-  where
-    "vc_anon5_Else x_0 x_2 = ((((0::int) \<ge> x_0) \<and> (x_2 = x_0)) \<longrightarrow> (vc_anon4 x_2))"
-definition vc_anon6_LoopDone
-  where
-    "vc_anon6_LoopDone y_1 x_2 x_1 = ((((0::int) \<ge> y_1) \<and> (x_2 = x_1)) \<longrightarrow> (vc_anon4 x_2))"
-definition vc_anon6_LoopBody
-  where
-    "vc_anon6_LoopBody  = True"
-definition vc_anon5_Then
-  where
-    "vc_anon5_Then x_0 x_1 y_1 x_2 = (((x_0 > (0::int)) \<and> (x_1 = (x_0 - (1::int)))) \<longrightarrow> ((vc_anon6_LoopDone y_1 x_2 x_1) \<and> (vc_anon6_LoopBody )))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 x_1 y_1 x_2 = ((vc_anon5_Then x_0 x_1 y_1 x_2) \<and> (vc_anon5_Else x_0 x_2))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_x_1 :: "int" and vc_y_1 :: "int" and vc_y_2 :: "int" and vc_x_2 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_1)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_1)))" and 
-G6: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_2)))" and 
-G7: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_2)))" and 
-G8: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8
-lemmas forall_poly_thm = forall_vc_type[OF G8]
-lemmas exists_poly_thm = exists_vc_type[OF G8]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding while_in_if_true_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon6_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody ) \<Longrightarrow> (s' = Magic)))"
-unfolding while_in_if_true_passive_prog.block_1_def vc.vc_anon6_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon4AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding while_in_if_true_passive_prog.block_2_def vc.vc_anon4_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_Else_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_Else vc_x_0 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_2)))))))"
-unfolding while_in_if_true_passive_prog.block_3_def vc.vc_anon5_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_Else_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopDone_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon6_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_2)))))))"
-unfolding while_in_if_true_passive_prog.block_4_def vc.vc_anon6_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_5 (Normal n_s) s')" and 
-"((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))))))"
-using assms
-unfolding while_in_if_true_passive_prog.block_5_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon5_Then_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))))))))"
-unfolding while_in_if_true_passive_prog.block_6_def vc.vc_anon5_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_Then_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_7 (Normal n_s) s')" and 
-"((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))))))"
-using assms
-unfolding while_in_if_true_passive_prog.block_7_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_8 (Normal n_s) s')" and 
-"((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))))))"
-using assms
-unfolding while_in_if_true_passive_prog.block_8_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding while_in_if_true_passive_prog.block_9_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) while_in_if_true_passive_prog.node_0 while_in_if_true_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopBody )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) while_in_if_true_passive_prog.node_1])
-by (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) while_in_if_true_passive_prog.node_2])
-apply (erule block_anon4AA0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_Else vc_x_0 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_3])
-apply (erule block_anon5_ElseAA0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_4])
-apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon6_LoopDone vc_y_1 vc_x_2 vc_x_1) \<and> (vc.vc_anon6_LoopBody ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_5])
-apply (erule block_anon6_LoopHead[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_6])
-apply (erule block_anon5_ThenAA0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_7])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_Then vc_x_0 vc_x_1 vc_y_1 vc_x_2) \<and> (vc.vc_anon5_Else vc_x_0 vc_x_2))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_8])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> while_in_if_true_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) while_in_if_true_passive_prog.node_9])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:while_in_if_true_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls)) \<Gamma> [] while_in_if_true_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_x_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A while_in_if_true_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> while_in_if_true_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) while_in_if_true_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s while_in_if_true_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append while_in_if_true_before_ast_to_cfg_prog.constants_vdecls while_in_if_true_before_ast_to_cfg_prog.globals_vdecls),(append while_in_if_true_passive_prog.params_vdecls while_in_if_true_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((while_in_if_true_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF while_in_if_true_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF while_in_if_true_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/ROOT
deleted file mode 100644
index 2428332..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session nested_if_proofs = Boogie_Lang + 
-directories nested_if_proofs
-theories
-global_data
-"nested_if_proofs/nested_if_vcphase_proof"
-"nested_if_proofs/nested_if_before_passive_prog"
-"nested_if_proofs/nested_if_before_cfg_to_dag_prog"
-"nested_if_proofs/nested_if_cfgtodag_proof"
-"nested_if_proofs/nested_if_passification_proof"
-"nested_if_proofs/nested_if_before_ast_to_cfg_prog"
-"nested_if_proofs/nested_if_asttocfg_proof"
-"nested_if_proofs/nested_if_passive_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_asttocfg_proof.thy
deleted file mode 100644
index 5af288c..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_asttocfg_proof.thy
+++ /dev/null
@@ -1,387 +0,0 @@
-theory nested_if_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_if_before_ast_to_cfg_prog nested_if_before_cfg_to_dag_prog nested_if_cfgtodag_proof nested_if_passification_proof nested_if_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A nested_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma global_rel_nested_if_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_if_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of nested_if_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_4_def)
-
-apply (rule astTrace)
-apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (simp)
-apply (rule cont_4_def)
-apply (rule nested_if_before_cfg_to_dag_prog.node_4)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule nested_if_before_cfg_to_dag_prog.block_4_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply ( rule neg_gt)
-apply (rule guardHint)
-apply (rule nested_if_before_cfg_to_dag_prog.outEdges_4)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: nested_if_before_cfg_to_dag_prog.node_4)
-apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma rel_nested_if_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV False))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
-unfolding nested_if_before_cfg_to_dag_prog.block_3_def
-apply (rule guard_fails_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of nested_if_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply (simp add: nested_if_before_cfg_to_dag_prog.block_3_def)
-apply (rule push_through_assumption1)
-apply (simp)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply ((simp add: nested_if_before_ast_to_cfg_prog.bigblock_3_def)+)
-apply (rule neg_gt)
-apply (rule guardHint)
-done
-
-
-lemma global_rel_nested_if_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_if_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of nested_if_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-apply (rule cont_3_def)
-apply (rule nested_if_before_cfg_to_dag_prog.node_3)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule nested_if_before_cfg_to_dag_prog.block_3_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply ( rule neg_gt)
-apply (rule guardHint)
-apply (rule nested_if_before_cfg_to_dag_prog.outEdges_3)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: nested_if_before_cfg_to_dag_prog.node_3)
-apply (rule rel_nested_if_before_ast_to_cfg_prog_bigblock_3)
-apply assumption+
-apply (rule guardHint)
-done
-qed
-
-lemma rel_nested_if_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding nested_if_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of nested_if_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: nested_if_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: assms(3) nested_if_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_nested_if_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_if_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of nested_if_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (simp)
-apply (rule cont_2_def)
-apply (rule nested_if_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule nested_if_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule nested_if_before_cfg_to_dag_prog.outEdges_2)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: nested_if_before_cfg_to_dag_prog.node_2)
-apply (rule rel_nested_if_before_ast_to_cfg_prog_bigblock_2)
-apply assumption+
-apply (rule guardHint)
-done
-qed
-
-lemma global_rel_nested_if_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_if_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Invs[of nested_if_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: nested_if_before_cfg_to_dag_prog.block_1_def nested_if_before_ast_to_cfg_prog.bigblock_1_def)
-
-apply (rule astTrace)
-apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_1_def)
-apply (rule nested_if_before_cfg_to_dag_prog.node_1)
-
-apply (rule disjI2)
-apply (rule disjI1)
-
-apply (simp add: nested_if_before_cfg_to_dag_prog.block_1_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (simp)
-
-
-apply (rule guardHint)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-
-
-
-
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add: nested_if_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_nested_if_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def nested_if_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: nested_if_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_nested_if_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: cont_1_def nested_if_before_ast_to_cfg_prog.bigblock_3_def cont_3_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-lemma global_rel_nested_if_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_if_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Invs[of nested_if_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: nested_if_before_cfg_to_dag_prog.block_0_def nested_if_before_ast_to_cfg_prog.bigblock_0_def)
-
-apply (rule astTrace)
-apply (simp add: nested_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule nested_if_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: nested_if_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-
-
-
-
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: nested_if_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_nested_if_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def nested_if_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-apply (simp)
-apply ((erule allE[where x = 4])+)
-apply ((simp add: nested_if_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_nested_if_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_0_def nested_if_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (nested_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_m_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_if_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_if_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (nested_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_nested_if_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def nested_if_before_ast_to_cfg_prog.pres_def nested_if_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def nested_if_before_ast_to_cfg_prog.pres_def nested_if_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (nested_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_m_0::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) nested_if_before_ast_to_cfg_prog.fdecls nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls nested_if_before_ast_to_cfg_prog.axioms nested_if_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding nested_if_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_if_before_ast_to_cfg_prog.ast_proc_def nested_if_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_to_cfg_prog.thy
deleted file mode 100644
index d5d245e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,138 +0,0 @@
-theory nested_if_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Add (Var 0)))] (None ) (None ))] [(BigBlock (None ) [(Assign 1 (Var 0))] (None ) (None ))])) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Add (Var 0)))] (None ) (None ))] [(BigBlock (None ) [(Assign 1 (Var 0))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 1 (BinOp (Var 1) Add (Var 0)))] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [(Assign 1 (Var 0))] (None ) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [] (None ) (None ))"
-definition cont_0
-  where
-    "cont_0  = KStop"
-definition cont_1
-  where
-    "cont_1  = KStop"
-definition cont_2
-  where
-    "cont_2  = KStop"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_4
-  where
-    "cont_4  = KStop"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding nested_if_before_ast_to_cfg_prog.constants_vdecls_def nested_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding nested_if_before_ast_to_cfg_prog.constants_vdecls_def nested_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding nested_if_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding nested_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding nested_if_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding nested_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_n:
-shows "((map_of (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_m:
-shows "((map_of (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_n:
-shows "((lookup_var_decl ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_m:
-shows "((lookup_var_decl ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = nested_if_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_if_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_if_before_ast_to_cfg_prog.post),proc_body = (Some (nested_if_before_ast_to_cfg_prog.locals_vdecls,nested_if_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 2160236..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,169 +0,0 @@
-theory nested_if_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Add (Var 0)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 1 (Var 0))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition outEdges
-  where
-    "outEdges  = [[1,4],[2,3],[],[],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [2,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding nested_if_before_cfg_to_dag_prog.constants_vdecls_def nested_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_if_before_cfg_to_dag_prog.params_vdecls_def nested_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding nested_if_before_cfg_to_dag_prog.constants_vdecls_def nested_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding nested_if_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding nested_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding nested_if_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_if_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding nested_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_n:
-shows "((map_of (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_m:
-shows "((map_of (append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_n:
-shows "((lookup_var_decl ((append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_m:
-shows "((lookup_var_decl ((append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_cfg_to_dag_prog.constants_vdecls nested_if_before_cfg_to_dag_prog.globals_vdecls),(append nested_if_before_cfg_to_dag_prog.params_vdecls nested_if_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = nested_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_if_before_cfg_to_dag_prog.post),proc_body = (Some (nested_if_before_cfg_to_dag_prog.locals_vdecls,nested_if_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy
deleted file mode 100644
index 4df1ce2..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_before_passive_prog.thy
+++ /dev/null
@@ -1,117 +0,0 @@
-theory nested_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_if_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Add (Var 0)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1))),(Assign 1 (Var 0))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[2,3],[4,1],[5],[6]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_if_before_ast_to_cfg_prog.params_vdecls_def nested_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding nested_if_before_ast_to_cfg_prog.constants_vdecls_def nested_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy
deleted file mode 100644
index cc5e02b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_cfgtodag_proof.thy
+++ /dev/null
@@ -1,334 +0,0 @@
-theory nested_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_if_before_ast_to_cfg_prog nested_if_before_cfg_to_dag_prog nested_if_before_passive_prog nested_if_passification_proof nested_if_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A nested_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_if_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def nested_if_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule nested_if_before_passive_prog.node_0)
-apply simp
-unfolding nested_if_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon5_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_if_before_cfg_to_dag_prog.block_4_def nested_if_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule nested_if_before_cfg_to_dag_prog.node_4)
-apply (rule nested_if_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon5_Else)
-apply assumption+
-apply (rule nested_if_before_cfg_to_dag_prog.outEdges_4)
-apply (rule nested_if_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon6_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_if_before_cfg_to_dag_prog.block_2_def nested_if_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule nested_if_before_cfg_to_dag_prog.node_2)
-apply (rule nested_if_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon6_Then)
-apply assumption+
-apply (rule nested_if_before_cfg_to_dag_prog.outEdges_2)
-apply (rule nested_if_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon6_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_if_before_cfg_to_dag_prog.block_3_def nested_if_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule nested_if_before_cfg_to_dag_prog.node_3)
-apply (rule nested_if_before_passive_prog.node_3)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon6_Else)
-apply assumption+
-apply (rule nested_if_before_cfg_to_dag_prog.outEdges_3)
-apply (rule nested_if_before_passive_prog.outEdges_3)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon5_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_if_before_cfg_to_dag_prog.block_1_def nested_if_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_if_before_cfg_to_dag_prog.node_1)
-apply (rule nested_if_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon5_Then)
-apply (assumption+)
-apply ((simp add:nested_if_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:nested_if_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:nested_if_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:nested_if_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_if_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_if_before_cfg_to_dag_prog.block_0_def nested_if_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_if_before_cfg_to_dag_prog.node_0)
-apply (rule nested_if_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:nested_if_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:nested_if_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:nested_if_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:nested_if_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:nested_if_before_passive_prog.outEdges_6))
-by ((simp add:nested_if_before_passive_prog.node_6 nested_if_before_passive_prog.block_6_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_if_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule nested_if_before_passive_prog.node_7)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding nested_if_before_passive_prog.block_7_def
-apply (rule assume_pres_normal[where ?es=nested_if_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding nested_if_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule nested_if_before_passive_prog.outEdges_7)
-apply ((simp add:nested_if_before_passive_prog.node_6 nested_if_before_passive_prog.block_6_def))
-apply (rule nested_if_before_passive_prog.outEdges_6)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_m_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_if_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_if_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] nested_if_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule nested_if_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy
deleted file mode 100644
index 2f7f1d9..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passification_proof.thy
+++ /dev/null
@@ -1,322 +0,0 @@
-theory nested_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_if_before_ast_to_cfg_prog nested_if_passive_prog Boogie_Lang.PassificationML nested_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_if_before_passive_prog.block_0_def nested_if_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_if_before_passive_prog.block_1_def nested_if_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(1,(Inl 2))]) R_old nested_if_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_if_before_passive_prog.block_2_def nested_if_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_if_before_ast_to_cfg_prog.l_m(2) nested_if_passive_prog.l_m_0(2)))
-by simp
-
-lemma block_anon6_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 0)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(1,(Inl 0))]) R_old nested_if_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_if_before_passive_prog.block_3_def nested_if_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_if_before_ast_to_cfg_prog.l_m(2) nested_if_passive_prog.l_n(2)))
-by simp
-
-lemma block_anon5_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_if_before_passive_prog.block_4_def nested_if_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_if_before_passive_prog.block_5_def nested_if_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_if_before_passive_prog.block_6_def nested_if_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_if_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_if_before_passive_prog.block_7_def nested_if_passive_prog.block_7_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_if_before_passive_prog.node_0},@{thm nested_if_before_passive_prog.outEdges_0}) (@{thm nested_if_passive_prog.node_0},@{thm nested_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon5_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_1},@{thm nested_if_before_passive_prog.outEdges_1}) (@{thm nested_if_passive_prog.node_1},@{thm nested_if_passive_prog.outEdges_1}) @{thm block_anon5_Else} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon6_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_2},@{thm nested_if_before_passive_prog.outEdges_2}) (@{thm nested_if_passive_prog.node_2},@{thm nested_if_passive_prog.outEdges_2}) @{thm block_anon6_Then} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon6_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 0)))" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_3},@{thm nested_if_before_passive_prog.outEdges_3}) (@{thm nested_if_passive_prog.node_3},@{thm nested_if_passive_prog.outEdges_3}) @{thm block_anon6_Else} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_4},@{thm nested_if_before_passive_prog.outEdges_4}) (@{thm nested_if_passive_prog.node_4},@{thm nested_if_passive_prog.outEdges_4}) @{thm block_anon5_Then} [
-@{thm cfg_block_anon6_Then}, 
-@{thm cfg_block_anon6_Else}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_5},@{thm nested_if_before_passive_prog.outEdges_5}) (@{thm nested_if_passive_prog.node_5},@{thm nested_if_passive_prog.outEdges_5}) @{thm block_anon0} [
-@{thm cfg_block_anon5_Then}, 
-@{thm cfg_block_anon5_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_6},@{thm nested_if_before_passive_prog.outEdges_6}) (@{thm nested_if_passive_prog.node_6},@{thm nested_if_passive_prog.outEdges_6}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_if_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_if_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_if_before_passive_prog.node_7},@{thm nested_if_before_passive_prog.outEdges_7}) (@{thm nested_if_passive_prog.node_7},@{thm nested_if_passive_prog.outEdges_7}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_before_ast_to_cfg_prog.params_vdecls nested_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_if_before_passive_prog.proc_body ((Inl 7),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_m_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_if_before_ast_to_cfg_prog.constants_vdecls ns nested_if_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = [(0,(Inl 0)),(1,(Inl 1))]"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-apply ((simp add:nested_if_before_ast_to_cfg_prog.l_n(2) nested_if_passive_prog.l_n(2)))
-apply ((simp add:nested_if_before_ast_to_cfg_prog.l_m(2) nested_if_passive_prog.l_m(2)))
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv nested_if_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding nested_if_before_ast_to_cfg_prog.constants_vdecls_def nested_if_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding nested_if_passive_prog.params_vdecls_def nested_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using nested_if_before_passive_prog.globals_locals_disj apply auto[1]
-using nested_if_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 1)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_if_passive_prog.proc_body u (Inl 7)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range nested_if_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_if_passive_prog.proc_body ((Inl 7),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from nested_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy
deleted file mode 100644
index 962924c..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_passive_prog.thy
+++ /dev/null
@@ -1,150 +0,0 @@
-theory nested_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_if_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 2) Eq (BinOp (Var 1) Add (Var 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[2,3],[4,1],[5],[6]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 7,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_if_passive_prog.params_vdecls_def nested_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)))) = {})"
-unfolding nested_if_before_ast_to_cfg_prog.constants_vdecls_def nested_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_n:
-shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_m:
-shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_m_0:
-shows "((map_of (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_n:
-shows "((lookup_var_decl ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_m:
-shows "((lookup_var_decl ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_m_0:
-shows "((lookup_var_decl ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy
deleted file mode 100644
index 86ef802..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_if_proofs/nested_if_proofs/nested_if_vcphase_proof.thy
+++ /dev/null
@@ -1,277 +0,0 @@
-theory nested_if_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML nested_if_passive_prog nested_if_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_n :: "int" and vc_m :: "int" and vc_m_0 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_n)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_m)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_m_0)))" and 
-G3: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3
-lemmas forall_poly_thm = forall_vc_type[OF G3]
-lemmas exists_poly_thm = exists_vc_type[OF G3]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding nested_if_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon5_Else_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon5_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding nested_if_passive_prog.block_1_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_Else_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_Then_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon6_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding nested_if_passive_prog.block_2_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_Else_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon6_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding nested_if_passive_prog.block_3_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_Else_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_Then_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon5_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-unfolding nested_if_passive_prog.block_4_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_Then_hints \<close>)
-by (auto?)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_5 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding nested_if_passive_prog.block_5_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_6 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding nested_if_passive_prog.block_6_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding nested_if_passive_prog.block_7_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) nested_if_passive_prog.node_0 nested_if_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon5_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_if_passive_prog.node_1])
-apply (erule block_anon5_ElseAA0[OF _ assms(2)])
-apply ((simp add:nested_if_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_if_passive_prog.node_2])
-apply (erule block_anon6_ThenAA0[OF _ assms(2)])
-apply ((simp add:nested_if_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_if_passive_prog.node_3])
-apply (erule block_anon6_ElseAA0[OF _ assms(2)])
-apply ((simp add:nested_if_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_if_passive_prog.node_4])
-apply (erule block_anon5_ThenAA0[OF _ assms(2)])
-apply ((simp add:nested_if_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_if_passive_prog.node_5])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:nested_if_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_if_passive_prog.node_6])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:nested_if_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_if_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_if_passive_prog.node_7])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:nested_if_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls)) \<Gamma> [] nested_if_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_m_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_if_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) nested_if_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s nested_if_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append nested_if_before_ast_to_cfg_prog.constants_vdecls nested_if_before_ast_to_cfg_prog.globals_vdecls),(append nested_if_passive_prog.params_vdecls nested_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((nested_if_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_n:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_n])
-apply (subst lookup_var_local[OF nested_if_passive_prog.m_n])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_m:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_m])
-apply (subst lookup_var_local[OF nested_if_passive_prog.m_m])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_m_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_if_passive_prog.m_m_0])
-apply (subst lookup_var_local[OF nested_if_passive_prog.m_m_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_n])
-apply (rule HOL.conjunct1[OF sc_m])
-apply (rule HOL.conjunct1[OF sc_m_0])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/ROOT
deleted file mode 100644
index 83a8da7..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session nested_loop2_proofs = Boogie_Lang + 
-directories nested_loop3_proofs
-theories
-global_data
-"nested_loop3_proofs/nested_loop3_before_ast_to_cfg_prog"
-"nested_loop3_proofs/nested_loop3_cfgtodag_proof"
-"nested_loop3_proofs/nested_loop3_vcphase_proof"
-"nested_loop3_proofs/nested_loop3_passification_proof"
-"nested_loop3_proofs/nested_loop3_asttocfg_proof"
-"nested_loop3_proofs/nested_loop3_before_cfg_to_dag_prog"
-"nested_loop3_proofs/nested_loop3_before_passive_prog"
-"nested_loop3_proofs/nested_loop3_passive_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_asttocfg_proof.thy
deleted file mode 100644
index 5c0cc02..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_asttocfg_proof.thy
+++ /dev/null
@@ -1,713 +0,0 @@
-theory nested_loop3_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop3_before_ast_to_cfg_prog nested_loop3_before_cfg_to_dag_prog nested_loop3_cfgtodag_proof nested_loop3_passification_proof nested_loop3_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A nested_loop3_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_9:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_9,cont_9,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 2) Gt (Lit (LInt 0))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_9])
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_9_def)
-
-apply (rule astTrace)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_9_def)
-apply (simp)
-apply (simp)
-apply (rule cont_9_def)
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_11)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule nested_loop3_before_cfg_to_dag_prog.block_11_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply ( rule neg_gt)
-apply (rule guardHint)
-apply (rule nested_loop3_before_cfg_to_dag_prog.outEdges_11)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_11)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_9_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_8:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop3_before_cfg_to_dag_prog.proc_body 1 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_8])
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_8_def)
-
-apply (rule astTrace)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_8_def)
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_10)
-apply (rule disjI1)
-apply (rule nested_loop3_before_cfg_to_dag_prog.block_10_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_8_def)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_10)
-
-
-
-apply ((erule allE[where x=1])+)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_10)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_nested_loop3_before_ast_to_cfg_prog_bigblock_7:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_7,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of nested_loop3_before_ast_to_cfg_prog.bigblock_7])
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_7_def nested_loop3_before_cfg_to_dag_prog.block_8_def)
-apply ((simp add: nested_loop3_before_cfg_to_dag_prog.block_8_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: nested_loop3_before_cfg_to_dag_prog.block_8_def nested_loop3_before_ast_to_cfg_prog.bigblock_7_def)+)
-done
-
-
-lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_7:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop3_before_cfg_to_dag_prog.proc_body 3 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of nested_loop3_before_ast_to_cfg_prog.bigblock_7])
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_7_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_7_def)
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_8)
-apply (rule disjI1)
-apply (rule nested_loop3_before_cfg_to_dag_prog.block_8_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_7_def)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_8)
-apply (rule rel_nested_loop3_before_ast_to_cfg_prog_bigblock_7)
-apply assumption
-apply (simp)
-apply ((erule allE[where x=3])+)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_8)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_nested_loop3_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
-unfolding nested_loop3_before_cfg_to_dag_prog.block_6_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of nested_loop3_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_6_def)
-apply ((simp add: assms(3) nested_loop3_before_ast_to_cfg_prog.bigblock_6_def)+)
-done
-
-
-lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_5 cont_5 nested_loop3_before_cfg_to_dag_prog.proc_body 5 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of nested_loop3_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_6_def)
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_6)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule nested_loop3_before_cfg_to_dag_prog.block_6_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_6_def)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_6)
-apply (rule rel_nested_loop3_before_ast_to_cfg_prog_bigblock_6)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=5])+)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_6)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop3_before_cfg_to_dag_prog.proc_body 3 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_5_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_5 _ _ _ nested_loop3_before_cfg_to_dag_prog.block_5])
-apply (simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_5_def nested_loop3_before_cfg_to_dag_prog.block_5_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_5_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_5])
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_5_def)+)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.block_5_def nested_loop3_before_cfg_to_dag_prog.node_5)+)
-apply (rule cont_5_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 6])+)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_5)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_6)
-apply (simp add: cont_5_def nested_loop3_before_ast_to_cfg_prog.bigblock_6_def cont_6_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_5_def cont_6_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 7])+)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_5)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_7)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_7)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_7_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_7)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_7)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_7_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_7)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop3_before_cfg_to_dag_prog.proc_body 3 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_5)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_5_def cont_4_def cont_5_def)
-apply (rule correctness_propagates_through_assumption2)
-using assms(2)
-apply blast
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_4)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_4_def)
-
-apply (rule guardHint)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_assumption4)
-using assms(3)
-apply blast
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_4)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_4_def)
-
-apply (rule guardHint)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec)
-apply ((simp)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule strictly_smaller_helper2)
-apply ((simp)+)
-done
-
-lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop3_before_cfg_to_dag_prog.proc_body 1 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_3 _ _ _ nested_loop3_before_cfg_to_dag_prog.block_3])
-apply (simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_3_def nested_loop3_before_cfg_to_dag_prog.block_3_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_3_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_3])
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_3_def)+)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.block_3_def nested_loop3_before_cfg_to_dag_prog.node_3)+)
-apply (rule cont_3_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def nested_loop3_before_ast_to_cfg_prog.bigblock_4_def cont_4_def nested_loop3_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_3_def cont_4_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 9])+)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_8)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_9)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_9_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_9)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_9)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_9_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_9)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 2) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop3_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop3_before_cfg_to_dag_prog.proc_body 1 nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
-apply (rule correctness_propagates_through_assumption2)
-using assms(2)
-apply blast
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_2)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_2_def)
-
-apply (rule guardHint)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_assumption4)
-using assms(3)
-apply blast
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_2)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_2_def)
-
-apply (rule guardHint)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec)
-apply ((simp)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule strictly_smaller_helper2)
-apply ((simp)+)
-done
-
-lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_1 _ _ _ nested_loop3_before_cfg_to_dag_prog.block_1])
-apply (simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_1_def nested_loop3_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of nested_loop3_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.block_1_def nested_loop3_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def nested_loop3_before_ast_to_cfg_prog.bigblock_2_def cont_2_def nested_loop3_before_ast_to_cfg_prog.bigblock_8_def cont_8_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 11])+)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_9)
-apply (blast)
-
-
-apply ((blast)+)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-done
-qed
-qed
-
-lemma rel_nested_loop3_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of nested_loop3_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_0_def nested_loop3_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: nested_loop3_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: nested_loop3_before_cfg_to_dag_prog.block_0_def nested_loop3_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop3_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of nested_loop3_before_ast_to_cfg_prog.bigblock_0 _ nested_loop3_before_cfg_to_dag_prog.block_0])
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_0_def nested_loop3_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_0_def nested_loop3_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_0_def nested_loop3_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_0_def)
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: nested_loop3_before_cfg_to_dag_prog.node_0)
-apply (rule rel_nested_loop3_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: nested_loop3_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (nested_loop3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_z_0::int) (vc_y_0::int) (vc_x_1::int) (vc_z_1::int) (vc_y_1::int) (vc_z_2::int) (vc_y_2::int) (vc_z_3::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_loop3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_loop3_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_loop3_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop3_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (nested_loop3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_nested_loop3_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def nested_loop3_before_ast_to_cfg_prog.pres_def nested_loop3_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def nested_loop3_before_ast_to_cfg_prog.pres_def nested_loop3_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_9] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (nested_loop3_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_9_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_z_0::int) (vc_y_0::int) (vc_x_1::int) (vc_z_1::int) (vc_y_1::int) (vc_z_2::int) (vc_y_2::int) (vc_z_3::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) nested_loop3_before_ast_to_cfg_prog.fdecls nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls nested_loop3_before_ast_to_cfg_prog.axioms nested_loop3_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding nested_loop3_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_loop3_before_ast_to_cfg_prog.ast_proc_def nested_loop3_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 7d14cd7..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,177 +0,0 @@
-theory nested_loop3_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10))),(Assign 2 (Lit (LInt 10)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 2) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 2) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_7
-  where
-    "bigblock_7  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_8
-  where
-    "bigblock_8  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_9
-  where
-    "bigblock_9  = (BigBlock (None ) [] (None ) (None ))"
-definition cont_9
-  where
-    "cont_9  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_9 cont_9)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_9 cont_9 ))"
-definition cont_8
-  where
-    "cont_8  = (KSeq bigblock_1 cont_1)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_8 cont_8)"
-definition cont_3
-  where
-    "cont_3  = (KEndBlock (KSeq bigblock_8 cont_8 ))"
-definition cont_7
-  where
-    "cont_7  = (KSeq bigblock_3 cont_3)"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_7 cont_7)"
-definition cont_5
-  where
-    "cont_5  = (KEndBlock (KSeq bigblock_7 cont_7 ))"
-definition cont_6
-  where
-    "cont_6  = (KSeq bigblock_5 cont_5)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_9]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding nested_loop3_before_ast_to_cfg_prog.constants_vdecls_def nested_loop3_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding nested_loop3_before_ast_to_cfg_prog.constants_vdecls_def nested_loop3_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding nested_loop3_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding nested_loop3_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding nested_loop3_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = nested_loop3_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop3_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop3_before_ast_to_cfg_prog.post),proc_body = (Some (nested_loop3_before_ast_to_cfg_prog.locals_vdecls,nested_loop3_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 7dc0629..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,255 +0,0 @@
-theory nested_loop3_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10))),(Assign 2 (Lit (LInt 10)))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_8
-  where
-    "block_8  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_9
-  where
-    "block_9  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[11,2],[3],[9,4],[5],[7,6],[5],[8],[3],[10],[1],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [11,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [9,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [7,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding nested_loop3_before_cfg_to_dag_prog.constants_vdecls_def nested_loop3_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop3_before_cfg_to_dag_prog.params_vdecls_def nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding nested_loop3_before_cfg_to_dag_prog.constants_vdecls_def nested_loop3_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding nested_loop3_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding nested_loop3_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding nested_loop3_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop3_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding nested_loop3_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_cfg_to_dag_prog.constants_vdecls nested_loop3_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop3_before_cfg_to_dag_prog.params_vdecls nested_loop3_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = nested_loop3_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop3_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop3_before_cfg_to_dag_prog.post),proc_body = (Some (nested_loop3_before_cfg_to_dag_prog.locals_vdecls,nested_loop3_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_passive_prog.thy
deleted file mode 100644
index 816f478..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_before_passive_prog.thy
+++ /dev/null
@@ -1,194 +0,0 @@
-theory nested_loop3_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop3_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 1)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_5
-  where
-    "block_5  = [(Havoc 2),(Havoc 1),(Assume (BinOp (Var 1) Ge (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (Lit (LBool False)))]"
-definition block_8
-  where
-    "block_8  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_9
-  where
-    "block_9  = [(Havoc 0),(Havoc 2),(Havoc 1),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_10
-  where
-    "block_10  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_11
-  where
-    "block_11  = [(Havoc 0),(Havoc 2),(Havoc 1)]"
-definition block_12
-  where
-    "block_12  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10))),(Assign 2 (Lit (LInt 10)))]"
-definition block_13
-  where
-    "block_13  = []"
-definition block_14
-  where
-    "block_14  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[0],[7],[8,6],[9],[1,10],[11],[12],[13]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 14,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_13:
-shows "((nth (node_to_block proc_body) 13) = block_13)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_14:
-shows "((nth (node_to_block proc_body) 14) = block_14)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [1,10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_13:
-shows "((nth (out_edges proc_body) 13) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_14:
-shows "((nth (out_edges proc_body) 14) = [13])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop3_before_ast_to_cfg_prog.params_vdecls_def nested_loop3_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding nested_loop3_before_ast_to_cfg_prog.constants_vdecls_def nested_loop3_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_cfgtodag_proof.thy
deleted file mode 100644
index 7618ce6..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_cfgtodag_proof.thy
+++ /dev/null
@@ -1,867 +0,0 @@
-theory nested_loop3_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop3_before_ast_to_cfg_prog nested_loop3_before_cfg_to_dag_prog nested_loop3_before_passive_prog nested_loop3_passification_proof nested_loop3_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A nested_loop3_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop3_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def nested_loop3_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule nested_loop3_before_passive_prog.node_0)
-apply simp
-unfolding nested_loop3_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_11 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop3_before_cfg_to_dag_prog.block_11_def nested_loop3_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_11)
-apply (rule nested_loop3_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon6_LoopDone)
-apply assumption+
-apply (rule nested_loop3_before_cfg_to_dag_prog.outEdges_11)
-apply (rule nested_loop3_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma Mods_anon8_LoopBody:
-shows "(mods_contained_in (set [2,1]) nested_loop3_before_cfg_to_dag_prog.block_6)"
-unfolding nested_loop3_before_cfg_to_dag_prog.block_6_def
-by simp
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop3_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop3_before_cfg_to_dag_prog.block_6_def nested_loop3_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop3_before_ast_to_cfg_prog.funcs_wf nested_loop3_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop3_before_ast_to_cfg_prog.l_y(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [2,1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 5 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_6)
-apply (rule nested_loop3_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon8_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon8_LoopBody)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_6))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon8_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon4:
-shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_8)"
-unfolding nested_loop3_before_cfg_to_dag_prog.block_8_def
-by simp
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop3_before_passive_prog.block_3 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop3_before_cfg_to_dag_prog.block_8_def nested_loop3_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop3_before_ast_to_cfg_prog.funcs_wf nested_loop3_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop3_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon4:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_8)
-apply (rule nested_loop3_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon4)
-apply (assumption+)
-apply (rule Mods_anon4)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_8))
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_8))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon7_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_LoopDone:
-shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_7)"
-unfolding nested_loop3_before_cfg_to_dag_prog.block_7_def
-by simp
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop3_before_cfg_to_dag_prog.block_7_def nested_loop3_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_7)
-apply (rule nested_loop3_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon8_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon8_LoopDone)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_7))
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_7))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:nested_loop3_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_LoopHead:
-shows "(mods_contained_in (set [2,1]) nested_loop3_before_cfg_to_dag_prog.block_5)"
-unfolding nested_loop3_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [2,1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop3_before_cfg_to_dag_prog.block_5_def nested_loop3_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(1)))
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [2,1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [2,1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_5)
-apply (rule nested_loop3_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon8_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon8_LoopHead)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:nested_loop3_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:nested_loop3_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon7_LoopBody:
-shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_4)"
-unfolding nested_loop3_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop3_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop3_before_cfg_to_dag_prog.block_4_def nested_loop3_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop3_before_ast_to_cfg_prog.funcs_wf nested_loop3_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop3_before_ast_to_cfg_prog.l_y(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_4)
-apply (rule nested_loop3_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon7_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon7_LoopBody)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:nested_loop3_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5:
-shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_10)"
-unfolding nested_loop3_before_cfg_to_dag_prog.block_10_def
-by simp
-
-lemma block_anon5:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_10 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_7 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop3_before_cfg_to_dag_prog.block_10_def nested_loop3_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_10)
-apply (rule nested_loop3_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon5)
-apply (assumption+)
-apply (rule Mods_anon5)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_10))
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_10))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_LoopDone:
-shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_9)"
-unfolding nested_loop3_before_cfg_to_dag_prog.block_9_def
-by simp
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop3_before_cfg_to_dag_prog.block_9_def nested_loop3_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_9)
-apply (rule nested_loop3_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon7_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon7_LoopDone)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_9))
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_9))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:nested_loop3_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon6_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_LoopHead:
-shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_3)"
-unfolding nested_loop3_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,2,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_9 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop3_before_cfg_to_dag_prog.block_3_def nested_loop3_before_passive_prog.block_9_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_x(1)))
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(1)))
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,2,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,2,1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_3)
-apply (rule nested_loop3_before_passive_prog.node_9)
-apply (assumption+)
-apply (rule block_anon7_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon7_LoopHead)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=8])
-apply ((simp add:nested_loop3_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:nested_loop3_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon6_LoopBody:
-shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_2)"
-unfolding nested_loop3_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop3_before_passive_prog.block_10 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop3_before_cfg_to_dag_prog.block_2_def nested_loop3_before_passive_prog.block_10_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop3_before_ast_to_cfg_prog.funcs_wf nested_loop3_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop3_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body [0,2,1] [] nested_loop3_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_2)
-apply (rule nested_loop3_before_passive_prog.node_10)
-apply (assumption+)
-apply (rule block_anon6_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon6_LoopBody)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=9])
-apply ((simp add:nested_loop3_before_passive_prog.outEdges_10))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon6_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopHead:
-shows "(mods_contained_in (set [0,2,1]) nested_loop3_before_cfg_to_dag_prog.block_1)"
-unfolding nested_loop3_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_11 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,2,1] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_11 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop3_before_cfg_to_dag_prog.block_1_def nested_loop3_before_passive_prog.block_11_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_x(1)))
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(1)))
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,2,1] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,2,1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_1)
-apply (rule nested_loop3_before_passive_prog.node_11)
-apply (assumption+)
-apply (rule block_anon6_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon6_LoopHead)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:nested_loop3_before_passive_prog.outEdges_11))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=10])
-apply ((simp add:nested_loop3_before_passive_prog.outEdges_11))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.block_12 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop3_before_passive_prog.block_12 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop3_before_cfg_to_dag_prog.block_0_def nested_loop3_before_passive_prog.block_12_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop3_before_cfg_to_dag_prog.node_0)
-apply (rule nested_loop3_before_passive_prog.node_12)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:nested_loop3_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=11])
-apply ((simp add:nested_loop3_before_passive_prog.outEdges_12))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:nested_loop3_before_passive_prog.outEdges_13))
-by ((simp add:nested_loop3_before_passive_prog.node_13 nested_loop3_before_passive_prog.block_13_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 14),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop3_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule nested_loop3_before_passive_prog.node_14)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding nested_loop3_before_passive_prog.block_14_def
-apply (rule assume_pres_normal[where ?es=nested_loop3_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding nested_loop3_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule nested_loop3_before_passive_prog.outEdges_14)
-apply ((simp add:nested_loop3_before_passive_prog.node_13 nested_loop3_before_passive_prog.block_13_def))
-apply (rule nested_loop3_before_passive_prog.outEdges_13)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_z_0::int) (vc_y_0::int) (vc_x_1::int) (vc_z_1::int) (vc_y_1::int) (vc_z_2::int) (vc_y_2::int) (vc_z_3::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_loop3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_loop3_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_loop3_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop3_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop3_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop3_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule nested_loop3_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passification_proof.thy
deleted file mode 100644
index 8b8c04f..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passification_proof.thy
+++ /dev/null
@@ -1,461 +0,0 @@
-theory nested_loop3_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop3_before_ast_to_cfg_prog nested_loop3_passive_prog Boogie_Lang.PassificationML nested_loop3_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_0_def nested_loop3_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_1_def nested_loop3_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [11,12] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 10)))" and 
-"((R 2) = (Some (Inl 9)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [11,12])) (update_nstate_rel R [(2,(Inl 11)),(1,(Inl 12))]) R_old nested_loop3_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_2_def nested_loop3_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(2) nested_loop3_passive_prog.l_z_3(2)))
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(2) nested_loop3_passive_prog.l_y_3(2)))
-by simp
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [13] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [13])) (update_nstate_rel R [(0,(Inl 13))]) R_old nested_loop3_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_3_def nested_loop3_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_x(2) nested_loop3_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))" and 
-"((R 1) = (Some (Inl 10)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_4_def nested_loop3_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9,10] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9,10])) (update_nstate_rel R [(2,(Inl 9)),(1,(Inl 10))]) R_old nested_loop3_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_5_def nested_loop3_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(2) nested_loop3_passive_prog.l_z_2(2)))
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(2) nested_loop3_passive_prog.l_y_2(2)))
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))" and 
-"((R 1) = (Some (Inl 8)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_6_def nested_loop3_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_7_def nested_loop3_passive_prog.block_7_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_8_def nested_loop3_passive_prog.block_8_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6,7,8] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6,7,8])) (update_nstate_rel R [(0,(Inl 6)),(2,(Inl 7)),(1,(Inl 8))]) R_old nested_loop3_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_9_def nested_loop3_passive_prog.block_9_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_x(2) nested_loop3_passive_prog.l_x_1(2)))
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(2) nested_loop3_passive_prog.l_z_1(2)))
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(2) nested_loop3_passive_prog.l_y_1(2)))
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))" and 
-"((R 2) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_10_def nested_loop3_passive_prog.block_10_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_11 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4,5] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4,5])) (update_nstate_rel R [(0,(Inl 3)),(2,(Inl 4)),(1,(Inl 5))]) R_old nested_loop3_passive_prog.block_11 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_11_def nested_loop3_passive_prog.block_11_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_x(2) nested_loop3_passive_prog.l_x_0(2)))
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_z(2) nested_loop3_passive_prog.l_z_0(2)))
-apply ((simp add:nested_loop3_before_ast_to_cfg_prog.l_y(2) nested_loop3_passive_prog.l_y_0(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_12 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10))),(1,(Inr (LInt 10))),(2,(Inr (LInt 10)))]) R_old nested_loop3_passive_prog.block_12 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_12_def nested_loop3_passive_prog.block_12_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_13 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_13 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_13_def nested_loop3_passive_prog.block_13_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.block_14 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop3_passive_prog.block_14 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop3_before_passive_prog.block_14_def nested_loop3_passive_prog.block_14_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_0},@{thm nested_loop3_before_passive_prog.outEdges_0}) (@{thm nested_loop3_passive_prog.node_0},@{thm nested_loop3_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_1},@{thm nested_loop3_before_passive_prog.outEdges_1}) (@{thm nested_loop3_passive_prog.node_1},@{thm nested_loop3_passive_prog.outEdges_1}) @{thm block_anon6_LoopDone} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 10)))" and 
-"((R 2) = (Some (Inl 9)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_2},@{thm nested_loop3_before_passive_prog.outEdges_2}) (@{thm nested_loop3_passive_prog.node_2},@{thm nested_loop3_passive_prog.outEdges_2}) @{thm block_anon8_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 13 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_3},@{thm nested_loop3_before_passive_prog.outEdges_3}) (@{thm nested_loop3_passive_prog.node_3},@{thm nested_loop3_passive_prog.outEdges_3}) @{thm block_anon4} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 13 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))" and 
-"((R 1) = (Some (Inl 10)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_4},@{thm nested_loop3_before_passive_prog.outEdges_4}) (@{thm nested_loop3_passive_prog.node_4},@{thm nested_loop3_passive_prog.outEdges_4}) @{thm block_anon8_LoopDone} [
-@{thm cfg_block_anon4}] 1\<close>))
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_5},@{thm nested_loop3_before_passive_prog.outEdges_5}) (@{thm nested_loop3_passive_prog.node_5},@{thm nested_loop3_passive_prog.outEdges_5}) @{thm block_anon8_LoopHead} [
-@{thm cfg_block_anon8_LoopDone}, 
-@{thm cfg_block_anon8_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))" and 
-"((R 1) = (Some (Inl 8)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_6},@{thm nested_loop3_before_passive_prog.outEdges_6}) (@{thm nested_loop3_passive_prog.node_6},@{thm nested_loop3_passive_prog.outEdges_6}) @{thm block_anon7_LoopBody} [
-@{thm cfg_block_anon8_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon5:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_7},@{thm nested_loop3_before_passive_prog.outEdges_7}) (@{thm nested_loop3_passive_prog.node_7},@{thm nested_loop3_passive_prog.outEdges_7}) @{thm block_anon5} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_8},@{thm nested_loop3_before_passive_prog.outEdges_8}) (@{thm nested_loop3_passive_prog.node_8},@{thm nested_loop3_passive_prog.outEdges_8}) @{thm block_anon7_LoopDone} [
-@{thm cfg_block_anon5}] 1\<close>))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_9},@{thm nested_loop3_before_passive_prog.outEdges_9}) (@{thm nested_loop3_passive_prog.node_9},@{thm nested_loop3_passive_prog.outEdges_9}) @{thm block_anon7_LoopHead} [
-@{thm cfg_block_anon7_LoopDone}, 
-@{thm cfg_block_anon7_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 3)))" and 
-"((R 2) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop3_before_passive_prog.node_10},@{thm nested_loop3_before_passive_prog.outEdges_10}) (@{thm nested_loop3_passive_prog.node_10},@{thm nested_loop3_passive_prog.outEdges_10}) @{thm block_anon6_LoopBody} [
-@{thm cfg_block_anon7_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 11)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_11},@{thm nested_loop3_before_passive_prog.outEdges_11}) (@{thm nested_loop3_passive_prog.node_11},@{thm nested_loop3_passive_prog.outEdges_11}) @{thm block_anon6_LoopHead} [
-@{thm cfg_block_anon6_LoopDone}, 
-@{thm cfg_block_anon6_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 12)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_12},@{thm nested_loop3_before_passive_prog.outEdges_12}) (@{thm nested_loop3_passive_prog.node_12},@{thm nested_loop3_passive_prog.outEdges_12}) @{thm block_anon0} [
-@{thm cfg_block_anon6_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 13)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_13},@{thm nested_loop3_before_passive_prog.outEdges_13}) (@{thm nested_loop3_passive_prog.node_13},@{thm nested_loop3_passive_prog.outEdges_13}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop3_before_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body u (Inl 14)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop3_before_passive_prog.node_14},@{thm nested_loop3_before_passive_prog.outEdges_14}) (@{thm nested_loop3_passive_prog.node_14},@{thm nested_loop3_passive_prog.outEdges_14}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_before_ast_to_cfg_prog.params_vdecls nested_loop3_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop3_before_passive_prog.proc_body ((Inl 14),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_z_0::int) (vc_y_0::int) (vc_x_1::int) (vc_z_1::int) (vc_y_1::int) (vc_z_2::int) (vc_y_2::int) (vc_z_3::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_loop3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_loop3_before_ast_to_cfg_prog.constants_vdecls ns nested_loop3_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv nested_loop3_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding nested_loop3_before_ast_to_cfg_prog.constants_vdecls_def nested_loop3_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding nested_loop3_passive_prog.params_vdecls_def nested_loop3_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using nested_loop3_before_passive_prog.globals_locals_disj apply auto[1]
-using nested_loop3_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_loop3_passive_prog.proc_body u (Inl 14)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range nested_loop3_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_loop3_passive_prog.proc_body ((Inl 14),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from nested_loop3_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passive_prog.thy
deleted file mode 100644
index d6625aa..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_passive_prog.thy
+++ /dev/null
@@ -1,326 +0,0 @@
-theory nested_loop3_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop3_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 10) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 11) Eq (BinOp (Var 9) Sub (Lit (LInt 1))))),(Assume (BinOp (Var 12) Eq (BinOp (Var 10) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 12) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 13) Eq (BinOp (Var 6) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 13) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 10)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 10) Ge (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 6) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 8) Ge (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (Lit (LBool False)))]"
-definition block_8
-  where
-    "block_8  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 6)))]"
-definition block_9
-  where
-    "block_9  = [(Assume (BinOp (Var 6) Ge (Lit (LInt 0))))]"
-definition block_10
-  where
-    "block_10  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 3) Ge (Lit (LInt 0))))]"
-definition block_11
-  where
-    "block_11  = []"
-definition block_12
-  where
-    "block_12  = []"
-definition block_13
-  where
-    "block_13  = []"
-definition block_14
-  where
-    "block_14  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[0],[7],[8,6],[9],[1,10],[11],[12],[13]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 14,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_13:
-shows "((nth (node_to_block proc_body) 13) = block_13)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_14:
-shows "((nth (node_to_block proc_body) 14) = block_14)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [1,10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_13:
-shows "((nth (out_edges proc_body) 13) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_14:
-shows "((nth (out_edges proc_body) 14) = [13])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(10,(TPrim TInt),(None )),(11,(TPrim TInt),(None )),(12,(TPrim TInt),(None )),(13,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop3_passive_prog.params_vdecls_def nested_loop3_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)))) = {})"
-unfolding nested_loop3_before_ast_to_cfg_prog.constants_vdecls_def nested_loop3_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z_0:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z_1:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z_2:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z_3:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 11) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_3:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 12) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls) 13) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z_0:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z_1:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z_2:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z_3:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 11) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 11) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_3:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 12) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 12) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 13) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) 13) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_vcphase_proof.thy
deleted file mode 100644
index e94f3dc..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop2_proofs/nested_loop3_proofs/nested_loop3_vcphase_proof.thy
+++ /dev/null
@@ -1,542 +0,0 @@
-theory nested_loop3_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML nested_loop3_passive_prog nested_loop3_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon6_LoopDone
-  where
-    "vc_anon6_LoopDone  = True"
-definition vc_anon8_LoopBody
-  where
-    "vc_anon8_LoopBody y_2 z_3 z_2 y_3 = ((y_2 > (0::int)) \<longrightarrow> (((z_3 = (z_2 - (1::int))) \<and> (y_3 = (y_2 - (1::int)))) \<longrightarrow> (y_3 \<ge> (0::int))))"
-definition vc_anon4
-  where
-    "vc_anon4 x_2 x_1 = ((x_2 = (x_1 - (1::int))) \<longrightarrow> (x_2 \<ge> (0::int)))"
-definition vc_anon8_LoopDone
-  where
-    "vc_anon8_LoopDone y_2 x_2 x_1 = (((0::int) \<ge> y_2) \<longrightarrow> (vc_anon4 x_2 x_1))"
-definition vc_anon8_LoopHead
-  where
-    "vc_anon8_LoopHead y_2 x_2 x_1 z_3 z_2 y_3 = ((y_2 \<ge> (0::int)) \<longrightarrow> ((vc_anon8_LoopDone y_2 x_2 x_1) \<and> (vc_anon8_LoopBody y_2 z_3 z_2 y_3)))"
-definition vc_anon7_LoopBody
-  where
-    "vc_anon7_LoopBody x_1 y_1 y_2 x_2 z_3 z_2 y_3 = ((x_1 > (0::int)) \<longrightarrow> ((y_1 \<ge> (0::int)) \<and> ((y_1 \<ge> (0::int)) \<longrightarrow> (vc_anon8_LoopHead y_2 x_2 x_1 z_3 z_2 y_3))))"
-definition vc_anon5
-  where
-    "vc_anon5  = True"
-definition vc_anon7_LoopDone
-  where
-    "vc_anon7_LoopDone x_1 = (((0::int) \<ge> x_1) \<longrightarrow> (vc_anon5 ))"
-definition vc_anon7_LoopHead
-  where
-    "vc_anon7_LoopHead x_1 y_1 y_2 x_2 z_3 z_2 y_3 = ((x_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon7_LoopDone x_1) \<and> (vc_anon7_LoopBody x_1 y_1 y_2 x_2 z_3 z_2 y_3)))"
-definition vc_anon6_LoopBody
-  where
-    "vc_anon6_LoopBody z_0 x_0 x_1 y_1 y_2 x_2 z_3 z_2 y_3 = ((z_0 > (0::int)) \<longrightarrow> ((x_0 \<ge> (0::int)) \<and> ((x_0 \<ge> (0::int)) \<longrightarrow> (vc_anon7_LoopHead x_1 y_1 y_2 x_2 z_3 z_2 y_3))))"
-definition vc_anon0
-  where
-    "vc_anon0 z_0 x_0 x_1 y_1 y_2 x_2 z_3 z_2 y_3 = ((vc_anon6_LoopDone ) \<and> (vc_anon6_LoopBody z_0 x_0 x_1 y_1 y_2 x_2 z_3 z_2 y_3))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_z :: "int" and vc_x_0 :: "int" and vc_z_0 :: "int" and vc_y_0 :: "int" and vc_x_1 :: "int" and vc_z_1 :: "int" and vc_y_1 :: "int" and vc_z_2 :: "int" and vc_y_2 :: "int" and vc_z_3 :: "int" and vc_y_3 :: "int" and vc_x_2 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_z)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_z_0)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_0)))" and 
-G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_1)))" and 
-G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_z_1)))" and 
-G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_y_1)))" and 
-G9: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_z_2)))" and 
-G10: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_y_2)))" and 
-G11: "((lookup_var \<Lambda> n_s 11) = (Some (IntV vc_z_3)))" and 
-G12: "((lookup_var \<Lambda> n_s 12) = (Some (IntV vc_y_3)))" and 
-G13: "((lookup_var \<Lambda> n_s 13) = (Some (IntV vc_x_2)))" and 
-G14: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11 G12 G13 G14
-lemmas forall_poly_thm = forall_vc_type[OF G14]
-lemmas exists_poly_thm = exists_vc_type[OF G14]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding nested_loop3_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon6_LoopDone_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon6_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding nested_loop3_passive_prog.block_1_def vc.vc_anon6_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_LoopBody_hints = [
-(AssumeConjR 0,NONE), 
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon8_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopBody vc_y_2 vc_z_3 vc_z_2 vc_y_3) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop3_passive_prog.block_2_def vc.vc_anon8_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_hints = [
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon4AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_2 vc_x_1) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop3_passive_prog.block_3_def vc.vc_anon4_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon8_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_2 vc_x_1)))))))"
-unfolding nested_loop3_passive_prog.block_4_def vc.vc_anon8_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon8_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopHead vc_y_2 vc_x_2 vc_x_1 vc_z_3 vc_z_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1) \<and> (vc.vc_anon8_LoopBody vc_y_2 vc_z_3 vc_z_2 vc_y_3))))))))"
-unfolding nested_loop3_passive_prog.block_5_def vc.vc_anon8_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon7_LoopBody_hints = [
-(AssumeConjR 0,NONE), 
-(AssertSub,NONE)]
-\<close>
-lemma block_anon7_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon8_LoopHead vc_y_2 vc_x_2 vc_x_1 vc_z_3 vc_z_2 vc_y_3)))))))"
-unfolding nested_loop3_passive_prog.block_6_def vc.vc_anon7_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_hints = [
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon5AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5 ) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop3_passive_prog.block_7_def vc.vc_anon5_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon7_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon7_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopDone vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5 )))))))"
-unfolding nested_loop3_passive_prog.block_8_def vc.vc_anon7_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon7_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon7_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_x_1) \<and> (vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))))))))"
-unfolding nested_loop3_passive_prog.block_9_def vc.vc_anon7_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopBody_hints = [
-(AssumeConjR 0,NONE), 
-(AssertSub,NONE)]
-\<close>
-lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_10 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3)))))))"
-unfolding nested_loop3_passive_prog.block_10_def vc.vc_anon6_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
-by (auto?)
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_11 (Normal n_s) s')" and 
-"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))))))"
-using assms
-unfolding nested_loop3_passive_prog.block_11_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_12 (Normal n_s) s')" and 
-"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))))))"
-using assms
-unfolding nested_loop3_passive_prog.block_12_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_13 (Normal n_s) s')" and 
-"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))))))"
-using assms
-unfolding nested_loop3_passive_prog.block_13_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.block_14 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding nested_loop3_passive_prog.block_14_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) nested_loop3_passive_prog.node_0 nested_loop3_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopDone )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_loop3_passive_prog.node_1])
-apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:nested_loop3_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_LoopBody vc_y_2 vc_z_3 vc_z_2 vc_y_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop3_passive_prog.node_2])
-by (erule block_anon8_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4 vc_x_2 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop3_passive_prog.node_3])
-by (erule block_anon4AA0[OF _ assms(2)])
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_4])
-apply (erule block_anon8_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:nested_loop3_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_LoopHead vc_y_2 vc_x_2 vc_x_1 vc_z_3 vc_z_2 vc_y_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_5])
-apply (erule block_anon8_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:nested_loop3_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_6])
-apply (erule block_anon7_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:nested_loop3_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop3_passive_prog.node_7])
-by (erule block_anon5AA0[OF _ assms(2)])
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_LoopDone vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_8])
-apply (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:nested_loop3_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_9])
-apply (erule block_anon7_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:nested_loop3_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_10])
-apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:nested_loop3_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_11])
-apply (erule block_anon6_LoopHead[OF _ assms(2)])
-apply ((simp add:nested_loop3_passive_prog.outEdges_11))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_12])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:nested_loop3_passive_prog.outEdges_12))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_13])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:nested_loop3_passive_prog.outEdges_13))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop3_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop3_passive_prog.node_14])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:nested_loop3_passive_prog.outEdges_14))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls)) \<Gamma> [] nested_loop3_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_z_0::int) (vc_y_0::int) (vc_x_1::int) (vc_z_1::int) (vc_y_1::int) (vc_z_2::int) (vc_y_2::int) (vc_z_3::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_z_0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_z_3 vc_z_2 vc_y_3))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_loop3_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_loop3_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) nested_loop3_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s nested_loop3_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append nested_loop3_before_ast_to_cfg_prog.constants_vdecls nested_loop3_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop3_passive_prog.params_vdecls nested_loop3_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((nested_loop3_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_x])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_y])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_z])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_z])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z_0:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_z_0])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_z_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z_1:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_z_1])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_z_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z_2:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_z_2])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_z_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z_3:"(((lookup_var ?\<Lambda> n_s 11) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 11)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 11))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_z_3])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_z_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_3:"(((lookup_var ?\<Lambda> n_s 12) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 12)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 12))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_y_3])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_y_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 13) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 13)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 13))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop3_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF nested_loop3_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_z])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_z_0])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_z_1])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_z_2])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (rule HOL.conjunct1[OF sc_z_3])
-apply (rule HOL.conjunct1[OF sc_y_3])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/ROOT
deleted file mode 100644
index 7498038..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session nested_loop_proofs = Boogie_Lang + 
-directories nested_loop_proofs
-theories
-global_data
-"nested_loop_proofs/nested_loop_asttocfg_proof"
-"nested_loop_proofs/nested_loop_cfgtodag_proof"
-"nested_loop_proofs/nested_loop_passive_prog"
-"nested_loop_proofs/nested_loop_before_passive_prog"
-"nested_loop_proofs/nested_loop_before_ast_to_cfg_prog"
-"nested_loop_proofs/nested_loop_before_cfg_to_dag_prog"
-"nested_loop_proofs/nested_loop_passification_proof"
-"nested_loop_proofs/nested_loop_vcphase_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_asttocfg_proof.thy
deleted file mode 100644
index d8aa4d5..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_asttocfg_proof.thy
+++ /dev/null
@@ -1,536 +0,0 @@
-theory nested_loop_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop_before_ast_to_cfg_prog nested_loop_before_cfg_to_dag_prog nested_loop_cfgtodag_proof nested_loop_passification_proof nested_loop_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A nested_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of nested_loop_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_6_def)
-
-apply (rule astTrace)
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (simp)
-apply (rule cont_6_def)
-apply (rule nested_loop_before_cfg_to_dag_prog.node_7)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule nested_loop_before_cfg_to_dag_prog.block_7_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply ( rule neg_gt)
-apply (rule guardHint)
-apply (rule nested_loop_before_cfg_to_dag_prog.outEdges_7)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.node_7)
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma rel_nested_loop_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of nested_loop_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_5_def nested_loop_before_cfg_to_dag_prog.block_6_def)
-apply ((simp add: nested_loop_before_cfg_to_dag_prog.block_6_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: nested_loop_before_cfg_to_dag_prog.block_6_def nested_loop_before_ast_to_cfg_prog.bigblock_5_def)+)
-done
-
-
-lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop_before_cfg_to_dag_prog.proc_body 1 nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of nested_loop_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_5_def)
-apply (rule nested_loop_before_cfg_to_dag_prog.node_6)
-apply (rule disjI1)
-apply (rule nested_loop_before_cfg_to_dag_prog.block_6_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_5_def)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.node_6)
-apply (rule rel_nested_loop_before_ast_to_cfg_prog_bigblock_5)
-apply assumption
-apply (simp)
-apply ((erule allE[where x=1])+)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_6)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_nested_loop_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-unfolding nested_loop_before_cfg_to_dag_prog.block_4_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of nested_loop_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: assms(3) nested_loop_before_ast_to_cfg_prog.bigblock_4_def)+)
-done
-
-
-lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop_before_cfg_to_dag_prog.proc_body 3 nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of nested_loop_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule nested_loop_before_cfg_to_dag_prog.node_4)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule nested_loop_before_cfg_to_dag_prog.block_4_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_4_def)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.node_4)
-apply (rule rel_nested_loop_before_ast_to_cfg_prog_bigblock_4)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=3])+)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop_before_cfg_to_dag_prog.proc_body 1 nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of nested_loop_before_ast_to_cfg_prog.bigblock_3 _ _ _ nested_loop_before_cfg_to_dag_prog.block_3])
-apply (simp add:nested_loop_before_ast_to_cfg_prog.bigblock_3_def nested_loop_before_cfg_to_dag_prog.block_3_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:nested_loop_before_ast_to_cfg_prog.bigblock_3_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of nested_loop_before_ast_to_cfg_prog.bigblock_3])
-apply ((simp add:nested_loop_before_ast_to_cfg_prog.bigblock_3_def)+)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.block_3_def nested_loop_before_cfg_to_dag_prog.node_3)+)
-apply (rule cont_3_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def nested_loop_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_3_def cont_4_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 5])+)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_5)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: nested_loop_before_cfg_to_dag_prog.node_5)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: nested_loop_before_cfg_to_dag_prog.node_5)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop_before_cfg_to_dag_prog.proc_body 1 nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
-apply (rule correctness_propagates_through_assumption2)
-using assms(2)
-apply blast
-apply (simp add: nested_loop_before_cfg_to_dag_prog.node_2)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.block_2_def)
-
-apply (rule guardHint)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_assumption4)
-using assms(3)
-apply blast
-apply (simp add: nested_loop_before_cfg_to_dag_prog.node_2)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.block_2_def)
-
-apply (rule guardHint)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec)
-apply ((simp)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule strictly_smaller_helper2)
-apply ((simp)+)
-done
-
-lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of nested_loop_before_ast_to_cfg_prog.bigblock_1 _ _ _ nested_loop_before_cfg_to_dag_prog.block_1])
-apply (simp add:nested_loop_before_ast_to_cfg_prog.bigblock_1_def nested_loop_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:nested_loop_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of nested_loop_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:nested_loop_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.block_1_def nested_loop_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def nested_loop_before_ast_to_cfg_prog.bigblock_2_def cont_2_def nested_loop_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 7])+)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_6)
-apply (blast)
-
-
-apply ((blast)+)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-done
-qed
-qed
-
-lemma rel_nested_loop_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of nested_loop_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: nested_loop_before_cfg_to_dag_prog.block_0_def nested_loop_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of nested_loop_before_ast_to_cfg_prog.bigblock_0 _ nested_loop_before_cfg_to_dag_prog.block_0])
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_0_def nested_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
-apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: nested_loop_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: nested_loop_before_cfg_to_dag_prog.node_0)
-apply (rule rel_nested_loop_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: nested_loop_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: nested_loop_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (nested_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_y_2::int) (vc_x_1::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_loop_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (nested_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_nested_loop_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def nested_loop_before_ast_to_cfg_prog.pres_def nested_loop_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def nested_loop_before_ast_to_cfg_prog.pres_def nested_loop_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_6] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (nested_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_6_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_y_2::int) (vc_x_1::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) nested_loop_before_ast_to_cfg_prog.fdecls nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls nested_loop_before_ast_to_cfg_prog.axioms nested_loop_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding nested_loop_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_loop_before_ast_to_cfg_prog.ast_proc_def nested_loop_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 358696b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,150 +0,0 @@
-theory nested_loop_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [] (None ) (None ))"
-definition cont_6
-  where
-    "cont_6  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_6 cont_6)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_6 cont_6 ))"
-definition cont_5
-  where
-    "cont_5  = (KSeq bigblock_1 cont_1)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_5 cont_5)"
-definition cont_3
-  where
-    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_6]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding nested_loop_before_ast_to_cfg_prog.constants_vdecls_def nested_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding nested_loop_before_ast_to_cfg_prog.constants_vdecls_def nested_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding nested_loop_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding nested_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding nested_loop_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding nested_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = nested_loop_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop_before_ast_to_cfg_prog.post),proc_body = (Some (nested_loop_before_ast_to_cfg_prog.locals_vdecls,nested_loop_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 920919d..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,202 +0,0 @@
-theory nested_loop_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]"
-definition block_1
-  where
-    "block_1  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_6
-  where
-    "block_6  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[7,2],[3],[5,4],[3],[6],[1],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [7,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [5,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding nested_loop_before_cfg_to_dag_prog.constants_vdecls_def nested_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding nested_loop_before_cfg_to_dag_prog.constants_vdecls_def nested_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding nested_loop_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding nested_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding nested_loop_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding nested_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_cfg_to_dag_prog.constants_vdecls nested_loop_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop_before_cfg_to_dag_prog.params_vdecls nested_loop_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = nested_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop_before_cfg_to_dag_prog.post),proc_body = (Some (nested_loop_before_cfg_to_dag_prog.locals_vdecls,nested_loop_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
deleted file mode 100644
index fa93109..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_before_passive_prog.thy
+++ /dev/null
@@ -1,150 +0,0 @@
-theory nested_loop_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_5
-  where
-    "block_5  = [(Havoc 1),(Assume (BinOp (Var 1) Ge (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Havoc 0),(Havoc 1),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_8
-  where
-    "block_8  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_9
-  where
-    "block_9  = []"
-definition block_10
-  where
-    "block_10  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[1,6],[7],[8],[9]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 10,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [1,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop_before_ast_to_cfg_prog.params_vdecls_def nested_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding nested_loop_before_ast_to_cfg_prog.constants_vdecls_def nested_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
deleted file mode 100644
index 3ef623e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_cfgtodag_proof.thy
+++ /dev/null
@@ -1,605 +0,0 @@
-theory nested_loop_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop_before_ast_to_cfg_prog nested_loop_before_cfg_to_dag_prog nested_loop_before_passive_prog nested_loop_passification_proof nested_loop_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A nested_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def nested_loop_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule nested_loop_before_passive_prog.node_0)
-apply simp
-unfolding nested_loop_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon4_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_7_def nested_loop_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_7)
-apply (rule nested_loop_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon4_LoopDone)
-apply assumption+
-apply (rule nested_loop_before_cfg_to_dag_prog.outEdges_7)
-apply (rule nested_loop_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma Mods_anon5_LoopBody:
-shows "(mods_contained_in (set [1]) nested_loop_before_cfg_to_dag_prog.block_4)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_4_def nested_loop_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop_before_ast_to_cfg_prog.funcs_wf nested_loop_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_ast_to_cfg_prog.l_y(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon5_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_4)
-apply (rule nested_loop_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon5_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon5_LoopBody)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon5_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon3:
-shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_6)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_6_def
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_3 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_6_def nested_loop_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop_before_ast_to_cfg_prog.funcs_wf nested_loop_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_6)
-apply (rule nested_loop_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon3)
-apply (assumption+)
-apply (rule Mods_anon3)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_6))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon4_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5_LoopDone:
-shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_5)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_5_def nested_loop_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_5)
-apply (rule nested_loop_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon5_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon5_LoopDone)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon4_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5_LoopHead:
-shows "(mods_contained_in (set [1]) nested_loop_before_cfg_to_dag_prog.block_3)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_3_def nested_loop_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_3)
-apply (rule nested_loop_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon5_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon5_LoopHead)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon4_LoopBody:
-shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_2)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon4_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_2_def nested_loop_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop_before_ast_to_cfg_prog.funcs_wf nested_loop_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_ast_to_cfg_prog.l_y(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon4_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon4_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_2)
-apply (rule nested_loop_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon4_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon4_LoopBody)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon4_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon4_LoopHead:
-shows "(mods_contained_in (set [0,1]) nested_loop_before_cfg_to_dag_prog.block_1)"
-unfolding nested_loop_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon4_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_1_def nested_loop_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_x(1)))
-apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon4_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_1)
-apply (rule nested_loop_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon4_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon4_LoopHead)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop_before_cfg_to_dag_prog.block_0_def nested_loop_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop_before_ast_to_cfg_prog.funcs_wf nested_loop_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop_before_cfg_to_dag_prog.node_0)
-apply (rule nested_loop_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:nested_loop_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:nested_loop_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:nested_loop_before_passive_prog.outEdges_9))
-by ((simp add:nested_loop_before_passive_prog.node_9 nested_loop_before_passive_prog.block_9_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule nested_loop_before_passive_prog.node_10)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding nested_loop_before_passive_prog.block_10_def
-apply (rule assume_pres_normal[where ?es=nested_loop_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding nested_loop_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule nested_loop_before_passive_prog.outEdges_10)
-apply ((simp add:nested_loop_before_passive_prog.node_9 nested_loop_before_passive_prog.block_9_def))
-apply (rule nested_loop_before_passive_prog.outEdges_9)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_y_2::int) (vc_x_1::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_loop_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule nested_loop_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
deleted file mode 100644
index e32ff81..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passification_proof.thy
+++ /dev/null
@@ -1,370 +0,0 @@
-theory nested_loop_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_ast_to_cfg_prog nested_loop_passive_prog Boogie_Lang.PassificationML nested_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_0_def nested_loop_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_1_def nested_loop_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5])) (update_nstate_rel R [(1,(Inl 5))]) R_old nested_loop_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_2_def nested_loop_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_y(2) nested_loop_passive_prog.l_y_2(2)))
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(0,(Inl 6))]) R_old nested_loop_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_3_def nested_loop_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_x(2) nested_loop_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_4_def nested_loop_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4])) (update_nstate_rel R [(1,(Inl 4))]) R_old nested_loop_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_5_def nested_loop_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_y(2) nested_loop_passive_prog.l_y_1(2)))
-by simp
-
-lemma block_anon4_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 3)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_6_def nested_loop_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old nested_loop_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_7_def nested_loop_passive_prog.block_7_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_x(2) nested_loop_passive_prog.l_x_0(2)))
-apply ((simp add:nested_loop_before_ast_to_cfg_prog.l_y(2) nested_loop_passive_prog.l_y_0(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10))),(1,(Inr (LInt 10)))]) R_old nested_loop_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_8_def nested_loop_passive_prog.block_8_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_9_def nested_loop_passive_prog.block_9_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop_before_passive_prog.block_10_def nested_loop_passive_prog.block_10_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_0},@{thm nested_loop_before_passive_prog.outEdges_0}) (@{thm nested_loop_passive_prog.node_0},@{thm nested_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon4_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_1},@{thm nested_loop_before_passive_prog.outEdges_1}) (@{thm nested_loop_passive_prog.node_1},@{thm nested_loop_passive_prog.outEdges_1}) @{thm block_anon4_LoopDone} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_2},@{thm nested_loop_before_passive_prog.outEdges_2}) (@{thm nested_loop_passive_prog.node_2},@{thm nested_loop_passive_prog.outEdges_2}) @{thm block_anon5_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_3},@{thm nested_loop_before_passive_prog.outEdges_3}) (@{thm nested_loop_passive_prog.node_3},@{thm nested_loop_passive_prog.outEdges_3}) @{thm block_anon3} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_4},@{thm nested_loop_before_passive_prog.outEdges_4}) (@{thm nested_loop_passive_prog.node_4},@{thm nested_loop_passive_prog.outEdges_4}) @{thm block_anon5_LoopDone} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_5},@{thm nested_loop_before_passive_prog.outEdges_5}) (@{thm nested_loop_passive_prog.node_5},@{thm nested_loop_passive_prog.outEdges_5}) @{thm block_anon5_LoopHead} [
-@{thm cfg_block_anon5_LoopDone}, 
-@{thm cfg_block_anon5_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon4_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))" and 
-"((R 1) = (Some (Inl 3)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop_before_passive_prog.node_6},@{thm nested_loop_before_passive_prog.outEdges_6}) (@{thm nested_loop_passive_prog.node_6},@{thm nested_loop_passive_prog.outEdges_6}) @{thm block_anon4_LoopBody} [
-@{thm cfg_block_anon5_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon4_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_7},@{thm nested_loop_before_passive_prog.outEdges_7}) (@{thm nested_loop_passive_prog.node_7},@{thm nested_loop_passive_prog.outEdges_7}) @{thm block_anon4_LoopHead} [
-@{thm cfg_block_anon4_LoopDone}, 
-@{thm cfg_block_anon4_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_8},@{thm nested_loop_before_passive_prog.outEdges_8}) (@{thm nested_loop_passive_prog.node_8},@{thm nested_loop_passive_prog.outEdges_8}) @{thm block_anon0} [
-@{thm cfg_block_anon4_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_9},@{thm nested_loop_before_passive_prog.outEdges_9}) (@{thm nested_loop_passive_prog.node_9},@{thm nested_loop_passive_prog.outEdges_9}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop_before_passive_prog.node_10},@{thm nested_loop_before_passive_prog.outEdges_10}) (@{thm nested_loop_passive_prog.node_10},@{thm nested_loop_passive_prog.outEdges_10}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_before_ast_to_cfg_prog.params_vdecls nested_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop_before_passive_prog.proc_body ((Inl 10),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_y_2::int) (vc_x_1::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_loop_before_ast_to_cfg_prog.constants_vdecls ns nested_loop_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv nested_loop_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding nested_loop_before_ast_to_cfg_prog.constants_vdecls_def nested_loop_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding nested_loop_passive_prog.params_vdecls_def nested_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using nested_loop_before_passive_prog.globals_locals_disj apply auto[1]
-using nested_loop_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_loop_passive_prog.proc_body u (Inl 10)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range nested_loop_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_loop_passive_prog.proc_body ((Inl 10),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from nested_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
deleted file mode 100644
index 5a8e9dd..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_passive_prog.thy
+++ /dev/null
@@ -1,219 +0,0 @@
-theory nested_loop_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 5) Eq (BinOp (Var 4) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 5) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 6) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 6) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 4) Ge (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 3) Ge (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Var 2) Ge (Lit (LInt 0))))]"
-definition block_8
-  where
-    "block_8  = [(Assert (BinOp (Lit (LInt 10)) Ge (Lit (LInt 0))))]"
-definition block_9
-  where
-    "block_9  = []"
-definition block_10
-  where
-    "block_10  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[1,6],[7],[8],[9]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 10,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [1,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop_passive_prog.params_vdecls_def nested_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)))) = {})"
-unfolding nested_loop_before_ast_to_cfg_prog.constants_vdecls_def nested_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
deleted file mode 100644
index c654da1..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_proofs/nested_loop_proofs/nested_loop_vcphase_proof.thy
+++ /dev/null
@@ -1,395 +0,0 @@
-theory nested_loop_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML nested_loop_passive_prog nested_loop_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon4_LoopDone
-  where
-    "vc_anon4_LoopDone  = True"
-definition vc_anon5_LoopBody
-  where
-    "vc_anon5_LoopBody y_1 y_2 = (((y_1 > (0::int)) \<and> (y_2 = (y_1 - (1::int)))) \<longrightarrow> (y_2 \<ge> (0::int)))"
-definition vc_anon3
-  where
-    "vc_anon3 x_1 x_0 = ((x_1 = (x_0 - (1::int))) \<longrightarrow> (x_1 \<ge> (0::int)))"
-definition vc_anon5_LoopDone
-  where
-    "vc_anon5_LoopDone y_1 x_1 x_0 = (((0::int) \<ge> y_1) \<longrightarrow> (vc_anon3 x_1 x_0))"
-definition vc_anon5_LoopHead
-  where
-    "vc_anon5_LoopHead y_1 x_1 x_0 y_2 = ((y_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon5_LoopDone y_1 x_1 x_0) \<and> (vc_anon5_LoopBody y_1 y_2)))"
-definition vc_anon4_LoopBody
-  where
-    "vc_anon4_LoopBody x_0 y_0 y_1 x_1 y_2 = ((x_0 > (0::int)) \<longrightarrow> ((y_0 \<ge> (0::int)) \<and> ((y_0 \<ge> (0::int)) \<longrightarrow> (vc_anon5_LoopHead y_1 x_1 x_0 y_2))))"
-definition vc_anon4_LoopHead
-  where
-    "vc_anon4_LoopHead x_0 y_0 y_1 x_1 y_2 = ((x_0 \<ge> (0::int)) \<longrightarrow> ((vc_anon4_LoopDone ) \<and> (vc_anon4_LoopBody x_0 y_0 y_1 x_1 y_2)))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 y_0 y_1 x_1 y_2 = (((10::int) \<ge> (0::int)) \<and> (((10::int) \<ge> (0::int)) \<longrightarrow> (vc_anon4_LoopHead x_0 y_0 y_1 x_1 y_2)))"
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry x_0 y_0 y_1 x_1 y_2 = (vc_anon0 x_0 y_0 y_1 x_1 y_2)"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_y_1 :: "int" and vc_y_2 :: "int" and vc_x_1 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_1)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_2)))" and 
-G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_1)))" and 
-G7: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7
-lemmas forall_poly_thm = forall_vc_type[OF G7]
-lemmas exists_poly_thm = exists_vc_type[OF G7]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding nested_loop_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon4_LoopDone_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon4_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopDone ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding nested_loop_passive_prog.block_1_def vc.vc_anon4_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon5_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody vc_y_1 vc_y_2) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop_passive_prog.block_2_def vc.vc_anon5_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon3_hints = [
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon3AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon3 vc_x_1 vc_x_0) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop_passive_prog.block_3_def vc.vc_anon3_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon3_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon3 vc_x_1 vc_x_0)))))))"
-unfolding nested_loop_passive_prog.block_4_def vc.vc_anon5_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0) \<and> (vc.vc_anon5_LoopBody vc_y_1 vc_y_2))))))))"
-unfolding nested_loop_passive_prog.block_5_def vc.vc_anon5_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_LoopBody_hints = [
-(AssumeConjR 0,NONE), 
-(AssertSub,NONE)]
-\<close>
-lemma block_anon4_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2)))))))"
-unfolding nested_loop_passive_prog.block_6_def vc.vc_anon4_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon4_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon4_LoopDone ) \<and> (vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))))))))"
-unfolding nested_loop_passive_prog.block_7_def vc.vc_anon4_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon0_hints = [
-(AssertSub,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))))"
-unfolding nested_loop_passive_prog.block_8_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_9 (Normal n_s) s')" and 
-"(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))"
-using assms
-unfolding nested_loop_passive_prog.block_9_def
-apply cases
-by auto
-
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.block_10 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding nested_loop_passive_prog.block_10_def vc.vc_PreconditionGeneratedEntry_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) nested_loop_passive_prog.node_0 nested_loop_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon4_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_LoopDone )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_loop_passive_prog.node_1])
-apply (erule block_anon4_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopBody vc_y_1 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop_passive_prog.node_2])
-by (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon3 vc_x_1 vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop_passive_prog.node_3])
-by (erule block_anon3AA0[OF _ assms(2)])
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopDone vc_y_1 vc_x_1 vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_4])
-apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopHead vc_y_1 vc_x_1 vc_x_0 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_5])
-apply (erule block_anon5_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon4_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_LoopBody vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_6])
-apply (erule block_anon4_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon4_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4_LoopHead vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_7])
-apply (erule block_anon4_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_8])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_9])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop_passive_prog.node_10])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:nested_loop_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls)) \<Gamma> [] nested_loop_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_y_1::int) (vc_y_2::int) (vc_x_1::int). (vc.vc_PreconditionGeneratedEntry vc_x_0 vc_y_0 vc_y_1 vc_x_1 vc_y_2))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_loop_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) nested_loop_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s nested_loop_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append nested_loop_before_ast_to_cfg_prog.constants_vdecls nested_loop_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop_passive_prog.params_vdecls nested_loop_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((nested_loop_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF nested_loop_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/ROOT
deleted file mode 100644
index 7d363b2..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session nested_loop_while_true_proofs = Boogie_Lang + 
-directories nested_loop2_proofs
-theories
-global_data
-"nested_loop2_proofs/nested_loop2_passification_proof"
-"nested_loop2_proofs/nested_loop2_cfgtodag_proof"
-"nested_loop2_proofs/nested_loop2_before_passive_prog"
-"nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog"
-"nested_loop2_proofs/nested_loop2_vcphase_proof"
-"nested_loop2_proofs/nested_loop2_before_ast_to_cfg_prog"
-"nested_loop2_proofs/nested_loop2_passive_prog"
-"nested_loop2_proofs/nested_loop2_asttocfg_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_asttocfg_proof.thy
deleted file mode 100644
index 174e907..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_asttocfg_proof.thy
+++ /dev/null
@@ -1,713 +0,0 @@
-theory nested_loop2_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop2_before_ast_to_cfg_prog nested_loop2_before_cfg_to_dag_prog nested_loop2_cfgtodag_proof nested_loop2_passification_proof nested_loop2_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A nested_loop2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_9:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_9,cont_9,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (Lit (LBool True)) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_9])
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_9_def)
-
-apply (rule astTrace)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_9_def)
-apply (simp)
-apply (simp)
-apply (rule cont_9_def)
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_11)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule nested_loop2_before_cfg_to_dag_prog.block_11_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply ( rule neg_refl)
-apply (rule guardHint)
-apply (rule nested_loop2_before_cfg_to_dag_prog.outEdges_11)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_11)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_9_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_8:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop2_before_cfg_to_dag_prog.proc_body 1 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_8])
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_8_def)
-
-apply (rule astTrace)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_8_def)
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_10)
-apply (rule disjI1)
-apply (rule nested_loop2_before_cfg_to_dag_prog.block_10_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_8_def)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_10)
-
-
-
-apply ((erule allE[where x=1])+)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_10)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_nested_loop2_before_ast_to_cfg_prog_bigblock_7:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_7,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of nested_loop2_before_ast_to_cfg_prog.bigblock_7])
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_7_def nested_loop2_before_cfg_to_dag_prog.block_8_def)
-apply ((simp add: nested_loop2_before_cfg_to_dag_prog.block_8_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: nested_loop2_before_cfg_to_dag_prog.block_8_def nested_loop2_before_ast_to_cfg_prog.bigblock_7_def)+)
-done
-
-
-lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_7:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop2_before_cfg_to_dag_prog.proc_body 3 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of nested_loop2_before_ast_to_cfg_prog.bigblock_7])
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_7_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_7_def)
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_8)
-apply (rule disjI1)
-apply (rule nested_loop2_before_cfg_to_dag_prog.block_8_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_7_def)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_8)
-apply (rule rel_nested_loop2_before_ast_to_cfg_prog_bigblock_7)
-apply assumption
-apply (simp)
-apply ((erule allE[where x=3])+)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_8)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_nested_loop2_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of nested_loop2_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_6_def)
-apply ((simp add: assms(3) nested_loop2_before_ast_to_cfg_prog.bigblock_6_def)+)
-done
-
-
-lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_5 cont_5 nested_loop2_before_cfg_to_dag_prog.proc_body 5 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of nested_loop2_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_6_def)
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_6)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule nested_loop2_before_cfg_to_dag_prog.block_6_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_6_def)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_6)
-apply (rule rel_nested_loop2_before_ast_to_cfg_prog_bigblock_6)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=5])+)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_6)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop2_before_cfg_to_dag_prog.proc_body 3 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_5_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_5 _ _ _ nested_loop2_before_cfg_to_dag_prog.block_5])
-apply (simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_5_def nested_loop2_before_cfg_to_dag_prog.block_5_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_5_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_5])
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_5_def)+)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.block_5_def nested_loop2_before_cfg_to_dag_prog.node_5)+)
-apply (rule cont_5_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 6])+)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_6)
-apply (simp add: cont_5_def nested_loop2_before_ast_to_cfg_prog.bigblock_6_def cont_6_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_5_def cont_6_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 7])+)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_7)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_7)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_7_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_7)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_7)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_7_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_7)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_3 cont_3 nested_loop2_before_cfg_to_dag_prog.proc_body 3 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_5)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_5_def cont_4_def cont_5_def)
-apply (rule correctness_propagates_through_assumption2)
-using assms(2)
-apply blast
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_4)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_4_def)
-
-apply (rule guardHint)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_assumption4)
-using assms(3)
-apply blast
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_4)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_4_def)
-
-apply (rule guardHint)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec)
-apply ((simp)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule strictly_smaller_helper2)
-apply ((simp)+)
-done
-
-lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop2_before_cfg_to_dag_prog.proc_body 1 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_3 _ _ _ nested_loop2_before_cfg_to_dag_prog.block_3])
-apply (simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_3_def nested_loop2_before_cfg_to_dag_prog.block_3_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_3_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_3])
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_3_def)+)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.block_3_def nested_loop2_before_cfg_to_dag_prog.node_3)+)
-apply (rule cont_3_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def nested_loop2_before_ast_to_cfg_prog.bigblock_4_def cont_4_def nested_loop2_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_3_def cont_4_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 9])+)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_8)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_9)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_9_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_9)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_9)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_9_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_9)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (Lit (LBool True)) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T nested_loop2_before_ast_to_cfg_prog.bigblock_1 cont_1 nested_loop2_before_cfg_to_dag_prog.proc_body 1 nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
-apply (rule correctness_propagates_through_assumption2)
-using assms(2)
-apply blast
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_2)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_2_def)
-
-apply (rule guardHint)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_assumption4)
-using assms(3)
-apply blast
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_2)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_2_def)
-
-apply (rule guardHint)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec)
-apply ((simp)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule strictly_smaller_helper2)
-apply ((simp)+)
-done
-
-lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_1 _ _ _ nested_loop2_before_cfg_to_dag_prog.block_1])
-apply (simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_1_def nested_loop2_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of nested_loop2_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.block_1_def nested_loop2_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def nested_loop2_before_ast_to_cfg_prog.bigblock_2_def cont_2_def nested_loop2_before_ast_to_cfg_prog.bigblock_8_def cont_8_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 11])+)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-
-
-
-
-
-apply ((blast)+)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-done
-qed
-qed
-
-lemma rel_nested_loop2_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of nested_loop2_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def nested_loop2_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end nested_loop2_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of nested_loop2_before_ast_to_cfg_prog.bigblock_0 _ nested_loop2_before_cfg_to_dag_prog.block_0])
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_0_def nested_loop2_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: nested_loop2_before_cfg_to_dag_prog.node_0)
-apply (rule rel_nested_loop2_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: nested_loop2_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (nested_loop2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_loop2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_loop2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_loop2_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop2_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (nested_loop2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_nested_loop2_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def nested_loop2_before_ast_to_cfg_prog.pres_def nested_loop2_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def nested_loop2_before_ast_to_cfg_prog.pres_def nested_loop2_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_9] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (nested_loop2_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_9_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) nested_loop2_before_ast_to_cfg_prog.fdecls nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls nested_loop2_before_ast_to_cfg_prog.axioms nested_loop2_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding nested_loop2_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 nested_loop2_before_ast_to_cfg_prog.ast_proc_def nested_loop2_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_ast_to_cfg_prog.thy
deleted file mode 100644
index ce56d08..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,168 +0,0 @@
-theory nested_loop2_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))] (Some (WhileWrapper (ParsedWhile (Some (Lit (LBool True))) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (Lit (LBool True))) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [(BinOp (Var 0) Ge (Lit (LInt 0)))] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 0)))) [(BinOp (Var 1) Ge (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_7
-  where
-    "bigblock_7  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_8
-  where
-    "bigblock_8  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_9
-  where
-    "bigblock_9  = (BigBlock (None ) [] (None ) (None ))"
-definition cont_9
-  where
-    "cont_9  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_9 cont_9)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_9 cont_9 ))"
-definition cont_8
-  where
-    "cont_8  = (KSeq bigblock_1 cont_1)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_8 cont_8)"
-definition cont_3
-  where
-    "cont_3  = (KEndBlock (KSeq bigblock_8 cont_8 ))"
-definition cont_7
-  where
-    "cont_7  = (KSeq bigblock_3 cont_3)"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_7 cont_7)"
-definition cont_5
-  where
-    "cont_5  = (KEndBlock (KSeq bigblock_7 cont_7 ))"
-definition cont_6
-  where
-    "cont_6  = (KSeq bigblock_5 cont_5)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_9]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding nested_loop2_before_ast_to_cfg_prog.constants_vdecls_def nested_loop2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding nested_loop2_before_ast_to_cfg_prog.constants_vdecls_def nested_loop2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding nested_loop2_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding nested_loop2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding nested_loop2_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = nested_loop2_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop2_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop2_before_ast_to_cfg_prog.post),proc_body = (Some (nested_loop2_before_ast_to_cfg_prog.locals_vdecls,nested_loop2_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy
deleted file mode 100644
index b641d60..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,246 +0,0 @@
-theory nested_loop2_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (Lit (LBool True)))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_8
-  where
-    "block_8  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_9
-  where
-    "block_9  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = [(Assume (UnOp Not (Lit (LBool True))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[11,2],[3],[9,4],[5],[7,6],[5],[8],[3],[10],[1],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [11,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [9,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [7,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding nested_loop2_before_cfg_to_dag_prog.constants_vdecls_def nested_loop2_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop2_before_cfg_to_dag_prog.params_vdecls_def nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding nested_loop2_before_cfg_to_dag_prog.constants_vdecls_def nested_loop2_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding nested_loop2_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding nested_loop2_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding nested_loop2_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) nested_loop2_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding nested_loop2_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_cfg_to_dag_prog.constants_vdecls nested_loop2_before_cfg_to_dag_prog.globals_vdecls),(append nested_loop2_before_cfg_to_dag_prog.params_vdecls nested_loop2_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = nested_loop2_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec nested_loop2_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec nested_loop2_before_cfg_to_dag_prog.post),proc_body = (Some (nested_loop2_before_cfg_to_dag_prog.locals_vdecls,nested_loop2_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy
deleted file mode 100644
index a8c6cc1..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_before_passive_prog.thy
+++ /dev/null
@@ -1,194 +0,0 @@
-theory nested_loop2_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop2_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (UnOp Not (Lit (LBool True))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assign 1 (BinOp (Var 1) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_5
-  where
-    "block_5  = [(Havoc 1),(Assume (BinOp (Var 1) Ge (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 1) Ge (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (Lit (LBool False)))]"
-definition block_8
-  where
-    "block_8  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_9
-  where
-    "block_9  = [(Havoc 0),(Havoc 1),(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_10
-  where
-    "block_10  = [(Assume (Lit (LBool True))),(Assert (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition block_11
-  where
-    "block_11  = [(Havoc 0),(Havoc 1)]"
-definition block_12
-  where
-    "block_12  = [(Assign 0 (Lit (LInt 10))),(Assign 1 (Lit (LInt 10)))]"
-definition block_13
-  where
-    "block_13  = []"
-definition block_14
-  where
-    "block_14  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[0],[7],[8,6],[9],[1,10],[11],[12],[13]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 14,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_13:
-shows "((nth (node_to_block proc_body) 13) = block_13)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_14:
-shows "((nth (node_to_block proc_body) 14) = block_14)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [1,10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_13:
-shows "((nth (out_edges proc_body) 13) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_14:
-shows "((nth (out_edges proc_body) 14) = [13])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop2_before_ast_to_cfg_prog.params_vdecls_def nested_loop2_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding nested_loop2_before_ast_to_cfg_prog.constants_vdecls_def nested_loop2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy
deleted file mode 100644
index 0173a93..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_cfgtodag_proof.thy
+++ /dev/null
@@ -1,864 +0,0 @@
-theory nested_loop2_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML nested_loop2_before_ast_to_cfg_prog nested_loop2_before_cfg_to_dag_prog nested_loop2_before_passive_prog nested_loop2_passification_proof nested_loop2_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A nested_loop2_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop2_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def nested_loop2_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule nested_loop2_before_passive_prog.node_0)
-apply simp
-unfolding nested_loop2_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_11 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_11_def nested_loop2_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_11)
-apply (rule nested_loop2_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon6_LoopDone)
-apply assumption+
-apply (rule nested_loop2_before_cfg_to_dag_prog.outEdges_11)
-apply (rule nested_loop2_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma Mods_anon8_LoopBody:
-shows "(mods_contained_in (set [1]) nested_loop2_before_cfg_to_dag_prog.block_6)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def
-by simp
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_6_def nested_loop2_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop2_before_ast_to_cfg_prog.funcs_wf nested_loop2_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_ast_to_cfg_prog.l_y(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 5 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_6)
-apply (rule nested_loop2_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon8_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon8_LoopBody)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_6))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon8_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon4:
-shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_8)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_8_def
-by simp
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_3 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_8_def nested_loop2_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop2_before_ast_to_cfg_prog.funcs_wf nested_loop2_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon4:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_8)
-apply (rule nested_loop2_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon4)
-apply (assumption+)
-apply (rule Mods_anon4)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_8))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_8))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon7_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_LoopDone:
-shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_7)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_7_def
-by simp
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_7_def nested_loop2_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_7)
-apply (rule nested_loop2_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon8_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon8_LoopDone)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_7))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_7))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_LoopHead:
-shows "(mods_contained_in (set [1]) nested_loop2_before_cfg_to_dag_prog.block_5)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_5_def nested_loop2_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1] [(BinOp (Var 1) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_5)
-apply (rule nested_loop2_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon8_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon8_LoopHead)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon7_LoopBody:
-shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_4)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 1) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_4_def nested_loop2_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop2_before_ast_to_cfg_prog.funcs_wf nested_loop2_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_ast_to_cfg_prog.l_y(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_4)
-apply (rule nested_loop2_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon7_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon7_LoopBody)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5:
-shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_10)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_10_def
-by simp
-
-lemma block_anon5:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_10 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_7 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_10_def nested_loop2_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_10)
-apply (rule nested_loop2_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon5)
-apply (assumption+)
-apply (rule Mods_anon5)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_10))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_10))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_LoopDone:
-shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_9)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_9_def
-by simp
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_9_def nested_loop2_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_9)
-apply (rule nested_loop2_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon7_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon7_LoopDone)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_9))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_9))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon6_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_LoopHead:
-shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_3)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_9 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_3_def nested_loop2_before_passive_prog.block_9_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_x(1)))
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [(BinOp (Var 0) Ge (Lit (LInt 0)))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_3)
-apply (rule nested_loop2_before_passive_prog.node_9)
-apply (assumption+)
-apply (rule block_anon7_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon7_LoopHead)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=8])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon6_LoopBody:
-shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_2)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 0) Ge (Lit (LInt 0)))] nested_loop2_before_passive_prog.block_10 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_2_def nested_loop2_before_passive_prog.block_10_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (erule type_safety_top_level_inv[OF Wf_Fun nested_loop2_before_ast_to_cfg_prog.funcs_wf nested_loop2_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms nested_loop2_before_ast_to_cfg_prog.l_x(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body [0,1] [] nested_loop2_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_2)
-apply (rule nested_loop2_before_passive_prog.node_10)
-apply (assumption+)
-apply (rule block_anon6_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon6_LoopBody)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=9])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_10))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon6_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopHead:
-shows "(mods_contained_in (set [0,1]) nested_loop2_before_cfg_to_dag_prog.block_1)"
-unfolding nested_loop2_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_11 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_11 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_1_def nested_loop2_before_passive_prog.block_11_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_x(1)))
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_1)
-apply (rule nested_loop2_before_passive_prog.node_11)
-apply (assumption+)
-apply (rule block_anon6_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon6_LoopHead)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_11))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=10])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_11))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.block_12 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] nested_loop2_before_passive_prog.block_12 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding nested_loop2_before_cfg_to_dag_prog.block_0_def nested_loop2_before_passive_prog.block_12_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule nested_loop2_before_cfg_to_dag_prog.node_0)
-apply (rule nested_loop2_before_passive_prog.node_12)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:nested_loop2_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=11])
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_12))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:nested_loop2_before_passive_prog.outEdges_13))
-by ((simp add:nested_loop2_before_passive_prog.node_13 nested_loop2_before_passive_prog.block_13_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 14),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 nested_loop2_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule nested_loop2_before_passive_prog.node_14)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding nested_loop2_before_passive_prog.block_14_def
-apply (rule assume_pres_normal[where ?es=nested_loop2_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding nested_loop2_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule nested_loop2_before_passive_prog.outEdges_14)
-apply ((simp add:nested_loop2_before_passive_prog.node_13 nested_loop2_before_passive_prog.block_13_def))
-apply (rule nested_loop2_before_passive_prog.outEdges_13)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_loop2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_loop2_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) nested_loop2_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns nested_loop2_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] nested_loop2_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop2_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule nested_loop2_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy
deleted file mode 100644
index 1c25f34..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passification_proof.thy
+++ /dev/null
@@ -1,451 +0,0 @@
-theory nested_loop2_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop2_before_ast_to_cfg_prog nested_loop2_passive_prog Boogie_Lang.PassificationML nested_loop2_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_0_def nested_loop2_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_1_def nested_loop2_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(1,(Inl 7))]) R_old nested_loop2_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_2_def nested_loop2_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(2) nested_loop2_passive_prog.l_y_3(2)))
-by simp
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old nested_loop2_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_3_def nested_loop2_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_x(2) nested_loop2_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))" and 
-"((R 1) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_4_def nested_loop2_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6])) (update_nstate_rel R [(1,(Inl 6))]) R_old nested_loop2_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_5_def nested_loop2_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(2) nested_loop2_passive_prog.l_y_2(2)))
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))" and 
-"((R 1) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_6_def nested_loop2_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_7_def nested_loop2_passive_prog.block_7_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_8_def nested_loop2_passive_prog.block_8_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [4,5] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [4,5])) (update_nstate_rel R [(0,(Inl 4)),(1,(Inl 5))]) R_old nested_loop2_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_9_def nested_loop2_passive_prog.block_9_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_x(2) nested_loop2_passive_prog.l_x_1(2)))
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(2) nested_loop2_passive_prog.l_y_1(2)))
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_10_def nested_loop2_passive_prog.block_10_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_11 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2,3] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2,3])) (update_nstate_rel R [(0,(Inl 2)),(1,(Inl 3))]) R_old nested_loop2_passive_prog.block_11 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_11_def nested_loop2_passive_prog.block_11_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_x(2) nested_loop2_passive_prog.l_x_0(2)))
-apply ((simp add:nested_loop2_before_ast_to_cfg_prog.l_y(2) nested_loop2_passive_prog.l_y_0(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_12 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10))),(1,(Inr (LInt 10)))]) R_old nested_loop2_passive_prog.block_12 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_12_def nested_loop2_passive_prog.block_12_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_13 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_13 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_13_def nested_loop2_passive_prog.block_13_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.block_14 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old nested_loop2_passive_prog.block_14 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding nested_loop2_before_passive_prog.block_14_def nested_loop2_passive_prog.block_14_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_0},@{thm nested_loop2_before_passive_prog.outEdges_0}) (@{thm nested_loop2_passive_prog.node_0},@{thm nested_loop2_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_1},@{thm nested_loop2_before_passive_prog.outEdges_1}) (@{thm nested_loop2_passive_prog.node_1},@{thm nested_loop2_passive_prog.outEdges_1}) @{thm block_anon6_LoopDone} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_2},@{thm nested_loop2_before_passive_prog.outEdges_2}) (@{thm nested_loop2_passive_prog.node_2},@{thm nested_loop2_passive_prog.outEdges_2}) @{thm block_anon8_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_3},@{thm nested_loop2_before_passive_prog.outEdges_3}) (@{thm nested_loop2_passive_prog.node_3},@{thm nested_loop2_passive_prog.outEdges_3}) @{thm block_anon4} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))" and 
-"((R 1) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_4},@{thm nested_loop2_before_passive_prog.outEdges_4}) (@{thm nested_loop2_passive_prog.node_4},@{thm nested_loop2_passive_prog.outEdges_4}) @{thm block_anon8_LoopDone} [
-@{thm cfg_block_anon4}] 1\<close>))
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_5},@{thm nested_loop2_before_passive_prog.outEdges_5}) (@{thm nested_loop2_passive_prog.node_5},@{thm nested_loop2_passive_prog.outEdges_5}) @{thm block_anon8_LoopHead} [
-@{thm cfg_block_anon8_LoopDone}, 
-@{thm cfg_block_anon8_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))" and 
-"((R 1) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_6},@{thm nested_loop2_before_passive_prog.outEdges_6}) (@{thm nested_loop2_passive_prog.node_6},@{thm nested_loop2_passive_prog.outEdges_6}) @{thm block_anon7_LoopBody} [
-@{thm cfg_block_anon8_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon5:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_7},@{thm nested_loop2_before_passive_prog.outEdges_7}) (@{thm nested_loop2_passive_prog.node_7},@{thm nested_loop2_passive_prog.outEdges_7}) @{thm block_anon5} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_8},@{thm nested_loop2_before_passive_prog.outEdges_8}) (@{thm nested_loop2_passive_prog.node_8},@{thm nested_loop2_passive_prog.outEdges_8}) @{thm block_anon7_LoopDone} [
-@{thm cfg_block_anon5}] 1\<close>))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_9},@{thm nested_loop2_before_passive_prog.outEdges_9}) (@{thm nested_loop2_passive_prog.node_9},@{thm nested_loop2_passive_prog.outEdges_9}) @{thm block_anon7_LoopHead} [
-@{thm cfg_block_anon7_LoopDone}, 
-@{thm cfg_block_anon7_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 4 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm nested_loop2_before_passive_prog.node_10},@{thm nested_loop2_before_passive_prog.outEdges_10}) (@{thm nested_loop2_passive_prog.node_10},@{thm nested_loop2_passive_prog.outEdges_10}) @{thm block_anon6_LoopBody} [
-@{thm cfg_block_anon7_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 11)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_11},@{thm nested_loop2_before_passive_prog.outEdges_11}) (@{thm nested_loop2_passive_prog.node_11},@{thm nested_loop2_passive_prog.outEdges_11}) @{thm block_anon6_LoopHead} [
-@{thm cfg_block_anon6_LoopDone}, 
-@{thm cfg_block_anon6_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 12)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_12},@{thm nested_loop2_before_passive_prog.outEdges_12}) (@{thm nested_loop2_passive_prog.node_12},@{thm nested_loop2_passive_prog.outEdges_12}) @{thm block_anon0} [
-@{thm cfg_block_anon6_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 13)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_13},@{thm nested_loop2_before_passive_prog.outEdges_13}) (@{thm nested_loop2_passive_prog.node_13},@{thm nested_loop2_passive_prog.outEdges_13}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> nested_loop2_before_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body u (Inl 14)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm nested_loop2_before_passive_prog.node_14},@{thm nested_loop2_before_passive_prog.outEdges_14}) (@{thm nested_loop2_passive_prog.node_14},@{thm nested_loop2_passive_prog.outEdges_14}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_before_ast_to_cfg_prog.params_vdecls nested_loop2_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] nested_loop2_before_passive_prog.proc_body ((Inl 14),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_loop2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_loop2_before_ast_to_cfg_prog.constants_vdecls ns nested_loop2_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv nested_loop2_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding nested_loop2_before_ast_to_cfg_prog.constants_vdecls_def nested_loop2_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding nested_loop2_passive_prog.params_vdecls_def nested_loop2_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using nested_loop2_before_passive_prog.globals_locals_disj apply auto[1]
-using nested_loop2_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] nested_loop2_passive_prog.proc_body u (Inl 14)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range nested_loop2_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] nested_loop2_passive_prog.proc_body ((Inl 14),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from nested_loop2_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy
deleted file mode 100644
index b4a0741..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_passive_prog.thy
+++ /dev/null
@@ -1,281 +0,0 @@
-theory nested_loop2_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util nested_loop2_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (UnOp Not (Lit (LBool True))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 6) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 7) Eq (BinOp (Var 6) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 7) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 8) Eq (BinOp (Var 4) Sub (Lit (LInt 1))))),(Assert (BinOp (Var 8) Ge (Lit (LInt 0)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 6)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Var 6) Ge (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 4) Gt (Lit (LInt 0)))),(Assert (BinOp (Var 5) Ge (Lit (LInt 0))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (Lit (LBool False)))]"
-definition block_8
-  where
-    "block_8  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 4)))]"
-definition block_9
-  where
-    "block_9  = [(Assume (BinOp (Var 4) Ge (Lit (LInt 0))))]"
-definition block_10
-  where
-    "block_10  = [(Assume (Lit (LBool True))),(Assert (BinOp (Var 2) Ge (Lit (LInt 0))))]"
-definition block_11
-  where
-    "block_11  = []"
-definition block_12
-  where
-    "block_12  = []"
-definition block_13
-  where
-    "block_13  = []"
-definition block_14
-  where
-    "block_14  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[0],[7],[8,6],[9],[1,10],[11],[12],[13]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 14,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_13:
-shows "((nth (node_to_block proc_body) 13) = block_13)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_14:
-shows "((nth (node_to_block proc_body) 14) = block_14)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [1,10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_13:
-shows "((nth (out_edges proc_body) 13) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_14:
-shows "((nth (out_edges proc_body) 14) = [13])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding nested_loop2_passive_prog.params_vdecls_def nested_loop2_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)))) = {})"
-unfolding nested_loop2_before_ast_to_cfg_prog.constants_vdecls_def nested_loop2_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_3:
-shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_3:
-shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy
deleted file mode 100644
index 7e91703..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/nested_loop_while_true_proofs/nested_loop2_proofs/nested_loop2_vcphase_proof.thy
+++ /dev/null
@@ -1,506 +0,0 @@
-theory nested_loop2_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML nested_loop2_passive_prog nested_loop2_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon6_LoopDone
-  where
-    "vc_anon6_LoopDone  = True"
-definition vc_anon8_LoopBody
-  where
-    "vc_anon8_LoopBody y_2 y_3 = (((y_2 > (0::int)) \<and> (y_3 = (y_2 - (1::int)))) \<longrightarrow> (y_3 \<ge> (0::int)))"
-definition vc_anon4
-  where
-    "vc_anon4 x_2 x_1 = ((x_2 = (x_1 - (1::int))) \<longrightarrow> (x_2 \<ge> (0::int)))"
-definition vc_anon8_LoopDone
-  where
-    "vc_anon8_LoopDone y_2 x_2 x_1 = (((0::int) \<ge> y_2) \<longrightarrow> (vc_anon4 x_2 x_1))"
-definition vc_anon8_LoopHead
-  where
-    "vc_anon8_LoopHead y_2 x_2 x_1 y_3 = ((y_2 \<ge> (0::int)) \<longrightarrow> ((vc_anon8_LoopDone y_2 x_2 x_1) \<and> (vc_anon8_LoopBody y_2 y_3)))"
-definition vc_anon7_LoopBody
-  where
-    "vc_anon7_LoopBody x_1 y_1 y_2 x_2 y_3 = ((x_1 > (0::int)) \<longrightarrow> ((y_1 \<ge> (0::int)) \<and> ((y_1 \<ge> (0::int)) \<longrightarrow> (vc_anon8_LoopHead y_2 x_2 x_1 y_3))))"
-definition vc_anon5
-  where
-    "vc_anon5  = True"
-definition vc_anon7_LoopDone
-  where
-    "vc_anon7_LoopDone x_1 = (((0::int) \<ge> x_1) \<longrightarrow> (vc_anon5 ))"
-definition vc_anon7_LoopHead
-  where
-    "vc_anon7_LoopHead x_1 y_1 y_2 x_2 y_3 = ((x_1 \<ge> (0::int)) \<longrightarrow> ((vc_anon7_LoopDone x_1) \<and> (vc_anon7_LoopBody x_1 y_1 y_2 x_2 y_3)))"
-definition vc_anon6_LoopBody
-  where
-    "vc_anon6_LoopBody x_0 x_1 y_1 y_2 x_2 y_3 = ((x_0 \<ge> (0::int)) \<and> ((x_0 \<ge> (0::int)) \<longrightarrow> (vc_anon7_LoopHead x_1 y_1 y_2 x_2 y_3)))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 x_1 y_1 y_2 x_2 y_3 = ((vc_anon6_LoopDone ) \<and> (vc_anon6_LoopBody x_0 x_1 y_1 y_2 x_2 y_3))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_x_1 :: "int" and vc_y_1 :: "int" and vc_y_2 :: "int" and vc_y_3 :: "int" and vc_x_2 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_y_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_x_1)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_y_1)))" and 
-G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_y_2)))" and 
-G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_3)))" and 
-G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_2)))" and 
-G9: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9
-lemmas forall_poly_thm = forall_vc_type[OF G9]
-lemmas exists_poly_thm = exists_vc_type[OF G9]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding nested_loop2_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon6_LoopDone_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon6_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding nested_loop2_passive_prog.block_1_def vc.vc_anon6_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_LoopBody_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon8_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopBody vc_y_2 vc_y_3) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop2_passive_prog.block_2_def vc.vc_anon8_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_hints = [
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon4AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 vc_x_2 vc_x_1) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop2_passive_prog.block_3_def vc.vc_anon4_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon8_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 vc_x_2 vc_x_1)))))))"
-unfolding nested_loop2_passive_prog.block_4_def vc.vc_anon8_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon8_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon8_LoopHead vc_y_2 vc_x_2 vc_x_1 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1) \<and> (vc.vc_anon8_LoopBody vc_y_2 vc_y_3))))))))"
-unfolding nested_loop2_passive_prog.block_5_def vc.vc_anon8_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon7_LoopBody_hints = [
-(AssumeConjR 0,NONE), 
-(AssertSub,NONE)]
-\<close>
-lemma block_anon7_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon8_LoopHead vc_y_2 vc_x_2 vc_x_1 vc_y_3)))))))"
-unfolding nested_loop2_passive_prog.block_6_def vc.vc_anon7_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_hints = [
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon5AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5 ) \<Longrightarrow> (s' = Magic)))"
-unfolding nested_loop2_passive_prog.block_7_def vc.vc_anon5_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon7_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon7_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopDone vc_x_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5 )))))))"
-unfolding nested_loop2_passive_prog.block_8_def vc.vc_anon7_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon7_LoopHead_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon7_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_LoopDone vc_x_1) \<and> (vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))))"
-unfolding nested_loop2_passive_prog.block_9_def vc.vc_anon7_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssertSub,NONE)]
-\<close>
-lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_10 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)))))))"
-unfolding nested_loop2_passive_prog.block_10_def vc.vc_anon6_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
-by (auto?)
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_11 (Normal n_s) s')" and 
-"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))"
-using assms
-unfolding nested_loop2_passive_prog.block_11_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_12 (Normal n_s) s')" and 
-"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))"
-using assms
-unfolding nested_loop2_passive_prog.block_12_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_13 (Normal n_s) s')" and 
-"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))"
-using assms
-unfolding nested_loop2_passive_prog.block_13_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.block_14 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding nested_loop2_passive_prog.block_14_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) nested_loop2_passive_prog.node_0 nested_loop2_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopDone )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) nested_loop2_passive_prog.node_1])
-apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_LoopBody vc_y_2 vc_y_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop2_passive_prog.node_2])
-by (erule block_anon8_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4 vc_x_2 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop2_passive_prog.node_3])
-by (erule block_anon4AA0[OF _ assms(2)])
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_LoopDone vc_y_2 vc_x_2 vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_4])
-apply (erule block_anon8_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon8_LoopHead vc_y_2 vc_x_2 vc_x_1 vc_y_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_5])
-apply (erule block_anon8_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_LoopBody vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_6])
-apply (erule block_anon7_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) nested_loop2_passive_prog.node_7])
-by (erule block_anon5AA0[OF _ assms(2)])
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_LoopDone vc_x_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_8])
-apply (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_LoopHead vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_9])
-apply (erule block_anon7_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_10])
-apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_11])
-apply (erule block_anon6_LoopHead[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_11))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_12])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_12))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon6_LoopDone ) \<and> (vc.vc_anon6_LoopBody vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_13])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_13))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> nested_loop2_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) nested_loop2_passive_prog.node_14])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:nested_loop2_passive_prog.outEdges_14))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls)) \<Gamma> [] nested_loop2_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_x_0::int) (vc_y_0::int) (vc_x_1::int) (vc_y_1::int) (vc_y_2::int) (vc_y_3::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0 vc_x_1 vc_y_1 vc_y_2 vc_x_2 vc_y_3))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A nested_loop2_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> nested_loop2_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) nested_loop2_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s nested_loop2_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append nested_loop2_before_ast_to_cfg_prog.constants_vdecls nested_loop2_before_ast_to_cfg_prog.globals_vdecls),(append nested_loop2_passive_prog.params_vdecls nested_loop2_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((nested_loop2_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_x])
-apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_y])
-apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_3:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_y_3])
-apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_y_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF nested_loop2_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF nested_loop2_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (rule HOL.conjunct1[OF sc_y_3])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/ROOT
deleted file mode 100644
index 9d5060e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session no_guard_empty_branch_if_proofs = Boogie_Lang + 
-directories no_guard_empty_branch_if_proofs
-theories
-global_data
-"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog"
-"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_to_cfg_prog"
-"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof"
-"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof"
-"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog"
-"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof"
-"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_asttocfg_proof"
-"no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_asttocfg_proof.thy
deleted file mode 100644
index 01511e5..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_asttocfg_proof.thy
+++ /dev/null
@@ -1,251 +0,0 @@
-theory no_guard_empty_branch_if_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_empty_branch_if_before_ast_to_cfg_prog no_guard_empty_branch_if_before_cfg_to_dag_prog no_guard_empty_branch_if_cfgtodag_proof no_guard_empty_branch_if_passification_proof no_guard_empty_branch_if_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_guard_empty_branch_if_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (simp)
-apply (rule cont_2_def)
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
-apply (rule disjI1)
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def)
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
-apply (rule rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_2)
-apply assumption+
-
-done
-qed
-
-lemma global_rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_guard_empty_branch_if_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def)
-
-apply (rule astTrace)
-apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (simp)
-apply (rule cont_1_def)
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
-apply (rule disjI1)
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def)
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
-apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_guard_empty_branch_if_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0 _ no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0])
-apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
-apply (rule rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-
-apply (rule disjE, simp)
-apply ((erule allE[where x = 1])+)
-apply ((simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add: no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_0_def no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) no_guard_empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_empty_branch_if_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_no_guard_empty_branch_if_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.pres_def no_guard_empty_branch_if_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.pres_def no_guard_empty_branch_if_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (no_guard_empty_branch_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.axioms no_guard_empty_branch_if_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_guard_empty_branch_if_before_ast_to_cfg_prog.ast_proc_def no_guard_empty_branch_if_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 1ebfb8d..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,117 +0,0 @@
-theory no_guard_empty_branch_if_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (None ) [(BigBlock (None ) [] (None ) (None ))] [(BigBlock (None ) [(Assign 0 (Lit (LInt 6)))] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (Lit (LInt 6)))] (None ) (None ))"
-definition cont_0
-  where
-    "cont_0  = KStop"
-definition cont_1
-  where
-    "cont_1  = KStop"
-definition cont_2
-  where
-    "cont_2  = KStop"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_ast_to_cfg_prog.post),proc_body = (Some (no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls,no_guard_empty_branch_if_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 56c8adc..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,138 +0,0 @@
-theory no_guard_empty_branch_if_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assign 0 (Lit (LInt 6)))]"
-definition outEdges
-  where
-    "outEdges  = [[1,2],[],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls_def no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_empty_branch_if_before_cfg_to_dag_prog.constants_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.globals_vdecls),(append no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = no_guard_empty_branch_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_empty_branch_if_before_cfg_to_dag_prog.post),proc_body = (Some (no_guard_empty_branch_if_before_cfg_to_dag_prog.locals_vdecls,no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
deleted file mode 100644
index d4d93a5..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory no_guard_empty_branch_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assign 0 (Lit (LInt 6)))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
deleted file mode 100644
index 7833ae7..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_cfgtodag_proof.thy
+++ /dev/null
@@ -1,242 +0,0 @@
-theory no_guard_empty_branch_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_empty_branch_if_before_ast_to_cfg_prog no_guard_empty_branch_if_before_cfg_to_dag_prog no_guard_empty_branch_if_before_passive_prog no_guard_empty_branch_if_passification_proof no_guard_empty_branch_if_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_empty_branch_if_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def no_guard_empty_branch_if_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule no_guard_empty_branch_if_before_passive_prog.node_0)
-apply simp
-unfolding no_guard_empty_branch_if_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_1_def no_guard_empty_branch_if_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_1)
-apply (rule no_guard_empty_branch_if_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_Then)
-apply assumption+
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_1)
-apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_2_def no_guard_empty_branch_if_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_2)
-apply (rule no_guard_empty_branch_if_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_Else)
-apply assumption+
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_2)
-apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_empty_branch_if_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_empty_branch_if_before_cfg_to_dag_prog.block_0_def no_guard_empty_branch_if_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule no_guard_empty_branch_if_before_cfg_to_dag_prog.node_0)
-apply (rule no_guard_empty_branch_if_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:no_guard_empty_branch_if_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:no_guard_empty_branch_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:no_guard_empty_branch_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:no_guard_empty_branch_if_before_passive_prog.outEdges_4))
-by ((simp add:no_guard_empty_branch_if_before_passive_prog.node_4 no_guard_empty_branch_if_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_empty_branch_if_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule no_guard_empty_branch_if_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding no_guard_empty_branch_if_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=no_guard_empty_branch_if_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_5)
-apply ((simp add:no_guard_empty_branch_if_before_passive_prog.node_4 no_guard_empty_branch_if_before_passive_prog.block_4_def))
-apply (rule no_guard_empty_branch_if_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) no_guard_empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_empty_branch_if_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_empty_branch_if_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule no_guard_empty_branch_if_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
deleted file mode 100644
index aaeb398..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passification_proof.thy
+++ /dev/null
@@ -1,254 +0,0 @@
-theory no_guard_empty_branch_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_ast_to_cfg_prog no_guard_empty_branch_if_passive_prog Boogie_Lang.PassificationML no_guard_empty_branch_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_empty_branch_if_before_passive_prog.block_0_def no_guard_empty_branch_if_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_empty_branch_if_before_passive_prog.block_1_def no_guard_empty_branch_if_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 6)))]) R_old no_guard_empty_branch_if_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_empty_branch_if_before_passive_prog.block_2_def no_guard_empty_branch_if_passive_prog.block_2_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old no_guard_empty_branch_if_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_empty_branch_if_before_passive_prog.block_3_def no_guard_empty_branch_if_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:no_guard_empty_branch_if_before_ast_to_cfg_prog.l_x(2) no_guard_empty_branch_if_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_empty_branch_if_before_passive_prog.block_4_def no_guard_empty_branch_if_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_empty_branch_if_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_empty_branch_if_before_passive_prog.block_5_def no_guard_empty_branch_if_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_0},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_0}) (@{thm no_guard_empty_branch_if_passive_prog.node_0},@{thm no_guard_empty_branch_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon3_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_1},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_1}) (@{thm no_guard_empty_branch_if_passive_prog.node_1},@{thm no_guard_empty_branch_if_passive_prog.outEdges_1}) @{thm block_anon3_Then} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_2},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_2}) (@{thm no_guard_empty_branch_if_passive_prog.node_2},@{thm no_guard_empty_branch_if_passive_prog.outEdges_2}) @{thm block_anon3_Else} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_3},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_3}) (@{thm no_guard_empty_branch_if_passive_prog.node_3},@{thm no_guard_empty_branch_if_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon3_Then}, 
-@{thm cfg_block_anon3_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_4},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_4}) (@{thm no_guard_empty_branch_if_passive_prog.node_4},@{thm no_guard_empty_branch_if_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_empty_branch_if_before_passive_prog.node_5},@{thm no_guard_empty_branch_if_before_passive_prog.outEdges_5}) (@{thm no_guard_empty_branch_if_passive_prog.node_5},@{thm no_guard_empty_branch_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_before_ast_to_cfg_prog.params_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls ns no_guard_empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv no_guard_empty_branch_if_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding no_guard_empty_branch_if_passive_prog.params_vdecls_def no_guard_empty_branch_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using no_guard_empty_branch_if_before_passive_prog.globals_locals_disj apply auto[1]
-using no_guard_empty_branch_if_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from no_guard_empty_branch_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
deleted file mode 100644
index 9d48a04..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_passive_prog.thy
+++ /dev/null
@@ -1,119 +0,0 @@
-theory no_guard_empty_branch_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_empty_branch_if_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_empty_branch_if_passive_prog.params_vdecls_def no_guard_empty_branch_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)))) = {})"
-unfolding no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
deleted file mode 100644
index e4324d7..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_proofs/no_guard_empty_branch_if_vcphase_proof.thy
+++ /dev/null
@@ -1,213 +0,0 @@
-theory no_guard_empty_branch_if_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML no_guard_empty_branch_if_passive_prog no_guard_empty_branch_if_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2
-lemmas forall_poly_thm = forall_vc_type[OF G2]
-lemmas exists_poly_thm = exists_vc_type[OF G2]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_empty_branch_if_passive_prog.block_0_def
-apply cases
-by auto
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_1 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_empty_branch_if_passive_prog.block_1_def
-apply cases
-by auto
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_2 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_empty_branch_if_passive_prog.block_2_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_3 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_empty_branch_if_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_4 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_empty_branch_if_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding no_guard_empty_branch_if_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) no_guard_empty_branch_if_passive_prog.node_0 no_guard_empty_branch_if_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon3_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_1])
-apply (erule block_anon3_Then)
-apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_2])
-apply (erule block_anon3_Else)
-apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_3])
-apply (erule block_anon0)
-apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_4])
-apply (erule block_0)
-apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_empty_branch_if_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:no_guard_empty_branch_if_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls)) \<Gamma> [] no_guard_empty_branch_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A no_guard_empty_branch_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) no_guard_empty_branch_if_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls no_guard_empty_branch_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_empty_branch_if_passive_prog.params_vdecls no_guard_empty_branch_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((no_guard_empty_branch_if_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_empty_branch_if_passive_prog.m_x])
-apply (subst lookup_var_local[OF no_guard_empty_branch_if_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_empty_branch_if_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF no_guard_empty_branch_if_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/ROOT
deleted file mode 100644
index d67dd14..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session no_guard_if_proofs = Boogie_Lang + 
-directories no_guard_if_proofs
-theories
-global_data
-"no_guard_if_proofs/no_guard_if_before_passive_prog"
-"no_guard_if_proofs/no_guard_if_before_ast_to_cfg_prog"
-"no_guard_if_proofs/no_guard_if_asttocfg_proof"
-"no_guard_if_proofs/no_guard_if_passive_prog"
-"no_guard_if_proofs/no_guard_if_vcphase_proof"
-"no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog"
-"no_guard_if_proofs/no_guard_if_cfgtodag_proof"
-"no_guard_if_proofs/no_guard_if_passification_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_asttocfg_proof.thy
deleted file mode 100644
index 0904d61..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_asttocfg_proof.thy
+++ /dev/null
@@ -1,267 +0,0 @@
-theory no_guard_if_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_if_before_ast_to_cfg_prog no_guard_if_before_cfg_to_dag_prog no_guard_if_cfgtodag_proof no_guard_if_passification_proof no_guard_if_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A no_guard_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_no_guard_if_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of no_guard_if_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_2_def no_guard_if_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: no_guard_if_before_cfg_to_dag_prog.block_2_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: no_guard_if_before_cfg_to_dag_prog.block_2_def no_guard_if_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_no_guard_if_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_guard_if_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of no_guard_if_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (simp)
-apply (rule cont_2_def)
-apply (rule no_guard_if_before_cfg_to_dag_prog.node_2)
-apply (rule disjI1)
-apply (rule no_guard_if_before_cfg_to_dag_prog.block_2_def)
-apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_2)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_2)
-apply (rule rel_no_guard_if_before_ast_to_cfg_prog_bigblock_2)
-apply assumption+
-
-done
-qed
-
-lemma rel_no_guard_if_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_1,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of no_guard_if_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_1_def no_guard_if_before_cfg_to_dag_prog.block_1_def)
-apply ((simp add: no_guard_if_before_cfg_to_dag_prog.block_1_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: no_guard_if_before_cfg_to_dag_prog.block_1_def no_guard_if_before_ast_to_cfg_prog.bigblock_1_def)+)
-done
-
-
-lemma global_rel_no_guard_if_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_guard_if_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of no_guard_if_before_ast_to_cfg_prog.bigblock_1])
-apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_1_def)
-apply (simp)
-apply (simp)
-apply (rule cont_1_def)
-apply (rule no_guard_if_before_cfg_to_dag_prog.node_1)
-apply (rule disjI1)
-apply (rule no_guard_if_before_cfg_to_dag_prog.block_1_def)
-apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_1)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_1)
-apply (rule rel_no_guard_if_before_ast_to_cfg_prog_bigblock_1)
-apply assumption+
-
-done
-qed
-
-lemma rel_no_guard_if_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of no_guard_if_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_0_def no_guard_if_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def no_guard_if_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_no_guard_if_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_guard_if_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of no_guard_if_before_ast_to_cfg_prog.bigblock_0 _ no_guard_if_before_cfg_to_dag_prog.block_0])
-apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def no_guard_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)
-apply (rule astTrace)
-apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: no_guard_if_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: no_guard_if_before_cfg_to_dag_prog.node_0)
-apply (rule rel_no_guard_if_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: no_guard_if_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-
-apply (rule disjE, simp)
-apply ((erule allE[where x = 1])+)
-apply ((simp add: no_guard_if_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_no_guard_if_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: cont_0_def no_guard_if_before_ast_to_cfg_prog.bigblock_1_def cont_1_def )
-apply blast+
-
-
-
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add: no_guard_if_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_no_guard_if_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_0_def no_guard_if_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (no_guard_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A no_guard_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> no_guard_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) no_guard_if_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_if_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (no_guard_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_no_guard_if_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def no_guard_if_before_ast_to_cfg_prog.pres_def no_guard_if_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def no_guard_if_before_ast_to_cfg_prog.pres_def no_guard_if_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (no_guard_if_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) no_guard_if_before_ast_to_cfg_prog.fdecls no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls no_guard_if_before_ast_to_cfg_prog.axioms no_guard_if_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding no_guard_if_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_guard_if_before_ast_to_cfg_prog.ast_proc_def no_guard_if_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 156d377..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,117 +0,0 @@
-theory no_guard_if_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (ParsedIf (None ) [(BigBlock (None ) [(Assign 0 (Lit (LInt 0)))] (None ) (None ))] [(BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))])) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0)))] (None ) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (Lit (LInt 1)))] (None ) (None ))"
-definition cont_0
-  where
-    "cont_0  = KStop"
-definition cont_1
-  where
-    "cont_1  = KStop"
-definition cont_2
-  where
-    "cont_2  = KStop"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding no_guard_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding no_guard_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding no_guard_if_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding no_guard_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding no_guard_if_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = no_guard_if_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_if_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_if_before_ast_to_cfg_prog.post),proc_body = (Some (no_guard_if_before_ast_to_cfg_prog.locals_vdecls,no_guard_if_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
deleted file mode 100644
index e159f5a..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,138 +0,0 @@
-theory no_guard_if_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = [(Assign 0 (Lit (LInt 0)))]"
-definition block_2
-  where
-    "block_2  = [(Assign 0 (Lit (LInt 1)))]"
-definition outEdges
-  where
-    "outEdges  = [[1,2],[],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding no_guard_if_before_cfg_to_dag_prog.constants_vdecls_def no_guard_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding no_guard_if_before_cfg_to_dag_prog.constants_vdecls_def no_guard_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding no_guard_if_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding no_guard_if_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding no_guard_if_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_guard_if_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding no_guard_if_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_if_before_cfg_to_dag_prog.constants_vdecls no_guard_if_before_cfg_to_dag_prog.globals_vdecls),(append no_guard_if_before_cfg_to_dag_prog.params_vdecls no_guard_if_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = no_guard_if_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_guard_if_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_guard_if_before_cfg_to_dag_prog.post),proc_body = (Some (no_guard_if_before_cfg_to_dag_prog.locals_vdecls,no_guard_if_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
deleted file mode 100644
index d44f599..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_before_passive_prog.thy
+++ /dev/null
@@ -1,95 +0,0 @@
-theory no_guard_if_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assign 0 (Lit (LInt 0)))]"
-definition block_2
-  where
-    "block_2  = [(Assign 0 (Lit (LInt 1)))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_if_before_ast_to_cfg_prog.params_vdecls_def no_guard_if_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding no_guard_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
deleted file mode 100644
index 8203453..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_cfgtodag_proof.thy
+++ /dev/null
@@ -1,242 +0,0 @@
-theory no_guard_if_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_guard_if_before_ast_to_cfg_prog no_guard_if_before_cfg_to_dag_prog no_guard_if_before_passive_prog no_guard_if_passification_proof no_guard_if_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A no_guard_if_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_if_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def no_guard_if_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule no_guard_if_before_passive_prog.node_0)
-apply simp
-unfolding no_guard_if_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_if_before_cfg_to_dag_prog.block_1_def no_guard_if_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_guard_if_before_cfg_to_dag_prog.node_1)
-apply (rule no_guard_if_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_Then)
-apply assumption+
-apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_1)
-apply (rule no_guard_if_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_if_before_cfg_to_dag_prog.block_2_def no_guard_if_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_guard_if_before_cfg_to_dag_prog.node_2)
-apply (rule no_guard_if_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon3_Else)
-apply assumption+
-apply (rule no_guard_if_before_cfg_to_dag_prog.outEdges_2)
-apply (rule no_guard_if_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_guard_if_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_guard_if_before_cfg_to_dag_prog.block_0_def no_guard_if_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule no_guard_if_before_cfg_to_dag_prog.node_0)
-apply (rule no_guard_if_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:no_guard_if_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:no_guard_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:no_guard_if_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:no_guard_if_before_passive_prog.outEdges_4))
-by ((simp add:no_guard_if_before_passive_prog.node_4 no_guard_if_before_passive_prog.block_4_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_guard_if_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule no_guard_if_before_passive_prog.node_5)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding no_guard_if_before_passive_prog.block_5_def
-apply (rule assume_pres_normal[where ?es=no_guard_if_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding no_guard_if_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule no_guard_if_before_passive_prog.outEdges_5)
-apply ((simp add:no_guard_if_before_passive_prog.node_4 no_guard_if_before_passive_prog.block_4_def))
-apply (rule no_guard_if_before_passive_prog.outEdges_4)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A no_guard_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> no_guard_if_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) no_guard_if_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_guard_if_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] no_guard_if_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule no_guard_if_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
deleted file mode 100644
index 2ab1609..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passification_proof.thy
+++ /dev/null
@@ -1,254 +0,0 @@
-theory no_guard_if_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_ast_to_cfg_prog no_guard_if_passive_prog Boogie_Lang.PassificationML no_guard_if_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_if_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_if_before_passive_prog.block_0_def no_guard_if_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old no_guard_if_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_if_before_passive_prog.block_1_def no_guard_if_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 1)))]) R_old no_guard_if_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_if_before_passive_prog.block_2_def no_guard_if_passive_prog.block_2_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old no_guard_if_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_if_before_passive_prog.block_3_def no_guard_if_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:no_guard_if_before_ast_to_cfg_prog.l_x(2) no_guard_if_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_if_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_if_before_passive_prog.block_4_def no_guard_if_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_guard_if_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_guard_if_before_passive_prog.block_5_def no_guard_if_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_0},@{thm no_guard_if_before_passive_prog.outEdges_0}) (@{thm no_guard_if_passive_prog.node_0},@{thm no_guard_if_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon3_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_1},@{thm no_guard_if_before_passive_prog.outEdges_1}) (@{thm no_guard_if_passive_prog.node_1},@{thm no_guard_if_passive_prog.outEdges_1}) @{thm block_anon3_Then} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_2},@{thm no_guard_if_before_passive_prog.outEdges_2}) (@{thm no_guard_if_passive_prog.node_2},@{thm no_guard_if_passive_prog.outEdges_2}) @{thm block_anon3_Else} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_3},@{thm no_guard_if_before_passive_prog.outEdges_3}) (@{thm no_guard_if_passive_prog.node_3},@{thm no_guard_if_passive_prog.outEdges_3}) @{thm block_anon0} [
-@{thm cfg_block_anon3_Then}, 
-@{thm cfg_block_anon3_Else}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_4},@{thm no_guard_if_before_passive_prog.outEdges_4}) (@{thm no_guard_if_passive_prog.node_4},@{thm no_guard_if_passive_prog.outEdges_4}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_guard_if_before_passive_prog.node_5},@{thm no_guard_if_before_passive_prog.outEdges_5}) (@{thm no_guard_if_passive_prog.node_5},@{thm no_guard_if_passive_prog.outEdges_5}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_before_ast_to_cfg_prog.params_vdecls no_guard_if_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_guard_if_before_passive_prog.proc_body ((Inl 5),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A no_guard_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> no_guard_if_before_ast_to_cfg_prog.constants_vdecls ns no_guard_if_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv no_guard_if_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding no_guard_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_if_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding no_guard_if_passive_prog.params_vdecls_def no_guard_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using no_guard_if_before_passive_prog.globals_locals_disj apply auto[1]
-using no_guard_if_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] no_guard_if_passive_prog.proc_body u (Inl 5)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range no_guard_if_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] no_guard_if_passive_prog.proc_body ((Inl 5),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from no_guard_if_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
deleted file mode 100644
index 1ad5e24..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_passive_prog.thy
+++ /dev/null
@@ -1,119 +0,0 @@
-theory no_guard_if_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_guard_if_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 5,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_guard_if_passive_prog.params_vdecls_def no_guard_if_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)))) = {})"
-unfolding no_guard_if_before_ast_to_cfg_prog.constants_vdecls_def no_guard_if_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
deleted file mode 100644
index 0ca11b4..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_if_proofs/no_guard_if_proofs/no_guard_if_vcphase_proof.thy
+++ /dev/null
@@ -1,213 +0,0 @@
-theory no_guard_if_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML no_guard_if_passive_prog no_guard_if_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2
-lemmas forall_poly_thm = forall_vc_type[OF G2]
-lemmas exists_poly_thm = exists_vc_type[OF G2]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_if_passive_prog.block_0_def
-apply cases
-by auto
-
-lemma block_anon3_Then:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_1 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_if_passive_prog.block_1_def
-apply cases
-by auto
-
-lemma block_anon3_Else:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_2 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_if_passive_prog.block_2_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_3 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_if_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_4 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_guard_if_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding no_guard_if_passive_prog.block_5_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) no_guard_if_passive_prog.node_0 no_guard_if_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon3_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_1])
-apply (erule block_anon3_Then)
-apply ((simp add:no_guard_if_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_2])
-apply (erule block_anon3_Else)
-apply ((simp add:no_guard_if_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_3])
-apply (erule block_anon0)
-apply ((simp add:no_guard_if_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_4])
-apply (erule block_0)
-apply ((simp add:no_guard_if_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_guard_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_guard_if_passive_prog.node_5])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:no_guard_if_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls)) \<Gamma> [] no_guard_if_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A no_guard_if_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> no_guard_if_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) no_guard_if_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s no_guard_if_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append no_guard_if_before_ast_to_cfg_prog.constants_vdecls no_guard_if_before_ast_to_cfg_prog.globals_vdecls),(append no_guard_if_passive_prog.params_vdecls no_guard_if_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((no_guard_if_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_if_passive_prog.m_x])
-apply (subst lookup_var_local[OF no_guard_if_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_guard_if_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF no_guard_if_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_asttocfg_proof.thy
deleted file mode 100644
index a697260..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_asttocfg_proof.thy
+++ /dev/null
@@ -1,716 +0,0 @@
-theory M_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_cfgtodag_proof M_passification_proof M_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_9:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_9,cont_9,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_9])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_9_def)
-
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_9_def)
-apply (simp)
-apply (simp)
-apply (rule cont_9_def)
-apply (rule M_before_cfg_to_dag_prog.node_10)
-apply (rule disjI1)
-apply (rule M_before_cfg_to_dag_prog.block_10_def)
-apply (rule M_before_cfg_to_dag_prog.outEdges_10)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: M_before_cfg_to_dag_prog.node_10)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_9_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_8:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_8,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_8])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def M_before_cfg_to_dag_prog.block_9_def)
-apply ((simp add: M_before_cfg_to_dag_prog.block_9_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: M_before_cfg_to_dag_prog.block_9_def M_before_ast_to_cfg_prog.bigblock_8_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_8:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(guard_of_enclosing_loop = (None ))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_8])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
-apply (rule M_before_cfg_to_dag_prog.node_9)
-apply (rule disjI1)
-apply (rule M_before_cfg_to_dag_prog.block_9_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_8_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_9)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_8)
-apply assumption
-apply (simp)
-apply ((erule allE[where x=1])+)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_9)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_7:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV False))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_7])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
-
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
-apply (rule M_before_cfg_to_dag_prog.node_8)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule M_before_cfg_to_dag_prog.block_8_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_7_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_8)
-
-
-
-
-apply ((erule allE[where x = 9])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_8)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_8)
-
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply blast+
-done
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) (Normal ns1')))))"
-unfolding M_before_cfg_to_dag_prog.block_7_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: M_before_cfg_to_dag_prog.block_7_def)
-apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_6_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
-apply (rule M_before_cfg_to_dag_prog.node_7)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule M_before_cfg_to_dag_prog.block_7_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_6_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_7)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_6)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x = 9])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_7)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_8)
-
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply blast+
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(guard_of_enclosing_loop = (None ))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: M_before_cfg_to_dag_prog.block_6_def M_before_ast_to_cfg_prog.bigblock_5_def)
-
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_5_def)
-apply (rule M_before_cfg_to_dag_prog.node_6)
-apply (rule disjI1)
-
-
-
-apply (simp add: M_before_cfg_to_dag_prog.block_6_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-
-
-
-
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 7])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_6)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_6)
-apply (simp add: cont_5_def M_before_ast_to_cfg_prog.bigblock_6_def cont_6_def )
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-
-apply ((erule allE[where x = 8])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_6)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_7)
-apply (simp add: cont_5_def M_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-done
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-unfolding M_before_cfg_to_dag_prog.block_4_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: M_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_4_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_3 cont_3 M_before_cfg_to_dag_prog.proc_body 3 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule M_before_cfg_to_dag_prog.node_4)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule M_before_cfg_to_dag_prog.block_4_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_4_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_4)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_4)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=3])+)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3 _ _ _ M_before_cfg_to_dag_prog.block_3])
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def M_before_cfg_to_dag_prog.block_3_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3])
-apply ((simp add:M_before_ast_to_cfg_prog.bigblock_3_def)+)
-apply ((simp add:M_before_cfg_to_dag_prog.block_3_def M_before_cfg_to_dag_prog.node_3)+)
-apply (rule cont_3_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def M_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_3_def cont_4_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 5])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_5)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_5)
-apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_5)
-apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(guard_of_enclosing_loop = (None ))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
-apply (rule correctness_propagates_through_empty)
-using assms(2)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_2)
-apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
-
-
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_empty2)
-using assms(3)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_2)
-apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
-
-
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec)
-apply ((simp)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule strictly_smaller_helper2)
-apply ((simp)+)
-done
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(personal_guard = (None ))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1 _ _ _ M_before_cfg_to_dag_prog.block_1])
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def M_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:M_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:M_before_cfg_to_dag_prog.block_1_def M_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-apply ((simp)+)
-apply (erule disjE)
-defer
-apply ((erule allE[where x = 2])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def M_before_ast_to_cfg_prog.bigblock_2_def cont_2_def M_before_ast_to_cfg_prog.bigblock_5_def cont_5_def M_before_ast_to_cfg_prog.bigblock_8_def cont_8_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule guardHint)
-apply ((erule allE[where x = 10])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply ((blast)+)
-
-
-
-
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_9)
-apply (simp)
-apply ((blast)+)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-done
-qed
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: M_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: M_before_cfg_to_dag_prog.block_0_def M_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0 _ M_before_cfg_to_dag_prog.block_0])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
-apply (rule M_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: M_before_cfg_to_dag_prog.node_0)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_M_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_9] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_9_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) M_before_ast_to_cfg_prog.fdecls M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls M_before_ast_to_cfg_prog.axioms M_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding M_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 M_before_ast_to_cfg_prog.ast_proc_def M_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
deleted file mode 100644
index a5a1b75..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,177 +0,0 @@
-theory M_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1),(Havoc 2)] (Some (WhileWrapper (ParsedWhile (None ) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None )),(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (None ) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None )),(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))"
-definition bigblock_7
-  where
-    "bigblock_7  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_8
-  where
-    "bigblock_8  = (BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (None ) (None ))"
-definition bigblock_9
-  where
-    "bigblock_9  = (BigBlock (None ) [] (None ) (None ))"
-definition cont_9
-  where
-    "cont_9  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_9 cont_9)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_9 cont_9 ))"
-definition cont_8
-  where
-    "cont_8  = (KSeq bigblock_1 cont_1)"
-definition cont_5
-  where
-    "cont_5  = (KSeq bigblock_8 cont_8)"
-definition cont_6
-  where
-    "cont_6  = (KSeq bigblock_8 cont_8)"
-definition cont_7
-  where
-    "cont_7  = (KSeq bigblock_8 cont_8)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_5 cont_5)"
-definition cont_3
-  where
-    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_9]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = M_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.post),proc_body = (Some (M_before_ast_to_cfg_prog.locals_vdecls,M_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 2f81621..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,244 +0,0 @@
-theory M_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))]"
-definition block_8
-  where
-    "block_8  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10)))))]"
-definition block_9
-  where
-    "block_9  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))]"
-definition block_10
-  where
-    "block_10  = []"
-definition outEdges
-  where
-    "outEdges  = [[1],[10,2],[3],[5,4],[3],[6],[7,8],[9],[9],[1],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [10,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [5,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [7,8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = M_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.post),proc_body = (Some (M_before_cfg_to_dag_prog.locals_vdecls,M_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_passive_prog.thy
deleted file mode 100644
index 86acc69..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_before_passive_prog.thy
+++ /dev/null
@@ -1,183 +0,0 @@
-theory M_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10)))))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
-definition block_8
-  where
-    "block_8  = [(Havoc 0)]"
-definition block_9
-  where
-    "block_9  = []"
-definition block_10
-  where
-    "block_10  = [(Havoc 0),(Havoc 1)]"
-definition block_11
-  where
-    "block_11  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
-definition block_12
-  where
-    "block_12  = []"
-definition block_13
-  where
-    "block_13  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[3],[4,5],[6],[7,2],[8],[1,9],[10],[11],[12]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 13,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_13:
-shows "((nth (node_to_block proc_body) 13) = block_13)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [4,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [1,9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_13:
-shows "((nth (out_edges proc_body) 13) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_cfgtodag_proof.thy
deleted file mode 100644
index 7d840e9..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_cfgtodag_proof.thy
+++ /dev/null
@@ -1,775 +0,0 @@
-theory M_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_before_passive_prog M_passification_proof M_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def M_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule M_before_passive_prog.node_0)
-apply simp
-unfolding M_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_10 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_10_def M_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule M_before_cfg_to_dag_prog.node_10)
-apply (rule M_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon7_LoopDone)
-apply assumption+
-apply (rule M_before_cfg_to_dag_prog.outEdges_10)
-apply (rule M_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma Mods_anon8_LoopBody:
-shows "(mods_contained_in (set [0]) M_before_cfg_to_dag_prog.block_4)"
-unfolding M_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_4_def M_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0] [] M_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_4)
-apply (rule M_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon8_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon8_LoopBody)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon8_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_9)"
-unfolding M_before_cfg_to_dag_prog.block_9_def
-by simp
-
-lemma block_anon6:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_3 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_9_def M_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_9)
-apply (rule M_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon6)
-apply (assumption+)
-apply (rule Mods_anon6)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_9))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_9))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon7_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon9_Then:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_7)"
-unfolding M_before_cfg_to_dag_prog.block_7_def
-by simp
-
-lemma block_anon9_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_7_def M_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon9_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_7)
-apply (rule M_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon9_Then)
-apply (assumption+)
-apply (rule Mods_anon9_Then)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:M_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon9_Else:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_8)"
-unfolding M_before_cfg_to_dag_prog.block_8_def
-by simp
-
-lemma block_anon9_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_8_def M_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon9_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_8)
-apply (rule M_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon9_Else)
-apply (assumption+)
-apply (rule Mods_anon9_Else)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:M_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon3:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_6)"
-unfolding M_before_cfg_to_dag_prog.block_6_def
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_6_def M_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_6)
-apply (rule M_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon3)
-apply (assumption+)
-apply (rule Mods_anon3)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:M_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon9_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:M_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon9_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_LoopDone:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_5)"
-unfolding M_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_5_def M_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_5)
-apply (rule M_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon8_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon8_LoopDone)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:M_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_LoopHead:
-shows "(mods_contained_in (set [0]) M_before_cfg_to_dag_prog.block_3)"
-unfolding M_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_3_def M_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule M_before_cfg_to_dag_prog.node_3)
-apply (rule M_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon8_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon8_LoopHead)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:M_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:M_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon7_LoopBody:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_2)"
-unfolding M_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_9 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_2_def M_before_passive_prog.block_9_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_2)
-apply (rule M_before_passive_prog.node_9)
-apply (assumption+)
-apply (rule block_anon7_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon7_LoopBody)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=8])
-apply ((simp add:M_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_LoopHead:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_1)"
-unfolding M_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_10 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_1_def M_before_passive_prog.block_10_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule M_before_cfg_to_dag_prog.node_1)
-apply (rule M_before_passive_prog.node_10)
-apply (assumption+)
-apply (rule block_anon7_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon7_LoopHead)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:M_before_passive_prog.outEdges_10))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=9])
-apply ((simp add:M_before_passive_prog.outEdges_10))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_11 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_11 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_0_def M_before_passive_prog.block_11_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_0)
-apply (rule M_before_passive_prog.node_11)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=10])
-apply ((simp add:M_before_passive_prog.outEdges_11))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:M_before_passive_prog.outEdges_12))
-by ((simp add:M_before_passive_prog.node_12 M_before_passive_prog.block_12_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule M_before_passive_prog.node_13)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding M_before_passive_prog.block_13_def
-apply (rule assume_pres_normal[where ?es=M_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding M_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule M_before_passive_prog.outEdges_13)
-apply ((simp add:M_before_passive_prog.node_12 M_before_passive_prog.block_12_def))
-apply (rule M_before_passive_prog.outEdges_12)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule M_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passification_proof.thy
deleted file mode 100644
index d62a181..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passification_proof.thy
+++ /dev/null
@@ -1,458 +0,0 @@
-theory M_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog M_passive_prog Boogie_Lang.PassificationML M_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_0_def M_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_1_def M_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [10] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [10])) (update_nstate_rel R [(0,(Inl 10))]) R_old M_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_2_def M_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_3(2)))
-by simp
-
-lemma block_anon6:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [11] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [11])) (update_nstate_rel R [(0,(Inl 11))]) R_old M_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_3_def M_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_4(2)))
-by simp
-
-lemma block_anon9_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9])) (update_nstate_rel R [(1,(Inl 9))]) R_old M_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_4_def M_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_2(2)))
-by simp
-
-lemma block_anon9_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 1) = (Some (Inl 7)))" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_5_def M_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_6_def M_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_7_def M_passive_prog.block_7_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old M_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_8_def M_passive_prog.block_8_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_9_def M_passive_prog.block_9_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6,7] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6,7])) (update_nstate_rel R [(0,(Inl 6)),(1,(Inl 7))]) R_old M_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_10_def M_passive_prog.block_10_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_1(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_11 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4,5] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4,5])) (update_nstate_rel R [(0,(Inl 3)),(1,(Inl 4)),(2,(Inl 5))]) R_old M_passive_prog.block_11 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_11_def M_passive_prog.block_11_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_0(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_0(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_z(2) M_passive_prog.l_z_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_12 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_12 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_12_def M_passive_prog.block_12_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_13 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_13 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_13_def M_passive_prog.block_13_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_0},@{thm M_before_passive_prog.outEdges_0}) (@{thm M_passive_prog.node_0},@{thm M_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_1},@{thm M_before_passive_prog.outEdges_1}) (@{thm M_passive_prog.node_1},@{thm M_passive_prog.outEdges_1}) @{thm block_anon7_LoopDone} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 10 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_2},@{thm M_before_passive_prog.outEdges_2}) (@{thm M_passive_prog.node_2},@{thm M_passive_prog.outEdges_2}) @{thm block_anon8_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon6:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_3},@{thm M_before_passive_prog.outEdges_3}) (@{thm M_passive_prog.node_3},@{thm M_passive_prog.outEdges_3}) @{thm block_anon6} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon9_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_4},@{thm M_before_passive_prog.outEdges_4}) (@{thm M_passive_prog.node_4},@{thm M_passive_prog.outEdges_4}) @{thm block_anon9_Then} [
-@{thm cfg_block_anon6}] 1\<close>))
-
-lemma cfg_block_anon9_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 1) = (Some (Inl 7)))" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_5},@{thm M_before_passive_prog.outEdges_5}) (@{thm M_passive_prog.node_5},@{thm M_passive_prog.outEdges_5}) @{thm block_anon9_Else} [
-@{thm cfg_block_anon6}] 1\<close>))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_6},@{thm M_before_passive_prog.outEdges_6}) (@{thm M_passive_prog.node_6},@{thm M_passive_prog.outEdges_6}) @{thm block_anon3} [
-@{thm cfg_block_anon9_Then}, 
-@{thm cfg_block_anon9_Else}] 1\<close>))
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_7},@{thm M_before_passive_prog.outEdges_7}) (@{thm M_passive_prog.node_7},@{thm M_passive_prog.outEdges_7}) @{thm block_anon8_LoopDone} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_8},@{thm M_before_passive_prog.outEdges_8}) (@{thm M_passive_prog.node_8},@{thm M_passive_prog.outEdges_8}) @{thm block_anon8_LoopHead} [
-@{thm cfg_block_anon8_LoopDone}, 
-@{thm cfg_block_anon8_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_9},@{thm M_before_passive_prog.outEdges_9}) (@{thm M_passive_prog.node_9},@{thm M_passive_prog.outEdges_9}) @{thm block_anon7_LoopBody} [
-@{thm cfg_block_anon8_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_10},@{thm M_before_passive_prog.outEdges_10}) (@{thm M_passive_prog.node_10},@{thm M_passive_prog.outEdges_10}) @{thm block_anon7_LoopHead} [
-@{thm cfg_block_anon7_LoopDone}, 
-@{thm cfg_block_anon7_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 11)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_11},@{thm M_before_passive_prog.outEdges_11}) (@{thm M_passive_prog.node_11},@{thm M_passive_prog.outEdges_11}) @{thm block_anon0} [
-@{thm cfg_block_anon7_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 12)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_12},@{thm M_before_passive_prog.outEdges_12}) (@{thm M_passive_prog.node_12},@{thm M_passive_prog.outEdges_12}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 13)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_13},@{thm M_before_passive_prog.outEdges_13}) (@{thm M_passive_prog.node_13},@{thm M_passive_prog.outEdges_13}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_passive_prog.proc_body ((Inl 13),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls ns M_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv M_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using M_before_passive_prog.globals_locals_disj apply auto[1]
-using M_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body u (Inl 13)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range M_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body ((Inl 13),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from M_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passive_prog.thy
deleted file mode 100644
index b325823..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_passive_prog.thy
+++ /dev/null
@@ -1,297 +0,0 @@
-theory M_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 7) Gt (Lit (LInt 10)))),(Assume (BinOp (Var 10) Eq (BinOp (Var 8) Mul (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 11) Eq (BinOp (BinOp (Var 8) Add (Var 1)) Add (Var 5)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (BinOp (Var 8) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assume (BinOp (Var 9) Eq (BinOp (Var 5) Add (Lit (LInt 7)))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 8) Sub (Lit (LInt 10)))))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 7)))]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = []"
-definition block_12
-  where
-    "block_12  = []"
-definition block_13
-  where
-    "block_13  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[3],[4,5],[6],[7,2],[8],[1,9],[10],[11],[12]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 13,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_13:
-shows "((nth (node_to_block proc_body) 13) = block_13)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [4,5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [1,9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_13:
-shows "((nth (out_edges proc_body) 13) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(10,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(11,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) = {})"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z_0:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_3:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_4:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 11) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z_0:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_3:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_4:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_4
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_vcphase_proof.thy
deleted file mode 100644
index 54f25dc..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/M_proofs/M_vcphase_proof.thy
+++ /dev/null
@@ -1,473 +0,0 @@
-theory M_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML M_passive_prog M_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_z :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_z_0 :: "int" and vc_x_1 :: "int" and vc_y_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_y_2 :: "int" and vc_x_4 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_z)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_0)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_z_0)))" and 
-G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_1)))" and 
-G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_1)))" and 
-G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_2)))" and 
-G9: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_x_3)))" and 
-G10: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_y_2)))" and 
-G11: "((lookup_var \<Lambda> n_s 11) = (Some (IntV vc_x_4)))" and 
-G12: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11 G12
-lemmas forall_poly_thm = forall_vc_type[OF G12]
-lemmas exists_poly_thm = exists_vc_type[OF G12]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding M_passive_prog.block_0_def
-apply cases
-by auto
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_1 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding M_passive_prog.block_1_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon8_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon8_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding M_passive_prog.block_2_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_hints = [
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon6AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding M_passive_prog.block_3_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon9_Then_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon9_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
-unfolding M_passive_prog.block_4_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon9_Else_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon9_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
-unfolding M_passive_prog.block_5_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_6 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_6_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon8_LoopDone_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon8_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-unfolding M_passive_prog.block_7_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_8 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_8_def
-apply cases
-by auto
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_9 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_9_def
-apply cases
-by auto
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_10 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_10_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_11 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_11_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_12 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_12_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_13 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding M_passive_prog.block_13_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) M_passive_prog.node_0 M_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) M_passive_prog.node_1])
-apply (erule block_anon7_LoopDone)
-apply ((simp add:M_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_2])
-by (erule block_anon8_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon6:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_3])
-by (erule block_anon6AA0[OF _ assms(2)])
-
-lemma cfg_block_anon9_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_4])
-apply (erule block_anon9_ThenAA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon9_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_5])
-apply (erule block_anon9_ElseAA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_6])
-apply (erule block_anon3[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon9_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon9_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_7])
-apply (erule block_anon8_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_8])
-apply (erule block_anon8_LoopHead[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_9])
-apply (erule block_anon7_LoopBody[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_10])
-apply (erule block_anon7_LoopHead[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_11])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_11))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_12])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_12))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_13])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_13))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<Gamma> [] M_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s M_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((M_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x])
-apply (subst lookup_var_local[OF M_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y])
-apply (subst lookup_var_local[OF M_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z])
-apply (subst lookup_var_local[OF M_passive_prog.m_z])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z_0:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z_0])
-apply (subst lookup_var_local[OF M_passive_prog.m_z_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_3])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 11) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 11)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 11))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_4])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_4])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_z])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_z_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (rule HOL.conjunct1[OF sc_x_3])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (rule HOL.conjunct1[OF sc_x_4])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/ROOT
deleted file mode 100644
index 3487ed6..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session no_guard_loop2_proofs = Boogie_Lang + 
-directories M_proofs
-theories
-global_data
-"M_proofs/M_before_ast_to_cfg_prog"
-"M_proofs/M_passive_prog"
-"M_proofs/M_asttocfg_proof"
-"M_proofs/M_passification_proof"
-"M_proofs/M_before_passive_prog"
-"M_proofs/M_vcphase_proof"
-"M_proofs/M_before_cfg_to_dag_prog"
-"M_proofs/M_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop2_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_asttocfg_proof.thy
deleted file mode 100644
index 683bfee..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_asttocfg_proof.thy
+++ /dev/null
@@ -1,679 +0,0 @@
-theory M_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_cfgtodag_proof M_passification_proof M_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_8:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_8])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
-
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
-apply (simp)
-apply (simp)
-apply (rule cont_8_def)
-apply (rule M_before_cfg_to_dag_prog.node_9)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule M_before_cfg_to_dag_prog.block_9_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply ( rule neg_gt)
-apply (rule guardHint)
-apply (rule M_before_cfg_to_dag_prog.outEdges_9)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: M_before_cfg_to_dag_prog.node_9)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_7:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_7])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
-
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
-apply (rule M_before_cfg_to_dag_prog.node_8)
-apply (rule disjI1)
-apply (rule M_before_cfg_to_dag_prog.block_8_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_7_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_8)
-
-
-
-apply ((erule allE[where x=1])+)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_8)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV False))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_3 cont_3 M_before_cfg_to_dag_prog.proc_body 3 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
-
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
-apply (rule M_before_cfg_to_dag_prog.node_6)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule M_before_cfg_to_dag_prog.block_6_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_6_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_6)
-
-
-
-
-apply ((erule allE[where x=3])+)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_6)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_5 (Normal ns1) (Normal ns1')))))"
-unfolding M_before_cfg_to_dag_prog.block_5_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
-apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_5_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_3 cont_3 M_before_cfg_to_dag_prog.proc_body 3 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_5_def)
-apply (rule M_before_cfg_to_dag_prog.node_5)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule M_before_cfg_to_dag_prog.block_5_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_5_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_5)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_5)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=3])+)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def M_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: M_before_cfg_to_dag_prog.block_4_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: M_before_cfg_to_dag_prog.block_4_def M_before_ast_to_cfg_prog.bigblock_4_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(guard_of_enclosing_loop = (None ))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_3 cont_3 M_before_cfg_to_dag_prog.proc_body 3 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: M_before_cfg_to_dag_prog.block_4_def M_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp add: M_before_cfg_to_dag_prog.block_4_def)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule M_before_cfg_to_dag_prog.node_4)
-apply (rule disjI1)
-
-
-
-apply (simp add: M_before_cfg_to_dag_prog.block_4_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: M_before_cfg_to_dag_prog.node_4)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
-apply ((simp)+)
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 5])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_4)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_5)
-apply (simp add: cont_4_def M_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-
-apply ((erule allE[where x = 6])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_4)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_6)
-apply (simp add: cont_4_def M_before_ast_to_cfg_prog.bigblock_6_def cont_6_def )
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(personal_guard = (None ))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3 _ _ _ M_before_cfg_to_dag_prog.block_3])
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def M_before_cfg_to_dag_prog.block_3_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3])
-apply ((simp add:M_before_ast_to_cfg_prog.bigblock_3_def)+)
-apply ((simp add:M_before_cfg_to_dag_prog.block_3_def M_before_cfg_to_dag_prog.node_3)+)
-apply (rule cont_3_def)
-apply (erule disjE)
-apply ((simp)+)
-apply (erule disjE)
-defer
-apply ((erule allE[where x = 4])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def M_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_3_def cont_4_def
-apply (simp)
-apply (blast)
-apply (blast)
-apply (rule guardHint)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(6))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 7])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply ((blast)+)
-
-
-
-
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_7)
-apply (simp)
-
-apply (rule correctness_propagates_through_empty)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_7)
-apply (simp add: M_before_cfg_to_dag_prog.block_7_def)
-
-apply (simp)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_7)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_empty2)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_7)
-apply (simp add: M_before_cfg_to_dag_prog.block_7_def)
-
-apply (simp)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_7)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(6))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding M_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
-apply (rule M_before_cfg_to_dag_prog.node_2)
-
-apply (rule disjI2)
-apply (rule disjI1)
-
-apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (simp)
-
-
-apply (rule guardHint)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: M_before_cfg_to_dag_prog.node_2)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def)
-apply ((simp)+)
-apply (rule guardHint)
-apply ((erule allE[where x = 3])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1 _ _ _ M_before_cfg_to_dag_prog.block_1])
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def M_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:M_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:M_before_cfg_to_dag_prog.block_1_def M_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def M_before_ast_to_cfg_prog.bigblock_2_def cont_2_def M_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 9])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_8)
-apply (blast)
-
-
-apply ((blast)+)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-done
-qed
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: M_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: M_before_cfg_to_dag_prog.block_0_def M_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0 _ M_before_cfg_to_dag_prog.block_0])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
-apply (rule M_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: M_before_cfg_to_dag_prog.node_0)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_3::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_M_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_8] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_8_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_3::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) M_before_ast_to_cfg_prog.fdecls M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls M_before_ast_to_cfg_prog.axioms M_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding M_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 M_before_ast_to_cfg_prog.ast_proc_def M_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 7eb13ba..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,171 +0,0 @@
-theory M_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1),(Havoc 2)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (Some (WhileWrapper (ParsedWhile (None ) [] [(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (Some (WhileWrapper (ParsedWhile (None ) [] [(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))]))) (None )),(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (Some (WhileWrapper (ParsedWhile (None ) [] [(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))]))) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (None ) [] [(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_7
-  where
-    "bigblock_7  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_8
-  where
-    "bigblock_8  = (BigBlock (None ) [] (None ) (None ))"
-definition cont_8
-  where
-    "cont_8  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_8 cont_8)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_8 cont_8 ))"
-definition cont_7
-  where
-    "cont_7  = (KSeq bigblock_1 cont_1)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_7 cont_7)"
-definition cont_3
-  where
-    "cont_3  = (KEndBlock (KSeq bigblock_7 cont_7 ))"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_3 cont_3)"
-definition cont_5
-  where
-    "cont_5  = (KSeq bigblock_3 cont_3)"
-definition cont_6
-  where
-    "cont_6  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_8]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = M_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.post),proc_body = (Some (M_before_ast_to_cfg_prog.locals_vdecls,M_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
deleted file mode 100644
index a4c8d31..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,233 +0,0 @@
-theory M_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10)))))]"
-definition block_7
-  where
-    "block_7  = []"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[9,2],[3],[7,4],[5,6],[3],[3],[8],[1],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [9,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [7,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [5,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = M_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.post),proc_body = (Some (M_before_cfg_to_dag_prog.locals_vdecls,M_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_passive_prog.thy
deleted file mode 100644
index 8b61917..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_before_passive_prog.thy
+++ /dev/null
@@ -1,172 +0,0 @@
-theory M_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))]"
-definition block_5
-  where
-    "block_5  = [(Assume (Lit (LBool False)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = [(Havoc 1),(Havoc 0)]"
-definition block_8
-  where
-    "block_8  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))]"
-definition block_9
-  where
-    "block_9  = [(Havoc 1),(Havoc 0)]"
-definition block_10
-  where
-    "block_10  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
-definition block_11
-  where
-    "block_11  = []"
-definition block_12
-  where
-    "block_12  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[2,3],[0],[5],[6,4],[7],[1,8],[9],[10],[11]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 12,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [1,8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_cfgtodag_proof.thy
deleted file mode 100644
index 54db418..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_cfgtodag_proof.thy
+++ /dev/null
@@ -1,712 +0,0 @@
-theory M_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_before_passive_prog M_passification_proof M_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def M_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule M_before_passive_prog.node_0)
-apply simp
-unfolding M_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_9_def M_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule M_before_cfg_to_dag_prog.node_9)
-apply (rule M_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon6_LoopDone)
-apply assumption+
-apply (rule M_before_cfg_to_dag_prog.outEdges_9)
-apply (rule M_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma Mods_anon8_Then:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_5)"
-unfolding M_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon8_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_5_def M_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_5)
-apply (rule M_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon8_Then)
-apply (assumption+)
-apply (rule Mods_anon8_Then)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon7_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_Else:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_6)"
-unfolding M_before_cfg_to_dag_prog.block_6_def
-by simp
-
-lemma block_anon8_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_3 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_6_def M_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_6)
-apply (rule M_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon8_Else)
-apply (assumption+)
-apply (rule Mods_anon8_Else)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon7_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_LoopBody:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_4)"
-unfolding M_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_4_def M_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_4)
-apply (rule M_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon7_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon7_LoopBody)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:M_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:M_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon7_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon5:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_8)"
-unfolding M_before_cfg_to_dag_prog.block_8_def
-by simp
-
-lemma block_anon5:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_5 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_8_def M_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_8)
-apply (rule M_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon5)
-apply (assumption+)
-apply (rule Mods_anon5)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_LoopDone:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_7)"
-unfolding M_before_cfg_to_dag_prog.block_7_def
-by simp
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_7_def M_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_7)
-apply (rule M_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon7_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon7_LoopDone)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:M_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon6_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_LoopHead:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_3)"
-unfolding M_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_3_def M_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(1)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule M_before_cfg_to_dag_prog.node_3)
-apply (rule M_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon7_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon7_LoopHead)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:M_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:M_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon6_LoopBody:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_2)"
-unfolding M_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_2_def M_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_2)
-apply (rule M_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon6_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon6_LoopBody)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:M_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon6_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopHead:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_1)"
-unfolding M_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_9 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_1_def M_before_passive_prog.block_9_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(1)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule M_before_cfg_to_dag_prog.node_1)
-apply (rule M_before_passive_prog.node_9)
-apply (assumption+)
-apply (rule block_anon6_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon6_LoopHead)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:M_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=8])
-apply ((simp add:M_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_10 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_0_def M_before_passive_prog.block_10_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_0)
-apply (rule M_before_passive_prog.node_10)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=9])
-apply ((simp add:M_before_passive_prog.outEdges_10))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:M_before_passive_prog.outEdges_11))
-by ((simp add:M_before_passive_prog.node_11 M_before_passive_prog.block_11_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule M_before_passive_prog.node_12)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding M_before_passive_prog.block_12_def
-apply (rule assume_pres_normal[where ?es=M_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding M_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule M_before_passive_prog.outEdges_12)
-apply ((simp add:M_before_passive_prog.node_11 M_before_passive_prog.block_11_def))
-apply (rule M_before_passive_prog.outEdges_11)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_3::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule M_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passification_proof.thy
deleted file mode 100644
index 8a4a2c1..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passification_proof.thy
+++ /dev/null
@@ -1,422 +0,0 @@
-theory M_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog M_passive_prog Boogie_Lang.PassificationML M_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_0_def M_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_1_def M_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [12] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 0) = (Some (Inl 11)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [12])) (update_nstate_rel R [(1,(Inl 12))]) R_old M_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_2_def M_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_3(2)))
-by simp
-
-lemma block_anon8_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 11)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_3_def M_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [11] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 0) = (Some (Inl 10)))" and 
-"((R 1) = (Some (Inl 9)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [11])) (update_nstate_rel R [(0,(Inl 11))]) R_old M_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_4_def M_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_4(2)))
-by simp
-
-lemma block_anon5:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_5_def M_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_6_def M_passive_prog.block_6_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9,10] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9,10])) (update_nstate_rel R [(1,(Inl 9)),(0,(Inl 10))]) R_old M_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_7_def M_passive_prog.block_7_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_2(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_3(2)))
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 0) = (Some (Inl 7)))" and 
-"((R 1) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old M_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_8_def M_passive_prog.block_8_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6,7] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6,7])) (update_nstate_rel R [(1,(Inl 6)),(0,(Inl 7))]) R_old M_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_9_def M_passive_prog.block_9_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_1(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4,5] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4,5])) (update_nstate_rel R [(0,(Inl 3)),(1,(Inl 4)),(2,(Inl 5))]) R_old M_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_10_def M_passive_prog.block_10_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_0(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_0(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_z(2) M_passive_prog.l_z_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_11 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_11 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_11_def M_passive_prog.block_11_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_12 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_12 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_12_def M_passive_prog.block_12_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_0},@{thm M_before_passive_prog.outEdges_0}) (@{thm M_passive_prog.node_0},@{thm M_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_1},@{thm M_before_passive_prog.outEdges_1}) (@{thm M_passive_prog.node_1},@{thm M_passive_prog.outEdges_1}) @{thm block_anon6_LoopDone} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon8_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 12 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 0) = (Some (Inl 11)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_2},@{thm M_before_passive_prog.outEdges_2}) (@{thm M_passive_prog.node_2},@{thm M_passive_prog.outEdges_2}) @{thm block_anon8_Then} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon8_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 11)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_3},@{thm M_before_passive_prog.outEdges_3}) (@{thm M_passive_prog.node_3},@{thm M_passive_prog.outEdges_3}) @{thm block_anon8_Else} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 0) = (Some (Inl 10)))" and 
-"((R 1) = (Some (Inl 9)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_4},@{thm M_before_passive_prog.outEdges_4}) (@{thm M_passive_prog.node_4},@{thm M_passive_prog.outEdges_4}) @{thm block_anon7_LoopBody} [
-@{thm cfg_block_anon8_Then}, 
-@{thm cfg_block_anon8_Else}] 1\<close>))
-
-lemma cfg_block_anon5:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_5},@{thm M_before_passive_prog.outEdges_5}) (@{thm M_passive_prog.node_5},@{thm M_passive_prog.outEdges_5}) @{thm block_anon5} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_6},@{thm M_before_passive_prog.outEdges_6}) (@{thm M_passive_prog.node_6},@{thm M_passive_prog.outEdges_6}) @{thm block_anon7_LoopDone} [
-@{thm cfg_block_anon5}] 1\<close>))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_7},@{thm M_before_passive_prog.outEdges_7}) (@{thm M_passive_prog.node_7},@{thm M_passive_prog.outEdges_7}) @{thm block_anon7_LoopHead} [
-@{thm cfg_block_anon7_LoopDone}, 
-@{thm cfg_block_anon7_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 0) = (Some (Inl 7)))" and 
-"((R 1) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_8},@{thm M_before_passive_prog.outEdges_8}) (@{thm M_passive_prog.node_8},@{thm M_passive_prog.outEdges_8}) @{thm block_anon6_LoopBody} [
-@{thm cfg_block_anon7_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_9},@{thm M_before_passive_prog.outEdges_9}) (@{thm M_passive_prog.node_9},@{thm M_passive_prog.outEdges_9}) @{thm block_anon6_LoopHead} [
-@{thm cfg_block_anon6_LoopDone}, 
-@{thm cfg_block_anon6_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_10},@{thm M_before_passive_prog.outEdges_10}) (@{thm M_passive_prog.node_10},@{thm M_passive_prog.outEdges_10}) @{thm block_anon0} [
-@{thm cfg_block_anon6_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 11)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_11},@{thm M_before_passive_prog.outEdges_11}) (@{thm M_passive_prog.node_11},@{thm M_passive_prog.outEdges_11}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 12)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_12},@{thm M_before_passive_prog.outEdges_12}) (@{thm M_passive_prog.node_12},@{thm M_passive_prog.outEdges_12}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_3::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls ns M_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv M_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using M_before_passive_prog.globals_locals_disj apply auto[1]
-using M_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body u (Inl 12)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range M_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body ((Inl 12),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from M_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passive_prog.thy
deleted file mode 100644
index f276df4..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_passive_prog.thy
+++ /dev/null
@@ -1,295 +0,0 @@
-theory M_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 6)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (BinOp (Var 11) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assume (BinOp (Var 12) Eq (BinOp (Var 5) Add (Lit (LInt 7))))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 11) Sub (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 11) Eq (BinOp (BinOp (Var 10) Add (Var 9)) Add (Var 5))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (Lit (LBool False)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = []"
-definition block_8
-  where
-    "block_8  = [(Assume (BinOp (Var 6) Gt (Lit (LInt 10)))),(Assume (BinOp (Var 8) Eq (BinOp (Var 7) Mul (Lit (LInt 10)))))]"
-definition block_9
-  where
-    "block_9  = []"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = []"
-definition block_12
-  where
-    "block_12  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[2,3],[0],[5],[6,4],[7],[1,8],[9],[10],[11]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 12,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [1,8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(10,(TPrim TInt),(None )),(11,(TPrim TInt),(None )),(12,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) = {})"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z_0:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_3:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_4:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 11) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_3:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 12) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z_0:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_3:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_4:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_4
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_3:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 12) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 12) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_vcphase_proof.thy
deleted file mode 100644
index 085beb0..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/M_proofs/M_vcphase_proof.thy
+++ /dev/null
@@ -1,455 +0,0 @@
-theory M_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML M_passive_prog M_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_z :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_z_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_y_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int" and vc_y_3 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_z)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_0)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_z_0)))" and 
-G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_y_1)))" and 
-G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_x_1)))" and 
-G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_2)))" and 
-G9: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_y_2)))" and 
-G10: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_x_3)))" and 
-G11: "((lookup_var \<Lambda> n_s 11) = (Some (IntV vc_x_4)))" and 
-G12: "((lookup_var \<Lambda> n_s 12) = (Some (IntV vc_y_3)))" and 
-G13: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11 G12 G13
-lemmas forall_poly_thm = forall_vc_type[OF G13]
-lemmas exists_poly_thm = exists_vc_type[OF G13]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding M_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon6_LoopDone_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon6_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding M_passive_prog.block_1_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_Then_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon8_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding M_passive_prog.block_2_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_Else_hints = [
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon8_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding M_passive_prog.block_3_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_Else_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon7_LoopBody_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon7_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-unfolding M_passive_prog.block_4_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_hints = [
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon7_LoopDone:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding M_passive_prog.block_5_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_hints \<close>)
-by (auto?)
-
-lemma block_anon7_LoopDoneAA0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_6 (Normal n_s) s')" and 
-"(vc.vc_anon0 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
-using assms
-unfolding M_passive_prog.block_6_def
-apply cases
-by auto
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_7 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_7_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon6_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-unfolding M_passive_prog.block_8_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
-by (auto?)
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_9 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_9_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_10 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_10_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_11 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_11_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_12 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding M_passive_prog.block_12_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) M_passive_prog.node_0 M_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) M_passive_prog.node_1])
-apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_2])
-by (erule block_anon8_ThenAA0[OF _ assms(2)])
-
-lemma cfg_block_anon8_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_3])
-by (erule block_anon8_ElseAA0[OF _ assms(2)])
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_4])
-apply (erule block_anon7_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_5])
-by (erule block_anon7_LoopDone[OF _ assms(2)])
-
-lemma cfg_block_anon7_LoopDoneAA0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_6])
-apply (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_7])
-apply (erule block_anon7_LoopHead[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopDoneAA0, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_8])
-apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_9])
-apply (erule block_anon6_LoopHead[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_10])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_11])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_11))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_12])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_12))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<Gamma> [] M_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_y_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_3::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s M_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((M_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x])
-apply (subst lookup_var_local[OF M_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y])
-apply (subst lookup_var_local[OF M_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z])
-apply (subst lookup_var_local[OF M_passive_prog.m_z])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z_0:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z_0])
-apply (subst lookup_var_local[OF M_passive_prog.m_z_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_3])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 11) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 11)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 11))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_4])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_4])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_3:"(((lookup_var ?\<Lambda> n_s 12) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 12)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 12))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_3])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_z])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_z_0])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (rule HOL.conjunct1[OF sc_x_3])
-apply (rule HOL.conjunct1[OF sc_x_4])
-apply (rule HOL.conjunct1[OF sc_y_3])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/ROOT
deleted file mode 100644
index 52fb0f5..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session no_guard_loop3_proofs = Boogie_Lang + 
-directories M_proofs
-theories
-global_data
-"M_proofs/M_before_ast_to_cfg_prog"
-"M_proofs/M_passive_prog"
-"M_proofs/M_asttocfg_proof"
-"M_proofs/M_passification_proof"
-"M_proofs/M_before_passive_prog"
-"M_proofs/M_vcphase_proof"
-"M_proofs/M_before_cfg_to_dag_prog"
-"M_proofs/M_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop3_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_asttocfg_proof.thy
deleted file mode 100644
index e88a3c5..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_asttocfg_proof.thy
+++ /dev/null
@@ -1,678 +0,0 @@
-theory M_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_cfgtodag_proof M_passification_proof M_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_8:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_8])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
-
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
-apply (simp)
-apply (simp)
-apply (rule cont_8_def)
-apply (rule M_before_cfg_to_dag_prog.node_9)
-apply (rule disjI1)
-apply (rule M_before_cfg_to_dag_prog.block_9_def)
-apply (rule M_before_cfg_to_dag_prog.outEdges_9)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: M_before_cfg_to_dag_prog.node_9)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_7:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV False))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_7])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
-
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
-apply (rule M_before_cfg_to_dag_prog.node_8)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule M_before_cfg_to_dag_prog.block_8_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_7_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_8)
-
-
-
-
-apply ((erule allE[where x=1])+)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_8)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) (Normal ns1')))))"
-unfolding M_before_cfg_to_dag_prog.block_7_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: M_before_cfg_to_dag_prog.block_7_def)
-apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_6_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
-apply (rule M_before_cfg_to_dag_prog.node_7)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule M_before_cfg_to_dag_prog.block_7_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_6_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_7)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_6)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=1])+)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_7)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(guard_of_enclosing_loop = (None ))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: M_before_cfg_to_dag_prog.block_6_def M_before_ast_to_cfg_prog.bigblock_5_def)
-
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_5_def)
-apply (rule M_before_cfg_to_dag_prog.node_6)
-apply (rule disjI1)
-
-
-
-apply (simp add: M_before_cfg_to_dag_prog.block_6_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-
-
-
-
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 7])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_6)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_6)
-apply (simp add: cont_5_def M_before_ast_to_cfg_prog.bigblock_6_def cont_6_def )
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-
-apply ((erule allE[where x = 8])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_6)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_7)
-apply (simp add: cont_5_def M_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-done
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-unfolding M_before_cfg_to_dag_prog.block_4_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: M_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_4_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_3 cont_3 M_before_cfg_to_dag_prog.proc_body 3 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule M_before_cfg_to_dag_prog.node_4)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule M_before_cfg_to_dag_prog.block_4_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_4_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_4)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_4)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=3])+)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3 _ _ _ M_before_cfg_to_dag_prog.block_3])
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def M_before_cfg_to_dag_prog.block_3_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3])
-apply ((simp add:M_before_ast_to_cfg_prog.bigblock_3_def)+)
-apply ((simp add:M_before_cfg_to_dag_prog.block_3_def M_before_cfg_to_dag_prog.node_3)+)
-apply (rule cont_3_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def M_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_3_def cont_4_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 5])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_5)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_5)
-apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_5)
-apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: M_before_cfg_to_dag_prog.block_2_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: M_before_cfg_to_dag_prog.block_2_def M_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(guard_of_enclosing_loop = (None ))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def M_before_cfg_to_dag_prog.block_2_def)
-apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
-apply (rule M_before_cfg_to_dag_prog.node_2)
-apply (rule disjI1)
-
-
-
-apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: M_before_cfg_to_dag_prog.node_2)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(personal_guard = (None ))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1 _ _ _ M_before_cfg_to_dag_prog.block_1])
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def M_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:M_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:M_before_cfg_to_dag_prog.block_1_def M_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-apply ((simp)+)
-apply (erule disjE)
-defer
-apply ((erule allE[where x = 2])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def M_before_ast_to_cfg_prog.bigblock_2_def cont_2_def M_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule guardHint)
-apply ((erule allE[where x = 9])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply ((blast)+)
-
-
-
-
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_8)
-apply (simp)
-apply ((blast)+)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-done
-qed
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: M_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: M_before_cfg_to_dag_prog.block_0_def M_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0 _ M_before_cfg_to_dag_prog.block_0])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
-apply (rule M_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: M_before_cfg_to_dag_prog.node_0)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_2::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_M_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_8] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_8_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_2::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) M_before_ast_to_cfg_prog.fdecls M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls M_before_ast_to_cfg_prog.axioms M_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding M_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 M_before_ast_to_cfg_prog.ast_proc_def M_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
deleted file mode 100644
index ce2eb13..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,171 +0,0 @@
-theory M_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1),(Havoc 2)] (Some (WhileWrapper (ParsedWhile (None ) [] [(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (None ) [] [(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))"
-definition bigblock_7
-  where
-    "bigblock_7  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_8
-  where
-    "bigblock_8  = (BigBlock (None ) [] (None ) (None ))"
-definition cont_8
-  where
-    "cont_8  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_8 cont_8)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_8 cont_8 ))"
-definition cont_5
-  where
-    "cont_5  = (KSeq bigblock_1 cont_1)"
-definition cont_6
-  where
-    "cont_6  = (KSeq bigblock_1 cont_1)"
-definition cont_7
-  where
-    "cont_7  = (KSeq bigblock_1 cont_1)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_5 cont_5)"
-definition cont_3
-  where
-    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_8]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = M_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.post),proc_body = (Some (M_before_ast_to_cfg_prog.locals_vdecls,M_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 986f60d..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,233 +0,0 @@
-theory M_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))]"
-definition block_8
-  where
-    "block_8  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10)))))]"
-definition block_9
-  where
-    "block_9  = []"
-definition outEdges
-  where
-    "outEdges  = [[1],[9,2],[3],[5,4],[3],[6],[7,8],[1],[1],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [9,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [5,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [7,8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = M_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.post),proc_body = (Some (M_before_cfg_to_dag_prog.locals_vdecls,M_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_passive_prog.thy
deleted file mode 100644
index 35d4e2b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_before_passive_prog.thy
+++ /dev/null
@@ -1,172 +0,0 @@
-theory M_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7)))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
-definition block_7
-  where
-    "block_7  = [(Havoc 0)]"
-definition block_8
-  where
-    "block_8  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))]"
-definition block_9
-  where
-    "block_9  = [(Havoc 1),(Havoc 0)]"
-definition block_10
-  where
-    "block_10  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
-definition block_11
-  where
-    "block_11  = []"
-definition block_12
-  where
-    "block_12  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[0],[3,4],[5],[6,2],[7],[1,8],[9],[10],[11]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 12,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [1,8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_cfgtodag_proof.thy
deleted file mode 100644
index cd75e46..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_cfgtodag_proof.thy
+++ /dev/null
@@ -1,711 +0,0 @@
-theory M_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_before_passive_prog M_passification_proof M_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def M_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule M_before_passive_prog.node_0)
-apply simp
-unfolding M_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_9_def M_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule M_before_cfg_to_dag_prog.node_9)
-apply (rule M_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon6_LoopDone)
-apply assumption+
-apply (rule M_before_cfg_to_dag_prog.outEdges_9)
-apply (rule M_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma Mods_anon7_LoopBody:
-shows "(mods_contained_in (set [0]) M_before_cfg_to_dag_prog.block_4)"
-unfolding M_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_4_def M_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon7_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0] [] M_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_4)
-apply (rule M_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon7_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon7_LoopBody)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon7_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_Then:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_7)"
-unfolding M_before_cfg_to_dag_prog.block_7_def
-by simp
-
-lemma block_anon8_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_3 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_7_def M_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_7)
-apply (rule M_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon8_Then)
-apply (assumption+)
-apply (rule Mods_anon8_Then)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_Else:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_8)"
-unfolding M_before_cfg_to_dag_prog.block_8_def
-by simp
-
-lemma block_anon8_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_4 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_8_def M_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_8)
-apply (rule M_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon8_Else)
-apply (assumption+)
-apply (rule Mods_anon8_Else)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon3:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_6)"
-unfolding M_before_cfg_to_dag_prog.block_6_def
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_6_def M_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_6)
-apply (rule M_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon3)
-apply (assumption+)
-apply (rule Mods_anon3)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:M_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon6_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:M_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon6_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_LoopDone:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_5)"
-unfolding M_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_5_def M_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_5)
-apply (rule M_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon7_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon7_LoopDone)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:M_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon6_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_LoopHead:
-shows "(mods_contained_in (set [0]) M_before_cfg_to_dag_prog.block_3)"
-unfolding M_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_3_def M_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule M_before_cfg_to_dag_prog.node_3)
-apply (rule M_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon7_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon7_LoopHead)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:M_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:M_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon6_LoopBody:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_2)"
-unfolding M_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_2_def M_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [1,0] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_2)
-apply (rule M_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon6_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon6_LoopBody)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:M_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon6_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopHead:
-shows "(mods_contained_in (set [1,0]) M_before_cfg_to_dag_prog.block_1)"
-unfolding M_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_9 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_1_def M_before_passive_prog.block_9_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(1)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [1,0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [1,0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule M_before_cfg_to_dag_prog.node_1)
-apply (rule M_before_passive_prog.node_9)
-apply (assumption+)
-apply (rule block_anon6_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon6_LoopHead)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:M_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=8])
-apply ((simp add:M_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_10 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_0_def M_before_passive_prog.block_10_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_0)
-apply (rule M_before_passive_prog.node_10)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=9])
-apply ((simp add:M_before_passive_prog.outEdges_10))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:M_before_passive_prog.outEdges_11))
-by ((simp add:M_before_passive_prog.node_11 M_before_passive_prog.block_11_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule M_before_passive_prog.node_12)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding M_before_passive_prog.block_12_def
-apply (rule assume_pres_normal[where ?es=M_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding M_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule M_before_passive_prog.outEdges_12)
-apply ((simp add:M_before_passive_prog.node_11 M_before_passive_prog.block_11_def))
-apply (rule M_before_passive_prog.outEdges_11)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_2::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule M_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passification_proof.thy
deleted file mode 100644
index a76507a..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passification_proof.thy
+++ /dev/null
@@ -1,429 +0,0 @@
-theory M_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog M_passive_prog Boogie_Lang.PassificationML M_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_0_def M_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_1_def M_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [10] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 9)))" and 
-"((R 1) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [10])) (update_nstate_rel R [(0,(Inl 10))]) R_old M_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_2_def M_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_4(2)))
-by simp
-
-lemma block_anon8_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [11] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 0) = (Some (Inl 9)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [11])) (update_nstate_rel R [(1,(Inl 11))]) R_old M_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_3_def M_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_2(2)))
-by simp
-
-lemma block_anon8_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 9)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_4_def M_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 0) = (Some (Inl 9)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_5_def M_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 0) = (Some (Inl 9)))" and 
-"((R 1) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_6_def M_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 6)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9])) (update_nstate_rel R [(0,(Inl 9))]) R_old M_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_7_def M_passive_prog.block_7_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_3(2)))
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 6)))" and 
-"((R 0) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old M_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_8_def M_passive_prog.block_8_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6,7] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6,7])) (update_nstate_rel R [(1,(Inl 6)),(0,(Inl 7))]) R_old M_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_9_def M_passive_prog.block_9_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_1(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4,5] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4,5])) (update_nstate_rel R [(0,(Inl 3)),(1,(Inl 4)),(2,(Inl 5))]) R_old M_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_10_def M_passive_prog.block_10_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_0(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_0(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_z(2) M_passive_prog.l_z_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_11 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_11 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_11_def M_passive_prog.block_11_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_12 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_12 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_12_def M_passive_prog.block_12_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_0},@{thm M_before_passive_prog.outEdges_0}) (@{thm M_passive_prog.node_0},@{thm M_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_1},@{thm M_before_passive_prog.outEdges_1}) (@{thm M_passive_prog.node_1},@{thm M_passive_prog.outEdges_1}) @{thm block_anon6_LoopDone} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 10 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 9)))" and 
-"((R 1) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_2},@{thm M_before_passive_prog.outEdges_2}) (@{thm M_passive_prog.node_2},@{thm M_passive_prog.outEdges_2}) @{thm block_anon7_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon8_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 0) = (Some (Inl 9)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_3},@{thm M_before_passive_prog.outEdges_3}) (@{thm M_passive_prog.node_3},@{thm M_passive_prog.outEdges_3}) @{thm block_anon8_Then} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon8_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 9)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_4},@{thm M_before_passive_prog.outEdges_4}) (@{thm M_passive_prog.node_4},@{thm M_passive_prog.outEdges_4}) @{thm block_anon8_Else} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 0) = (Some (Inl 9)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_5},@{thm M_before_passive_prog.outEdges_5}) (@{thm M_passive_prog.node_5},@{thm M_passive_prog.outEdges_5}) @{thm block_anon3} [
-@{thm cfg_block_anon8_Then}, 
-@{thm cfg_block_anon8_Else}] 1\<close>))
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 0) = (Some (Inl 9)))" and 
-"((R 1) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_6},@{thm M_before_passive_prog.outEdges_6}) (@{thm M_passive_prog.node_6},@{thm M_passive_prog.outEdges_6}) @{thm block_anon7_LoopDone} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 6)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_7},@{thm M_before_passive_prog.outEdges_7}) (@{thm M_passive_prog.node_7},@{thm M_passive_prog.outEdges_7}) @{thm block_anon7_LoopHead} [
-@{thm cfg_block_anon7_LoopDone}, 
-@{thm cfg_block_anon7_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 6)))" and 
-"((R 0) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_8},@{thm M_before_passive_prog.outEdges_8}) (@{thm M_passive_prog.node_8},@{thm M_passive_prog.outEdges_8}) @{thm block_anon6_LoopBody} [
-@{thm cfg_block_anon7_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_9},@{thm M_before_passive_prog.outEdges_9}) (@{thm M_passive_prog.node_9},@{thm M_passive_prog.outEdges_9}) @{thm block_anon6_LoopHead} [
-@{thm cfg_block_anon6_LoopDone}, 
-@{thm cfg_block_anon6_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_10},@{thm M_before_passive_prog.outEdges_10}) (@{thm M_passive_prog.node_10},@{thm M_passive_prog.outEdges_10}) @{thm block_anon0} [
-@{thm cfg_block_anon6_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 11)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_11},@{thm M_before_passive_prog.outEdges_11}) (@{thm M_passive_prog.node_11},@{thm M_passive_prog.outEdges_11}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 12)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_12},@{thm M_before_passive_prog.outEdges_12}) (@{thm M_passive_prog.node_12},@{thm M_passive_prog.outEdges_12}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_2::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls ns M_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv M_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using M_before_passive_prog.globals_locals_disj apply auto[1]
-using M_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body u (Inl 12)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range M_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body ((Inl 12),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from M_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passive_prog.thy
deleted file mode 100644
index b2575fd..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_passive_prog.thy
+++ /dev/null
@@ -1,286 +0,0 @@
-theory M_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 6) Gt (Lit (LInt 10)))),(Assume (BinOp (Var 10) Eq (BinOp (Var 9) Mul (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (BinOp (Var 9) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assume (BinOp (Var 11) Eq (BinOp (Var 5) Add (Lit (LInt 7))))),(Assume (Lit (LBool False)))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 9) Sub (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 6)))]"
-definition block_7
-  where
-    "block_7  = []"
-definition block_8
-  where
-    "block_8  = [(Assume (BinOp (Var 8) Eq (BinOp (BinOp (Var 7) Add (Var 6)) Add (Var 5))))]"
-definition block_9
-  where
-    "block_9  = []"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = []"
-definition block_12
-  where
-    "block_12  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[0],[3,4],[5],[6,2],[7],[1,8],[9],[10],[11]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 12,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [1,8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(10,(TPrim TInt),(None )),(11,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) = {})"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z_0:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_3:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_4:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 11) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z_0:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_3:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_4:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_4
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_vcphase_proof.thy
deleted file mode 100644
index cd9d054..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/M_proofs/M_vcphase_proof.thy
+++ /dev/null
@@ -1,447 +0,0 @@
-theory M_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML M_passive_prog M_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_z :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_z_0 :: "int" and vc_y_1 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_x_4 :: "int" and vc_y_2 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_z)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_0)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_z_0)))" and 
-G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_y_1)))" and 
-G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_x_1)))" and 
-G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_2)))" and 
-G9: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_x_3)))" and 
-G10: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_x_4)))" and 
-G11: "((lookup_var \<Lambda> n_s 11) = (Some (IntV vc_y_2)))" and 
-G12: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11 G12
-lemmas forall_poly_thm = forall_vc_type[OF G12]
-lemmas exists_poly_thm = exists_vc_type[OF G12]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding M_passive_prog.block_0_def
-apply cases
-by auto
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_1 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding M_passive_prog.block_1_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon7_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon7_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding M_passive_prog.block_2_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_Then_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon8_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding M_passive_prog.block_3_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon8_Else_hints = [
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon8_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding M_passive_prog.block_4_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon8_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_5 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_5_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon7_LoopDone_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon7_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-unfolding M_passive_prog.block_6_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon7_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_7 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_7_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon6_LoopBody_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_8 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-unfolding M_passive_prog.block_8_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
-by (auto?)
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_9 (Normal n_s) s')" and 
-"(vc.vc_anon0 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
-using assms
-unfolding M_passive_prog.block_9_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_10 (Normal n_s) s')" and 
-"(vc.vc_anon0 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
-using assms
-unfolding M_passive_prog.block_10_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_11 (Normal n_s) s')" and 
-"(vc.vc_anon0 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
-using assms
-unfolding M_passive_prog.block_11_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_12 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding M_passive_prog.block_12_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) M_passive_prog.node_0 M_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) M_passive_prog.node_1])
-apply (erule block_anon6_LoopDone)
-apply ((simp add:M_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_2])
-by (erule block_anon7_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon8_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_3])
-by (erule block_anon8_ThenAA0[OF _ assms(2)])
-
-lemma cfg_block_anon8_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_4])
-by (erule block_anon8_ElseAA0[OF _ assms(2)])
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_5])
-apply (erule block_anon3[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_6])
-apply (erule block_anon7_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_7])
-apply (erule block_anon7_LoopHead[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_8])
-apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_9])
-apply (erule block_anon6_LoopHead[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_10])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_11])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_11))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_12])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_12))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<Gamma> [] M_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_y_1::int) (vc_x_1::int) (vc_x_2::int) (vc_x_3::int) (vc_x_4::int) (vc_y_2::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s M_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((M_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x])
-apply (subst lookup_var_local[OF M_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y])
-apply (subst lookup_var_local[OF M_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z])
-apply (subst lookup_var_local[OF M_passive_prog.m_z])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z_0:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z_0])
-apply (subst lookup_var_local[OF M_passive_prog.m_z_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_3])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_4])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_4])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 11) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 11)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 11))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_z])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_z_0])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (rule HOL.conjunct1[OF sc_x_3])
-apply (rule HOL.conjunct1[OF sc_x_4])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/ROOT
deleted file mode 100644
index ab4bdf6..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session no_guard_loop4_proofs = Boogie_Lang + 
-directories M_proofs
-theories
-global_data
-"M_proofs/M_before_ast_to_cfg_prog"
-"M_proofs/M_passive_prog"
-"M_proofs/M_asttocfg_proof"
-"M_proofs/M_passification_proof"
-"M_proofs/M_before_passive_prog"
-"M_proofs/M_vcphase_proof"
-"M_proofs/M_before_cfg_to_dag_prog"
-"M_proofs/M_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop4_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_asttocfg_proof.thy
deleted file mode 100644
index 1ee1693..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_asttocfg_proof.thy
+++ /dev/null
@@ -1,732 +0,0 @@
-theory M_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_cfgtodag_proof M_passification_proof M_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_9:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_9,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_11 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_11 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_9])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_9_def M_before_cfg_to_dag_prog.block_11_def)
-apply ((simp add: M_before_cfg_to_dag_prog.block_11_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: M_before_cfg_to_dag_prog.block_11_def M_before_ast_to_cfg_prog.bigblock_9_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_9:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_9,cont_9,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_9])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_9_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_9_def)
-apply (simp)
-apply (simp)
-apply (rule cont_9_def)
-apply (rule M_before_cfg_to_dag_prog.node_11)
-apply (rule disjI1)
-apply (rule M_before_cfg_to_dag_prog.block_11_def)
-apply (rule M_before_cfg_to_dag_prog.outEdges_11)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: M_before_cfg_to_dag_prog.node_11)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_9)
-apply assumption+
-
-done
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_8:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_8,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_8])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def M_before_cfg_to_dag_prog.block_9_def)
-apply ((simp add: M_before_cfg_to_dag_prog.block_9_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: M_before_cfg_to_dag_prog.block_9_def M_before_ast_to_cfg_prog.bigblock_8_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_8:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_8,cont_8,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(guard_of_enclosing_loop = (None ))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_8])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_8_def)
-apply (rule M_before_cfg_to_dag_prog.node_9)
-apply (rule disjI1)
-apply (rule M_before_cfg_to_dag_prog.block_9_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_8_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_9)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_8)
-apply assumption
-apply (simp)
-apply ((erule allE[where x=1])+)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_9)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_7:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_7,cont_7,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV False))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_7])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
-
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_7_def)
-apply (rule M_before_cfg_to_dag_prog.node_8)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule M_before_cfg_to_dag_prog.block_8_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_gt)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_7_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_8)
-
-
-
-
-apply ((erule allE[where x = 9])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_8)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_8)
-
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply blast+
-done
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) (Normal ns1')))))"
-unfolding M_before_cfg_to_dag_prog.block_7_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: M_before_cfg_to_dag_prog.block_7_def)
-apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_6_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_6_def)
-apply (rule M_before_cfg_to_dag_prog.node_7)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule M_before_cfg_to_dag_prog.block_7_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_6_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_7)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_6)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x = 9])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_7)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_8)
-
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply blast+
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(guard_of_enclosing_loop = (None ))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: M_before_cfg_to_dag_prog.block_6_def M_before_ast_to_cfg_prog.bigblock_5_def)
-
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_5_def)
-apply (rule M_before_cfg_to_dag_prog.node_6)
-apply (rule disjI1)
-
-
-
-apply (simp add: M_before_cfg_to_dag_prog.block_6_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-
-
-
-
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 7])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_6)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_6)
-apply (simp add: cont_5_def M_before_ast_to_cfg_prog.bigblock_6_def cont_6_def )
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-
-apply ((erule allE[where x = 8])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_6)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_7)
-apply (simp add: cont_5_def M_before_ast_to_cfg_prog.bigblock_7_def cont_7_def )
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-done
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) (Normal ns1')))))"
-unfolding M_before_cfg_to_dag_prog.block_4_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: M_before_cfg_to_dag_prog.block_4_def)
-apply ((simp add: assms(3) M_before_ast_to_cfg_prog.bigblock_4_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Gt (Lit (LInt 10))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_3 cont_3 M_before_cfg_to_dag_prog.proc_body 3 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule M_before_cfg_to_dag_prog.node_4)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule M_before_cfg_to_dag_prog.block_4_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_4_def)
-apply (simp add: M_before_cfg_to_dag_prog.node_4)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_4)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=3])+)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_3_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3 _ _ _ M_before_cfg_to_dag_prog.block_3])
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def M_before_cfg_to_dag_prog.block_3_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_3_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_3])
-apply ((simp add:M_before_ast_to_cfg_prog.bigblock_3_def)+)
-apply ((simp add:M_before_cfg_to_dag_prog.block_3_def M_before_cfg_to_dag_prog.node_3)+)
-apply (rule cont_3_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_3_def M_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_3_def cont_4_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper3)
-apply ((simp)+)
-
-apply ((erule allE[where x = 5])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_5)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_5)
-apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_5)
-apply (simp add: M_before_cfg_to_dag_prog.block_5_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_5)
-apply ((simp add: member_rec)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule less(5))
-apply (rule strictly_smaller_helper4)
-apply ((simp)+)
-done
-qed
-qed
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(guard_of_enclosing_loop = (None ))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T M_before_ast_to_cfg_prog.bigblock_1 cont_1 M_before_cfg_to_dag_prog.proc_body 1 M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_3_def cont_2_def cont_3_def)
-apply (rule correctness_propagates_through_empty)
-using assms(2)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_2)
-apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
-
-
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_empty2)
-using assms(3)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_2)
-apply (simp add: M_before_cfg_to_dag_prog.block_2_def)
-
-
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec)
-apply ((simp)+)
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule strictly_smaller_helper2)
-apply ((simp)+)
-done
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(personal_guard = (None ))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1 _ _ _ M_before_cfg_to_dag_prog.block_1])
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def M_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:M_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of M_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:M_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:M_before_cfg_to_dag_prog.block_1_def M_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-apply ((simp)+)
-apply (erule disjE)
-defer
-apply ((erule allE[where x = 2])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def M_before_ast_to_cfg_prog.bigblock_2_def cont_2_def M_before_ast_to_cfg_prog.bigblock_5_def cont_5_def M_before_ast_to_cfg_prog.bigblock_8_def cont_8_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-apply (rule guardHint)
-apply ((erule allE[where x = 10])+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply ((blast)+)
-
-
-
-
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_9)
-apply (simp)
-
-apply (rule correctness_propagates_through_empty)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_10)
-apply (simp add: M_before_cfg_to_dag_prog.block_10_def)
-
-apply (simp)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_10)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_empty2)
-apply blast
-apply (simp add: M_before_cfg_to_dag_prog.node_10)
-apply (simp add: M_before_cfg_to_dag_prog.block_10_def)
-
-apply (simp)
-apply (simp add: M_before_cfg_to_dag_prog.outEdges_10)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_M_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: M_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: M_before_cfg_to_dag_prog.block_0_def M_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_M_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end M_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of M_before_ast_to_cfg_prog.bigblock_0 _ M_before_cfg_to_dag_prog.block_0])
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def M_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
-apply (rule M_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: M_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: M_before_cfg_to_dag_prog.node_0)
-apply (rule rel_M_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: M_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_M_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: M_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int) (vc_z_1::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_M_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def M_before_ast_to_cfg_prog.pres_def M_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_9] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (M_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_9_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int) (vc_z_1::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) M_before_ast_to_cfg_prog.fdecls M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls M_before_ast_to_cfg_prog.axioms M_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding M_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 M_before_ast_to_cfg_prog.ast_proc_def M_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 6be8b66..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,177 +0,0 @@
-theory M_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0),(Havoc 1),(Havoc 2)] (Some (WhileWrapper (ParsedWhile (None ) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None )),(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (None ) [] [(BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None )),(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None )),(BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))]))) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Gt (Lit (LInt 10)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))])) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))) [(BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))] (None ) (None ))"
-definition bigblock_7
-  where
-    "bigblock_7  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_8
-  where
-    "bigblock_8  = (BigBlock (None ) [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))] (None ) (None ))"
-definition bigblock_9
-  where
-    "bigblock_9  = (BigBlock (None ) [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 2))))] (None ) (None ))"
-definition cont_9
-  where
-    "cont_9  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_9 cont_9)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_9 cont_9 ))"
-definition cont_8
-  where
-    "cont_8  = (KSeq bigblock_1 cont_1)"
-definition cont_5
-  where
-    "cont_5  = (KSeq bigblock_8 cont_8)"
-definition cont_6
-  where
-    "cont_6  = (KSeq bigblock_8 cont_8)"
-definition cont_7
-  where
-    "cont_7  = (KSeq bigblock_8 cont_8)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_5 cont_5)"
-definition cont_3
-  where
-    "cont_3  = (KEndBlock (KSeq bigblock_5 cont_5 ))"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_3 cont_3)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_9]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding M_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = M_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_ast_to_cfg_prog.post),proc_body = (Some (M_before_ast_to_cfg_prog.locals_vdecls,M_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
deleted file mode 100644
index b95ff29..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,255 +0,0 @@
-theory M_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10))))]"
-definition block_5
-  where
-    "block_5  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))]"
-definition block_8
-  where
-    "block_8  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10)))))]"
-definition block_9
-  where
-    "block_9  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2)))]"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 2))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[10,2],[3],[5,4],[3],[6],[7,8],[9],[9],[1],[11],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [10,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [5,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [7,8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_before_cfg_to_dag_prog.params_vdecls_def M_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding M_before_cfg_to_dag_prog.constants_vdecls_def M_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) M_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding M_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_cfg_to_dag_prog.constants_vdecls M_before_cfg_to_dag_prog.globals_vdecls),(append M_before_cfg_to_dag_prog.params_vdecls M_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = M_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec M_before_cfg_to_dag_prog.post),proc_body = (Some (M_before_cfg_to_dag_prog.locals_vdecls,M_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_passive_prog.thy
deleted file mode 100644
index dfc1207..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_before_passive_prog.thy
+++ /dev/null
@@ -1,194 +0,0 @@
-theory M_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 10)))),(Assign 0 (BinOp (Var 0) Mul (Lit (LInt 10)))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assign 0 (BinOp (BinOp (Var 0) Add (Var 1)) Add (Var 2))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (BinOp (Var 0) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assign 1 (BinOp (Var 2) Add (Lit (LInt 7))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 0) Sub (Lit (LInt 10)))))]"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 1)))]"
-definition block_7
-  where
-    "block_7  = [(Havoc 0)]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = [(Assign 2 (BinOp (Var 2) Sub (Lit (LInt 2))))]"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = [(Havoc 0),(Havoc 1)]"
-definition block_12
-  where
-    "block_12  = [(Havoc 0),(Havoc 1),(Havoc 2)]"
-definition block_13
-  where
-    "block_13  = []"
-definition block_14
-  where
-    "block_14  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[2],[3,4],[5],[6,1],[7],[0],[9],[10,8],[11],[12],[13]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 14,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_13:
-shows "((nth (node_to_block proc_body) 13) = block_13)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_14:
-shows "((nth (node_to_block proc_body) 14) = block_14)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10,8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_13:
-shows "((nth (out_edges proc_body) 13) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_14:
-shows "((nth (out_edges proc_body) 14) = [13])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_before_ast_to_cfg_prog.params_vdecls_def M_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_cfgtodag_proof.thy
deleted file mode 100644
index 5408f30..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_cfgtodag_proof.thy
+++ /dev/null
@@ -1,820 +0,0 @@
-theory M_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML M_before_ast_to_cfg_prog M_before_cfg_to_dag_prog M_before_passive_prog M_passification_proof M_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def M_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule M_before_passive_prog.node_0)
-apply simp
-unfolding M_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma Mods_anon9_LoopBody:
-shows "(mods_contained_in (set [0]) M_before_cfg_to_dag_prog.block_4)"
-unfolding M_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon9_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_1 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_4_def M_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon9_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon9_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0] [] M_before_ast_to_cfg_prog.post ns1 s' 3 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_4)
-apply (rule M_before_passive_prog.node_1)
-apply (assumption+)
-apply (rule block_anon9_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon9_LoopBody)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon9_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_9)"
-unfolding M_before_cfg_to_dag_prog.block_9_def
-by simp
-
-lemma block_anon6:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_9 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_9_def M_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 9),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_9)
-apply (rule M_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon6)
-apply (assumption+)
-apply (rule Mods_anon6)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_9))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_9))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon8_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon10_Then:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_7)"
-unfolding M_before_cfg_to_dag_prog.block_7_def
-by simp
-
-lemma block_anon10_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_7_def M_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon10_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_7)
-apply (rule M_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon10_Then)
-apply (assumption+)
-apply (rule Mods_anon10_Then)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_7))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:M_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon8_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon10_Else:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_8)"
-unfolding M_before_cfg_to_dag_prog.block_8_def
-by simp
-
-lemma block_anon10_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_8_def M_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon10_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_8)
-apply (rule M_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon10_Else)
-apply (assumption+)
-apply (rule Mods_anon10_Else)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_8))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:M_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon8_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon3:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_6)"
-unfolding M_before_cfg_to_dag_prog.block_6_def
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_6_def M_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon3:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_6)
-apply (rule M_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon3)
-apply (assumption+)
-apply (rule Mods_anon3)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_6))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:M_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon10_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon8_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:M_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon10_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon8_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon9_LoopDone:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_5)"
-unfolding M_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon9_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_5_def M_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon9_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_5)
-apply (rule M_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon9_LoopDone)
-apply (assumption+)
-apply (rule Mods_anon9_LoopDone)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:M_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon3)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon8_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon9_LoopHead:
-shows "(mods_contained_in (set [0]) M_before_cfg_to_dag_prog.block_3)"
-unfolding M_before_cfg_to_dag_prog.block_3_def
-by simp
-
-lemma block_anon9_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_3_def M_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon9_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms assms(4-)
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule M_before_cfg_to_dag_prog.node_3)
-apply (rule M_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon9_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon9_LoopHead)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:M_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon9_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_subset_pred)
-using less(4) apply simp
-apply assumption
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:M_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon9_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-apply (rule loop_ih_convert_subset_smaller_2)
-using less(4) apply simp
-apply (simp, fastforce, assumption)
-apply (rule dag_lemma_assms_state_wt_1[OF less(3)])
-apply simp
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma Mods_anon8_LoopBody:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_2)"
-unfolding M_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_2_def M_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon8_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body [0,1] [] M_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_2)
-apply (rule M_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon8_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon8_LoopBody)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:M_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon9_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon8_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon7:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_11 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_9 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_11_def M_before_passive_prog.block_9_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 11),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule M_before_cfg_to_dag_prog.node_11)
-apply (rule M_before_passive_prog.node_9)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon7)
-apply assumption+
-apply (rule M_before_cfg_to_dag_prog.outEdges_11)
-apply (rule M_before_passive_prog.outEdges_9)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_10 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_10 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_10 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_10_def M_before_passive_prog.block_10_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 10),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_10)
-apply (rule M_before_passive_prog.node_10)
-apply (assumption+)
-apply (rule block_anon8_LoopDone)
-apply (assumption+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_10))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_10))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=9])
-apply ((simp add:M_before_passive_prog.outEdges_10))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon8_LoopHead:
-shows "(mods_contained_in (set [0,1]) M_before_cfg_to_dag_prog.block_1)"
-unfolding M_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_11 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_11 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_1_def M_before_passive_prog.block_11_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(1)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(1)))
-apply simp
-done
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0,1] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0,1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule M_before_cfg_to_dag_prog.node_1)
-apply (rule M_before_passive_prog.node_11)
-apply (assumption+)
-apply (rule block_anon8_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon8_LoopHead)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=10])
-apply ((simp add:M_before_passive_prog.outEdges_11))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=8])
-apply ((simp add:M_before_passive_prog.outEdges_11))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.block_12 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] M_before_passive_prog.block_12 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding M_before_cfg_to_dag_prog.block_0_def M_before_passive_prog.block_12_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule M_before_cfg_to_dag_prog.node_0)
-apply (rule M_before_passive_prog.node_12)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:M_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=11])
-apply ((simp add:M_before_passive_prog.outEdges_12))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon8_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 13),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 12),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:M_before_passive_prog.outEdges_13))
-by ((simp add:M_before_passive_prog.node_13 M_before_passive_prog.block_13_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] M_before_passive_prog.proc_body ((Inl 14),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 M_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule M_before_passive_prog.node_14)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding M_before_passive_prog.block_14_def
-apply (rule assume_pres_normal[where ?es=M_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding M_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule M_before_passive_prog.outEdges_14)
-apply ((simp add:M_before_passive_prog.node_13 M_before_passive_prog.block_13_def))
-apply (rule M_before_passive_prog.outEdges_13)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int) (vc_z_1::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns M_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] M_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule M_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passification_proof.thy
deleted file mode 100644
index 3c5361e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passification_proof.thy
+++ /dev/null
@@ -1,482 +0,0 @@
-theory M_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog M_passive_prog Boogie_Lang.PassificationML M_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_0_def M_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon9_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [10] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [10])) (update_nstate_rel R [(0,(Inl 10))]) R_old M_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_1_def M_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_3(2)))
-by simp
-
-lemma block_anon6:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [11] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [11])) (update_nstate_rel R [(0,(Inl 11))]) R_old M_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_2_def M_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_4(2)))
-by simp
-
-lemma block_anon10_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [9] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [9])) (update_nstate_rel R [(1,(Inl 9))]) R_old M_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_3_def M_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_2(2)))
-by simp
-
-lemma block_anon10_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 1) = (Some (Inl 7)))" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_4_def M_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_5_def M_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon9_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_6_def M_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon9_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [8] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [8])) (update_nstate_rel R [(0,(Inl 8))]) R_old M_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_7_def M_passive_prog.block_7_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_8_def M_passive_prog.block_8_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [12] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [12])) (update_nstate_rel R [(2,(Inl 12))]) R_old M_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_9_def M_passive_prog.block_9_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_z(2) M_passive_prog.l_z_1(2)))
-by simp
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_10_def M_passive_prog.block_10_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_11 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [6,7] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [6,7])) (update_nstate_rel R [(0,(Inl 6)),(1,(Inl 7))]) R_old M_passive_prog.block_11 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_11_def M_passive_prog.block_11_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_1(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_12 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4,5] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4,5])) (update_nstate_rel R [(0,(Inl 3)),(1,(Inl 4)),(2,(Inl 5))]) R_old M_passive_prog.block_12 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_12_def M_passive_prog.block_12_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:M_before_ast_to_cfg_prog.l_x(2) M_passive_prog.l_x_0(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_y(2) M_passive_prog.l_y_0(2)))
-apply ((simp add:M_before_ast_to_cfg_prog.l_z(2) M_passive_prog.l_z_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_13 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_13 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_13_def M_passive_prog.block_13_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.block_14 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old M_passive_prog.block_14 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding M_before_passive_prog.block_14_def M_passive_prog.block_14_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_0},@{thm M_before_passive_prog.outEdges_0}) (@{thm M_passive_prog.node_0},@{thm M_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon9_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 10 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_1},@{thm M_before_passive_prog.outEdges_1}) (@{thm M_passive_prog.node_1},@{thm M_passive_prog.outEdges_1}) @{thm block_anon9_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon6:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 1) = (Some (Inl 1)))" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_2},@{thm M_before_passive_prog.outEdges_2}) (@{thm M_passive_prog.node_2},@{thm M_passive_prog.outEdges_2}) @{thm block_anon6} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon10_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_3},@{thm M_before_passive_prog.outEdges_3}) (@{thm M_passive_prog.node_3},@{thm M_passive_prog.outEdges_3}) @{thm block_anon10_Then} [
-@{thm cfg_block_anon6}] 1\<close>))
-
-lemma cfg_block_anon10_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 11 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 1) = (Some (Inl 7)))" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_4},@{thm M_before_passive_prog.outEdges_4}) (@{thm M_passive_prog.node_4},@{thm M_passive_prog.outEdges_4}) @{thm block_anon10_Else} [
-@{thm cfg_block_anon6}] 1\<close>))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_5},@{thm M_before_passive_prog.outEdges_5}) (@{thm M_passive_prog.node_5},@{thm M_passive_prog.outEdges_5}) @{thm block_anon3} [
-@{thm cfg_block_anon10_Then}, 
-@{thm cfg_block_anon10_Else}] 1\<close>))
-
-lemma cfg_block_anon9_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 9 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 8)))" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_6},@{thm M_before_passive_prog.outEdges_6}) (@{thm M_passive_prog.node_6},@{thm M_passive_prog.outEdges_6}) @{thm block_anon9_LoopDone} [
-@{thm cfg_block_anon3}] 1\<close>))
-
-lemma cfg_block_anon9_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_7},@{thm M_before_passive_prog.outEdges_7}) (@{thm M_passive_prog.node_7},@{thm M_passive_prog.outEdges_7}) @{thm block_anon9_LoopHead} [
-@{thm cfg_block_anon9_LoopDone}, 
-@{thm cfg_block_anon9_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 8 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))" and 
-"((R 1) = (Some (Inl 7)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_8},@{thm M_before_passive_prog.outEdges_8}) (@{thm M_passive_prog.node_8},@{thm M_passive_prog.outEdges_8}) @{thm block_anon8_LoopBody} [
-@{thm cfg_block_anon9_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon7:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 12 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_9},@{thm M_before_passive_prog.outEdges_9}) (@{thm M_passive_prog.node_9},@{thm M_passive_prog.outEdges_9}) @{thm block_anon7} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 12 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_10},@{thm M_before_passive_prog.outEdges_10}) (@{thm M_passive_prog.node_10},@{thm M_passive_prog.outEdges_10}) @{thm block_anon8_LoopDone} [
-@{thm cfg_block_anon7}] 1\<close>))
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 6 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 5)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 11)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm M_before_passive_prog.node_11},@{thm M_before_passive_prog.outEdges_11}) (@{thm M_passive_prog.node_11},@{thm M_passive_prog.outEdges_11}) @{thm block_anon8_LoopHead} [
-@{thm cfg_block_anon8_LoopDone}, 
-@{thm cfg_block_anon8_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 12)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_12},@{thm M_before_passive_prog.outEdges_12}) (@{thm M_passive_prog.node_12},@{thm M_passive_prog.outEdges_12}) @{thm block_anon0} [
-@{thm cfg_block_anon8_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 13)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_13},@{thm M_before_passive_prog.outEdges_13}) (@{thm M_passive_prog.node_13},@{thm M_passive_prog.outEdges_13}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> M_before_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> M_passive_prog.proc_body u (Inl 14)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm M_before_passive_prog.node_14},@{thm M_before_passive_prog.outEdges_14}) (@{thm M_passive_prog.node_14},@{thm M_passive_prog.outEdges_14}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_before_ast_to_cfg_prog.params_vdecls M_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] M_before_passive_prog.proc_body ((Inl 14),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int) (vc_z_1::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls ns M_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv M_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using M_before_passive_prog.globals_locals_disj apply auto[1]
-using M_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body u (Inl 14)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range M_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] M_passive_prog.proc_body ((Inl 14),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from M_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passive_prog.thy
deleted file mode 100644
index b8aae9c..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_passive_prog.thy
+++ /dev/null
@@ -1,317 +0,0 @@
-theory M_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util M_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 7) Gt (Lit (LInt 10)))),(Assume (BinOp (Var 10) Eq (BinOp (Var 8) Mul (Lit (LInt 10))))),(Assume (Lit (LBool False)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 11) Eq (BinOp (BinOp (Var 8) Add (Var 1)) Add (Var 5)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (BinOp (Var 8) Sub (Lit (LInt 10))) Gt (Lit (LInt 200)))),(Assume (BinOp (Var 9) Eq (BinOp (Var 5) Add (Lit (LInt 7)))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 200)) Ge (BinOp (Var 8) Sub (Lit (LInt 10)))))]"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 10)) Ge (Var 7)))]"
-definition block_7
-  where
-    "block_7  = []"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = [(Assume (BinOp (Var 12) Eq (BinOp (Var 5) Sub (Lit (LInt 2)))))]"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = []"
-definition block_12
-  where
-    "block_12  = []"
-definition block_13
-  where
-    "block_13  = []"
-definition block_14
-  where
-    "block_14  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[2],[3,4],[5],[6,1],[7],[0],[9],[10,8],[11],[12],[13]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11,block_12,block_13,block_14]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 14,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_12:
-shows "((nth (node_to_block proc_body) 12) = block_12)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_13:
-shows "((nth (node_to_block proc_body) 13) = block_13)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_14:
-shows "((nth (node_to_block proc_body) 14) = block_14)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [3,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10,8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_12:
-shows "((nth (out_edges proc_body) 12) = [11])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_13:
-shows "((nth (out_edges proc_body) 13) = [12])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_14:
-shows "((nth (out_edges proc_body) 14) = [13])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(8,(TPrim TInt),(None )),(10,(TPrim TInt),(None )),(9,(TPrim TInt),(None )),(11,(TPrim TInt),(None )),(12,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding M_passive_prog.params_vdecls_def M_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)))) = {})"
-unfolding M_before_ast_to_cfg_prog.constants_vdecls_def M_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_0:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z_0:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_1:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 8) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_3:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 10) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_y_2:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 9) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_4:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 11) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_z_1:
-shows "((map_of (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls) 12) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_0:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z_0:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_1:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 8) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_3:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 10) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_3
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_y_2:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 9) = (Some (TPrim TInt)))"
-using globals_locals_disj m_y_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_4:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 11) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_4
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_z_1:
-shows "((lookup_var_decl ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 12) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) 12) = (Some (TPrim TInt)))"
-using globals_locals_disj m_z_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_vcphase_proof.thy
deleted file mode 100644
index 926b213..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/M_proofs/M_vcphase_proof.thy
+++ /dev/null
@@ -1,505 +0,0 @@
-theory M_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML M_passive_prog M_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_y :: "int" and vc_z :: "int" and vc_x_0 :: "int" and vc_y_0 :: "int" and vc_z_0 :: "int" and vc_x_1 :: "int" and vc_y_1 :: "int" and vc_x_2 :: "int" and vc_x_3 :: "int" and vc_y_2 :: "int" and vc_x_4 :: "int" and vc_z_1 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_y)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_z)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_y_0)))" and 
-G5: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_z_0)))" and 
-G6: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_x_1)))" and 
-G7: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_y_1)))" and 
-G8: "((lookup_var \<Lambda> n_s 8) = (Some (IntV vc_x_2)))" and 
-G9: "((lookup_var \<Lambda> n_s 10) = (Some (IntV vc_x_3)))" and 
-G10: "((lookup_var \<Lambda> n_s 9) = (Some (IntV vc_y_2)))" and 
-G11: "((lookup_var \<Lambda> n_s 11) = (Some (IntV vc_x_4)))" and 
-G12: "((lookup_var \<Lambda> n_s 12) = (Some (IntV vc_z_1)))" and 
-G13: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8 G9 G10 G11 G12 G13
-lemmas forall_poly_thm = forall_vc_type[OF G13]
-lemmas exists_poly_thm = exists_vc_type[OF G13]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding M_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon9_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon9_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding M_passive_prog.block_1_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_hints = [
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon6AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding M_passive_prog.block_2_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon10_Then_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon10_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
-unfolding M_passive_prog.block_3_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon10_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon10_Else_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon10_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
-unfolding M_passive_prog.block_4_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon10_Else_hints \<close>)
-by (auto?)
-
-lemma block_anon3:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_5 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_5_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon9_LoopDone_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon9_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-unfolding M_passive_prog.block_6_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon9_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon9_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_7 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_7_def
-apply cases
-by auto
-
-lemma block_anon8_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_8 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_8_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon7_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon7AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_9 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding M_passive_prog.block_9_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_hints \<close>)
-by (auto?)
-
-lemma block_anon8_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_10 (Normal n_s) s')" and 
-"(vc.vc_anon0 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
-using assms
-unfolding M_passive_prog.block_10_def
-apply cases
-by auto
-
-lemma block_anon8_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_11 (Normal n_s) s')" and 
-"(((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_11_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_12 (Normal n_s) s')" and 
-"(((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_12_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_13 (Normal n_s) s')" and 
-"(((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding M_passive_prog.block_13_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.block_14 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding M_passive_prog.block_14_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) M_passive_prog.node_0 M_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon9_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_1])
-by (erule block_anon9_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon6:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) M_passive_prog.node_2])
-by (erule block_anon6AA0[OF _ assms(2)])
-
-lemma cfg_block_anon10_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_3])
-apply (erule block_anon10_ThenAA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon10_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_4])
-apply (erule block_anon10_ElseAA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon3:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_5])
-apply (erule block_anon3[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon10_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon10_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon9_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_6])
-apply (erule block_anon9_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon3, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon9_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_7])
-apply (erule block_anon9_LoopHead[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon9_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon9_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_8])
-apply (erule block_anon8_LoopBody[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon9_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon7:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) M_passive_prog.node_9])
-apply (erule block_anon7AA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_10])
-apply (erule block_anon8_LoopDone[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon8_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_11])
-apply (erule block_anon8_LoopHead[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_11))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 12),(Normal n_s)) (m',s'))" and 
-"(((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_12])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_12))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon8_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 13),(Normal n_s)) (m',s'))" and 
-"(((vc.vc_anon0 ) \<and> (vc.vc_anon0 )) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_13])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_13))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> M_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) M_passive_prog.node_14])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:M_passive_prog.outEdges_14))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls)) \<Gamma> [] M_passive_prog.proc_body ((Inl 14),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_y::int) (vc_z::int) (vc_x_0::int) (vc_y_0::int) (vc_z_0::int) (vc_x_1::int) (vc_y_1::int) (vc_x_2::int) (vc_x_3::int) (vc_y_2::int) (vc_x_4::int) (vc_z_1::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A M_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> M_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) M_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s M_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append M_before_ast_to_cfg_prog.constants_vdecls M_before_ast_to_cfg_prog.globals_vdecls),(append M_passive_prog.params_vdecls M_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((M_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x])
-apply (subst lookup_var_local[OF M_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y])
-apply (subst lookup_var_local[OF M_passive_prog.m_y])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z])
-apply (subst lookup_var_local[OF M_passive_prog.m_z])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_0:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_0])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z_0:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z_0])
-apply (subst lookup_var_local[OF M_passive_prog.m_z_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_1:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_1])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 8) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 8)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 8))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_3:"(((lookup_var ?\<Lambda> n_s 10) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 10)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 10))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_3])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_3])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_y_2:"(((lookup_var ?\<Lambda> n_s 9) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 9)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 9))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_y_2])
-apply (subst lookup_var_local[OF M_passive_prog.m_y_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_4:"(((lookup_var ?\<Lambda> n_s 11) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 11)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 11))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_x_4])
-apply (subst lookup_var_local[OF M_passive_prog.m_x_4])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_z_1:"(((lookup_var ?\<Lambda> n_s 12) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 12)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 12))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF M_passive_prog.m_z_1])
-apply (subst lookup_var_local[OF M_passive_prog.m_z_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_y])
-apply (rule HOL.conjunct1[OF sc_z])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_y_0])
-apply (rule HOL.conjunct1[OF sc_z_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_y_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (rule HOL.conjunct1[OF sc_x_3])
-apply (rule HOL.conjunct1[OF sc_y_2])
-apply (rule HOL.conjunct1[OF sc_x_4])
-apply (rule HOL.conjunct1[OF sc_z_1])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/ROOT
deleted file mode 100644
index f4cd52f..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session no_guard_loop_proofs = Boogie_Lang + 
-directories M_proofs
-theories
-global_data
-"M_proofs/M_before_ast_to_cfg_prog"
-"M_proofs/M_passive_prog"
-"M_proofs/M_asttocfg_proof"
-"M_proofs/M_passification_proof"
-"M_proofs/M_before_passive_prog"
-"M_proofs/M_vcphase_proof"
-"M_proofs/M_before_cfg_to_dag_prog"
-"M_proofs/M_cfgtodag_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_guard_loop_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/ROOT
deleted file mode 100644
index 206ae2b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session no_inv_loop_proofs = Boogie_Lang + 
-directories no_inv_loop_proofs
-theories
-global_data
-"no_inv_loop_proofs/no_inv_loop_before_passive_prog"
-"no_inv_loop_proofs/no_inv_loop_vcphase_proof"
-"no_inv_loop_proofs/no_inv_loop_asttocfg_proof"
-"no_inv_loop_proofs/no_inv_loop_passification_proof"
-"no_inv_loop_proofs/no_inv_loop_passive_prog"
-"no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog"
-"no_inv_loop_proofs/no_inv_loop_cfgtodag_proof"
-"no_inv_loop_proofs/no_inv_loop_before_ast_to_cfg_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_asttocfg_proof.thy
deleted file mode 100644
index 9d338e2..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_asttocfg_proof.thy
+++ /dev/null
@@ -1,344 +0,0 @@
-theory no_inv_loop_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_inv_loop_before_ast_to_cfg_prog no_inv_loop_before_cfg_to_dag_prog no_inv_loop_cfgtodag_proof no_inv_loop_passification_proof no_inv_loop_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A no_inv_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_inv_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of no_inv_loop_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_3_def)
-
-apply (rule astTrace)
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-apply (rule cont_3_def)
-apply (rule no_inv_loop_before_cfg_to_dag_prog.node_3)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule no_inv_loop_before_cfg_to_dag_prog.block_3_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply ( rule neg_gt)
-apply (rule guardHint)
-apply (rule no_inv_loop_before_cfg_to_dag_prog.outEdges_3)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_3)
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding no_inv_loop_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of no_inv_loop_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: assms(3) no_inv_loop_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_inv_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T no_inv_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 no_inv_loop_before_cfg_to_dag_prog.proc_body 1 no_inv_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of no_inv_loop_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule no_inv_loop_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule no_inv_loop_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_2)
-apply (rule rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_2)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=1])+)
-apply (simp add: no_inv_loop_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_inv_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of no_inv_loop_before_ast_to_cfg_prog.bigblock_1 _ _ _ no_inv_loop_before_cfg_to_dag_prog.block_1])
-apply (simp add:no_inv_loop_before_ast_to_cfg_prog.bigblock_1_def no_inv_loop_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:no_inv_loop_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of no_inv_loop_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:no_inv_loop_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.block_1_def no_inv_loop_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def no_inv_loop_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_3)
-apply (blast)
-
-
-apply ((blast)+)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-done
-qed
-qed
-
-lemma rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of no_inv_loop_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def no_inv_loop_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end no_inv_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of no_inv_loop_before_ast_to_cfg_prog.bigblock_0 _ no_inv_loop_before_cfg_to_dag_prog.block_0])
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_0_def no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-apply (rule no_inv_loop_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: no_inv_loop_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: no_inv_loop_before_cfg_to_dag_prog.node_0)
-apply (rule rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: no_inv_loop_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (no_inv_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A no_inv_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> no_inv_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) no_inv_loop_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_inv_loop_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (no_inv_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_no_inv_loop_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def no_inv_loop_before_ast_to_cfg_prog.pres_def no_inv_loop_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def no_inv_loop_before_ast_to_cfg_prog.pres_def no_inv_loop_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (no_inv_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) no_inv_loop_before_ast_to_cfg_prog.fdecls no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls no_inv_loop_before_ast_to_cfg_prog.axioms no_inv_loop_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding no_inv_loop_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 no_inv_loop_before_ast_to_cfg_prog.ast_proc_def no_inv_loop_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 23ff6ee..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,123 +0,0 @@
-theory no_inv_loop_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (None ) (None ))"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_1 cont_1)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding no_inv_loop_before_ast_to_cfg_prog.constants_vdecls_def no_inv_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding no_inv_loop_before_ast_to_cfg_prog.constants_vdecls_def no_inv_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding no_inv_loop_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding no_inv_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = no_inv_loop_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_inv_loop_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec no_inv_loop_before_ast_to_cfg_prog.post),proc_body = (Some (no_inv_loop_before_ast_to_cfg_prog.locals_vdecls,no_inv_loop_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy
deleted file mode 100644
index a765df1..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,149 +0,0 @@
-theory no_inv_loop_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[3,2],[1],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding no_inv_loop_before_cfg_to_dag_prog.constants_vdecls_def no_inv_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding no_inv_loop_before_cfg_to_dag_prog.constants_vdecls_def no_inv_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding no_inv_loop_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding no_inv_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding no_inv_loop_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) no_inv_loop_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding no_inv_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_inv_loop_before_cfg_to_dag_prog.constants_vdecls no_inv_loop_before_cfg_to_dag_prog.globals_vdecls),(append no_inv_loop_before_cfg_to_dag_prog.params_vdecls no_inv_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = no_inv_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec no_inv_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec no_inv_loop_before_cfg_to_dag_prog.post),proc_body = (Some (no_inv_loop_before_cfg_to_dag_prog.locals_vdecls,no_inv_loop_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy
deleted file mode 100644
index e3abb28..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_before_passive_prog.thy
+++ /dev/null
@@ -1,106 +0,0 @@
-theory no_inv_loop_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_inv_loop_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 0)]"
-definition block_4
-  where
-    "block_4  = [(Havoc 0)]"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_inv_loop_before_ast_to_cfg_prog.params_vdecls_def no_inv_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding no_inv_loop_before_ast_to_cfg_prog.constants_vdecls_def no_inv_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy
deleted file mode 100644
index ff59d56..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_cfgtodag_proof.thy
+++ /dev/null
@@ -1,330 +0,0 @@
-theory no_inv_loop_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML no_inv_loop_before_ast_to_cfg_prog no_inv_loop_before_cfg_to_dag_prog no_inv_loop_before_passive_prog no_inv_loop_passification_proof no_inv_loop_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A no_inv_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_inv_loop_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def no_inv_loop_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule no_inv_loop_before_passive_prog.node_0)
-apply simp
-unfolding no_inv_loop_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon2_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_inv_loop_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_inv_loop_before_cfg_to_dag_prog.block_3_def no_inv_loop_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon2_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule no_inv_loop_before_cfg_to_dag_prog.node_3)
-apply (rule no_inv_loop_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon2_LoopDone)
-apply assumption+
-apply (rule no_inv_loop_before_cfg_to_dag_prog.outEdges_3)
-apply (rule no_inv_loop_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma Mods_anon2_LoopBody:
-shows "(mods_contained_in (set [0]) no_inv_loop_before_cfg_to_dag_prog.block_2)"
-unfolding no_inv_loop_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon2_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_inv_loop_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_inv_loop_before_cfg_to_dag_prog.block_2_def no_inv_loop_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon2_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon2_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body [0] [] no_inv_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule no_inv_loop_before_cfg_to_dag_prog.node_2)
-apply (rule no_inv_loop_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon2_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon2_LoopBody)
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon2_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon2_LoopHead:
-shows "(mods_contained_in (set [0]) no_inv_loop_before_cfg_to_dag_prog.block_1)"
-unfolding no_inv_loop_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon2_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_inv_loop_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_inv_loop_before_cfg_to_dag_prog.block_1_def no_inv_loop_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:no_inv_loop_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon2_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule no_inv_loop_before_cfg_to_dag_prog.node_1)
-apply (rule no_inv_loop_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon2_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon2_LoopHead)
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:no_inv_loop_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:no_inv_loop_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] no_inv_loop_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding no_inv_loop_before_cfg_to_dag_prog.block_0_def no_inv_loop_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule no_inv_loop_before_cfg_to_dag_prog.node_0)
-apply (rule no_inv_loop_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:no_inv_loop_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:no_inv_loop_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:no_inv_loop_before_passive_prog.outEdges_5))
-by ((simp add:no_inv_loop_before_passive_prog.node_5 no_inv_loop_before_passive_prog.block_5_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 no_inv_loop_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule no_inv_loop_before_passive_prog.node_6)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding no_inv_loop_before_passive_prog.block_6_def
-apply (rule assume_pres_normal[where ?es=no_inv_loop_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding no_inv_loop_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule no_inv_loop_before_passive_prog.outEdges_6)
-apply ((simp add:no_inv_loop_before_passive_prog.node_5 no_inv_loop_before_passive_prog.block_5_def))
-apply (rule no_inv_loop_before_passive_prog.outEdges_5)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A no_inv_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> no_inv_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) no_inv_loop_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns no_inv_loop_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] no_inv_loop_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule no_inv_loop_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy
deleted file mode 100644
index c884e04..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passification_proof.thy
+++ /dev/null
@@ -1,279 +0,0 @@
-theory no_inv_loop_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_inv_loop_before_ast_to_cfg_prog no_inv_loop_passive_prog Boogie_Lang.PassificationML no_inv_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_inv_loop_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_inv_loop_before_passive_prog.block_0_def no_inv_loop_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon2_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_inv_loop_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_inv_loop_before_passive_prog.block_1_def no_inv_loop_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon2_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old no_inv_loop_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_inv_loop_before_passive_prog.block_2_def no_inv_loop_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:no_inv_loop_before_ast_to_cfg_prog.l_x(2) no_inv_loop_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon2_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old no_inv_loop_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_inv_loop_before_passive_prog.block_3_def no_inv_loop_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:no_inv_loop_before_ast_to_cfg_prog.l_x(2) no_inv_loop_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old no_inv_loop_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_inv_loop_before_passive_prog.block_4_def no_inv_loop_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:no_inv_loop_before_ast_to_cfg_prog.l_x(2) no_inv_loop_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_inv_loop_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_inv_loop_before_passive_prog.block_5_def no_inv_loop_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old no_inv_loop_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding no_inv_loop_before_passive_prog.block_6_def no_inv_loop_passive_prog.block_6_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_inv_loop_before_passive_prog.node_0},@{thm no_inv_loop_before_passive_prog.outEdges_0}) (@{thm no_inv_loop_passive_prog.node_0},@{thm no_inv_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon2_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm no_inv_loop_before_passive_prog.node_1},@{thm no_inv_loop_before_passive_prog.outEdges_1}) (@{thm no_inv_loop_passive_prog.node_1},@{thm no_inv_loop_passive_prog.outEdges_1}) @{thm block_anon2_LoopDone} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon2_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 2)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm no_inv_loop_before_passive_prog.node_2},@{thm no_inv_loop_before_passive_prog.outEdges_2}) (@{thm no_inv_loop_passive_prog.node_2},@{thm no_inv_loop_passive_prog.outEdges_2}) @{thm block_anon2_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon2_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_inv_loop_before_passive_prog.node_3},@{thm no_inv_loop_before_passive_prog.outEdges_3}) (@{thm no_inv_loop_passive_prog.node_3},@{thm no_inv_loop_passive_prog.outEdges_3}) @{thm block_anon2_LoopHead} [
-@{thm cfg_block_anon2_LoopDone}, 
-@{thm cfg_block_anon2_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_inv_loop_before_passive_prog.node_4},@{thm no_inv_loop_before_passive_prog.outEdges_4}) (@{thm no_inv_loop_passive_prog.node_4},@{thm no_inv_loop_passive_prog.outEdges_4}) @{thm block_anon0} [
-@{thm cfg_block_anon2_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_inv_loop_before_passive_prog.node_5},@{thm no_inv_loop_before_passive_prog.outEdges_5}) (@{thm no_inv_loop_passive_prog.node_5},@{thm no_inv_loop_passive_prog.outEdges_5}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> no_inv_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm no_inv_loop_before_passive_prog.node_6},@{thm no_inv_loop_before_passive_prog.outEdges_6}) (@{thm no_inv_loop_passive_prog.node_6},@{thm no_inv_loop_passive_prog.outEdges_6}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_before_ast_to_cfg_prog.params_vdecls no_inv_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A no_inv_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> no_inv_loop_before_ast_to_cfg_prog.constants_vdecls ns no_inv_loop_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv no_inv_loop_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding no_inv_loop_before_ast_to_cfg_prog.constants_vdecls_def no_inv_loop_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding no_inv_loop_passive_prog.params_vdecls_def no_inv_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using no_inv_loop_before_passive_prog.globals_locals_disj apply auto[1]
-using no_inv_loop_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] no_inv_loop_passive_prog.proc_body u (Inl 6)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range no_inv_loop_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] no_inv_loop_passive_prog.proc_body ((Inl 6),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from no_inv_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy
deleted file mode 100644
index 2c29254..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_passive_prog.thy
+++ /dev/null
@@ -1,148 +0,0 @@
-theory no_inv_loop_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util no_inv_loop_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 2)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 2) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 3) Eq (BinOp (Var 2) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding no_inv_loop_passive_prog.params_vdecls_def no_inv_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)))) = {})"
-unfolding no_inv_loop_before_ast_to_cfg_prog.constants_vdecls_def no_inv_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy
deleted file mode 100644
index 06d33d3..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/no_inv_loop_proofs/no_inv_loop_proofs/no_inv_loop_vcphase_proof.thy
+++ /dev/null
@@ -1,256 +0,0 @@
-theory no_inv_loop_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML no_inv_loop_passive_prog no_inv_loop_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_2)))" and 
-G4: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4
-lemmas forall_poly_thm = forall_vc_type[OF G4]
-lemmas exists_poly_thm = exists_vc_type[OF G4]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding no_inv_loop_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon2_LoopDone_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon2_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding no_inv_loop_passive_prog.block_1_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon2_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon2_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding no_inv_loop_passive_prog.block_2_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopBody_hints \<close>)
-by (auto?)
-
-lemma block_anon2_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_3 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding no_inv_loop_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding no_inv_loop_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_5 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding no_inv_loop_passive_prog.block_5_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding no_inv_loop_passive_prog.block_6_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) no_inv_loop_passive_prog.node_0 no_inv_loop_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon2_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) no_inv_loop_passive_prog.node_1])
-apply (erule block_anon2_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:no_inv_loop_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon2_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) no_inv_loop_passive_prog.node_2])
-by (erule block_anon2_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon2_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) no_inv_loop_passive_prog.node_3])
-apply (erule block_anon2_LoopHead[OF _ assms(2)])
-apply ((simp add:no_inv_loop_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) no_inv_loop_passive_prog.node_4])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:no_inv_loop_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) no_inv_loop_passive_prog.node_5])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:no_inv_loop_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> no_inv_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) no_inv_loop_passive_prog.node_6])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:no_inv_loop_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls)) \<Gamma> [] no_inv_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A no_inv_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> no_inv_loop_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) no_inv_loop_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s no_inv_loop_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append no_inv_loop_before_ast_to_cfg_prog.constants_vdecls no_inv_loop_before_ast_to_cfg_prog.globals_vdecls),(append no_inv_loop_passive_prog.params_vdecls no_inv_loop_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((no_inv_loop_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_inv_loop_passive_prog.m_x])
-apply (subst lookup_var_local[OF no_inv_loop_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_inv_loop_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF no_inv_loop_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_inv_loop_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF no_inv_loop_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF no_inv_loop_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF no_inv_loop_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/ROOT
deleted file mode 100644
index 4fc4f56..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session return_in_loop2_proofs = Boogie_Lang + 
-directories return_in_loop_proofs
-theories
-global_data
-"return_in_loop_proofs/return_in_loop_before_passive_prog"
-"return_in_loop_proofs/return_in_loop_passive_prog"
-"return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog"
-"return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog"
-"return_in_loop_proofs/return_in_loop_cfgtodag_proof"
-"return_in_loop_proofs/return_in_loop_vcphase_proof"
-"return_in_loop_proofs/return_in_loop_passification_proof"
-"return_in_loop_proofs/return_in_loop_asttocfg_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy
deleted file mode 100644
index 40a4912..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy
+++ /dev/null
@@ -1,518 +0,0 @@
-theory return_in_loop_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML return_in_loop_before_ast_to_cfg_prog return_in_loop_before_cfg_to_dag_prog return_in_loop_cfgtodag_proof return_in_loop_passification_proof return_in_loop_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_7 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_7 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_6_def return_in_loop_before_cfg_to_dag_prog.block_7_def)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_7_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_7_def return_in_loop_before_ast_to_cfg_prog.bigblock_6_def)+)
-done
-
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (simp)
-apply (rule cont_6_def)
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_7)
-apply (rule disjI1)
-apply (rule return_in_loop_before_cfg_to_dag_prog.block_7_def)
-apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_7)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_7)
-apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6)
-apply assumption+
-
-done
-qed
-
-lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_5_def return_in_loop_before_cfg_to_dag_prog.block_5_def)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_5_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_5_def return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)+)
-done
-
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T return_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 return_in_loop_before_cfg_to_dag_prog.proc_body 1 return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_5)
-apply (rule disjI1)
-apply (rule return_in_loop_before_cfg_to_dag_prog.block_5_def)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_5_def)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_5)
-apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5)
-apply assumption
-apply (simp)
-apply ((erule allE[where x=1])+)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_5)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Eq (Lit (LInt 5))) ns1 (BoolV False))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T return_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 return_in_loop_before_cfg_to_dag_prog.proc_body 1 return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_4])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_4_def)
-
-apply (rule astTrace)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_4_def)
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_4)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule return_in_loop_before_cfg_to_dag_prog.block_4_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (rule neg_eq)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_4_def)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_4)
-
-
-
-
-apply ((erule allE[where x = 5])+)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_4)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5)
-
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply blast+
-done
-qed
-
-lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_3,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Eq (Lit (LInt 5))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) (Normal ns1')))))"
-unfolding return_in_loop_before_cfg_to_dag_prog.block_3_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_3_def)
-apply ((simp add: assms(3) return_in_loop_before_ast_to_cfg_prog.bigblock_3_def)+)
-done
-
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Eq (Lit (LInt 5))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T return_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 return_in_loop_before_cfg_to_dag_prog.proc_body 1 return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_3)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule return_in_loop_before_cfg_to_dag_prog.block_3_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_3)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_3)
-apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_3)
-apply assumption+
-apply (rule guardHint)
-done
-qed
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T return_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 return_in_loop_before_cfg_to_dag_prog.proc_body 1 return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_if_successor)
-apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_2_def return_in_loop_before_ast_to_cfg_prog.bigblock_2_def)
-
-apply (rule astTrace)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_2)
-
-apply (rule disjI2)
-apply (rule disjI1)
-
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply (simp)
-
-
-apply (rule guardHint)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-
-
-
-
-
-apply (erule disjE)
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_3)
-apply (simp add: cont_2_def return_in_loop_before_ast_to_cfg_prog.bigblock_3_def cont_3_def )
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-
-apply ((erule allE[where x = 4])+)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_2)+)
-apply (simp add: member_rec(1))
-apply (rule conjE)
-apply ((simp)+)
-apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: cont_2_def return_in_loop_before_ast_to_cfg_prog.bigblock_4_def cont_4_def )
-apply blast+
-apply (rule loop_IH_prove)
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply (rule less_trans_inv)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_1 _ _ _ return_in_loop_before_cfg_to_dag_prog.block_1])
-apply (simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_1_def return_in_loop_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.block_1_def return_in_loop_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def return_in_loop_before_ast_to_cfg_prog.bigblock_2_def cont_2_def return_in_loop_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 6])+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_6)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_6_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_6)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_6)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_6_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_6)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def return_in_loop_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_0 _ return_in_loop_before_cfg_to_dag_prog.block_0])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_0)
-apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) return_in_loop_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns return_in_loop_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def return_in_loop_before_ast_to_cfg_prog.pres_def return_in_loop_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def return_in_loop_before_ast_to_cfg_prog.pres_def return_in_loop_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_6] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_6_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) return_in_loop_before_ast_to_cfg_prog.fdecls return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls return_in_loop_before_ast_to_cfg_prog.axioms return_in_loop_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding return_in_loop_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 return_in_loop_before_ast_to_cfg_prog.ast_proc_def return_in_loop_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy
deleted file mode 100644
index f819dad..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,141 +0,0 @@
-theory return_in_loop_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 10)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 0) Eq (Lit (LInt 5)))) [(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 5))))] (None ) (Some Return))] [(BigBlock (None ) [] (None ) (None ))])) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 0) Eq (Lit (LInt 5)))) [(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 5))))] (None ) (Some Return))] [(BigBlock (None ) [] (None ) (None ))])) (None )),(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [] (Some (ParsedIf (Some (BinOp (Var 0) Eq (Lit (LInt 5)))) [(BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 5))))] (None ) (Some Return))] [(BigBlock (None ) [] (None ) (None ))])) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [(Assert (BinOp (Var 0) Eq (Lit (LInt 5))))] (None ) (Some Return))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [] (None ) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [(Assert (BinOp (Var 0) Neq (Lit (LInt 5))))] (None ) (None ))"
-definition cont_6
-  where
-    "cont_6  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_6 cont_6)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_6 cont_6 ))"
-definition cont_5
-  where
-    "cont_5  = (KSeq bigblock_1 cont_1)"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_5 cont_5)"
-definition cont_3
-  where
-    "cont_3  = (KSeq bigblock_5 cont_5)"
-definition cont_4
-  where
-    "cont_4  = (KSeq bigblock_5 cont_5)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_6]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding return_in_loop_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = return_in_loop_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec return_in_loop_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec return_in_loop_before_ast_to_cfg_prog.post),proc_body = (Some (return_in_loop_before_ast_to_cfg_prog.locals_vdecls,return_in_loop_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy
deleted file mode 100644
index ab1f54a..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,193 +0,0 @@
-theory return_in_loop_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 10)))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 5)))),(Assert (BinOp (Var 0) Eq (Lit (LInt 5))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 5))))]"
-definition block_5
-  where
-    "block_5  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_7
-  where
-    "block_7  = [(Assert (BinOp (Var 0) Neq (Lit (LInt 5))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[6,2],[3,4],[],[5],[1],[7],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [6,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [3,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding return_in_loop_before_cfg_to_dag_prog.constants_vdecls_def return_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding return_in_loop_before_cfg_to_dag_prog.constants_vdecls_def return_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding return_in_loop_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding return_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding return_in_loop_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = return_in_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec return_in_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec return_in_loop_before_cfg_to_dag_prog.post),proc_body = (Some (return_in_loop_before_cfg_to_dag_prog.locals_vdecls,return_in_loop_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy
deleted file mode 100644
index d1f5c0f..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy
+++ /dev/null
@@ -1,150 +0,0 @@
-theory return_in_loop_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util return_in_loop_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Eq (Lit (LInt 5)))),(Assert (BinOp (Var 0) Eq (Lit (LInt 5))))]"
-definition block_2
-  where
-    "block_2  = [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1)))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 0) Neq (Lit (LInt 5))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assert (BinOp (Var 0) Neq (Lit (LInt 5))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_7
-  where
-    "block_7  = [(Havoc 0)]"
-definition block_8
-  where
-    "block_8  = [(Assign 0 (Lit (LInt 10)))]"
-definition block_9
-  where
-    "block_9  = []"
-definition block_10
-  where
-    "block_10  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[1,3],[0],[5],[6,4],[7],[8],[9]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 10,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [1,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy
deleted file mode 100644
index e348684..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy
+++ /dev/null
@@ -1,534 +0,0 @@
-theory return_in_loop_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML return_in_loop_before_ast_to_cfg_prog return_in_loop_before_cfg_to_dag_prog return_in_loop_before_passive_prog return_in_loop_passification_proof return_in_loop_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 return_in_loop_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def return_in_loop_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule return_in_loop_before_passive_prog.node_0)
-apply simp
-unfolding return_in_loop_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon7_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_3_def return_in_loop_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_Then:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_3)
-apply (rule return_in_loop_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon7_Then)
-apply assumption+
-apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_3)
-apply (rule return_in_loop_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma Mods_anon4:
-shows "(mods_contained_in (set [0]) return_in_loop_before_cfg_to_dag_prog.block_5)"
-unfolding return_in_loop_before_cfg_to_dag_prog.block_5_def
-by simp
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_5_def return_in_loop_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body [0] [] return_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_5)
-apply (rule return_in_loop_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon4)
-apply (assumption+)
-apply (rule Mods_anon4)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon6_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon7_Else:
-shows "(mods_contained_in (set [0]) return_in_loop_before_cfg_to_dag_prog.block_4)"
-unfolding return_in_loop_before_cfg_to_dag_prog.block_4_def
-by simp
-
-lemma block_anon7_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_4_def return_in_loop_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon7_Else:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body [0] [] return_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_4)
-apply (rule return_in_loop_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon7_Else)
-apply (assumption+)
-apply (rule Mods_anon7_Else)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon6_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopBody:
-shows "(mods_contained_in (set [0]) return_in_loop_before_cfg_to_dag_prog.block_2)"
-unfolding return_in_loop_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_2_def return_in_loop_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon6_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body [0] [] return_in_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_2)
-apply (rule return_in_loop_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon6_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon6_LoopBody)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_Then)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon7_Else)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_convert_pred)
-using IH_anon6_LoopHead apply simp
-apply simp
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma block_anon5:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_7_def return_in_loop_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_7)
-apply (rule return_in_loop_before_passive_prog.node_5)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon5)
-apply assumption+
-apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_7)
-apply (rule return_in_loop_before_passive_prog.outEdges_5)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_6_def return_in_loop_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_6)
-apply (rule return_in_loop_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon6_LoopDone)
-apply (assumption+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_6))
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_6))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon6_LoopHead:
-shows "(mods_contained_in (set [0]) return_in_loop_before_cfg_to_dag_prog.block_1)"
-unfolding return_in_loop_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_1_def return_in_loop_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:return_in_loop_before_ast_to_cfg_prog.l_x(1)))
-apply simp
-done
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [0] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [0]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_1)
-apply (rule return_in_loop_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon6_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon6_LoopHead)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_0_def return_in_loop_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_0)
-apply (rule return_in_loop_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_9))
-by ((simp add:return_in_loop_before_passive_prog.node_9 return_in_loop_before_passive_prog.block_9_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 return_in_loop_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule return_in_loop_before_passive_prog.node_10)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding return_in_loop_before_passive_prog.block_10_def
-apply (rule assume_pres_normal[where ?es=return_in_loop_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding return_in_loop_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule return_in_loop_before_passive_prog.outEdges_10)
-apply ((simp add:return_in_loop_before_passive_prog.node_9 return_in_loop_before_passive_prog.block_9_def))
-apply (rule return_in_loop_before_passive_prog.outEdges_9)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) return_in_loop_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns return_in_loop_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule return_in_loop_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy
deleted file mode 100644
index 15a3ac1..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy
+++ /dev/null
@@ -1,363 +0,0 @@
-theory return_in_loop_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util return_in_loop_before_ast_to_cfg_prog return_in_loop_passive_prog Boogie_Lang.PassificationML return_in_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_0_def return_in_loop_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon7_Then:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_1_def return_in_loop_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old return_in_loop_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_2_def return_in_loop_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:return_in_loop_before_ast_to_cfg_prog.l_x(2) return_in_loop_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon7_Else:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_3_def return_in_loop_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_4_def return_in_loop_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_5_def return_in_loop_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_6_def return_in_loop_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old return_in_loop_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_7_def return_in_loop_passive_prog.block_7_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:return_in_loop_before_ast_to_cfg_prog.l_x(2) return_in_loop_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 10)))]) R_old return_in_loop_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_8_def return_in_loop_passive_prog.block_8_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_9_def return_in_loop_passive_prog.block_9_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_10_def return_in_loop_passive_prog.block_10_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_0},@{thm return_in_loop_before_passive_prog.outEdges_0}) (@{thm return_in_loop_passive_prog.node_0},@{thm return_in_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon7_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_1},@{thm return_in_loop_before_passive_prog.outEdges_1}) (@{thm return_in_loop_passive_prog.node_1},@{thm return_in_loop_passive_prog.outEdges_1}) @{thm block_anon7_Then} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_2},@{thm return_in_loop_before_passive_prog.outEdges_2}) (@{thm return_in_loop_passive_prog.node_2},@{thm return_in_loop_passive_prog.outEdges_2}) @{thm block_anon4} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon7_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_3},@{thm return_in_loop_before_passive_prog.outEdges_3}) (@{thm return_in_loop_passive_prog.node_3},@{thm return_in_loop_passive_prog.outEdges_3}) @{thm block_anon7_Else} [
-@{thm cfg_block_anon4}] 1\<close>))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_4},@{thm return_in_loop_before_passive_prog.outEdges_4}) (@{thm return_in_loop_passive_prog.node_4},@{thm return_in_loop_passive_prog.outEdges_4}) @{thm block_anon6_LoopBody} [
-@{thm cfg_block_anon7_Then}, 
-@{thm cfg_block_anon7_Else}] 1\<close>))
-
-lemma cfg_block_anon5:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_5},@{thm return_in_loop_before_passive_prog.outEdges_5}) (@{thm return_in_loop_passive_prog.node_5},@{thm return_in_loop_passive_prog.outEdges_5}) @{thm block_anon5} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_6},@{thm return_in_loop_before_passive_prog.outEdges_6}) (@{thm return_in_loop_passive_prog.node_6},@{thm return_in_loop_passive_prog.outEdges_6}) @{thm block_anon6_LoopDone} [
-@{thm cfg_block_anon5}] 1\<close>))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_7},@{thm return_in_loop_before_passive_prog.outEdges_7}) (@{thm return_in_loop_passive_prog.node_7},@{thm return_in_loop_passive_prog.outEdges_7}) @{thm block_anon6_LoopHead} [
-@{thm cfg_block_anon6_LoopDone}, 
-@{thm cfg_block_anon6_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_8},@{thm return_in_loop_before_passive_prog.outEdges_8}) (@{thm return_in_loop_passive_prog.node_8},@{thm return_in_loop_passive_prog.outEdges_8}) @{thm block_anon0} [
-@{thm cfg_block_anon6_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_9},@{thm return_in_loop_before_passive_prog.outEdges_9}) (@{thm return_in_loop_passive_prog.node_9},@{thm return_in_loop_passive_prog.outEdges_9}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_10},@{thm return_in_loop_before_passive_prog.outEdges_10}) (@{thm return_in_loop_passive_prog.node_10},@{thm return_in_loop_passive_prog.outEdges_10}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls ns return_in_loop_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv return_in_loop_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding return_in_loop_passive_prog.params_vdecls_def return_in_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using return_in_loop_before_passive_prog.globals_locals_disj apply auto[1]
-using return_in_loop_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] return_in_loop_passive_prog.proc_body u (Inl 10)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range return_in_loop_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] return_in_loop_passive_prog.proc_body ((Inl 10),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from return_in_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy
deleted file mode 100644
index 2d69610..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy
+++ /dev/null
@@ -1,183 +0,0 @@
-theory return_in_loop_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util return_in_loop_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Eq (Lit (LInt 5)))),(Assert (BinOp (Var 1) Eq (Lit (LInt 5))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 2) Eq (BinOp (Var 1) Sub (Lit (LInt 1))))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 1) Neq (Lit (LInt 5))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0))))]"
-definition block_5
-  where
-    "block_5  = [(Assert (BinOp (Var 1) Neq (Lit (LInt 5))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_7
-  where
-    "block_7  = []"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition block_10
-  where
-    "block_10  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[2],[1,3],[0],[5],[6,4],[7],[8],[9]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 10,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [1,3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6,4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding return_in_loop_passive_prog.params_vdecls_def return_in_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)))) = {})"
-unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy
deleted file mode 100644
index d0014b8..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop2_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy
+++ /dev/null
@@ -1,361 +0,0 @@
-theory return_in_loop_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML return_in_loop_passive_prog return_in_loop_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon7_Then
-  where
-    "vc_anon7_Then x_0 = ((x_0 = (5::int)) \<longrightarrow> (x_0 = (5::int)))"
-definition vc_anon4
-  where
-    "vc_anon4  = True"
-definition vc_anon7_Else
-  where
-    "vc_anon7_Else x_0 = ((x_0 \<noteq> (5::int)) \<longrightarrow> (vc_anon4 ))"
-definition vc_anon6_LoopBody
-  where
-    "vc_anon6_LoopBody x_0 = ((x_0 > (0::int)) \<longrightarrow> ((vc_anon7_Then x_0) \<and> (vc_anon7_Else x_0)))"
-definition vc_anon5
-  where
-    "vc_anon5 x_0 = (x_0 \<noteq> (5::int))"
-definition vc_anon6_LoopDone
-  where
-    "vc_anon6_LoopDone x_0 = (((0::int) \<ge> x_0) \<longrightarrow> (vc_anon5 x_0))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 = ((vc_anon6_LoopDone x_0) \<and> (vc_anon6_LoopBody x_0))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3
-lemmas forall_poly_thm = forall_vc_type[OF G3]
-lemmas exists_poly_thm = exists_vc_type[OF G3]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding return_in_loop_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon7_Then_hints = [
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon7_ThenAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_Then vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding return_in_loop_passive_prog.block_1_def vc.vc_anon7_Then_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_Then_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_hints = [
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon4AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 ) \<Longrightarrow> (s' = Magic)))"
-unfolding return_in_loop_passive_prog.block_2_def vc.vc_anon4_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon7_Else_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon7_ElseAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon7_Else vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 )))))))"
-unfolding return_in_loop_passive_prog.block_3_def vc.vc_anon7_Else_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon7_Else_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopBody_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon7_Then vc_x_0) \<and> (vc.vc_anon7_Else vc_x_0))))))))"
-unfolding return_in_loop_passive_prog.block_4_def vc.vc_anon6_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon5_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon5AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding return_in_loop_passive_prog.block_5_def vc.vc_anon5_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon6_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon5 vc_x_0)))))))"
-unfolding return_in_loop_passive_prog.block_6_def vc.vc_anon6_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_7 (Normal n_s) s')" and 
-"((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))))))"
-using assms
-unfolding return_in_loop_passive_prog.block_7_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_8 (Normal n_s) s')" and 
-"((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))))))"
-using assms
-unfolding return_in_loop_passive_prog.block_8_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_9 (Normal n_s) s')" and 
-"((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))))))"
-using assms
-unfolding return_in_loop_passive_prog.block_9_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_10 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding return_in_loop_passive_prog.block_10_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) return_in_loop_passive_prog.node_0 return_in_loop_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon7_Then:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_Then vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_in_loop_passive_prog.node_1])
-apply (erule block_anon7_ThenAA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) return_in_loop_passive_prog.node_2])
-by (erule block_anon4AA0[OF _ assms(2)])
-
-lemma cfg_block_anon7_Else:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon7_Else vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_3])
-apply (erule block_anon7_ElseAA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopBody vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_4])
-apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_Then, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon7_Else, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5 vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_in_loop_passive_prog.node_5])
-apply (erule block_anon5AA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopDone vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_6])
-apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_7])
-apply (erule block_anon6_LoopHead[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_8])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody vc_x_0))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_9])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_10])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) \<Gamma> [] return_in_loop_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) return_in_loop_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s return_in_loop_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((return_in_loop_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x])
-apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/ROOT
deleted file mode 100644
index 4198e04..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session return_in_loop_proofs = Boogie_Lang + 
-directories return_in_loop_proofs
-theories
-global_data
-"return_in_loop_proofs/return_in_loop_before_passive_prog"
-"return_in_loop_proofs/return_in_loop_passive_prog"
-"return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog"
-"return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog"
-"return_in_loop_proofs/return_in_loop_cfgtodag_proof"
-"return_in_loop_proofs/return_in_loop_vcphase_proof"
-"return_in_loop_proofs/return_in_loop_passification_proof"
-"return_in_loop_proofs/return_in_loop_asttocfg_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy
deleted file mode 100644
index 126532e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_asttocfg_proof.thy
+++ /dev/null
@@ -1,529 +0,0 @@
-theory return_in_loop_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML return_in_loop_before_ast_to_cfg_prog return_in_loop_before_cfg_to_dag_prog return_in_loop_cfgtodag_proof return_in_loop_passification_proof return_in_loop_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_6,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_8 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_8 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_6_def return_in_loop_before_cfg_to_dag_prog.block_8_def)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_8_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_8_def return_in_loop_before_ast_to_cfg_prog.bigblock_6_def)+)
-done
-
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_6,cont_6,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_6])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_6_def)
-apply (simp)
-apply (simp)
-apply (rule cont_6_def)
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_8)
-apply (rule disjI1)
-apply (rule return_in_loop_before_cfg_to_dag_prog.block_8_def)
-apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_8)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_8)
-apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6)
-apply assumption+
-
-done
-qed
-
-lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_5,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) (Normal ns1')))))"
-unfolding return_in_loop_before_cfg_to_dag_prog.block_6_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_6_def)
-apply ((simp add: assms(3) return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)+)
-done
-
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_5,cont_5,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Lt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T return_in_loop_before_ast_to_cfg_prog.bigblock_4 cont_4 return_in_loop_before_cfg_to_dag_prog.proc_body 5 return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_5])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_5_def)
-apply (simp)
-apply (simp)
-
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_6)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule return_in_loop_before_cfg_to_dag_prog.block_6_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_6)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_6)
-apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5)
-apply assumption+
-apply (rule guardHint)
-done
-qed
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_4:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_4,cont_4,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_4_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_4 _ _ _ return_in_loop_before_cfg_to_dag_prog.block_5])
-apply (simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_4_def return_in_loop_before_cfg_to_dag_prog.block_5_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_4_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_4])
-apply ((simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_4_def)+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.block_5_def return_in_loop_before_cfg_to_dag_prog.node_5)+)
-apply (rule cont_4_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 6])+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_5)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_5)
-apply (simp add: cont_4_def return_in_loop_before_ast_to_cfg_prog.bigblock_5_def cont_5_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_4_def cont_5_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 7])+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_5)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_6)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_7)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_7_def)
-apply (rule neg_lt)
-apply (simp)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_7)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_7)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_7_def)
-apply (rule neg_lt)
-apply (simp)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_7)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_3_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_4)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_4_def cont_3_def cont_4_def)
-apply (rule correctness_propagates_through_empty)
-using assms(2)
-apply blast
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_4)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_4_def)
-
-
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_empty2)
-using assms(3)
-apply blast
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_4)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_4_def)
-
-
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_4)
-apply (simp add: member_rec)
-apply ((simp)+)
-done
-
-lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding return_in_loop_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: assms(3) return_in_loop_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 0) Gt (Lit (LInt 0))) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T return_in_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 return_in_loop_before_cfg_to_dag_prog.proc_body 1 return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (simp)
-
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule return_in_loop_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_2)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_2)
-apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_2)
-apply assumption+
-apply (rule guardHint)
-done
-qed
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_1 _ _ _ return_in_loop_before_cfg_to_dag_prog.block_1])
-apply (simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_1_def return_in_loop_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of return_in_loop_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:return_in_loop_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.block_1_def return_in_loop_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def return_in_loop_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_3)
-apply (blast)
-
-
-
-apply (rule correctness_propagates_through_assumption)
-apply blast
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_3)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_3_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_3)
-apply ((simp add: member_rec)+)
-apply (rule correctness_propagates_through_assumption3)
-apply blast
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_3)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_3_def)
-apply (rule neg_gt)
-apply (simp)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_3)
-apply ((simp add: member_rec)+)
-done
-qed
-qed
-
-lemma rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def return_in_loop_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_in_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of return_in_loop_before_ast_to_cfg_prog.bigblock_0 _ return_in_loop_before_cfg_to_dag_prog.block_0])
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def return_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def)
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: return_in_loop_before_cfg_to_dag_prog.node_0)
-apply (rule rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: return_in_loop_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) return_in_loop_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns return_in_loop_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_return_in_loop_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def return_in_loop_before_ast_to_cfg_prog.pres_def return_in_loop_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def return_in_loop_before_ast_to_cfg_prog.pres_def return_in_loop_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3,bigblock_6] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (return_in_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def cont_6_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) return_in_loop_before_ast_to_cfg_prog.fdecls return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls return_in_loop_before_ast_to_cfg_prog.axioms return_in_loop_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding return_in_loop_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 return_in_loop_before_ast_to_cfg_prog.ast_proc_def return_in_loop_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy
deleted file mode 100644
index e46ed8f..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,141 +0,0 @@
-theory return_in_loop_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Havoc 0)] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (Some Return))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Gt (Lit (LInt 0)))) [] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (Some Return))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))] (None ) (Some Return))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) [(BinOp (Var 0) Le (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (Some Return))]))) (None ))"
-definition bigblock_4
-  where
-    "bigblock_4  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 0) Lt (Lit (LInt 0)))) [(BinOp (Var 0) Le (Lit (LInt 0)))] [(BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (Some Return))])) (None ))"
-definition bigblock_5
-  where
-    "bigblock_5  = (BigBlock (None ) [(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))] (None ) (Some Return))"
-definition bigblock_6
-  where
-    "bigblock_6  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))] (None ) (None ))"
-definition cont_6
-  where
-    "cont_6  = KStop"
-definition cont_3
-  where
-    "cont_3  = (KSeq bigblock_6 cont_6)"
-definition cont_4
-  where
-    "cont_4  = (KEndBlock (KSeq bigblock_6 cont_6 ))"
-definition cont_5
-  where
-    "cont_5  = (KSeq bigblock_4 cont_4)"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_1 cont_1)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3,bigblock_6]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding return_in_loop_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = return_in_loop_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec return_in_loop_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec return_in_loop_before_ast_to_cfg_prog.post),proc_body = (Some (return_in_loop_before_ast_to_cfg_prog.locals_vdecls,return_in_loop_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 39a44bc..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,204 +0,0 @@
-theory return_in_loop_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Havoc 0)]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = [(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0)))]"
-definition block_8
-  where
-    "block_8  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[3,2],[],[4],[5],[7,6],[],[8],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [7,6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding return_in_loop_before_cfg_to_dag_prog.constants_vdecls_def return_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding return_in_loop_before_cfg_to_dag_prog.params_vdecls_def return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding return_in_loop_before_cfg_to_dag_prog.constants_vdecls_def return_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding return_in_loop_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding return_in_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding return_in_loop_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_in_loop_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding return_in_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_cfg_to_dag_prog.constants_vdecls return_in_loop_before_cfg_to_dag_prog.globals_vdecls),(append return_in_loop_before_cfg_to_dag_prog.params_vdecls return_in_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = return_in_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec return_in_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec return_in_loop_before_cfg_to_dag_prog.post),proc_body = (Some (return_in_loop_before_cfg_to_dag_prog.locals_vdecls,return_in_loop_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy
deleted file mode 100644
index 8c9e1ef..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_before_passive_prog.thy
+++ /dev/null
@@ -1,161 +0,0 @@
-theory return_in_loop_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util return_in_loop_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Gt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Sub (Lit (LInt 1))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 0) Lt (Lit (LInt 0)))),(Assign 0 (BinOp (Var 0) Add (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = [(Assign 0 (Lit (LInt 0))),(Assert (BinOp (Var 0) Eq (Lit (LInt 0))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 0)))]"
-definition block_5
-  where
-    "block_5  = [(Assert (BinOp (Var 0) Le (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 0)))]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = [(Havoc 0)]"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[9],[10]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 11,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding return_in_loop_before_ast_to_cfg_prog.params_vdecls_def return_in_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy
deleted file mode 100644
index 4eba79c..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_cfgtodag_proof.thy
+++ /dev/null
@@ -1,514 +0,0 @@
-theory return_in_loop_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML return_in_loop_before_ast_to_cfg_prog return_in_loop_before_cfg_to_dag_prog return_in_loop_before_passive_prog return_in_loop_passification_proof return_in_loop_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 return_in_loop_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def return_in_loop_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule return_in_loop_before_passive_prog.node_0)
-apply simp
-unfolding return_in_loop_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_2_def return_in_loop_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_2)
-apply (rule return_in_loop_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon5_LoopBody)
-apply assumption+
-apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_2)
-apply (rule return_in_loop_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_6 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_2 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_6_def return_in_loop_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 6),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_6)
-apply (rule return_in_loop_before_passive_prog.node_2)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon6_LoopBody)
-apply assumption+
-apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_6)
-apply (rule return_in_loop_before_passive_prog.outEdges_2)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_8 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_8_def return_in_loop_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon4:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 8),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_8)
-apply (rule return_in_loop_before_passive_prog.node_3)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon4)
-apply assumption+
-apply (rule return_in_loop_before_cfg_to_dag_prog.outEdges_8)
-apply (rule return_in_loop_before_passive_prog.outEdges_3)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_7 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_7_def return_in_loop_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 7),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_7)
-apply (rule return_in_loop_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon6_LoopDone)
-apply (assumption+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_7))
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_7))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon4)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_5 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_5 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_5 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_5_def return_in_loop_before_passive_prog.block_5_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 5),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_5)
-apply (rule return_in_loop_before_passive_prog.node_5)
-apply (assumption+)
-apply (rule block_anon6_LoopHead)
-apply (assumption+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_5))
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_5))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=4])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_5))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon2:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_4 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_6 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_6 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_4_def return_in_loop_before_passive_prog.block_6_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon2:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 4),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_4)
-apply (rule return_in_loop_before_passive_prog.node_6)
-apply (assumption+)
-apply (rule block_anon2)
-apply (assumption+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_4))
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_4))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=5])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_6))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon6_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_7 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_7 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_3_def return_in_loop_before_passive_prog.block_7_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 7),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_3)
-apply (rule return_in_loop_before_passive_prog.node_7)
-apply (assumption+)
-apply (rule block_anon5_LoopDone)
-apply (assumption+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_3))
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_3))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=6])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_7))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_8 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_8 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_1_def return_in_loop_before_passive_prog.block_8_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_1)
-apply (rule return_in_loop_before_passive_prog.node_8)
-apply (assumption+)
-apply (rule block_anon5_LoopHead)
-apply (assumption+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=7])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_8))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.block_9 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_in_loop_before_passive_prog.block_9 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_in_loop_before_cfg_to_dag_prog.block_0_def return_in_loop_before_passive_prog.block_9_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule return_in_loop_before_cfg_to_dag_prog.node_0)
-apply (rule return_in_loop_before_passive_prog.node_9)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:return_in_loop_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=8])
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_9))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon5_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:return_in_loop_before_passive_prog.outEdges_10))
-by ((simp add:return_in_loop_before_passive_prog.node_10 return_in_loop_before_passive_prog.block_10_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 11),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 return_in_loop_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule return_in_loop_before_passive_prog.node_11)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding return_in_loop_before_passive_prog.block_11_def
-apply (rule assume_pres_normal[where ?es=return_in_loop_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding return_in_loop_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule return_in_loop_before_passive_prog.outEdges_11)
-apply ((simp add:return_in_loop_before_passive_prog.node_10 return_in_loop_before_passive_prog.block_10_def))
-apply (rule return_in_loop_before_passive_prog.outEdges_10)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) return_in_loop_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns return_in_loop_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] return_in_loop_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_in_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule return_in_loop_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy
deleted file mode 100644
index ec7bcb2..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passification_proof.thy
+++ /dev/null
@@ -1,385 +0,0 @@
-theory return_in_loop_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util return_in_loop_before_ast_to_cfg_prog return_in_loop_passive_prog Boogie_Lang.PassificationML return_in_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_0_def return_in_loop_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [2] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [2])) (update_nstate_rel R [(0,(Inl 2))]) R_old return_in_loop_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_1_def return_in_loop_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:return_in_loop_before_ast_to_cfg_prog.l_x(2) return_in_loop_passive_prog.l_x_1(2)))
-by simp
-
-lemma block_anon6_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3])) (update_nstate_rel R [(0,(Inl 3))]) R_old return_in_loop_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_2_def return_in_loop_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:return_in_loop_before_ast_to_cfg_prog.l_x(2) return_in_loop_passive_prog.l_x_2(2)))
-by simp
-
-lemma block_anon4:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old return_in_loop_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_3_def return_in_loop_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_4_def return_in_loop_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon6_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_5_def return_in_loop_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon2:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_6_def return_in_loop_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_7 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_7 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_7_def return_in_loop_passive_prog.block_7_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_8 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_8 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_8_def return_in_loop_passive_prog.block_8_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_9 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [1] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [1])) (update_nstate_rel R [(0,(Inl 1))]) R_old return_in_loop_passive_prog.block_9 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_9_def return_in_loop_passive_prog.block_9_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:return_in_loop_before_ast_to_cfg_prog.l_x(2) return_in_loop_passive_prog.l_x_0(2)))
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_10 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_10 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_10_def return_in_loop_passive_prog.block_10_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.block_11 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_in_loop_passive_prog.block_11 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_in_loop_before_passive_prog.block_11_def return_in_loop_passive_prog.block_11_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_0},@{thm return_in_loop_before_passive_prog.outEdges_0}) (@{thm return_in_loop_passive_prog.node_0},@{thm return_in_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_1},@{thm return_in_loop_before_passive_prog.outEdges_1}) (@{thm return_in_loop_passive_prog.node_1},@{thm return_in_loop_passive_prog.outEdges_1}) @{thm block_anon5_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_2},@{thm return_in_loop_before_passive_prog.outEdges_2}) (@{thm return_in_loop_passive_prog.node_2},@{thm return_in_loop_passive_prog.outEdges_2}) @{thm block_anon6_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_3},@{thm return_in_loop_before_passive_prog.outEdges_3}) (@{thm return_in_loop_passive_prog.node_3},@{thm return_in_loop_passive_prog.outEdges_3}) @{thm block_anon4} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_4},@{thm return_in_loop_before_passive_prog.outEdges_4}) (@{thm return_in_loop_passive_prog.node_4},@{thm return_in_loop_passive_prog.outEdges_4}) @{thm block_anon6_LoopDone} [
-@{thm cfg_block_anon4}] 1\<close>))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_5},@{thm return_in_loop_before_passive_prog.outEdges_5}) (@{thm return_in_loop_passive_prog.node_5},@{thm return_in_loop_passive_prog.outEdges_5}) @{thm block_anon6_LoopHead} [
-@{thm cfg_block_anon6_LoopDone}, 
-@{thm cfg_block_anon6_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon2:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_6},@{thm return_in_loop_before_passive_prog.outEdges_6}) (@{thm return_in_loop_passive_prog.node_6},@{thm return_in_loop_passive_prog.outEdges_6}) @{thm block_anon2} [
-@{thm cfg_block_anon6_LoopHead}] 1\<close>))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 7)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_7},@{thm return_in_loop_before_passive_prog.outEdges_7}) (@{thm return_in_loop_passive_prog.node_7},@{thm return_in_loop_passive_prog.outEdges_7}) @{thm block_anon5_LoopDone} [
-@{thm cfg_block_anon2}] 1\<close>))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 2 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 8)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm return_in_loop_before_passive_prog.node_8},@{thm return_in_loop_before_passive_prog.outEdges_8}) (@{thm return_in_loop_passive_prog.node_8},@{thm return_in_loop_passive_prog.outEdges_8}) @{thm block_anon5_LoopHead} [
-@{thm cfg_block_anon5_LoopDone}, 
-@{thm cfg_block_anon5_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 9)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_9},@{thm return_in_loop_before_passive_prog.outEdges_9}) (@{thm return_in_loop_passive_prog.node_9},@{thm return_in_loop_passive_prog.outEdges_9}) @{thm block_anon0} [
-@{thm cfg_block_anon5_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 10)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_10},@{thm return_in_loop_before_passive_prog.outEdges_10}) (@{thm return_in_loop_passive_prog.node_10},@{thm return_in_loop_passive_prog.outEdges_10}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_in_loop_before_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body u (Inl 11)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_in_loop_before_passive_prog.node_11},@{thm return_in_loop_before_passive_prog.outEdges_11}) (@{thm return_in_loop_passive_prog.node_11},@{thm return_in_loop_passive_prog.outEdges_11}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_before_ast_to_cfg_prog.params_vdecls return_in_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_in_loop_before_passive_prog.proc_body ((Inl 11),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls ns return_in_loop_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv return_in_loop_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding return_in_loop_passive_prog.params_vdecls_def return_in_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using return_in_loop_before_passive_prog.globals_locals_disj apply auto[1]
-using return_in_loop_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] return_in_loop_passive_prog.proc_body u (Inl 11)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range return_in_loop_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] return_in_loop_passive_prog.proc_body ((Inl 11),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from return_in_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy
deleted file mode 100644
index 2d86a94..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_passive_prog.thy
+++ /dev/null
@@ -1,203 +0,0 @@
-theory return_in_loop_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util return_in_loop_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 1) Gt (Lit (LInt 0)))),(Assume (BinOp (Var 2) Eq (BinOp (Var 1) Sub (Lit (LInt 1)))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Lt (Lit (LInt 0)))),(Assume (BinOp (Var 3) Eq (BinOp (Var 1) Add (Lit (LInt 1)))))]"
-definition block_3
-  where
-    "block_3  = [(Assert (BinOp (Lit (LInt 0)) Eq (Lit (LInt 0))))]"
-definition block_4
-  where
-    "block_4  = [(Assume (BinOp (Lit (LInt 0)) Le (Var 1)))]"
-definition block_5
-  where
-    "block_5  = [(Assert (BinOp (Var 1) Le (Lit (LInt 0))))]"
-definition block_6
-  where
-    "block_6  = []"
-definition block_7
-  where
-    "block_7  = [(Assume (BinOp (Lit (LInt 0)) Ge (Var 1)))]"
-definition block_8
-  where
-    "block_8  = []"
-definition block_9
-  where
-    "block_9  = []"
-definition block_10
-  where
-    "block_10  = []"
-definition block_11
-  where
-    "block_11  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[0],[3],[4,2],[5],[6],[7,1],[8],[9],[10]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6,block_7,block_8,block_9,block_10,block_11]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 11,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_7:
-shows "((nth (node_to_block proc_body) 7) = block_7)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_8:
-shows "((nth (node_to_block proc_body) 8) = block_8)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_9:
-shows "((nth (node_to_block proc_body) 9) = block_9)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_10:
-shows "((nth (node_to_block proc_body) 10) = block_10)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_11:
-shows "((nth (node_to_block proc_body) 11) = block_11)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_7:
-shows "((nth (out_edges proc_body) 7) = [6])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_8:
-shows "((nth (out_edges proc_body) 8) = [7,1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_9:
-shows "((nth (out_edges proc_body) 9) = [8])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_10:
-shows "((nth (out_edges proc_body) 10) = [9])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_11:
-shows "((nth (out_edges proc_body) 11) = [10])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None )),(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None )),(3,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding return_in_loop_passive_prog.params_vdecls_def return_in_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)))) = {})"
-unfolding return_in_loop_before_ast_to_cfg_prog.constants_vdecls_def return_in_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_0:
-shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_1:
-shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_x_2:
-shows "((map_of (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_0:
-shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_1:
-shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_x_2:
-shows "((lookup_var_decl ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy
deleted file mode 100644
index 25d40b6..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/return_in_loop_proofs/return_in_loop_proofs/return_in_loop_vcphase_proof.thy
+++ /dev/null
@@ -1,395 +0,0 @@
-theory return_in_loop_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML return_in_loop_passive_prog return_in_loop_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon5_LoopBody
-  where
-    "vc_anon5_LoopBody  = True"
-definition vc_anon6_LoopBody
-  where
-    "vc_anon6_LoopBody  = True"
-definition vc_anon4
-  where
-    "vc_anon4  = ((0::int) = (0::int))"
-definition vc_anon6_LoopDone
-  where
-    "vc_anon6_LoopDone x_0 = (((0::int) \<le> x_0) \<longrightarrow> (vc_anon4 ))"
-definition vc_anon6_LoopHead
-  where
-    "vc_anon6_LoopHead x_0 = ((x_0 \<le> (0::int)) \<and> ((x_0 \<le> (0::int)) \<longrightarrow> ((vc_anon6_LoopDone x_0) \<and> (vc_anon6_LoopBody ))))"
-definition vc_anon5_LoopDone
-  where
-    "vc_anon5_LoopDone x_0 = (((0::int) \<ge> x_0) \<longrightarrow> (vc_anon6_LoopHead x_0))"
-definition vc_anon0
-  where
-    "vc_anon0 x_0 = ((vc_anon5_LoopDone x_0) \<and> (vc_anon5_LoopBody ))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_x :: "int" and vc_x_0 :: "int" and vc_x_1 :: "int" and vc_x_2 :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_x_0)))" and 
-G2: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_x_1)))" and 
-G3: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_x_2)))" and 
-G4: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4
-lemmas forall_poly_thm = forall_vc_type[OF G4]
-lemmas exists_poly_thm = exists_vc_type[OF G4]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding return_in_loop_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon5_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon5_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopBody ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding return_in_loop_passive_prog.block_1_def vc.vc_anon5_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon6_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopBody ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding return_in_loop_passive_prog.block_2_def vc.vc_anon6_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon4_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon4AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon4 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding return_in_loop_passive_prog.block_3_def vc.vc_anon4_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon4_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon6_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopDone vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon4 )))))))"
-unfolding return_in_loop_passive_prog.block_4_def vc.vc_anon6_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon6_LoopHead_hints = [
-(AssertSub,NONE)]
-\<close>
-lemma block_anon6_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_5 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon6_LoopHead vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon6_LoopDone vc_x_0) \<and> (vc.vc_anon6_LoopBody ))))))))"
-unfolding return_in_loop_passive_prog.block_5_def vc.vc_anon6_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon6_LoopHead_hints \<close>)
-by (auto?)
-
-lemma block_anon2:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_6 (Normal n_s) s')" and 
-"(vc.vc_anon6_LoopHead vc_x_0)"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6_LoopHead vc_x_0)))))"
-using assms
-unfolding return_in_loop_passive_prog.block_6_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon5_LoopDone_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon5_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_7 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon5_LoopDone vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon6_LoopHead vc_x_0)))))))"
-unfolding return_in_loop_passive_prog.block_7_def vc.vc_anon5_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon5_LoopDone_hints \<close>)
-by (auto?)
-
-lemma block_anon5_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_8 (Normal n_s) s')" and 
-"((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))))))"
-using assms
-unfolding return_in_loop_passive_prog.block_8_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_9 (Normal n_s) s')" and 
-"((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))))))"
-using assms
-unfolding return_in_loop_passive_prog.block_9_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_10 (Normal n_s) s')" and 
-"((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))))))"
-using assms
-unfolding return_in_loop_passive_prog.block_10_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.block_11 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_x_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding return_in_loop_passive_prog.block_11_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) return_in_loop_passive_prog.node_0 return_in_loop_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon5_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopBody )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_in_loop_passive_prog.node_1])
-apply (erule block_anon5_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopBody )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_in_loop_passive_prog.node_2])
-apply (erule block_anon6_LoopBodyAA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon4:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon4 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_in_loop_passive_prog.node_3])
-apply (erule block_anon4AA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopDone vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_4])
-apply (erule block_anon6_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon4, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon6_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopHead vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_5])
-apply (erule block_anon6_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon2:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon6_LoopHead vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_6])
-apply (erule block_anon2[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon6_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 7),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon5_LoopDone vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_7])
-apply (erule block_anon5_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_7))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon5_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 8),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_8])
-apply (erule block_anon5_LoopHead[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_8))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 9),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_9])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_9))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon5_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 10),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon5_LoopDone vc_x_0) \<and> (vc.vc_anon5_LoopBody ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_10])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_10))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_in_loop_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_x_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) return_in_loop_passive_prog.node_11])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:return_in_loop_passive_prog.outEdges_11))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls)) \<Gamma> [] return_in_loop_passive_prog.proc_body ((Inl 11),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_x_0::int) (vc_x_1::int) (vc_x_2::int). (vc.vc_anon0 vc_x_0))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A return_in_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> return_in_loop_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) return_in_loop_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s return_in_loop_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append return_in_loop_before_ast_to_cfg_prog.constants_vdecls return_in_loop_before_ast_to_cfg_prog.globals_vdecls),(append return_in_loop_passive_prog.params_vdecls return_in_loop_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((return_in_loop_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x])
-apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_0:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x_0])
-apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_1:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x_1])
-apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_x_2:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_in_loop_passive_prog.m_x_2])
-apply (subst lookup_var_local[OF return_in_loop_passive_prog.m_x_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_x_0])
-apply (rule HOL.conjunct1[OF sc_x_1])
-apply (rule HOL.conjunct1[OF sc_x_2])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/ROOT
deleted file mode 100644
index 523efa1..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session simple_return_test_proofs = Boogie_Lang + 
-directories return_test_proofs
-theories
-global_data
-"return_test_proofs/return_test_asttocfg_proof"
-"return_test_proofs/return_test_before_cfg_to_dag_prog"
-"return_test_proofs/return_test_cfgtodag_proof"
-"return_test_proofs/return_test_before_passive_prog"
-"return_test_proofs/return_test_vcphase_proof"
-"return_test_proofs/return_test_passification_proof"
-"return_test_proofs/return_test_passive_prog"
-"return_test_proofs/return_test_before_ast_to_cfg_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_asttocfg_proof.thy
deleted file mode 100644
index 3c81ac8..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_asttocfg_proof.thy
+++ /dev/null
@@ -1,138 +0,0 @@
-theory return_test_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML return_test_before_ast_to_cfg_prog return_test_before_cfg_to_dag_prog return_test_cfgtodag_proof return_test_passification_proof return_test_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A return_test_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_return_test_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (return_test_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of return_test_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: return_test_before_ast_to_cfg_prog.bigblock_0_def return_test_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: return_test_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: return_test_before_cfg_to_dag_prog.block_0_def return_test_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_return_test_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (return_test_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end return_test_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] return_test_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of return_test_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: return_test_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: return_test_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp)
-apply (simp)
-
-apply (rule return_test_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-apply (rule return_test_before_cfg_to_dag_prog.block_0_def)
-apply (rule return_test_before_cfg_to_dag_prog.outEdges_0)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: return_test_before_cfg_to_dag_prog.node_0)
-apply (rule rel_return_test_before_ast_to_cfg_prog_bigblock_0)
-apply assumption+
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (return_test_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_m::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A return_test_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> return_test_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) return_test_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns return_test_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] return_test_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (return_test_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_return_test_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def return_test_before_ast_to_cfg_prog.pres_def return_test_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def return_test_before_ast_to_cfg_prog.pres_def return_test_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (return_test_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_m::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) return_test_before_ast_to_cfg_prog.fdecls return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls return_test_before_ast_to_cfg_prog.axioms return_test_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding return_test_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 return_test_before_ast_to_cfg_prog.ast_proc_def return_test_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 4faebd0..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,105 +0,0 @@
-theory return_test_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assign 0 (Lit (LInt 0)))] (None ) (Some Return))"
-definition cont_0
-  where
-    "cont_0  = KStop"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding return_test_before_ast_to_cfg_prog.constants_vdecls_def return_test_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding return_test_before_ast_to_cfg_prog.constants_vdecls_def return_test_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding return_test_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding return_test_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding return_test_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding return_test_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_m:
-shows "((map_of (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_m:
-shows "((lookup_var_decl ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = return_test_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec return_test_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec return_test_before_ast_to_cfg_prog.post),proc_body = (Some (return_test_before_ast_to_cfg_prog.locals_vdecls,return_test_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 99fb2b3..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,116 +0,0 @@
-theory return_test_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 0)))]"
-definition outEdges
-  where
-    "outEdges  = [[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding return_test_before_cfg_to_dag_prog.constants_vdecls_def return_test_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding return_test_before_cfg_to_dag_prog.params_vdecls_def return_test_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding return_test_before_cfg_to_dag_prog.constants_vdecls_def return_test_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding return_test_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding return_test_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding return_test_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) return_test_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding return_test_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls),(append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_m:
-shows "((map_of (append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_m:
-shows "((lookup_var_decl ((append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls),(append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_test_before_cfg_to_dag_prog.constants_vdecls return_test_before_cfg_to_dag_prog.globals_vdecls),(append return_test_before_cfg_to_dag_prog.params_vdecls return_test_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = return_test_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec return_test_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec return_test_before_cfg_to_dag_prog.post),proc_body = (Some (return_test_before_cfg_to_dag_prog.locals_vdecls,return_test_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_passive_prog.thy
deleted file mode 100644
index e8b85a4..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_before_passive_prog.thy
+++ /dev/null
@@ -1,62 +0,0 @@
-theory return_test_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util return_test_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 0 (Lit (LInt 0)))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding return_test_before_ast_to_cfg_prog.params_vdecls_def return_test_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding return_test_before_ast_to_cfg_prog.constants_vdecls_def return_test_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_cfgtodag_proof.thy
deleted file mode 100644
index db494a3..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_cfgtodag_proof.thy
+++ /dev/null
@@ -1,135 +0,0 @@
-theory return_test_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML return_test_before_ast_to_cfg_prog return_test_before_cfg_to_dag_prog return_test_before_passive_prog return_test_passification_proof return_test_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A return_test_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] return_test_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] return_test_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding return_test_before_cfg_to_dag_prog.block_0_def return_test_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_test_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_test_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule return_test_before_cfg_to_dag_prog.node_0)
-apply (rule return_test_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding return_test_before_ast_to_cfg_prog.post_def
-apply (rule block_anon0)
-apply assumption+
-by (rule return_test_before_cfg_to_dag_prog.outEdges_0)
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_test_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_test_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:return_test_before_passive_prog.outEdges_1))
-by ((simp add:return_test_before_passive_prog.node_1 return_test_before_passive_prog.block_1_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] return_test_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] return_test_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 return_test_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] return_test_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule return_test_before_passive_prog.node_2)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding return_test_before_passive_prog.block_2_def
-apply (rule assume_pres_normal[where ?es=return_test_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding return_test_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule return_test_before_passive_prog.outEdges_2)
-apply ((simp add:return_test_before_passive_prog.node_1 return_test_before_passive_prog.block_1_def))
-apply (rule return_test_before_passive_prog.outEdges_1)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_test_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_m::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A return_test_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> return_test_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) return_test_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns return_test_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] return_test_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_test_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule return_test_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passification_proof.thy
deleted file mode 100644
index 186f37f..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passification_proof.thy
+++ /dev/null
@@ -1,195 +0,0 @@
-theory return_test_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util return_test_before_ast_to_cfg_prog return_test_passive_prog Boogie_Lang.PassificationML return_test_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_test_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(0,(Inr (LInt 0)))]) R_old return_test_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_test_before_passive_prog.block_0_def return_test_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_test_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_test_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_test_before_passive_prog.block_1_def return_test_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> return_test_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old return_test_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding return_test_before_passive_prog.block_2_def return_test_passive_prog.block_2_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_test_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_test_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_test_before_passive_prog.node_0},@{thm return_test_before_passive_prog.outEdges_0}) (@{thm return_test_passive_prog.node_0},@{thm return_test_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_test_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_test_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_test_before_passive_prog.node_1},@{thm return_test_before_passive_prog.outEdges_1}) (@{thm return_test_passive_prog.node_1},@{thm return_test_passive_prog.outEdges_1}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> return_test_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> return_test_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm return_test_before_passive_prog.node_2},@{thm return_test_before_passive_prog.outEdges_2}) (@{thm return_test_passive_prog.node_2},@{thm return_test_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_before_ast_to_cfg_prog.params_vdecls return_test_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] return_test_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_m::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A return_test_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> return_test_before_ast_to_cfg_prog.constants_vdecls ns return_test_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv return_test_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding return_test_before_ast_to_cfg_prog.constants_vdecls_def return_test_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding return_test_passive_prog.params_vdecls_def return_test_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using return_test_before_passive_prog.globals_locals_disj apply auto[1]
-using return_test_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] return_test_passive_prog.proc_body u (Inl 2)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range return_test_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] return_test_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from return_test_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passive_prog.thy
deleted file mode 100644
index d5e738b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_passive_prog.thy
+++ /dev/null
@@ -1,77 +0,0 @@
-theory return_test_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util return_test_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(0,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding return_test_passive_prog.params_vdecls_def return_test_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)))) = {})"
-unfolding return_test_before_ast_to_cfg_prog.constants_vdecls_def return_test_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_m:
-shows "((map_of (append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_m:
-shows "((lookup_var_decl ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_vcphase_proof.thy
deleted file mode 100644
index 8f77b8e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/simple_return_test_proofs/return_test_proofs/return_test_vcphase_proof.thy
+++ /dev/null
@@ -1,141 +0,0 @@
-theory return_test_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML return_test_passive_prog return_test_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_m :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_m)))" and 
-G1: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1
-lemmas forall_poly_thm = forall_vc_type[OF G1]
-lemmas exists_poly_thm = exists_vc_type[OF G1]
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_test_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding return_test_passive_prog.block_0_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_test_passive_prog.block_1 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding return_test_passive_prog.block_1_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> return_test_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding return_test_passive_prog.block_2_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_test_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) return_test_passive_prog.node_0 return_test_passive_prog.outEdges_0])
-using block_anon0 by blast
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_test_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_test_passive_prog.node_1])
-apply (erule block_0)
-apply ((simp add:return_test_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> return_test_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) return_test_passive_prog.node_2])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:return_test_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls)) \<Gamma> [] return_test_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_m::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A return_test_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> return_test_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) return_test_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s return_test_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append return_test_before_ast_to_cfg_prog.constants_vdecls return_test_before_ast_to_cfg_prog.globals_vdecls),(append return_test_passive_prog.params_vdecls return_test_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((return_test_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_m:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF return_test_passive_prog.m_m])
-apply (subst lookup_var_local[OF return_test_passive_prog.m_m])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_m])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/ROOT
deleted file mode 100644
index a7bb232..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session start_loop_proofs = Boogie_Lang + 
-directories start_loop_proofs
-theories
-global_data
-"start_loop_proofs/start_loop_cfgtodag_proof"
-"start_loop_proofs/start_loop_vcphase_proof"
-"start_loop_proofs/start_loop_passive_prog"
-"start_loop_proofs/start_loop_asttocfg_proof"
-"start_loop_proofs/start_loop_before_cfg_to_dag_prog"
-"start_loop_proofs/start_loop_before_ast_to_cfg_prog"
-"start_loop_proofs/start_loop_passification_proof"
-"start_loop_proofs/start_loop_before_passive_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/global_data.thy
deleted file mode 100644
index 3d9c689..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/global_data.thy
+++ /dev/null
@@ -1,36 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma m_t:
-shows "((map_of (append global_data.constants_vdecls global_data.globals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:global_data.constants_vdecls_def global_data.globals_vdecls_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_asttocfg_proof.thy
deleted file mode 100644
index 113de50..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_asttocfg_proof.thy
+++ /dev/null
@@ -1,315 +0,0 @@
-theory start_loop_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML start_loop_before_ast_to_cfg_prog start_loop_before_cfg_to_dag_prog start_loop_cfgtodag_proof start_loop_passification_proof start_loop_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A start_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma global_rel_start_loop_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (start_loop_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end start_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (Lit (LBool True)) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of start_loop_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_3_def)
-
-apply (rule astTrace)
-apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-apply (rule cont_3_def)
-apply (rule start_loop_before_cfg_to_dag_prog.node_3)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule start_loop_before_cfg_to_dag_prog.block_3_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply ( rule neg_refl)
-apply (rule guardHint)
-apply (rule start_loop_before_cfg_to_dag_prog.outEdges_3)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: start_loop_before_cfg_to_dag_prog.node_3)
-apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma rel_start_loop_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (start_loop_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (Lit (LBool True)) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding start_loop_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of start_loop_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: start_loop_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: assms(3) start_loop_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_start_loop_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (start_loop_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end start_loop_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (Lit (LBool True)) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T start_loop_before_ast_to_cfg_prog.bigblock_1 cont_1 start_loop_before_cfg_to_dag_prog.proc_body 1 start_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of start_loop_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule start_loop_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule start_loop_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: start_loop_before_cfg_to_dag_prog.node_2)
-apply (rule rel_start_loop_before_ast_to_cfg_prog_bigblock_2)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=1])+)
-apply (simp add: start_loop_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_start_loop_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (start_loop_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end start_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of start_loop_before_ast_to_cfg_prog.bigblock_1 _ _ _ start_loop_before_cfg_to_dag_prog.block_1])
-apply (simp add:start_loop_before_ast_to_cfg_prog.bigblock_1_def start_loop_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:start_loop_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of start_loop_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:start_loop_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:start_loop_before_cfg_to_dag_prog.block_1_def start_loop_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_start_loop_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def start_loop_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-
-
-
-
-
-apply ((blast)+)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-done
-qed
-qed
-
-lemma global_rel_start_loop_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (start_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end start_loop_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-apply (rule ending_after_unwrapping)
-apply (rule astTrace)
-apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_0_def)
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply (simp)
-apply (rule global_rel_start_loop_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: start_loop_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply (rule correctness_propagates_through_empty)
-using assms(2)
-apply blast
-apply (simp add: start_loop_before_cfg_to_dag_prog.node_0)
-apply (simp add: start_loop_before_cfg_to_dag_prog.block_0_def)
-
-
-apply (simp add: start_loop_before_cfg_to_dag_prog.outEdges_0)
-apply (simp add: member_rec)
-apply (simp)
-apply (rule correctness_propagates_through_empty2)
-using assms(3)
-apply blast
-apply (simp add: start_loop_before_cfg_to_dag_prog.node_0)
-apply (simp add: start_loop_before_cfg_to_dag_prog.block_0_def)
-
-
-apply (simp add: start_loop_before_cfg_to_dag_prog.outEdges_0)
-apply (simp add: member_rec)
-apply ((simp)+)
-done
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (start_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_t::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A start_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> start_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) start_loop_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns start_loop_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (start_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_start_loop_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def start_loop_before_ast_to_cfg_prog.pres_def start_loop_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def start_loop_before_ast_to_cfg_prog.pres_def start_loop_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (start_loop_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_t::int). (vc.vc_anon0 ))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) start_loop_before_ast_to_cfg_prog.fdecls start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls start_loop_before_ast_to_cfg_prog.axioms start_loop_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding start_loop_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 start_loop_before_ast_to_cfg_prog.ast_proc_def start_loop_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 7612a9f..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,123 +0,0 @@
-theory start_loop_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [] (Some (WhileWrapper (ParsedWhile (Some (Lit (LBool True))) [] [(BigBlock (None ) [(Assume (Lit (LBool True)))] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (Lit (LBool True))) [] [(BigBlock (None ) [(Assume (Lit (LBool True)))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assume (Lit (LBool True)))] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (None ) (None ))"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_1 cont_1)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = []"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding start_loop_before_ast_to_cfg_prog.constants_vdecls_def start_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 1))"
-unfolding start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 1)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-using start_loop_before_ast_to_cfg_prog.locals_min start_loop_before_ast_to_cfg_prog.globals_max
-by fastforce
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding start_loop_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding start_loop_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding start_loop_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding start_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_t:
-shows "((map_of (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:start_loop_before_ast_to_cfg_prog.constants_vdecls_def start_loop_before_ast_to_cfg_prog.globals_vdecls_def)
-
-lemma l_t:
-shows "((lookup_var_decl ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_t
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = start_loop_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [0],proc_pres = (exprs_to_only_checked_spec start_loop_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec start_loop_before_ast_to_cfg_prog.post),proc_body = (Some (start_loop_before_ast_to_cfg_prog.locals_vdecls,start_loop_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_cfg_to_dag_prog.thy
deleted file mode 100644
index fba7765..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,149 +0,0 @@
-theory start_loop_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = [(Assume (Lit (LBool True))),(Assume (Lit (LBool True)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (UnOp Not (Lit (LBool True))))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[3,2],[1],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = []"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding start_loop_before_cfg_to_dag_prog.constants_vdecls_def start_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 1))"
-unfolding start_loop_before_cfg_to_dag_prog.params_vdecls_def start_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 1)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-using start_loop_before_cfg_to_dag_prog.locals_min start_loop_before_cfg_to_dag_prog.globals_max
-by fastforce
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding start_loop_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding start_loop_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding start_loop_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) start_loop_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding start_loop_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls),(append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_t:
-shows "((map_of (append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:start_loop_before_cfg_to_dag_prog.constants_vdecls_def start_loop_before_cfg_to_dag_prog.globals_vdecls_def)
-
-lemma l_t:
-shows "((lookup_var_decl ((append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls),(append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append start_loop_before_cfg_to_dag_prog.constants_vdecls start_loop_before_cfg_to_dag_prog.globals_vdecls),(append start_loop_before_cfg_to_dag_prog.params_vdecls start_loop_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_t
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = start_loop_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [0],proc_pres = (exprs_to_only_checked_spec start_loop_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec start_loop_before_cfg_to_dag_prog.post),proc_body = (Some (start_loop_before_cfg_to_dag_prog.locals_vdecls,start_loop_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_passive_prog.thy
deleted file mode 100644
index 07faadc..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_before_passive_prog.thy
+++ /dev/null
@@ -1,106 +0,0 @@
-theory start_loop_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util start_loop_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (UnOp Not (Lit (LBool True))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (Lit (LBool True))),(Assume (Lit (LBool True))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 1))"
-unfolding start_loop_before_ast_to_cfg_prog.params_vdecls_def start_loop_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 1)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-using start_loop_before_ast_to_cfg_prog.locals_min start_loop_before_ast_to_cfg_prog.globals_max
-by fastforce
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_cfgtodag_proof.thy
deleted file mode 100644
index 5b8f68d..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_cfgtodag_proof.thy
+++ /dev/null
@@ -1,329 +0,0 @@
-theory start_loop_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML start_loop_before_ast_to_cfg_prog start_loop_before_cfg_to_dag_prog start_loop_before_passive_prog start_loop_passification_proof start_loop_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A start_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 start_loop_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def start_loop_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule start_loop_before_passive_prog.node_0)
-apply simp
-unfolding start_loop_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon2_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] start_loop_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding start_loop_before_cfg_to_dag_prog.block_3_def start_loop_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon2_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule start_loop_before_cfg_to_dag_prog.node_3)
-apply (rule start_loop_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon2_LoopDone)
-apply assumption+
-apply (rule start_loop_before_cfg_to_dag_prog.outEdges_3)
-apply (rule start_loop_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma Mods_anon2_LoopBody:
-shows "(mods_contained_in (set []) start_loop_before_cfg_to_dag_prog.block_2)"
-unfolding start_loop_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon2_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] start_loop_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding start_loop_before_cfg_to_dag_prog.block_2_def start_loop_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon2_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon2_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body [] [] start_loop_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule start_loop_before_cfg_to_dag_prog.node_2)
-apply (rule start_loop_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon2_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon2_LoopBody)
-apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon2_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon2_LoopHead:
-shows "(mods_contained_in (set []) start_loop_before_cfg_to_dag_prog.block_1)"
-unfolding start_loop_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon2_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] start_loop_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding start_loop_before_cfg_to_dag_prog.block_1_def start_loop_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon2_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set []))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule start_loop_before_cfg_to_dag_prog.node_1)
-apply (rule start_loop_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon2_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon2_LoopHead)
-apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:start_loop_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:start_loop_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] start_loop_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding start_loop_before_cfg_to_dag_prog.block_0_def start_loop_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule start_loop_before_cfg_to_dag_prog.node_0)
-apply (rule start_loop_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:start_loop_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:start_loop_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:start_loop_before_passive_prog.outEdges_5))
-by ((simp add:start_loop_before_passive_prog.node_5 start_loop_before_passive_prog.block_5_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 start_loop_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule start_loop_before_passive_prog.node_6)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding start_loop_before_passive_prog.block_6_def
-apply (rule assume_pres_normal[where ?es=start_loop_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding start_loop_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule start_loop_before_passive_prog.outEdges_6)
-apply ((simp add:start_loop_before_passive_prog.node_5 start_loop_before_passive_prog.block_5_def))
-apply (rule start_loop_before_passive_prog.outEdges_5)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_t::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A start_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> start_loop_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) start_loop_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns start_loop_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] start_loop_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] start_loop_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule start_loop_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passification_proof.thy
deleted file mode 100644
index e04cea8..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passification_proof.thy
+++ /dev/null
@@ -1,272 +0,0 @@
-theory start_loop_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util start_loop_before_ast_to_cfg_prog start_loop_passive_prog Boogie_Lang.PassificationML start_loop_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding start_loop_before_passive_prog.block_0_def start_loop_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon2_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding start_loop_before_passive_prog.block_1_def start_loop_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon2_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding start_loop_before_passive_prog.block_2_def start_loop_passive_prog.block_2_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon2_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding start_loop_before_passive_prog.block_3_def start_loop_passive_prog.block_3_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding start_loop_before_passive_prog.block_4_def start_loop_passive_prog.block_4_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding start_loop_before_passive_prog.block_5_def start_loop_passive_prog.block_5_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old start_loop_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding start_loop_before_passive_prog.block_6_def start_loop_passive_prog.block_6_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_0},@{thm start_loop_before_passive_prog.outEdges_0}) (@{thm start_loop_passive_prog.node_0},@{thm start_loop_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon2_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_1},@{thm start_loop_before_passive_prog.outEdges_1}) (@{thm start_loop_passive_prog.node_1},@{thm start_loop_passive_prog.outEdges_1}) @{thm block_anon2_LoopDone} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon2_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_2},@{thm start_loop_before_passive_prog.outEdges_2}) (@{thm start_loop_passive_prog.node_2},@{thm start_loop_passive_prog.outEdges_2}) @{thm block_anon2_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon2_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_3},@{thm start_loop_before_passive_prog.outEdges_3}) (@{thm start_loop_passive_prog.node_3},@{thm start_loop_passive_prog.outEdges_3}) @{thm block_anon2_LoopHead} [
-@{thm cfg_block_anon2_LoopDone}, 
-@{thm cfg_block_anon2_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_4},@{thm start_loop_before_passive_prog.outEdges_4}) (@{thm start_loop_passive_prog.node_4},@{thm start_loop_passive_prog.outEdges_4}) @{thm block_anon0} [
-@{thm cfg_block_anon2_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_5},@{thm start_loop_before_passive_prog.outEdges_5}) (@{thm start_loop_passive_prog.node_5},@{thm start_loop_passive_prog.outEdges_5}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> start_loop_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> start_loop_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm start_loop_before_passive_prog.node_6},@{thm start_loop_before_passive_prog.outEdges_6}) (@{thm start_loop_passive_prog.node_6},@{thm start_loop_passive_prog.outEdges_6}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_before_ast_to_cfg_prog.params_vdecls start_loop_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] start_loop_before_passive_prog.proc_body ((Inl 6),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_t::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A start_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> start_loop_before_ast_to_cfg_prog.constants_vdecls ns start_loop_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv start_loop_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding start_loop_before_ast_to_cfg_prog.constants_vdecls_def start_loop_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding start_loop_passive_prog.params_vdecls_def start_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using start_loop_before_passive_prog.globals_locals_disj apply auto[1]
-using start_loop_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] start_loop_passive_prog.proc_body u (Inl 6)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range start_loop_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] start_loop_passive_prog.proc_body ((Inl 6),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from start_loop_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passive_prog.thy
deleted file mode 100644
index 4485f59..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_passive_prog.thy
+++ /dev/null
@@ -1,117 +0,0 @@
-theory start_loop_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util start_loop_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = []"
-definition block_1
-  where
-    "block_1  = [(Assume (UnOp Not (Lit (LBool True))))]"
-definition block_2
-  where
-    "block_2  = [(Assume (Lit (LBool True))),(Assume (Lit (LBool True))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = []"
-definition block_4
-  where
-    "block_4  = []"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = []"
-lemma locals_min_aux:
-shows "(((map fst (append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)))) \<ge> 1))"
-unfolding start_loop_passive_prog.params_vdecls_def start_loop_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 1)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)))) = {})"
-using start_loop_passive_prog.locals_min start_loop_before_ast_to_cfg_prog.globals_max
-by fastforce
-
-lemma l_t:
-shows "((lookup_var_decl ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj start_loop_before_ast_to_cfg_prog.m_t
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_vcphase_proof.thy
deleted file mode 100644
index fa10bf8..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/start_loop_proofs/start_loop_proofs/start_loop_vcphase_proof.thy
+++ /dev/null
@@ -1,235 +0,0 @@
-theory start_loop_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML start_loop_passive_prog start_loop_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_t :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_t)))" and 
-G1: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1
-lemmas forall_poly_thm = forall_vc_type[OF G1]
-lemmas exists_poly_thm = exists_vc_type[OF G1]
-declare Nat.One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_0 (Normal n_s) s')"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))"
-using assms
-unfolding start_loop_passive_prog.block_0_def
-apply cases
-by auto
-
-ML\<open>
-val block_anon2_LoopDone_hints = [
-(AssumeTrue,NONE)]
-\<close>
-lemma block_anon2_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding start_loop_passive_prog.block_1_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon2_LoopBody_hints = [
-(AssumeTrue,NONE), 
-(AssumeTrue,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon2_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding start_loop_passive_prog.block_2_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopBody_hints \<close>)
-by (auto?)
-
-lemma block_anon2_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_3 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding start_loop_passive_prog.block_3_def
-apply cases
-by auto
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_4 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding start_loop_passive_prog.block_4_def
-apply cases
-by auto
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_5 (Normal n_s) s')" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))"
-using assms
-unfolding start_loop_passive_prog.block_5_def
-apply cases
-by auto
-
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding start_loop_passive_prog.block_6_def vc.vc_anon0_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) start_loop_passive_prog.node_0 start_loop_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExit by blast
-
-lemma cfg_block_anon2_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_2[OF assms(1) start_loop_passive_prog.node_1])
-apply (erule block_anon2_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:start_loop_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon2_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) start_loop_passive_prog.node_2])
-by (erule block_anon2_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon2_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) start_loop_passive_prog.node_3])
-apply (erule block_anon2_LoopHead[OF _ assms(2)])
-apply ((simp add:start_loop_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) start_loop_passive_prog.node_4])
-apply (erule block_anon0[OF _ assms(2)])
-apply ((simp add:start_loop_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"((vc.vc_anon0 ) \<and> (vc.vc_anon0 ))"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) start_loop_passive_prog.node_5])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:start_loop_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> start_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) start_loop_passive_prog.node_6])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:start_loop_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls)) \<Gamma> [] start_loop_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_t::int). (vc.vc_anon0 ))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A start_loop_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> start_loop_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) start_loop_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s start_loop_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append start_loop_before_ast_to_cfg_prog.constants_vdecls start_loop_before_ast_to_cfg_prog.globals_vdecls),(append start_loop_passive_prog.params_vdecls start_loop_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((start_loop_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ConstsGlobal have sc_t:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF start_loop_before_ast_to_cfg_prog.m_t])
-apply (subst lookup_var_global_disj[OF start_loop_passive_prog.globals_locals_disj start_loop_before_ast_to_cfg_prog.m_t])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_t])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/ROOT
deleted file mode 100644
index 44cb07b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session triangle_example_proofs = Boogie_Lang + 
-directories triangle_proofs
-theories
-global_data
-"triangle_proofs/triangle_asttocfg_proof"
-"triangle_proofs/triangle_passive_prog"
-"triangle_proofs/triangle_vcphase_proof"
-"triangle_proofs/triangle_before_cfg_to_dag_prog"
-"triangle_proofs/triangle_cfgtodag_proof"
-"triangle_proofs/triangle_before_ast_to_cfg_prog"
-"triangle_proofs/triangle_before_passive_prog"
-"triangle_proofs/triangle_passification_proof"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_asttocfg_proof.thy
deleted file mode 100644
index e4f8c9b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_asttocfg_proof.thy
+++ /dev/null
@@ -1,344 +0,0 @@
-theory triangle_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML triangle_before_ast_to_cfg_prog triangle_before_cfg_to_dag_prog triangle_cfgtodag_proof triangle_passification_proof triangle_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A triangle_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma global_rel_triangle_before_ast_to_cfg_prog_bigblock_3:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_3,cont_3,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end triangle_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Lt (Var 0)) ns1 (BoolV False))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Invs[of triangle_before_ast_to_cfg_prog.bigblock_3])
-apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_3_def)
-
-apply (rule astTrace)
-apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp)
-apply (simp)
-apply (rule cont_3_def)
-apply (rule triangle_before_cfg_to_dag_prog.node_3)
-apply (rule disjI2)
-apply (rule disjI2)
-apply (rule conjI)
-apply (rule triangle_before_cfg_to_dag_prog.block_3_def)
-apply (rule conjI)
-apply (simp)
-apply (rule conjI)
-apply ( rule neg_lt)
-apply (rule guardHint)
-apply (rule triangle_before_cfg_to_dag_prog.outEdges_3)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: triangle_before_cfg_to_dag_prog.node_3)
-apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_3_def)
-apply (simp add: end_static)
-done
-qed
-
-lemma rel_triangle_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_2,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Lt (Var 0)) ns1 (BoolV True))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_2 (Normal ns1) (Normal ns1')))))"
-unfolding triangle_before_cfg_to_dag_prog.block_2_def
-apply (rule guard_holds_push_through_assumption)
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of triangle_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp+)
-apply (rule astStep)
-apply (rule push_through_assumption_test1, rule cfgBlockDoesntFail)
-apply (simp add: triangle_before_cfg_to_dag_prog.block_2_def)
-apply ((simp add: assms(3) triangle_before_ast_to_cfg_prog.bigblock_2_def)+)
-done
-
-
-lemma global_rel_triangle_before_ast_to_cfg_prog_bigblock_2:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_2,cont_2,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end triangle_before_ast_to_cfg_prog.post))))))" and 
-guardHint: "(red_expr A \<Lambda>1 \<Gamma> [] (BinOp (Var 1) Lt (Var 0)) ns1 (BoolV True))" and 
-inductionHypothesis: "(loop_IH j A M M' \<Lambda>1 \<Gamma> [] T triangle_before_ast_to_cfg_prog.bigblock_1 cont_1 triangle_before_cfg_to_dag_prog.proc_body 1 triangle_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis 
-apply (rule block_global_rel_generic)
-apply (rule Rel_Main_test[of triangle_before_ast_to_cfg_prog.bigblock_2])
-apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_2_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_2_def)
-apply (rule triangle_before_cfg_to_dag_prog.node_2)
-apply (rule disjI2)
-apply (rule disjI1)
-apply (rule conjI)
-apply (rule triangle_before_cfg_to_dag_prog.block_2_def)
-apply (rule conjI)
-apply (simp)
-apply (rule guardHint)
-apply (rule cfgDoesntFail)
-apply ((simp)+)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (rule cont_2_def)
-apply (simp add: triangle_before_cfg_to_dag_prog.node_2)
-apply (rule rel_triangle_before_ast_to_cfg_prog_bigblock_2)
-apply assumption
-apply (simp)
-apply (rule guardHint)
-apply ((erule allE[where x=1])+)
-apply (simp add: triangle_before_cfg_to_dag_prog.outEdges_2)
-apply (simp add: member_rec(1))
-apply (rule loop_IH_apply)
-apply (rule inductionHypothesis)
-apply ((simp)+)
-done
-qed
-
-lemma global_rel_triangle_before_ast_to_cfg_prog_bigblock_1:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_1,cont_1,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end triangle_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-using assms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-then show ?case
-proof (cases j)
-case 0
-then show ?thesis
-using valid_configuration_def less.prems(1) is_final.elims(2) cont_1_def by fastforce
-next
-case (Suc j')
-show ?thesis
-apply (rule block_global_rel_loop_head )
-apply (rule Rel_Invs[of triangle_before_ast_to_cfg_prog.bigblock_1 _ _ _ triangle_before_cfg_to_dag_prog.block_1])
-apply (simp add:triangle_before_ast_to_cfg_prog.bigblock_1_def triangle_before_cfg_to_dag_prog.block_1_def)
-apply (rule less(2))
-apply (rule less(3), simp)
-apply (rule less(4), simp)
-apply (simp)
-apply (simp add:triangle_before_ast_to_cfg_prog.bigblock_1_def)
-apply simp                 
-apply (rule block_local_rel_loop_head)
-apply (rule Rel_Invs[of triangle_before_ast_to_cfg_prog.bigblock_1])
-apply ((simp add:triangle_before_ast_to_cfg_prog.bigblock_1_def)+)
-apply ((simp add:triangle_before_cfg_to_dag_prog.block_1_def triangle_before_cfg_to_dag_prog.node_1)+)
-apply (rule cont_1_def)
-apply (erule disjE)
-
-
-
-apply ((erule allE[where x = 2])+)
-apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule global_rel_triangle_before_ast_to_cfg_prog_bigblock_2)
-apply (simp add: cont_1_def triangle_before_ast_to_cfg_prog.bigblock_2_def cont_2_def )
-apply ((blast)+)
-apply (rule loop_IH_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper2)
-apply (simp)
-unfolding cont_1_def cont_2_def
-apply (simp)
-apply (blast)
-apply (blast)
-
-
-apply ((erule allE[where x = 3])+)
-apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_1)+)
-apply (simp add:member_rec(1))
-apply (erule conjE)
-apply (rule ending_after_skipping_endblock2)
-apply ((simp)+)
-apply (blast)
-apply (blast)
-apply (simp)
-apply (simp)
-apply (rule global_rel_triangle_before_ast_to_cfg_prog_bigblock_3)
-apply (blast)
-
-
-apply ((blast)+)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-done
-qed
-qed
-
-lemma rel_triangle_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of triangle_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_0_def triangle_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: triangle_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: triangle_before_cfg_to_dag_prog.block_0_def triangle_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_triangle_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end triangle_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule block_global_rel_while_successor)
-apply (rule astTrace)
-apply (rule Rel_Main_test[of triangle_before_ast_to_cfg_prog.bigblock_0 _ triangle_before_cfg_to_dag_prog.block_0])
-apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_0_def triangle_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_0_def triangle_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_0_def triangle_before_cfg_to_dag_prog.block_0_def)
-apply (simp add: triangle_before_cfg_to_dag_prog.block_0_def)
-apply (rule triangle_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-
-
-
-apply (simp add: triangle_before_cfg_to_dag_prog.block_0_def)
-
-
-
-
-
-
-
-apply (rule cfgDoesntFail, simp)
-apply (rule cfgSatisfiesPosts, blast)
-apply ((simp)+)
-apply (simp add: triangle_before_cfg_to_dag_prog.node_0)
-apply (rule rel_triangle_before_ast_to_cfg_prog_bigblock_0)
-apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_0_def)
-apply ((simp)+)
-
-apply ((erule allE[where x = 1])+)
-apply ((simp add: triangle_before_cfg_to_dag_prog.outEdges_0)+)
-apply (simp add: member_rec(1))
-apply (rule global_rel_triangle_before_ast_to_cfg_prog_bigblock_1)
-apply (simp add: triangle_before_ast_to_cfg_prog.bigblock_1_def cont_0_def cont_1_def)
-apply blast+
-
-
-
-
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (triangle_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A triangle_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> triangle_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) triangle_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns triangle_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] triangle_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (triangle_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_triangle_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def triangle_before_ast_to_cfg_prog.pres_def triangle_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def triangle_before_ast_to_cfg_prog.pres_def triangle_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0,bigblock_3] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (triangle_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def cont_3_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) triangle_before_ast_to_cfg_prog.fdecls triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls triangle_before_ast_to_cfg_prog.axioms triangle_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding triangle_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 triangle_before_ast_to_cfg_prog.ast_proc_def triangle_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 143826b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,141 +0,0 @@
-theory triangle_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assign 1 (Lit (LInt 0))),(Assign 2 (Lit (LInt 0)))] (Some (WhileWrapper (ParsedWhile (Some (BinOp (Var 1) Lt (Var 0))) [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] (None ) (None ))]))) (None ))"
-definition bigblock_1
-  where
-    "bigblock_1  = (BigBlock (None ) [] (Some (ParsedWhile (Some (BinOp (Var 1) Lt (Var 0))) [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] [(BigBlock (None ) [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] (None ) (None ))])) (None ))"
-definition bigblock_2
-  where
-    "bigblock_2  = (BigBlock (None ) [(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))] (None ) (None ))"
-definition bigblock_3
-  where
-    "bigblock_3  = (BigBlock (None ) [] (None ) (None ))"
-definition cont_3
-  where
-    "cont_3  = KStop"
-definition cont_0
-  where
-    "cont_0  = (KSeq bigblock_3 cont_3)"
-definition cont_1
-  where
-    "cont_1  = (KEndBlock (KSeq bigblock_3 cont_3 ))"
-definition cont_2
-  where
-    "cont_2  = (KSeq bigblock_1 cont_1)"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0,bigblock_3]"
-definition pres
-  where
-    "pres  = [(BinOp (Var 0) Ge (Lit (LInt 0)))]"
-definition post
-  where
-    "post  = [(BinOp (Var 2) Eq (BinOp (BinOp (Var 0) Mul (BinOp (Var 0) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))]"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding triangle_before_ast_to_cfg_prog.constants_vdecls_def triangle_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding triangle_before_ast_to_cfg_prog.constants_vdecls_def triangle_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding triangle_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding triangle_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding triangle_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding triangle_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_n:
-shows "((map_of (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_m:
-shows "((map_of (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_t:
-shows "((map_of (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_n:
-shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_m:
-shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_t:
-shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_t
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = triangle_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec triangle_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec triangle_before_ast_to_cfg_prog.post),proc_body = (Some (triangle_before_ast_to_cfg_prog.locals_vdecls,triangle_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy
deleted file mode 100644
index fb9eb86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,167 +0,0 @@
-theory triangle_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assign 1 (Lit (LInt 0))),(Assign 2 (Lit (LInt 0)))]"
-definition block_1
-  where
-    "block_1  = [(Assert (BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assert (BinOp (Var 1) Le (Var 0)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Lt (Var 0))),(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1))))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 0) Le (Var 1)))]"
-definition outEdges
-  where
-    "outEdges  = [[1],[3,2],[1],[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [3,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = [(BinOp (Var 0) Ge (Lit (LInt 0)))]"
-definition post
-  where
-    "post  = [(BinOp (Var 2) Eq (BinOp (BinOp (Var 0) Mul (BinOp (Var 0) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))]"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(1,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding triangle_before_cfg_to_dag_prog.constants_vdecls_def triangle_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding triangle_before_cfg_to_dag_prog.params_vdecls_def triangle_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding triangle_before_cfg_to_dag_prog.constants_vdecls_def triangle_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding triangle_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding triangle_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding triangle_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) triangle_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding triangle_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_n:
-shows "((map_of (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_m:
-shows "((map_of (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_t:
-shows "((map_of (append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_n:
-shows "((lookup_var_decl ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_m:
-shows "((lookup_var_decl ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_t:
-shows "((lookup_var_decl ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_cfg_to_dag_prog.constants_vdecls triangle_before_cfg_to_dag_prog.globals_vdecls),(append triangle_before_cfg_to_dag_prog.params_vdecls triangle_before_cfg_to_dag_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_t
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = triangle_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec triangle_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec triangle_before_cfg_to_dag_prog.post),proc_body = (Some (triangle_before_cfg_to_dag_prog.locals_vdecls,triangle_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy
deleted file mode 100644
index 310cc4e..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_before_passive_prog.thy
+++ /dev/null
@@ -1,106 +0,0 @@
-theory triangle_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util triangle_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 2) Eq (BinOp (BinOp (Var 0) Mul (BinOp (Var 0) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Le (Var 1)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 1) Lt (Var 0))),(Assign 2 (BinOp (Var 2) Add (Var 1))),(Assign 1 (BinOp (Var 1) Add (Lit (LInt 1)))),(Assert (BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assert (BinOp (Var 1) Le (Var 0))),(Assume (Lit (LBool False)))]"
-definition block_3
-  where
-    "block_3  = [(Havoc 2),(Havoc 1),(Assume (BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assume (BinOp (Var 1) Le (Var 0)))]"
-definition block_4
-  where
-    "block_4  = [(Assign 1 (Lit (LInt 0))),(Assign 2 (Lit (LInt 0))),(Assert (BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assert (BinOp (Var 1) Le (Var 0)))]"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding triangle_before_ast_to_cfg_prog.params_vdecls_def triangle_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding triangle_before_ast_to_cfg_prog.constants_vdecls_def triangle_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy
deleted file mode 100644
index a070c51..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_cfgtodag_proof.thy
+++ /dev/null
@@ -1,364 +0,0 @@
-theory triangle_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML triangle_before_ast_to_cfg_prog triangle_before_cfg_to_dag_prog triangle_before_passive_prog triangle_passification_proof triangle_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A triangle_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma ty_hint_1:
-shows "(hint_ty_subst [])"
-by (simp add: hint_ty_subst_def)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(state_well_typed A \<Lambda>1 [] ns2)"
-shows "(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 triangle_before_ast_to_cfg_prog.post)"
-unfolding expr_all_sat_def triangle_before_ast_to_cfg_prog.post_def 
-apply (rule cfg_dag_rel_post_invs_3)
-apply (erule assms(1))
-apply (rule triangle_before_passive_prog.node_0)
-apply simp
-apply (rule type_safety_top_level_inv[OF Wf_Fun triangle_before_ast_to_cfg_prog.funcs_wf triangle_before_ast_to_cfg_prog.var_context_wf])
-apply (rule assms(2))
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} @{thms ty_hint_1} @{thms triangle_before_ast_to_cfg_prog.l_t(2) triangle_before_ast_to_cfg_prog.l_n(2)} [] 1\<close>))
-
-unfolding triangle_before_passive_prog.block_0_def
-by cfg_dag_rel_tac_single+
-
-lemma block_anon2_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_3 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.block_1 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] triangle_before_passive_prog.block_1 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding triangle_before_cfg_to_dag_prog.block_3_def triangle_before_passive_prog.block_1_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon2_LoopDone:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 3),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_2[OF Red])
-apply (rule triangle_before_cfg_to_dag_prog.node_3)
-apply (rule triangle_before_passive_prog.node_1)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-apply (erule block_anon2_LoopDone)
-apply assumption+
-apply (rule triangle_before_cfg_to_dag_prog.outEdges_3)
-apply (rule triangle_before_passive_prog.outEdges_1)
-apply (erule cfg_block_GeneratedUnifiedExit)
-by assumption
-
-
-lemma ty_hint_2:
-shows "(hint_ty_subst [])"
-by (simp add: hint_ty_subst_def)
-
-lemma Mods_anon2_LoopBody:
-shows "(mods_contained_in (set [2,1]) triangle_before_cfg_to_dag_prog.block_2)"
-unfolding triangle_before_cfg_to_dag_prog.block_2_def
-by simp
-
-lemma block_anon2_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_2 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.block_2 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] triangle_before_passive_prog.block_2 ns2 s' True)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding triangle_before_cfg_to_dag_prog.block_2_def triangle_before_passive_prog.block_2_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (intro conjI)
-apply (erule type_safety_top_level_inv[OF Wf_Fun triangle_before_ast_to_cfg_prog.funcs_wf triangle_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} @{thms ty_hint_2} @{thms triangle_before_ast_to_cfg_prog.l_t(2) triangle_before_ast_to_cfg_prog.l_m(2)} [] 1\<close>))
-apply (erule type_safety_top_level_inv[OF Wf_Fun triangle_before_ast_to_cfg_prog.funcs_wf triangle_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms triangle_before_ast_to_cfg_prog.l_m(2) triangle_before_ast_to_cfg_prog.l_n(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon2_LoopBody:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 2),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-IH_anon2_LoopHead: "(loop_ih A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body [2,1] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] triangle_before_ast_to_cfg_prog.post ns1 s' 1 m' j)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_2[OF Red _ _ DagVerifies DagAssms])
-apply (rule triangle_before_cfg_to_dag_prog.node_2)
-apply (rule triangle_before_passive_prog.node_2)
-apply (assumption+)
-apply (rule block_anon2_LoopBody)
-apply (assumption+)
-apply (rule Mods_anon2_LoopBody)
-apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_2))
-apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_2))
-apply (erule member_elim)
-apply (rule loop_ih_apply[where ?j'="j-1"])
-apply (rule IH_anon2_LoopHead)
-apply (simp, simp)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_sym)
-apply (simp)
-apply (simp)
-apply (rule dag_lemma_assms_state_wt_1[OF DagAssms])
-by (simp add: member_rec(2))
-
-
-lemma Mods_anon2_LoopHead:
-shows "(mods_contained_in (set [2,1]) triangle_before_cfg_to_dag_prog.block_1)"
-unfolding triangle_before_cfg_to_dag_prog.block_1_def
-by simp
-
-lemma block_anon2_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_1 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.block_3 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [2,1] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] triangle_before_passive_prog.block_3 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding triangle_before_cfg_to_dag_prog.block_1_def triangle_before_passive_prog.block_3_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply ((simp add:triangle_before_ast_to_cfg_prog.l_t(1)))
-apply ((simp add:triangle_before_ast_to_cfg_prog.l_m(1)))
-apply simp
-done
-
-lemma cfg_block_anon2_LoopHead:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 1),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [2,1] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 3),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post m' s')"
-using Red DagAssms
-proof (induction j arbitrary: ns1 rule: less_induct)
-case (less j)
-show ?case
-proof (cases j)
-case 0 with less.prems(1) show ?thesis unfolding Semantics.valid_configuration_def by auto
-next
-case (Suc j')
-from less(3) have StateRel1:"(nstate_same_on \<Lambda>1 ns1 ns2 (set [2,1]))"by (simp add: dag_lemma_assms_def)
-from less(3) have StateWt2:"(state_well_typed A \<Lambda>1 [] ns2)"by (simp add: dag_lemma_assms_def)
-show ?thesis
-apply (rule cfg_dag_helper_2[OF less(2) _ _ DagVerifies less(3)])
-apply (rule triangle_before_cfg_to_dag_prog.node_1)
-apply (rule triangle_before_passive_prog.node_3)
-apply (assumption+)
-apply (rule block_anon2_LoopHead)
-apply (assumption+)
-apply (rule Mods_anon2_LoopHead)
-apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_1))
-apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_1))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=1])
-apply ((simp add:triangle_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2_LoopDone)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=2])
-apply ((simp add:triangle_before_passive_prog.outEdges_3))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2_LoopBody)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply simp
-apply (fastforce)
-apply (simp)
-apply (simp)
-apply (rule loop_ih_prove)
-apply (rule less.IH)
-apply (erule strictly_smaller_helper, assumption, assumption)
-unfolding dag_lemma_assms_def
-apply (intro conjI, simp)
-apply (rule nstate_same_on_transitive_2[OF _ _ StateRel1])
-apply ((fastforce, simp, simp))
-apply (rule dag_lemma_assms_state_wt_2[OF less(3)])
-by (simp add: member_rec(2))
-qed
-qed
-
-
-lemma ty_hint_3:
-shows "(hint_ty_subst [])"
-by (simp add: hint_ty_subst_def)
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.block_4 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [(BinOp (Var 2) Eq (BinOp (BinOp (Var 1) Mul (BinOp (Var 1) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))),(BinOp (Var 1) Le (Var 0))] triangle_before_passive_prog.block_4 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding triangle_before_cfg_to_dag_prog.block_0_def triangle_before_passive_prog.block_4_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-apply (intro conjI)
-apply (erule type_safety_top_level_inv[OF Wf_Fun triangle_before_ast_to_cfg_prog.funcs_wf triangle_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} @{thms ty_hint_3} @{thms triangle_before_ast_to_cfg_prog.l_t(2) triangle_before_ast_to_cfg_prog.l_m(2)} [] 1\<close>))
-apply (erule type_safety_top_level_inv[OF Wf_Fun triangle_before_ast_to_cfg_prog.funcs_wf triangle_before_ast_to_cfg_prog.var_context_wf])
-apply (simp)
-apply ((tactic \<open> typing_tac @{context} [] @{thms triangle_before_ast_to_cfg_prog.l_m(2) triangle_before_ast_to_cfg_prog.l_n(2)} [] 1\<close>))
-
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_1[OF Red _ _ DagVerifies DagAssms])
-apply (rule triangle_before_cfg_to_dag_prog.node_0)
-apply (rule triangle_before_passive_prog.node_4)
-apply (assumption+)
-apply (rule block_anon0)
-apply (assumption+)
-apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_0))
-apply ((simp add:triangle_before_cfg_to_dag_prog.outEdges_0))
-apply (erule member_elim)
-apply simp
-apply (erule allE[where x=3])
-apply ((simp add:triangle_before_passive_prog.outEdges_4))
-apply ((simp add:member_rec(1)))
-apply (rule cfg_block_anon2_LoopHead)
-apply simp
-unfolding dag_lemma_assms_def
-apply (intro conjI)
-apply simp
-apply (erule nstate_same_on_empty_subset)
-apply (fastforce)
-apply (simp)
-apply (simp)
-by (simp add: member_rec(2))
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 5),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 4),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:triangle_before_passive_prog.outEdges_5))
-by ((simp add:triangle_before_passive_prog.node_5 triangle_before_passive_prog.block_5_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 6),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 triangle_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] triangle_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule triangle_before_passive_prog.node_6)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding triangle_before_passive_prog.block_6_def
-apply (rule assume_pres_normal[where ?es=triangle_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding triangle_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule triangle_before_passive_prog.outEdges_6)
-apply ((simp add:triangle_before_passive_prog.node_5 triangle_before_passive_prog.block_5_def))
-apply (rule triangle_before_passive_prog.outEdges_5)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A triangle_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> triangle_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) triangle_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns triangle_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] triangle_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] triangle_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule triangle_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy
deleted file mode 100644
index 3d7d195..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passification_proof.thy
+++ /dev/null
@@ -1,303 +0,0 @@
-theory triangle_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util triangle_before_ast_to_cfg_prog triangle_passive_prog Boogie_Lang.PassificationML triangle_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_GeneratedUnifiedExit:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 7)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old triangle_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding triangle_before_passive_prog.block_0_def triangle_passive_prog.block_0_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_anon2_LoopDone:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [7] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 3)))" and 
-"((R 0) = (Some (Inl 0)))" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [7])) (update_nstate_rel R [(2,(Inl 7))]) R_old triangle_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding triangle_before_passive_prog.block_1_def triangle_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:triangle_before_ast_to_cfg_prog.l_t(2) triangle_passive_prog.l_t_2(2)))
-by simp
-
-lemma block_anon2_LoopBody:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [5,6,7] R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 3)))" and 
-"((R 0) = (Some (Inl 0)))" and 
-"((R 1) = (Some (Inl 4)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [5,6,7])) (update_nstate_rel R [(2,(Inl 5)),(1,(Inl 6)),(2,(Inl 7))]) R_old triangle_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding triangle_before_passive_prog.block_2_def triangle_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:triangle_before_ast_to_cfg_prog.l_t(2) triangle_passive_prog.l_t_1(2)))
-apply ((simp add:triangle_before_ast_to_cfg_prog.l_m(2) triangle_passive_prog.l_m_1(2)))
-apply ((simp add:triangle_before_ast_to_cfg_prog.l_t(2) triangle_passive_prog.l_t_2(2)))
-by simp
-
-lemma block_anon2_LoopHead:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_3 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [3,4] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [3,4])) (update_nstate_rel R [(2,(Inl 3)),(1,(Inl 4))]) R_old triangle_passive_prog.block_3 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding triangle_before_passive_prog.block_3_def triangle_passive_prog.block_3_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-apply ((simp add:triangle_before_ast_to_cfg_prog.l_t(2) triangle_passive_prog.l_t_0(2)))
-apply ((simp add:triangle_before_ast_to_cfg_prog.l_m(2) triangle_passive_prog.l_m_0(2)))
-by simp
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_4 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R [(1,(Inr (LInt 0))),(2,(Inr (LInt 0)))]) R_old triangle_passive_prog.block_4 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding triangle_before_passive_prog.block_4_def triangle_passive_prog.block_4_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_5 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old triangle_passive_prog.block_5 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding triangle_before_passive_prog.block_5_def triangle_passive_prog.block_5_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.block_6 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 0)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old triangle_passive_prog.block_6 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding triangle_before_passive_prog.block_6_def triangle_passive_prog.block_6_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 7)))" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_0},@{thm triangle_before_passive_prog.outEdges_0}) (@{thm triangle_passive_prog.node_0},@{thm triangle_passive_prog.outEdges_0}) @{thm block_GeneratedUnifiedExit} [] 1\<close>))
-
-lemma cfg_block_anon2_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 7 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 3)))" and 
-"((R 0) = (Some (Inl 0)))" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_1},@{thm triangle_before_passive_prog.outEdges_1}) (@{thm triangle_passive_prog.node_1},@{thm triangle_passive_prog.outEdges_1}) @{thm block_anon2_LoopDone} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon2_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 5 R R_old U0 D0 n_s)" and 
-"((R 2) = (Some (Inl 3)))" and 
-"((R 0) = (Some (Inl 0)))" and 
-"((R 1) = (Some (Inl 4)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_2},@{thm triangle_before_passive_prog.outEdges_2}) (@{thm triangle_passive_prog.node_2},@{thm triangle_passive_prog.outEdges_2}) @{thm block_anon2_LoopBody} [
-@{thm cfg_block_GeneratedUnifiedExit}] 1\<close>))
-
-lemma cfg_block_anon2_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 3)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_3},@{thm triangle_before_passive_prog.outEdges_3}) (@{thm triangle_passive_prog.node_3},@{thm triangle_passive_prog.outEdges_3}) @{thm block_anon2_LoopHead} [
-@{thm cfg_block_anon2_LoopDone}, 
-@{thm cfg_block_anon2_LoopBody}] 1\<close>))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 4)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_4},@{thm triangle_before_passive_prog.outEdges_4}) (@{thm triangle_passive_prog.node_4},@{thm triangle_passive_prog.outEdges_4}) @{thm block_anon0} [
-@{thm cfg_block_anon2_LoopHead}] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 5)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_5},@{thm triangle_before_passive_prog.outEdges_5}) (@{thm triangle_passive_prog.node_5},@{thm triangle_passive_prog.outEdges_5}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> triangle_before_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 3 R R_old U0 D0 n_s)" and 
-"((R 0) = (Some (Inl 0)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> triangle_passive_prog.proc_body u (Inl 6)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm triangle_before_passive_prog.node_6},@{thm triangle_before_passive_prog.outEdges_6}) (@{thm triangle_passive_prog.node_6},@{thm triangle_passive_prog.outEdges_6}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_before_ast_to_cfg_prog.params_vdecls triangle_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] triangle_before_passive_prog.proc_body ((Inl 6),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A triangle_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> triangle_before_ast_to_cfg_prog.constants_vdecls ns triangle_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = [(0,(Inl 0))]"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-apply ((simp add:triangle_before_ast_to_cfg_prog.l_n(2) triangle_passive_prog.l_n(2)))
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv triangle_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding triangle_before_ast_to_cfg_prog.constants_vdecls_def triangle_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding triangle_passive_prog.params_vdecls_def triangle_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using triangle_before_passive_prog.globals_locals_disj apply auto[1]
-using triangle_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] triangle_passive_prog.proc_body u (Inl 6)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range triangle_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] triangle_passive_prog.proc_body ((Inl 6),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from triangle_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy
deleted file mode 100644
index c4e7972..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_passive_prog.thy
+++ /dev/null
@@ -1,184 +0,0 @@
-theory triangle_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util triangle_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (BinOp (Var 7) Eq (BinOp (BinOp (Var 0) Mul (BinOp (Var 0) Sub (Lit (LInt 1)))) Div (Lit (LInt 2)))))]"
-definition block_1
-  where
-    "block_1  = [(Assume (BinOp (Var 0) Le (Var 4))),(Assume (BinOp (Var 7) Eq (Var 3)))]"
-definition block_2
-  where
-    "block_2  = [(Assume (BinOp (Var 4) Lt (Var 0))),(Assume (BinOp (Var 5) Eq (BinOp (Var 3) Add (Var 4)))),(Assume (BinOp (Var 6) Eq (BinOp (Var 4) Add (Lit (LInt 1))))),(Assert (BinOp (Var 5) Eq (BinOp (BinOp (Var 6) Mul (BinOp (Var 6) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assert (BinOp (Var 6) Le (Var 0))),(Assume (Lit (LBool False))),(Assume (BinOp (Var 7) Eq (Var 5)))]"
-definition block_3
-  where
-    "block_3  = [(Assume (BinOp (Var 3) Eq (BinOp (BinOp (Var 4) Mul (BinOp (Var 4) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assume (BinOp (Var 4) Le (Var 0)))]"
-definition block_4
-  where
-    "block_4  = [(Assert (BinOp (Lit (LInt 0)) Eq (BinOp (BinOp (Lit (LInt 0)) Mul (BinOp (Lit (LInt 0)) Sub (Lit (LInt 1)))) Div (Lit (LInt 2))))),(Assert (BinOp (Lit (LInt 0)) Le (Var 0)))]"
-definition block_5
-  where
-    "block_5  = []"
-definition block_6
-  where
-    "block_6  = [(Assume (BinOp (Var 0) Ge (Lit (LInt 0))))]"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[0],[1,2],[3],[4],[5]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2,block_3,block_4,block_5,block_6]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 6,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_3:
-shows "((nth (node_to_block proc_body) 3) = block_3)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_4:
-shows "((nth (node_to_block proc_body) 4) = block_4)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_5:
-shows "((nth (node_to_block proc_body) 5) = block_5)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_6:
-shows "((nth (node_to_block proc_body) 6) = block_6)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_3:
-shows "((nth (out_edges proc_body) 3) = [1,2])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_4:
-shows "((nth (out_edges proc_body) 4) = [3])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_5:
-shows "((nth (out_edges proc_body) 5) = [4])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_6:
-shows "((nth (out_edges proc_body) 6) = [5])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(1,(TPrim TInt),(None )),(3,(TPrim TInt),(None )),(4,(TPrim TInt),(None )),(5,(TPrim TInt),(None )),(6,(TPrim TInt),(None )),(7,(TPrim TInt),(None )),(2,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding triangle_passive_prog.params_vdecls_def triangle_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)))) = {})"
-unfolding triangle_before_ast_to_cfg_prog.constants_vdecls_def triangle_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_n:
-shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_m:
-shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_t_0:
-shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 3) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_m_0:
-shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 4) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_t_1:
-shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 5) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_m_1:
-shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 6) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_t_2:
-shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 7) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_t:
-shows "((map_of (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls) 2) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_n:
-shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_n
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_m:
-shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_t_0:
-shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 3) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 3) = (Some (TPrim TInt)))"
-using globals_locals_disj m_t_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_m_0:
-shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 4) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 4) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m_0
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_t_1:
-shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 5) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 5) = (Some (TPrim TInt)))"
-using globals_locals_disj m_t_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_m_1:
-shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 6) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 6) = (Some (TPrim TInt)))"
-using globals_locals_disj m_m_1
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_t_2:
-shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 7) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 7) = (Some (TPrim TInt)))"
-using globals_locals_disj m_t_2
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_t:
-shows "((lookup_var_decl ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 2) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) 2) = (Some (TPrim TInt)))"
-using globals_locals_disj m_t
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy
deleted file mode 100644
index 88110ad..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/triangle_example_proofs/triangle_proofs/triangle_vcphase_proof.thy
+++ /dev/null
@@ -1,309 +0,0 @@
-theory triangle_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML triangle_passive_prog triangle_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon2_LoopBody
-  where
-    "vc_anon2_LoopBody m_0 n t_1 t_0 m_1 = ((m_0 < n) \<longrightarrow> (((t_1 = (t_0 + m_0)) \<and> (m_1 = (m_0 + (1::int)))) \<longrightarrow> ((t_1 = (smt_div (m_1 * (m_1 - (1::int))) (2::int))) \<and> ((t_1 = (smt_div (m_1 * (m_1 - (1::int))) (2::int))) \<longrightarrow> (m_1 \<le> n)))))"
-definition vc_GeneratedUnifiedExit
-  where
-    "vc_GeneratedUnifiedExit t_2 n = (t_2 = (smt_div (n * (n - (1::int))) (2::int)))"
-definition vc_anon2_LoopDone
-  where
-    "vc_anon2_LoopDone n m_0 t_2 t_0 = (((n \<le> m_0) \<and> (t_2 = t_0)) \<longrightarrow> (vc_GeneratedUnifiedExit t_2 n))"
-definition vc_anon2_LoopHead
-  where
-    "vc_anon2_LoopHead t_0 m_0 n t_2 t_1 m_1 = (((t_0 = (smt_div (m_0 * (m_0 - (1::int))) (2::int))) \<and> (m_0 \<le> n)) \<longrightarrow> ((vc_anon2_LoopDone n m_0 t_2 t_0) \<and> (vc_anon2_LoopBody m_0 n t_1 t_0 m_1)))"
-definition vc_anon0
-  where
-    "vc_anon0 n t_0 m_0 t_2 t_1 m_1 = (((0::int) = (smt_div ((0::int) * ((0::int) - (1::int))) (2::int))) \<and> (((0::int) = (smt_div ((0::int) * ((0::int) - (1::int))) (2::int))) \<longrightarrow> (((0::int) \<le> n) \<and> (((0::int) \<le> n) \<longrightarrow> (vc_anon2_LoopHead t_0 m_0 n t_2 t_1 m_1)))))"
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry n t_0 m_0 t_2 t_1 m_1 = ((n \<ge> (0::int)) \<longrightarrow> (vc_anon0 n t_0 m_0 t_2 t_1 m_1))"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and vc_n :: "int" and vc_m :: "int" and vc_t_0 :: "int" and vc_m_0 :: "int" and vc_t_1 :: "int" and vc_m_1 :: "int" and vc_t_2 :: "int" and vc_t :: "int"
-assumes 
-G0: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_n)))" and 
-G1: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_m)))" and 
-G2: "((lookup_var \<Lambda> n_s 3) = (Some (IntV vc_t_0)))" and 
-G3: "((lookup_var \<Lambda> n_s 4) = (Some (IntV vc_m_0)))" and 
-G4: "((lookup_var \<Lambda> n_s 5) = (Some (IntV vc_t_1)))" and 
-G5: "((lookup_var \<Lambda> n_s 6) = (Some (IntV vc_m_1)))" and 
-G6: "((lookup_var \<Lambda> n_s 7) = (Some (IntV vc_t_2)))" and 
-G7: "((lookup_var \<Lambda> n_s 2) = (Some (IntV vc_t)))" and 
-G8: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4 G5 G6 G7 G8
-lemmas forall_poly_thm = forall_vc_type[OF G8]
-lemmas exists_poly_thm = exists_vc_type[OF G8]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_GeneratedUnifiedExit_hints = [
-(AssertNoConj,NONE)]
-\<close>
-lemma block_GeneratedUnifiedExitAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_GeneratedUnifiedExit vc_t_2 vc_n) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding triangle_passive_prog.block_0_def vc.vc_GeneratedUnifiedExit_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_GeneratedUnifiedExit_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon2_LoopDone_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon2_LoopDoneAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_1 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2_LoopDone vc_n vc_m_0 vc_t_2 vc_t_0) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_GeneratedUnifiedExit vc_t_2 vc_n)))))))"
-unfolding triangle_passive_prog.block_1_def vc.vc_anon2_LoopDone_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopDone_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon2_LoopBody_hints = [
-(AssumeConjR 0,NONE), 
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE), 
-(AssertSub,NONE), 
-(AssertNoConj,NONE), 
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon2_LoopBodyAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2_LoopBody vc_m_0 vc_n vc_t_1 vc_t_0 vc_m_1) \<Longrightarrow> (s' = Magic)))"
-unfolding triangle_passive_prog.block_2_def vc.vc_anon2_LoopBody_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopBody_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon2_LoopHead_hints = [
-(AssumeConjR 1,NONE), 
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_anon2_LoopHeadAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_3 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon2_LoopHead vc_t_0 vc_m_0 vc_n vc_t_2 vc_t_1 vc_m_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> ((vc.vc_anon2_LoopDone vc_n vc_m_0 vc_t_2 vc_t_0) \<and> (vc.vc_anon2_LoopBody vc_m_0 vc_n vc_t_1 vc_t_0 vc_m_1))))))))"
-unfolding triangle_passive_prog.block_3_def vc.vc_anon2_LoopHead_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon2_LoopHead_hints \<close>)
-by (auto?)
-
-ML\<open>
-val block_anon0_hints = [
-(AssertSub,NONE), 
-(AssertSub,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_4 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon2_LoopHead vc_t_0 vc_m_0 vc_n vc_t_2 vc_t_1 vc_m_1)))))))"
-unfolding triangle_passive_prog.block_4_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_5 (Normal n_s) s')" and 
-"(vc.vc_anon0 vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1)"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1)))))"
-using assms
-unfolding triangle_passive_prog.block_5_def
-apply cases
-by auto
-
-ML\<open>
-val block_PreconditionGeneratedEntry_hints = [
-(AssumeConjR 0,NONE)]
-\<close>
-lemma block_PreconditionGeneratedEntryAA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.block_6 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1)))))))"
-unfolding triangle_passive_prog.block_6_def vc.vc_PreconditionGeneratedEntry_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_PreconditionGeneratedEntry_hints \<close>)
-by (auto?)
-
-lemma cfg_block_GeneratedUnifiedExit:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_GeneratedUnifiedExit vc_t_2 vc_n)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) triangle_passive_prog.node_0 triangle_passive_prog.outEdges_0])
-using block_GeneratedUnifiedExitAA0[OF _ assms(2)] by blast
-
-lemma cfg_block_anon2_LoopDone:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon2_LoopDone vc_n vc_m_0 vc_t_2 vc_t_0)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) triangle_passive_prog.node_1])
-apply (erule block_anon2_LoopDoneAA0[OF _ assms(2)])
-apply ((simp add:triangle_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_GeneratedUnifiedExit, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon2_LoopBody:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon2_LoopBody vc_m_0 vc_n vc_t_1 vc_t_0 vc_m_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) triangle_passive_prog.node_2])
-by (erule block_anon2_LoopBodyAA0[OF _ assms(2)])
-
-lemma cfg_block_anon2_LoopHead:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 3),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon2_LoopHead vc_t_0 vc_m_0 vc_n vc_t_2 vc_t_1 vc_m_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) triangle_passive_prog.node_3])
-apply (erule block_anon2_LoopHeadAA0[OF _ assms(2)])
-apply ((simp add:triangle_passive_prog.outEdges_3))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2_LoopDone, simp?)
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2_LoopBody, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 4),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) triangle_passive_prog.node_4])
-apply (erule block_anon0AA0[OF _ assms(2)])
-apply ((simp add:triangle_passive_prog.outEdges_4))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon2_LoopHead, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 5),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) triangle_passive_prog.node_5])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:triangle_passive_prog.outEdges_5))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> triangle_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) triangle_passive_prog.node_6])
-apply (erule block_PreconditionGeneratedEntryAA0[OF _ assms(2)])
-apply ((simp add:triangle_passive_prog.outEdges_6))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls)) \<Gamma> [] triangle_passive_prog.proc_body ((Inl 6),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_n::int) (vc_m::int) (vc_t_0::int) (vc_m_0::int) (vc_t_1::int) (vc_m_1::int) (vc_t_2::int) (vc_t::int). (vc.vc_PreconditionGeneratedEntry vc_n vc_t_0 vc_m_0 vc_t_2 vc_t_1 vc_m_1))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A triangle_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> triangle_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) triangle_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s triangle_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append triangle_before_ast_to_cfg_prog.constants_vdecls triangle_before_ast_to_cfg_prog.globals_vdecls),(append triangle_passive_prog.params_vdecls triangle_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((triangle_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-from ParamsLocal have sc_n:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_n])
-apply (subst lookup_var_local[OF triangle_passive_prog.m_n])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_m:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_m])
-apply (subst lookup_var_local[OF triangle_passive_prog.m_m])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_t_0:"(((lookup_var ?\<Lambda> n_s 3) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 3)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 3))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_t_0])
-apply (subst lookup_var_local[OF triangle_passive_prog.m_t_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_m_0:"(((lookup_var ?\<Lambda> n_s 4) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 4)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 4))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_m_0])
-apply (subst lookup_var_local[OF triangle_passive_prog.m_m_0])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_t_1:"(((lookup_var ?\<Lambda> n_s 5) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 5)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 5))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_t_1])
-apply (subst lookup_var_local[OF triangle_passive_prog.m_t_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_m_1:"(((lookup_var ?\<Lambda> n_s 6) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 6)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 6))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_m_1])
-apply (subst lookup_var_local[OF triangle_passive_prog.m_m_1])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_t_2:"(((lookup_var ?\<Lambda> n_s 7) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 7)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 7))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_t_2])
-apply (subst lookup_var_local[OF triangle_passive_prog.m_t_2])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_t:"(((lookup_var ?\<Lambda> n_s 2) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 2)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 2))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF triangle_passive_prog.m_t])
-apply (subst lookup_var_local[OF triangle_passive_prog.m_t])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_block_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (rule HOL.conjunct1[OF sc_n])
-apply (rule HOL.conjunct1[OF sc_m])
-apply (rule HOL.conjunct1[OF sc_t_0])
-apply (rule HOL.conjunct1[OF sc_m_0])
-apply (rule HOL.conjunct1[OF sc_t_1])
-apply (rule HOL.conjunct1[OF sc_m_1])
-apply (rule HOL.conjunct1[OF sc_t_2])
-apply (rule HOL.conjunct1[OF sc_t])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/ROOT
deleted file mode 100644
index b78f844..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session trivial_assert_false_proofs = Boogie_Lang + 
-directories trivial_assert_false_proofs
-theories
-global_data
-"trivial_assert_false_proofs/trivial_assert_false_passive_prog"
-"trivial_assert_false_proofs/trivial_assert_false_before_ast_to_cfg_prog"
-"trivial_assert_false_proofs/trivial_assert_false_cfgtodag_proof"
-"trivial_assert_false_proofs/trivial_assert_false_asttocfg_proof"
-"trivial_assert_false_proofs/trivial_assert_false_before_passive_prog"
-"trivial_assert_false_proofs/trivial_assert_false_passification_proof"
-"trivial_assert_false_proofs/trivial_assert_false_vcphase_proof"
-"trivial_assert_false_proofs/trivial_assert_false_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_asttocfg_proof.thy
deleted file mode 100644
index af133d6..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_asttocfg_proof.thy
+++ /dev/null
@@ -1,138 +0,0 @@
-theory trivial_assert_false_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML trivial_assert_false_before_ast_to_cfg_prog trivial_assert_false_before_cfg_to_dag_prog trivial_assert_false_cfgtodag_proof trivial_assert_false_passification_proof trivial_assert_false_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A trivial_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_trivial_assert_false_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (trivial_assert_false_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of trivial_assert_false_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.bigblock_0_def trivial_assert_false_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: trivial_assert_false_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: trivial_assert_false_before_cfg_to_dag_prog.block_0_def trivial_assert_false_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_trivial_assert_false_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (trivial_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end trivial_assert_false_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] trivial_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of trivial_assert_false_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp)
-apply (simp)
-apply (rule cont_0_def)
-apply (rule trivial_assert_false_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-apply (rule trivial_assert_false_before_cfg_to_dag_prog.block_0_def)
-apply (rule trivial_assert_false_before_cfg_to_dag_prog.outEdges_0)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: trivial_assert_false_before_cfg_to_dag_prog.node_0)
-apply (rule rel_trivial_assert_false_before_ast_to_cfg_prog_bigblock_0)
-apply assumption+
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (trivial_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(vc.vc_PreconditionGeneratedEntry )" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A trivial_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) trivial_assert_false_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns trivial_assert_false_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] trivial_assert_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (trivial_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_trivial_assert_false_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.pres_def trivial_assert_false_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.pres_def trivial_assert_false_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (trivial_assert_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(vc.vc_PreconditionGeneratedEntry )"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) trivial_assert_false_before_ast_to_cfg_prog.fdecls trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls trivial_assert_false_before_ast_to_cfg_prog.axioms trivial_assert_false_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding trivial_assert_false_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 trivial_assert_false_before_ast_to_cfg_prog.ast_proc_def trivial_assert_false_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_ast_to_cfg_prog.thy
deleted file mode 100644
index cdfa475..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,96 +0,0 @@
-theory trivial_assert_false_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assert (Lit (LBool False)))] (None ) (None ))"
-definition cont_0
-  where
-    "cont_0  = KStop"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = []"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = trivial_assert_false_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec trivial_assert_false_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec trivial_assert_false_before_ast_to_cfg_prog.post),proc_body = (Some (trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls,trivial_assert_false_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_cfg_to_dag_prog.thy
deleted file mode 100644
index 821b938..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,107 +0,0 @@
-theory trivial_assert_false_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (Lit (LBool False)))]"
-definition outEdges
-  where
-    "outEdges  = [[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = []"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append trivial_assert_false_before_cfg_to_dag_prog.params_vdecls trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assert_false_before_cfg_to_dag_prog.params_vdecls trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assert_false_before_cfg_to_dag_prog.params_vdecls trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append trivial_assert_false_before_cfg_to_dag_prog.params_vdecls trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls_def trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding trivial_assert_false_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append trivial_assert_false_before_cfg_to_dag_prog.constants_vdecls trivial_assert_false_before_cfg_to_dag_prog.globals_vdecls),(append trivial_assert_false_before_cfg_to_dag_prog.params_vdecls trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = trivial_assert_false_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec trivial_assert_false_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec trivial_assert_false_before_cfg_to_dag_prog.post),proc_body = (Some (trivial_assert_false_before_cfg_to_dag_prog.locals_vdecls,trivial_assert_false_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_passive_prog.thy
deleted file mode 100644
index 71de04f..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_before_passive_prog.thy
+++ /dev/null
@@ -1,62 +0,0 @@
-theory trivial_assert_false_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util trivial_assert_false_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (Lit (LBool False)))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding trivial_assert_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_cfgtodag_proof.thy
deleted file mode 100644
index b1fd9cc..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_cfgtodag_proof.thy
+++ /dev/null
@@ -1,135 +0,0 @@
-theory trivial_assert_false_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML trivial_assert_false_before_ast_to_cfg_prog trivial_assert_false_before_cfg_to_dag_prog trivial_assert_false_before_passive_prog trivial_assert_false_passification_proof trivial_assert_false_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A trivial_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] trivial_assert_false_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding trivial_assert_false_before_cfg_to_dag_prog.block_0_def trivial_assert_false_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] trivial_assert_false_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule trivial_assert_false_before_cfg_to_dag_prog.node_0)
-apply (rule trivial_assert_false_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding trivial_assert_false_before_ast_to_cfg_prog.post_def
-apply (rule block_anon0)
-apply assumption+
-by (rule trivial_assert_false_before_cfg_to_dag_prog.outEdges_0)
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:trivial_assert_false_before_passive_prog.outEdges_1))
-by ((simp add:trivial_assert_false_before_passive_prog.node_1 trivial_assert_false_before_passive_prog.block_1_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assert_false_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 trivial_assert_false_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] trivial_assert_false_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule trivial_assert_false_before_passive_prog.node_2)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding trivial_assert_false_before_passive_prog.block_2_def
-apply (rule assume_pres_normal[where ?es=trivial_assert_false_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding trivial_assert_false_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule trivial_assert_false_before_passive_prog.outEdges_2)
-apply ((simp add:trivial_assert_false_before_passive_prog.node_1 trivial_assert_false_before_passive_prog.block_1_def))
-apply (rule trivial_assert_false_before_passive_prog.outEdges_1)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(vc.vc_PreconditionGeneratedEntry )" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A trivial_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) trivial_assert_false_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns trivial_assert_false_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] trivial_assert_false_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] trivial_assert_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule trivial_assert_false_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passification_proof.thy
deleted file mode 100644
index 4ec3c20..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passification_proof.thy
+++ /dev/null
@@ -1,195 +0,0 @@
-theory trivial_assert_false_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util trivial_assert_false_before_ast_to_cfg_prog trivial_assert_false_passive_prog Boogie_Lang.PassificationML trivial_assert_false_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> trivial_assert_false_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old trivial_assert_false_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding trivial_assert_false_before_passive_prog.block_0_def trivial_assert_false_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> trivial_assert_false_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old trivial_assert_false_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding trivial_assert_false_before_passive_prog.block_1_def trivial_assert_false_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> trivial_assert_false_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old trivial_assert_false_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding trivial_assert_false_before_passive_prog.block_2_def trivial_assert_false_passive_prog.block_2_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> trivial_assert_false_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> trivial_assert_false_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm trivial_assert_false_before_passive_prog.node_0},@{thm trivial_assert_false_before_passive_prog.outEdges_0}) (@{thm trivial_assert_false_passive_prog.node_0},@{thm trivial_assert_false_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> trivial_assert_false_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> trivial_assert_false_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm trivial_assert_false_before_passive_prog.node_1},@{thm trivial_assert_false_before_passive_prog.outEdges_1}) (@{thm trivial_assert_false_passive_prog.node_1},@{thm trivial_assert_false_passive_prog.outEdges_1}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> trivial_assert_false_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> trivial_assert_false_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm trivial_assert_false_before_passive_prog.node_2},@{thm trivial_assert_false_before_passive_prog.outEdges_2}) (@{thm trivial_assert_false_passive_prog.node_2},@{thm trivial_assert_false_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_before_ast_to_cfg_prog.params_vdecls trivial_assert_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] trivial_assert_false_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
-VC: "(vc.vc_PreconditionGeneratedEntry )" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A trivial_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls ns trivial_assert_false_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv trivial_assert_false_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding trivial_assert_false_passive_prog.params_vdecls_def trivial_assert_false_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using trivial_assert_false_before_passive_prog.globals_locals_disj apply auto[1]
-using trivial_assert_false_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] trivial_assert_false_passive_prog.proc_body u (Inl 2)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range trivial_assert_false_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] trivial_assert_false_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from trivial_assert_false_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passive_prog.thy
deleted file mode 100644
index b402a28..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_passive_prog.thy
+++ /dev/null
@@ -1,68 +0,0 @@
-theory trivial_assert_false_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util trivial_assert_false_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assert (Lit (LBool False)))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = []"
-lemma locals_min_aux:
-shows "(((map fst (append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding trivial_assert_false_passive_prog.params_vdecls_def trivial_assert_false_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls)))) = {})"
-unfolding trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_vcphase_proof.thy
deleted file mode 100644
index 5d52a38..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assert_false_proofs/trivial_assert_false_proofs/trivial_assert_false_vcphase_proof.thy
+++ /dev/null
@@ -1,141 +0,0 @@
-theory trivial_assert_false_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML trivial_assert_false_passive_prog trivial_assert_false_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0  = False"
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry  = (vc_anon0 )"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon0_hints = [
-(AssertFalse,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> trivial_assert_false_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 ) \<Longrightarrow> (s' = Magic)))"
-unfolding trivial_assert_false_passive_prog.block_0_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> trivial_assert_false_passive_prog.block_1 (Normal n_s) s')" and 
-"(vc.vc_anon0 )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))"
-using assms
-unfolding trivial_assert_false_passive_prog.block_1_def
-apply cases
-by auto
-
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> trivial_assert_false_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 )))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding trivial_assert_false_passive_prog.block_2_def vc.vc_PreconditionGeneratedEntry_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> trivial_assert_false_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) trivial_assert_false_passive_prog.node_0])
-by (erule block_anon0AA0[OF _ assms(2)])
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> trivial_assert_false_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) trivial_assert_false_passive_prog.node_1])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:trivial_assert_false_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> trivial_assert_false_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) trivial_assert_false_passive_prog.node_2])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:trivial_assert_false_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls)) \<Gamma> [] trivial_assert_false_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-VC: "(vc.vc_PreconditionGeneratedEntry )" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A trivial_assert_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) trivial_assert_false_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls trivial_assert_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assert_false_passive_prog.params_vdecls trivial_assert_false_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((trivial_assert_false_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/ROOT
deleted file mode 100644
index 35242f5..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session trivial_assume_false_proofs = Boogie_Lang + 
-directories trivial_assume_false_proofs
-theories
-global_data
-"trivial_assume_false_proofs/trivial_assume_false_vcphase_proof"
-"trivial_assume_false_proofs/trivial_assume_false_cfgtodag_proof"
-"trivial_assume_false_proofs/trivial_assume_false_passification_proof"
-"trivial_assume_false_proofs/trivial_assume_false_before_ast_to_cfg_prog"
-"trivial_assume_false_proofs/trivial_assume_false_before_cfg_to_dag_prog"
-"trivial_assume_false_proofs/trivial_assume_false_passive_prog"
-"trivial_assume_false_proofs/trivial_assume_false_asttocfg_proof"
-"trivial_assume_false_proofs/trivial_assume_false_before_passive_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/global_data.thy
deleted file mode 100644
index e09ac86..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/global_data.thy
+++ /dev/null
@@ -1,32 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_asttocfg_proof.thy
deleted file mode 100644
index 8e93906..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_asttocfg_proof.thy
+++ /dev/null
@@ -1,138 +0,0 @@
-theory trivial_assume_false_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML trivial_assume_false_before_ast_to_cfg_prog trivial_assume_false_before_cfg_to_dag_prog trivial_assume_false_cfgtodag_proof trivial_assume_false_passification_proof trivial_assume_false_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A trivial_assume_false_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_trivial_assume_false_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (trivial_assume_false_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of trivial_assume_false_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.bigblock_0_def trivial_assume_false_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: trivial_assume_false_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: trivial_assume_false_before_cfg_to_dag_prog.block_0_def trivial_assume_false_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_trivial_assume_false_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (trivial_assume_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end trivial_assume_false_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] trivial_assume_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of trivial_assume_false_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp)
-apply (simp)
-apply (rule cont_0_def)
-apply (rule trivial_assume_false_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-apply (rule trivial_assume_false_before_cfg_to_dag_prog.block_0_def)
-apply (rule trivial_assume_false_before_cfg_to_dag_prog.outEdges_0)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: trivial_assume_false_before_cfg_to_dag_prog.node_0)
-apply (rule rel_trivial_assume_false_before_ast_to_cfg_prog_bigblock_0)
-apply assumption+
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (trivial_assume_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(vc.vc_PreconditionGeneratedEntry )" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A trivial_assume_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) trivial_assume_false_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns trivial_assume_false_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] trivial_assume_false_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (trivial_assume_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_trivial_assume_false_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.pres_def trivial_assume_false_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.pres_def trivial_assume_false_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (trivial_assume_false_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(vc.vc_PreconditionGeneratedEntry )"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) trivial_assume_false_before_ast_to_cfg_prog.fdecls trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls trivial_assume_false_before_ast_to_cfg_prog.axioms trivial_assume_false_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding trivial_assume_false_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 trivial_assume_false_before_ast_to_cfg_prog.ast_proc_def trivial_assume_false_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_ast_to_cfg_prog.thy
deleted file mode 100644
index 26b6b63..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,96 +0,0 @@
-theory trivial_assume_false_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assume (Lit (LBool False)))] (None ) (None ))"
-definition cont_0
-  where
-    "cont_0  = KStop"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = []"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = trivial_assume_false_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec trivial_assume_false_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec trivial_assume_false_before_ast_to_cfg_prog.post),proc_body = (Some (trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls,trivial_assume_false_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_cfg_to_dag_prog.thy
deleted file mode 100644
index e879245..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,107 +0,0 @@
-theory trivial_assume_false_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assume (Lit (LBool False)))]"
-definition outEdges
-  where
-    "outEdges  = [[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = []"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = []"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append trivial_assume_false_before_cfg_to_dag_prog.params_vdecls trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assume_false_before_cfg_to_dag_prog.params_vdecls trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assume_false_before_cfg_to_dag_prog.params_vdecls trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append trivial_assume_false_before_cfg_to_dag_prog.params_vdecls trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls_def trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding trivial_assume_false_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append trivial_assume_false_before_cfg_to_dag_prog.constants_vdecls trivial_assume_false_before_cfg_to_dag_prog.globals_vdecls),(append trivial_assume_false_before_cfg_to_dag_prog.params_vdecls trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = trivial_assume_false_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec trivial_assume_false_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec trivial_assume_false_before_cfg_to_dag_prog.post),proc_body = (Some (trivial_assume_false_before_cfg_to_dag_prog.locals_vdecls,trivial_assume_false_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_passive_prog.thy
deleted file mode 100644
index d016365..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_before_passive_prog.thy
+++ /dev/null
@@ -1,62 +0,0 @@
-theory trivial_assume_false_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util trivial_assume_false_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assume (Lit (LBool False)))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding trivial_assume_false_before_ast_to_cfg_prog.params_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_cfgtodag_proof.thy
deleted file mode 100644
index 78b8a8b..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_cfgtodag_proof.thy
+++ /dev/null
@@ -1,135 +0,0 @@
-theory trivial_assume_false_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML trivial_assume_false_before_ast_to_cfg_prog trivial_assume_false_before_cfg_to_dag_prog trivial_assume_false_before_passive_prog trivial_assume_false_passification_proof trivial_assume_false_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A trivial_assume_false_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] trivial_assume_false_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding trivial_assume_false_before_cfg_to_dag_prog.block_0_def trivial_assume_false_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] trivial_assume_false_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule trivial_assume_false_before_cfg_to_dag_prog.node_0)
-apply (rule trivial_assume_false_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding trivial_assume_false_before_ast_to_cfg_prog.post_def
-apply (rule block_anon0)
-apply assumption+
-by (rule trivial_assume_false_before_cfg_to_dag_prog.outEdges_0)
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:trivial_assume_false_before_passive_prog.outEdges_1))
-by ((simp add:trivial_assume_false_before_passive_prog.node_1 trivial_assume_false_before_passive_prog.block_1_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] trivial_assume_false_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 trivial_assume_false_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] trivial_assume_false_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule trivial_assume_false_before_passive_prog.node_2)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding trivial_assume_false_before_passive_prog.block_2_def
-apply (rule assume_pres_normal[where ?es=trivial_assume_false_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding trivial_assume_false_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule trivial_assume_false_before_passive_prog.outEdges_2)
-apply ((simp add:trivial_assume_false_before_passive_prog.node_1 trivial_assume_false_before_passive_prog.block_1_def))
-apply (rule trivial_assume_false_before_passive_prog.outEdges_1)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(vc.vc_PreconditionGeneratedEntry )" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A trivial_assume_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) trivial_assume_false_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns trivial_assume_false_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] trivial_assume_false_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] trivial_assume_false_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule trivial_assume_false_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passification_proof.thy
deleted file mode 100644
index bfdc8a5..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passification_proof.thy
+++ /dev/null
@@ -1,195 +0,0 @@
-theory trivial_assume_false_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util trivial_assume_false_before_ast_to_cfg_prog trivial_assume_false_passive_prog Boogie_Lang.PassificationML trivial_assume_false_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> trivial_assume_false_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old trivial_assume_false_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding trivial_assume_false_before_passive_prog.block_0_def trivial_assume_false_passive_prog.block_0_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> trivial_assume_false_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old trivial_assume_false_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding trivial_assume_false_before_passive_prog.block_1_def trivial_assume_false_passive_prog.block_1_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> trivial_assume_false_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old trivial_assume_false_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding trivial_assume_false_before_passive_prog.block_2_def trivial_assume_false_passive_prog.block_2_def
-apply (passive_rel_tac)
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> trivial_assume_false_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> trivial_assume_false_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm trivial_assume_false_before_passive_prog.node_0},@{thm trivial_assume_false_before_passive_prog.outEdges_0}) (@{thm trivial_assume_false_passive_prog.node_0},@{thm trivial_assume_false_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> trivial_assume_false_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> trivial_assume_false_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm trivial_assume_false_before_passive_prog.node_1},@{thm trivial_assume_false_before_passive_prog.outEdges_1}) (@{thm trivial_assume_false_passive_prog.node_1},@{thm trivial_assume_false_passive_prog.outEdges_1}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> trivial_assume_false_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> trivial_assume_false_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} [] (@{thm trivial_assume_false_before_passive_prog.node_2},@{thm trivial_assume_false_before_passive_prog.outEdges_2}) (@{thm trivial_assume_false_passive_prog.node_2},@{thm trivial_assume_false_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_before_ast_to_cfg_prog.params_vdecls trivial_assume_false_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] trivial_assume_false_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
-VC: "(vc.vc_PreconditionGeneratedEntry )" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A trivial_assume_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls ns trivial_assume_false_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = []"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv trivial_assume_false_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding trivial_assume_false_passive_prog.params_vdecls_def trivial_assume_false_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using trivial_assume_false_before_passive_prog.globals_locals_disj apply auto[1]
-using trivial_assume_false_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 0)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] trivial_assume_false_passive_prog.proc_body u (Inl 2)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range trivial_assume_false_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] trivial_assume_false_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from trivial_assume_false_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passive_prog.thy
deleted file mode 100644
index d61e576..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_passive_prog.thy
+++ /dev/null
@@ -1,68 +0,0 @@
-theory trivial_assume_false_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util trivial_assume_false_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assume (Lit (LBool False)))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = []"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = []"
-lemma locals_min_aux:
-shows "(((map fst (append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding trivial_assume_false_passive_prog.params_vdecls_def trivial_assume_false_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls)))) = {})"
-unfolding trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls_def trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_vcphase_proof.thy
deleted file mode 100644
index e059f9c..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_assume_false_proofs/trivial_assume_false_proofs/trivial_assume_false_vcphase_proof.thy
+++ /dev/null
@@ -1,138 +0,0 @@
-theory trivial_assume_false_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML trivial_assume_false_passive_prog trivial_assume_false_before_passive_prog
-begin
-locale vc
-begin
-
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry  = True"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon0_hints = [
-(AssumeFalse,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> trivial_assume_false_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry ) \<Longrightarrow> (s' = Magic)))"
-unfolding trivial_assume_false_passive_prog.block_0_def vc.vc_PreconditionGeneratedEntry_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> trivial_assume_false_passive_prog.block_1 (Normal n_s) s')" and 
-"(vc.vc_PreconditionGeneratedEntry )"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_PreconditionGeneratedEntry )))))"
-using assms
-unfolding trivial_assume_false_passive_prog.block_1_def
-apply cases
-by auto
-
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> trivial_assume_false_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry ) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_PreconditionGeneratedEntry )))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding trivial_assume_false_passive_prog.block_2_def vc.vc_PreconditionGeneratedEntry_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> trivial_assume_false_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_magic[OF assms(1) trivial_assume_false_passive_prog.node_0])
-by (erule block_anon0AA0[OF _ assms(2)])
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> trivial_assume_false_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) trivial_assume_false_passive_prog.node_1])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:trivial_assume_false_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> trivial_assume_false_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry )"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) trivial_assume_false_passive_prog.node_2])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:trivial_assume_false_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)"
-assumes 
-G0: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0
-lemmas forall_poly_thm = forall_vc_type[OF G0]
-lemmas exists_poly_thm = exists_vc_type[OF G0]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls)) \<Gamma> [] trivial_assume_false_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-VC: "(vc.vc_PreconditionGeneratedEntry )" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A trivial_assume_false_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) trivial_assume_false_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls trivial_assume_false_before_ast_to_cfg_prog.globals_vdecls),(append trivial_assume_false_passive_prog.params_vdecls trivial_assume_false_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((trivial_assume_false_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/ROOT b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/ROOT
deleted file mode 100644
index 7ba2aaf..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/ROOT
+++ /dev/null
@@ -1,12 +0,0 @@
-session trivial_example_proofs = Boogie_Lang + 
-directories p_proofs
-theories
-global_data
-"p_proofs/p_passification_proof"
-"p_proofs/p_vcphase_proof"
-"p_proofs/p_cfgtodag_proof"
-"p_proofs/p_passive_prog"
-"p_proofs/p_before_passive_prog"
-"p_proofs/p_asttocfg_proof"
-"p_proofs/p_before_ast_to_cfg_prog"
-"p_proofs/p_before_cfg_to_dag_prog"
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/global_data.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/global_data.thy
deleted file mode 100644
index 1a246cd..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/global_data.thy
+++ /dev/null
@@ -1,36 +0,0 @@
-theory global_data
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util
-begin
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = [(''f'',0,[(TPrim TInt)],(TPrim TBool))]"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append global_data.constants_vdecls global_data.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<le> 0))"
-unfolding global_data.constants_vdecls_def global_data.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append global_data.constants_vdecls global_data.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma mfun_f:
-shows "((map_of fdecls ''f'') = (Some (0,[(TPrim TInt)],(TPrim TBool))))"
-by (simp add:fdecls_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_asttocfg_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_asttocfg_proof.thy
deleted file mode 100644
index 8dc1666..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_asttocfg_proof.thy
+++ /dev/null
@@ -1,138 +0,0 @@
-theory p_asttocfg_proof
-imports Boogie_Lang.Ast Boogie_Lang.Ast_Cfg_Transformation Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_ast_to_cfg_prog p_before_cfg_to_dag_prog p_cfgtodag_proof p_passification_proof p_vcphase_proof
-begin
-locale ast_to_cfg_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma rel_p_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astStep: "(red_bigblock A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont0,(Normal ns1)) (reached_bb,reached_cont,reached_state))" and 
-cfgBlockDoesntFail: "(\<And> s2'. ((red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "((reached_state \<noteq> Failure) \<and> (\<forall> ns1'. ((reached_state = (Normal ns1')) \<longrightarrow> (red_cmd_list A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) (Normal ns1')))))"
-apply (rule block_local_rel_generic)
-apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def p_before_cfg_to_dag_prog.block_0_def)
-apply ((simp add: p_before_cfg_to_dag_prog.block_0_def)+)
-apply (rule astStep)
-apply (rule cfgBlockDoesntFail)
-apply ((simp add: p_before_cfg_to_dag_prog.block_0_def p_before_ast_to_cfg_prog.bigblock_0_def)+)
-done
-
-
-lemma global_rel_p_before_ast_to_cfg_prog_bigblock_0:
-assumes 
-astTrace: "(red_bigblock_k_step A M \<Lambda>1 \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns1)) j (reached_bb,reached_cont,reached_state))" and 
-cfgDoesntFail: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)))" and 
-cfgSatisfiesPosts: "(\<And> m' s'. ((red_cfg_multi A M' \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) (m',s')) \<Longrightarrow> ((is_final_config (m',s')) \<Longrightarrow> (\<forall> ns_end. ((s' = (Normal ns_end)) \<longrightarrow> (expr_all_sat A \<Lambda>1 \<Gamma> [] ns_end p_before_ast_to_cfg_prog.post))))))"
-shows "(Ast.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-show ?thesis
-apply (rule generic_ending_block_global_rel)
-apply (rule Rel_Main_test[of p_before_ast_to_cfg_prog.bigblock_0])
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp)
-apply (rule astTrace)
-apply (simp add: p_before_ast_to_cfg_prog.bigblock_0_def)
-apply (simp)
-apply (simp)
-apply (rule cont_0_def)
-apply (rule p_before_cfg_to_dag_prog.node_0)
-apply (rule disjI1)
-apply (rule p_before_cfg_to_dag_prog.block_0_def)
-apply (rule p_before_cfg_to_dag_prog.outEdges_0)
-apply (rule cfgDoesntFail)
-apply (simp)
-apply (rule cfgSatisfiesPosts)
-apply ((simp)+)
-apply (simp add: p_before_cfg_to_dag_prog.node_0)
-apply (rule rel_p_before_ast_to_cfg_prog_bigblock_0)
-apply assumption+
-
-done
-qed
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux_ast:
-assumes 
-Red: "(rtranclp (red_bigblock A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T) (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))" and 
-VC: "(\<And> (vc_x::int) (vc_a::int) (vc_f::(int => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_a))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Ast.valid_configuration A \<Lambda>0 \<Gamma> [] p_before_ast_to_cfg_prog.post reached_bb reached_cont reached_state)"
-proof -
-from Red obtain j where Aux:"(red_bigblock_k_step A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] T (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) j (reached_bb,reached_cont,reached_state))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule ast_to_cfg_lemmas.global_rel_p_before_ast_to_cfg_prog_bigblock_0)
-unfolding ast_to_cfg_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule valid_config_implies_not_failure)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_ast_to_cfg_prog.pres_def p_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp
-apply (rule valid_config_implies_satisfied_posts)
-apply (rule end_to_end_theorem_aux)
-apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using Precondition apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def p_before_ast_to_cfg_prog.pres_def p_before_cfg_to_dag_prog.pres_def)
-using ParamsLocal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using ConstsGlobal apply (simp add: p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def)
-using OldGlobal apply simp
-using BinderNs apply simp+
-done
-qed
-
-
-lemma initialization:
-assumes 
-"(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (init_ast [bigblock_0] ns) (reached_bb,reached_cont,reached_state))"
-shows "(rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) (p_before_ast_to_cfg_prog.bigblock_0,cont_0,(Normal ns)) (reached_bb,reached_cont,reached_state))"
-using assms
-by (simp add: cont_0_def )
-
-lemma end_to_end_theorem_ast:
-assumes 
-VC: "(\<And> (vc_x::int) (vc_a::int) (vc_f::(int => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_a))"
-shows "(\<And> A. (proc_is_correct (A::(('a)absval_ty_fun)) p_before_ast_to_cfg_prog.fdecls p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls p_before_ast_to_cfg_prog.axioms p_before_ast_to_cfg_prog.ast_proc Ast.proc_body_satisfies_spec))"
-apply (rule end_to_end_util2[OF end_to_end_theorem_aux_ast])
-apply (rule initialization)
-unfolding p_before_ast_to_cfg_prog.ast_proc_def
-apply assumption using VC apply simp  apply assumption+
-by (simp_all add: exprs_to_only_checked_spec_1 exprs_to_only_checked_spec_2 p_before_ast_to_cfg_prog.ast_proc_def p_before_ast_to_cfg_prog.proc_body_def)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_ast_to_cfg_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
deleted file mode 100644
index c81e740..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_ast_to_cfg_prog.thy
+++ /dev/null
@@ -1,118 +0,0 @@
-theory p_before_ast_to_cfg_prog
-imports Boogie_Lang.Ast Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition bigblock_0
-  where
-    "bigblock_0  = (BigBlock (None ) [(Assume (FunExp ''f'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 1)]))] (None ) (None ))"
-definition cont_0
-  where
-    "cont_0  = KStop"
-definition proc_body
-  where
-    "proc_body  = [bigblock_0]"
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = [(''f'',0,[(TPrim TInt)],(TPrim TBool))]"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)))) \<le> 0))"
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.constants_vdecls) )"
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.globals_vdecls) )"
-unfolding p_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.params_vdecls) )"
-unfolding p_before_ast_to_cfg_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_ast_to_cfg_prog.locals_vdecls) )"
-unfolding p_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_a:
-shows "((map_of (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma mfun_f:
-shows "((map_of fdecls ''f'') = (Some (0,[(TPrim TInt)],(TPrim TBool))))"
-by (simp add:fdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_a:
-shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_a
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition ast_proc :: "(ast procedure)"
-  where
-    "ast_proc  = (|proc_ty_args = 0,proc_args = p_before_ast_to_cfg_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_ast_to_cfg_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_ast_to_cfg_prog.post),proc_body = (Some (p_before_ast_to_cfg_prog.locals_vdecls,p_before_ast_to_cfg_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
deleted file mode 100644
index dedd382..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_cfg_to_dag_prog.thy
+++ /dev/null
@@ -1,129 +0,0 @@
-theory p_before_cfg_to_dag_prog
-imports Boogie_Lang.Semantics Boogie_Lang.TypeSafety Boogie_Lang.Util "../global_data"
-begin
-definition block_0
-  where
-    "block_0  = [(Assume (FunExp ''f'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 1)]))]"
-definition outEdges
-  where
-    "outEdges  = [[]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 0,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-definition pres
-  where
-    "pres  = []"
-definition post
-  where
-    "post  = []"
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(1,(TPrim TInt),(None ))]"
-definition axioms
-  where
-    "axioms  = []"
-definition fdecls
-  where
-    "fdecls  = [(''f'',0,[(TPrim TInt)],(TPrim TBool))]"
-definition globals_vdecls :: "(vdecls)"
-  where
-    "globals_vdecls  = []"
-definition constants_vdecls :: "(vdecls)"
-  where
-    "constants_vdecls  = []"
-lemma globals_max_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)) \<noteq> []) \<longrightarrow> ((Max (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)))) \<le> 0))"
-unfolding p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma globals_max:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls)))) \<longrightarrow> (x \<le> 0)))"
-using globals_max_aux helper_max
-by blast
-
-lemma locals_min_aux:
-shows "(((map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls))) (set (map fst (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)))) = {})"
-unfolding p_before_cfg_to_dag_prog.constants_vdecls_def p_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma funcs_wf:
-shows "((list_all (comp wf_fdecl snd) fdecls) )"
-unfolding fdecls_def
-by simp
-
-lemma consts_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.constants_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.constants_vdecls_def
-by simp
-
-lemma globals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.globals_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.globals_vdecls_def
-by simp
-
-lemma params_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.params_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.params_vdecls_def
-by simp
-
-lemma locals_wf:
-shows "((list_all (comp (wf_ty 0) (comp fst snd)) p_before_cfg_to_dag_prog.locals_vdecls) )"
-unfolding p_before_cfg_to_dag_prog.locals_vdecls_def
-by simp
-
-lemma var_context_wf:
-shows "(\<forall> x \<tau>. (((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) x) = (Some \<tau>)) \<longrightarrow> ((wf_ty 0) \<tau>)))"
-apply (rule lookup_ty_pred_2)
-by ((simp_all add:consts_wf globals_wf params_wf locals_wf))
-
-lemma m_x:
-shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_a:
-shows "((map_of (append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma mfun_f:
-shows "((map_of fdecls ''f'') = (Some (0,[(TPrim TInt)],(TPrim TBool))))"
-by (simp add:fdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_a:
-shows "((lookup_var_decl ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_cfg_to_dag_prog.constants_vdecls p_before_cfg_to_dag_prog.globals_vdecls),(append p_before_cfg_to_dag_prog.params_vdecls p_before_cfg_to_dag_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_a
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-definition proc :: "(mbodyCFG procedure)"
-  where
-    "proc  = (|proc_ty_args = 0,proc_args = p_before_cfg_to_dag_prog.params_vdecls,proc_rets = [],proc_modifs = [],proc_pres = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.pres),proc_posts = (exprs_to_only_checked_spec p_before_cfg_to_dag_prog.post),proc_body = (Some (p_before_cfg_to_dag_prog.locals_vdecls,p_before_cfg_to_dag_prog.proc_body))|)"
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_passive_prog.thy
deleted file mode 100644
index 2d12d64..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_before_passive_prog.thy
+++ /dev/null
@@ -1,62 +0,0 @@
-theory p_before_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assume (FunExp ''f'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 1)]))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma locals_min_aux:
-shows "(((map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_before_ast_to_cfg_prog.params_vdecls_def p_before_ast_to_cfg_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)))) = {})"
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_cfgtodag_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_cfgtodag_proof.thy
deleted file mode 100644
index 1ff1468..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_cfgtodag_proof.thy
+++ /dev/null
@@ -1,135 +0,0 @@
-theory p_cfgtodag_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.BackedgeElim Boogie_Lang.TypingML p_before_ast_to_cfg_prog p_before_cfg_to_dag_prog p_before_passive_prog p_passification_proof p_vcphase_proof
-begin
-locale cfg_to_dag_lemmas = 
-fixes A :: "(('a)absval_ty_fun)" and \<Gamma> :: "(('a)fun_interp)"
-assumes 
-Wf_Fun: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)"
-begin
-
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-declare Nat.One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.block_0 (Normal ns1) s')" and 
-"(\<And> s2'. ((red_cmd_list A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.block_0 (Normal ns2) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)"
-shows "(dag_lemma_conclusion A M \<Lambda>1 \<Gamma> [] [] p_before_passive_prog.block_0 ns2 s' False)"
-using assms
-apply (rule dag_rel_block_lemma_compact, simp)
-unfolding p_before_cfg_to_dag_prog.block_0_def p_before_passive_prog.block_0_def
-apply cfg_dag_rel_tac_single+
-apply simp
-apply simp
-done
-
-lemma cfg_block_anon0:
-assumes 
-Red: "(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-DagAssms: "(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-DagVerifies: "(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_return_1[OF assms(1)])
-apply (rule p_before_cfg_to_dag_prog.node_0)
-apply (rule p_before_passive_prog.node_0)
-apply (erule DagVerifies)
-apply (rule DagAssms)
-unfolding p_before_ast_to_cfg_prog.post_def
-apply (rule block_anon0)
-apply assumption+
-by (rule p_before_cfg_to_dag_prog.outEdges_0)
-
-
-lemma cfg_block_0:
-assumes 
-"(\<forall> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 1),(Normal ns2)) (m2',s2')) \<longrightarrow> (s2' \<noteq> Failure)))" and 
-"(nstate_same_on \<Lambda>1 ns1 ns2 {})" and 
-"(state_well_typed A \<Lambda>1 [] ns1)" and 
-"(state_well_typed A \<Lambda>1 [] ns2)" and 
-"((\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 0),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> R)"
-shows "R"
-using assms
-apply (rule cfg_dag_empty_propagate_helper)
-apply (assumption, simp)
-apply ((simp add:p_before_passive_prog.outEdges_1))
-by ((simp add:p_before_passive_prog.node_1 p_before_passive_prog.block_1_def))
-
-lemma entry_lemma:
-assumes 
-"(red_cfg_k_step A M \<Lambda>1 \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns1)) j (m',s'))" and 
-"(dag_lemma_assms A \<Lambda>1 \<Gamma> [] [] [] ns1 ns2)" and 
-"(\<And> m2' s2'. ((red_cfg_multi A M \<Lambda>1 \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns2)) (m2',s2')) \<Longrightarrow> (s2' \<noteq> Failure)))" and 
-"(expr_all_sat A \<Lambda>1 \<Gamma> [] ns2 p_before_ast_to_cfg_prog.pres)"
-shows "(Semantics.valid_configuration A \<Lambda>1 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-apply (rule cfg_dag_helper_entry)
-apply (rule p_before_passive_prog.node_2)
-apply (erule assms(3))
-apply (rule assms(2))
-unfolding p_before_passive_prog.block_2_def
-apply (rule assume_pres_normal[where ?es=p_before_ast_to_cfg_prog.pres])
-apply (rule assms(4))
-unfolding p_before_ast_to_cfg_prog.pres_def
-apply simp
-apply (rule p_before_passive_prog.outEdges_2)
-apply ((simp add:p_before_passive_prog.node_1 p_before_passive_prog.block_1_def))
-apply (rule p_before_passive_prog.outEdges_1)
-by (rule cfg_block_anon0[OF assms(1-2)])
-
-
-end
-
-abbreviation \<Lambda>0
-  where
-    "\<Lambda>0  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-lemma end_to_end_theorem_aux:
-assumes 
-Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_a::int) (vc_f::(int => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_a))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (ns::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
-Precondition: "(expr_all_sat A \<Lambda>0 \<Gamma> [] ns p_before_ast_to_cfg_prog.pres)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>0))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>0))" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))" and 
-BinderNs: "((binder_state ns) = Map.empty)"
-shows "(Semantics.valid_configuration A \<Lambda>0 \<Gamma> [] p_before_ast_to_cfg_prog.post m' s')"
-proof -
-from Red obtain j where Aux:"(red_cfg_k_step A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_cfg_to_dag_prog.proc_body ((Inl 0),(Normal ns)) j (m',s'))"
-by (meson rtranclp_imp_relpowp)
-show ?thesis
-apply (rule cfg_to_dag_lemmas.entry_lemma)
-unfolding cfg_to_dag_lemmas_def
-apply (rule FInterp)
-apply (rule Aux)
-apply (rule dag_lemma_assms_same)
-unfolding state_well_typed_def
-apply (intro conjI)
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using ConstsGlobal OldGlobal apply simp
-using BinderNs apply simp
-apply (rule p_passification_proof.glue_proof.end_to_end)
-unfolding glue_proof_def
-apply (intro conjI)
-apply assumption
-using VC apply simp
-using Closed apply simp
-using NonEmptyTypes apply simp
-apply (rule FInterp)
-using Axioms apply simp
-using ParamsLocal apply simp
-using ConstsGlobal apply simp
-using BinderNs apply simp
-using OldGlobal apply simp
-using Precondition apply simp
-done
-qed
-
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passification_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passification_proof.thy
deleted file mode 100644
index 8caf21f..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passification_proof.thy
+++ /dev/null
@@ -1,202 +0,0 @@
-theory p_passification_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog p_passive_prog Boogie_Lang.PassificationML p_vcphase_proof Boogie_Lang.PassificationEndToEnd
-begin
-definition R_old_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_old_list  = []"
-definition R_old
-  where
-    "R_old  = (map_of R_old_list)"
-abbreviation \<Lambda>1
-  where
-    "\<Lambda>1  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls))"
-abbreviation \<Lambda>2
-  where
-    "\<Lambda>2  \<equiv> ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
-declare One_nat_def[simp del]
-
-lemma block_anon0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_0 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_0 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_0_def p_passive_prog.block_0_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_1 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_1 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_1_def p_passive_prog.block_1_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma block_PreconditionGeneratedEntry:
-assumes 
-"(red_cmd_list A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.block_2 (Normal n_s) s')" and 
-"(passive_lemma_assms A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> [] R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "(passive_block_conclusion A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> U0 (Set.union D0 (set [])) (update_nstate_rel R []) R_old p_passive_prog.block_2 s')"
-apply (rule passification_block_lemma_compact[OF assms(1-2)])
-unfolding p_before_passive_prog.block_2_def p_passive_prog.block_2_def
-apply (passive_rel_tac R_def: assms(3-))
-apply (unfold type_rel_def, simp, (intro conjI)?)
-by simp
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 0)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_0},@{thm p_before_passive_prog.outEdges_0}) (@{thm p_passive_prog.node_0},@{thm p_passive_prog.outEdges_0}) @{thm block_anon0} [] 1\<close>))
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 1)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_1},@{thm p_before_passive_prog.outEdges_1}) (@{thm p_passive_prog.node_1},@{thm p_passive_prog.outEdges_1}) @{thm block_0} [
-@{thm cfg_block_anon0}] 1\<close>))
-
-lemma cfg_block_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda>1 \<Gamma> \<Omega> p_before_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(passive_lemma_assms_2 A M \<Lambda>1 \<Lambda>2 \<Gamma> \<Omega> 1000 R R_old U0 D0 n_s)" and 
-"((R 1) = (Some (Inl 1)))"
-shows "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> \<Omega> p_passive_prog.proc_body u (Inl 2)))))"
-by ((tactic \<open> cfg_lemma_tac @{context} @{thm assms(1)} @{thm assms(2)} @{thms assms(3-)} (@{thm p_before_passive_prog.node_2},@{thm p_before_passive_prog.outEdges_2}) (@{thm p_passive_prog.node_2},@{thm p_passive_prog.outEdges_2}) @{thm block_PreconditionGeneratedEntry} [
-@{thm cfg_block_0}] 1\<close>))
-
-locale glue_proof = 
-fixes A :: "(('a)absval_ty_fun)" and M :: "(mbodyCFG proc_context)" and \<Gamma> :: "(('a)fun_interp)" and m' :: "((node) + (unit))" and ns :: "(('a)nstate)" and s' :: "(('a)state)"
-assumes 
-Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_before_ast_to_cfg_prog.params_vdecls p_before_ast_to_cfg_prog.locals_vdecls)) \<Gamma> [] p_before_passive_prog.proc_body ((Inl 2),(Normal ns)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_a::int) (vc_f::(int => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_a))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls ns p_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state ns) (snd \<Lambda>1))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state ns) (fst \<Lambda>1))" and 
-BinderNs: "((binder_state ns) = Map.empty)" and 
-OldGlobal: "((global_state ns) = (old_global_state ns))"
-begin
-
-definition R_list :: "(((vname) \<times> ((vname) + (lit)))list)"
-  where
-    "R_list  = [(1,(Inl 1))]"
-definition R_rel
-  where
-    "R_rel  = (map_of R_list)"
-lemma inj_R_rel:
-shows "(inj_on_defined R_rel)"
-apply (rule injective_fun_to_list_2[OF R_rel_def])
-by ((simp add: R_list_def del: distinct.simps))
-
-lemma R_well_formed:
-shows "(((R_rel x) = (Some z)) \<longrightarrow> (\<exists> \<tau>. ((z = (Inl x)) \<and> (((lookup_var_ty \<Lambda>1 x) = (Some \<tau>)) \<and> ((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))))))"
-apply (rule convert_fun_to_list[OF R_rel_def])
-apply ((simp add:R_list_def))
-apply ((intro conjI)?)
-apply ((simp add:p_before_ast_to_cfg_prog.l_a(2) p_passive_prog.l_a(2)))
-done
-
-lemma R_wt:
-shows "(rel_well_typed A \<Lambda>1 [] R_rel ns)"
-apply (rule rel_well_typed_state_typ_wf[OF ParamsLocal ConstsGlobal])
-using R_well_formed by auto
-
-abbreviation U0
-  where
-    "U0  \<equiv> (initial_set A R_rel \<Lambda>1 \<Lambda>2 [] ns)"
-lemma U0_ns_rel:
-shows "(nstate_rel_states \<Lambda>1 \<Lambda>2 R_rel ns U0)"
-unfolding nstate_rel_states_def nstate_rel_def
-by ((simp add:BinderNs))
-
-lemma U0_ns_old_rel:
-shows "(nstate_old_rel_states \<Lambda>1 \<Lambda>2 R_old ns U0)"
-apply (rule nstate_old_rel_states_helper[OF ConstsGlobal OldGlobal])
-apply (simp only: fst_conv snd_conv p_before_passive_prog.globals_locals_disj)
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-apply simp
-apply (rule convert_fun_to_list[OF R_old_def])
-unfolding R_old_list_def 
-by simp
-
-lemma closed_ty_passive_vars:
-assumes 
-"((lookup_var_ty \<Lambda>2 x) = (Some \<tau>))"
-shows "(closed (instantiate [] \<tau>))"
-apply (rule lookup_ty_pred[OF assms(1)])
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
-apply simp
-unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
-by simp
-
-lemma U0_non_empty:
-shows "(U0 \<noteq> {})"
-apply (rule init_set_non_empty)
-apply (erule NonEmptyTypes)
-apply (erule closed_ty_passive_vars)
-using R_well_formed apply fastforce
-apply (rule R_wt)
-apply (rule inj_R_rel)
-apply simp
-apply (rule ConstsGlobal)
-using R_well_formed apply fastforce
-using p_before_passive_prog.globals_locals_disj apply auto[1]
-using p_passive_prog.globals_locals_disj apply auto[1]
-done
-
-lemma max_rel_range:
-shows "(\<forall> x. ((Set.member x (rel_range R_rel)) \<longrightarrow> (x \<le> 1)))"
- apply (rule rel_range_fun_to_list)
-apply ((simp add:R_rel_def))
-by ((simp add:R_list_def))
-
-lemma end_to_end:
-shows "(s' \<noteq> Failure)"
-proof
-assume A1: "(s' = Failure)"
-have "((s' = Failure) \<longrightarrow> (\<exists> u. ((Set.member u U0) \<and> (passive_sim_cfg_fail A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body u (Inl 2)))))"
-apply (rule cfg_block_PreconditionGeneratedEntry[OF Red])
-unfolding passive_lemma_assms_2_def
-apply (intro conjI)?
-apply (rule U0_ns_rel)
-apply (rule U0_ns_old_rel)
-apply (rule R_wt)
-apply (rule init_state_dependent)
-using helper_init_disj[OF max_rel_range p_before_ast_to_cfg_prog.globals_max]
-apply simp
-apply (rule U0_non_empty)
-by ((simp_all add:R_rel_def R_list_def))?
-with A1 obtain u mp' where uElem: "(Set.member u U0)" and AredPassive:"(red_cfg_multi A M \<Lambda>2 \<Gamma> [] p_passive_prog.proc_body ((Inl 2),(Normal u)) (mp',Failure))"
-by (auto simp add: passive_sim_cfg_fail_def)
-from p_vcphase_proof.end_to_end[OF AredPassive] have "(Failure \<noteq> Failure)"
- apply rule
-using VC apply assumption
-apply (rule Closed)
-apply (erule NonEmptyTypes)
-apply (rule FInterp)
-apply (rule axiom_assm_aux[OF Axioms])
-using uElem by simp_all
-thus False by simp
-qed
-
-
-end
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passive_prog.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passive_prog.thy
deleted file mode 100644
index fb61f54..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_passive_prog.thy
+++ /dev/null
@@ -1,86 +0,0 @@
-theory p_passive_prog
-imports Boogie_Lang.Semantics Boogie_Lang.Util p_before_ast_to_cfg_prog
-begin
-definition block_0
-  where
-    "block_0  = [(Assume (FunExp ''f'' [] [(Var 1)])),(Assert (FunExp ''f'' [] [(Var 1)]))]"
-definition block_1
-  where
-    "block_1  = []"
-definition block_2
-  where
-    "block_2  = []"
-definition outEdges
-  where
-    "outEdges  = [[],[0],[1]]"
-definition node_to_blocks
-  where
-    "node_to_blocks  = [block_0,block_1,block_2]"
-definition proc_body
-  where
-    "proc_body  = (|entry = 2,out_edges = outEdges,node_to_block = node_to_blocks|)"
-lemma node_0:
-shows "((nth (node_to_block proc_body) 0) = block_0)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_1:
-shows "((nth (node_to_block proc_body) 1) = block_1)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma node_2:
-shows "((nth (node_to_block proc_body) 2) = block_2)"
-by (simp add:proc_body_def node_to_blocks_def)
-
-lemma outEdges_0:
-shows "((nth (out_edges proc_body) 0) = [])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_1:
-shows "((nth (out_edges proc_body) 1) = [0])"
-by (simp add:proc_body_def outEdges_def)
-
-lemma outEdges_2:
-shows "((nth (out_edges proc_body) 2) = [1])"
-by (simp add:proc_body_def outEdges_def)
-
-definition params_vdecls :: "(vdecls)"
-  where
-    "params_vdecls  = [(0,(TPrim TInt),(None ))]"
-definition locals_vdecls :: "(vdecls)"
-  where
-    "locals_vdecls  = [(1,(TPrim TInt),(None ))]"
-lemma locals_min_aux:
-shows "(((map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<noteq> []) \<longrightarrow> ((Min (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<ge> 0))"
-unfolding p_passive_prog.params_vdecls_def p_passive_prog.locals_vdecls_def
-by simp
-
-lemma locals_min:
-shows "(\<forall> x. ((Set.member x (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) \<longrightarrow> (x \<ge> 0)))"
-using locals_min_aux helper_min
-by blast
-
-lemma globals_locals_disj:
-shows "((Set.inter (set (map fst (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))) (set (map fst (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)))) = {})"
-unfolding p_before_ast_to_cfg_prog.constants_vdecls_def p_before_ast_to_cfg_prog.globals_vdecls_def
-by simp
-
-lemma m_x:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 0) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma m_a:
-shows "((map_of (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls) 1) = (Some ((TPrim TInt),(None ))))"
-by (simp add:params_vdecls_def locals_vdecls_def)
-
-lemma l_x:
-shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 0) = (Some (TPrim TInt)))"
-using globals_locals_disj m_x
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-lemma l_a:
-shows "((lookup_var_decl ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some ((TPrim TInt),(None ))))" and "((lookup_var_ty ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) 1) = (Some (TPrim TInt)))"
-using globals_locals_disj m_a
-by (simp_all add: lookup_var_decl_global_2 lookup_var_decl_local lookup_var_decl_ty_Some)
-
-
-end
diff --git a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_vcphase_proof.thy b/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_vcphase_proof.thy
deleted file mode 100644
index 43d54a4..0000000
--- a/boogie_examples/simple_examples_no_optimization_proofs/trivial_example_proofs/p_proofs/p_vcphase_proof.thy
+++ /dev/null
@@ -1,188 +0,0 @@
-theory p_vcphase_proof
-imports Boogie_Lang.Semantics Boogie_Lang.Util Boogie_Lang.VCHints Boogie_Lang.VCPhaseML p_passive_prog p_before_passive_prog
-begin
-locale vc = 
-fixes f :: "(int => bool)"
-begin
-
-definition vc_anon0
-  where
-    "vc_anon0 a = ((f a) \<longrightarrow> (f a))"
-definition vc_PreconditionGeneratedEntry
-  where
-    "vc_PreconditionGeneratedEntry a = (vc_anon0 a)"
-
-end
-
-locale passification = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and f :: "(((ty)list) => (((('a)val)list) => ((('a)val)option)))" and vc_f :: "(int => bool)" and vc_x :: "int" and vc_a :: "int"
-assumes 
-G0: "((\<Gamma> ''f'') = (Some f))" and 
-G1: "(\<And> farg0. ((f [] [(IntV farg0)]) = (Some (BoolV (vc_f farg0)))))" and 
-G2: "((lookup_var \<Lambda> n_s 0) = (Some (IntV vc_x)))" and 
-G3: "((lookup_var \<Lambda> n_s 1) = (Some (IntV vc_a)))" and 
-G4: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2 G3 G4
-lemmas forall_poly_thm = forall_vc_type[OF G4]
-lemmas exists_poly_thm = exists_vc_type[OF G4]
-declare Nat.One_nat_def[simp del]
-
-ML\<open>
-val block_anon0_hints = [
-(AssumeConjR 0,NONE), 
-(AssertNoConj,NONE)]
-\<close>
-lemma block_anon0AA0:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_0 (Normal n_s) s') \<Longrightarrow> ((vc.vc_anon0 vc_f vc_a) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> (n_s' = n_s))))))"
-unfolding p_passive_prog.block_0_def vc.vc_anon0_def
-apply (tactic \<open> boogie_vc_tac @{context} @{thms global_assms} (@{thm forall_poly_thm}, @{thm exists_poly_thm}) block_anon0_hints \<close>)
-by (auto?)
-
-lemma block_0:
-assumes 
-"(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_1 (Normal n_s) s')" and 
-"(vc.vc_anon0 vc_f vc_a)"
-shows "((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_f vc_a)))))"
-using assms
-unfolding p_passive_prog.block_1_def
-apply cases
-by auto
-
-lemma block_PreconditionGeneratedEntry:
-shows "((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.block_2 (Normal n_s) s') \<Longrightarrow> ((vc.vc_PreconditionGeneratedEntry vc_f vc_a) \<Longrightarrow> ((s' \<noteq> Failure) \<and> (\<forall> n_s'. ((s' = (Normal n_s')) \<longrightarrow> ((n_s' = n_s) \<and> (vc.vc_anon0 vc_f vc_a)))))))"
-apply (erule red_cmd_list.cases)
-using global_assms
-unfolding p_passive_prog.block_2_def vc.vc_PreconditionGeneratedEntry_def
-apply (handle_cmd_list_full?)
-by (auto?)
-
-lemma cfg_block_anon0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 0),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_f vc_a)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step_no_succ[OF assms(1) p_passive_prog.node_0 p_passive_prog.outEdges_0])
-using block_anon0AA0[OF _ assms(2)] by blast
-
-lemma cfg_block_0:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 1),(Normal n_s)) (m',s'))" and 
-"(vc.vc_anon0 vc_f vc_a)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_1])
-apply (erule block_0[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_1))
-apply (erule member_elim, simp)
-apply (erule cfg_block_anon0, simp?)
-by (simp add: member_rec(2))
-
-lemma cfg_PreconditionGeneratedEntry:
-assumes 
-"(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-"(vc.vc_PreconditionGeneratedEntry vc_f vc_a)"
-shows "(s' \<noteq> Failure)"
-apply (rule converse_rtranclpE2[OF assms(1)], fastforce)
-apply (rule red_cfg_multi_backwards_step[OF assms(1) p_passive_prog.node_2])
-apply (erule block_PreconditionGeneratedEntry[OF _ assms(2)])
-apply ((simp add:p_passive_prog.outEdges_2))
-apply (erule member_elim, simp)
-apply (erule cfg_block_0, simp?)
-by (simp add: member_rec(2))
-
-
-end
-
-locale axioms = 
-fixes A :: "(('a)absval_ty_fun)" and \<Lambda> :: "(var_context)" and \<Gamma> :: "(('a)fun_interp)" and n_s :: "(('a)nstate)" and f :: "(((ty)list) => (((('a)val)list) => ((('a)val)option)))" and vc_f :: "(int => bool)"
-assumes 
-G0: "((\<Gamma> ''f'') = (Some f))" and 
-G1: "(\<And> farg0. ((f [] [(IntV farg0)]) = (Some (BoolV (vc_f farg0)))))" and 
-G2: "(\<And> v. (closed ((type_of_val A) v)))"
-begin
-
-lemmas global_assms = G0 G1 G2
-lemmas forall_poly_thm = forall_vc_type[OF G2]
-lemmas exists_poly_thm = exists_vc_type[OF G2]
-declare Nat.One_nat_def[simp del]
-
-
-end
-
-fun vc_fun_f
-  where
-    "vc_fun_f A f x = (case (f [] [(IntV x)]) of 
-(Some res) \<Rightarrow> (convert_val_to_bool res)
-|(None ) \<Rightarrow> (convert_val_to_bool (val_of_closed_type A (TPrimC TBool)))
-)"
-lemma vc_f_corres:
-assumes 
-FInterp: "(fun_interp_single_wf A (0,[(TPrim TInt)],(TPrim TBool)) f)"
-shows "((f [] [(IntV x)]) = (Some (BoolV (vc_fun_f A f x))))"
-proof -
-from  FInterp obtain z where W:"((f [] [(IntV x)]) = (Some (BoolV z)))"
-  apply (simp only: fun_interp_single_wf.simps) 
-  apply (erule allE[where ?x="[]"])
-  apply (simp add: )
-  apply (erule allE[where ?x="[(IntV x)]"])?
-using tbool_boolv by auto
-from this  show ?thesis 
-by (simp add: W) qed
-
-definition ctor_list
-  where
-    "ctor_list  = []"
-fun ctor :: "((closed_ty) => int)"
-  where
-    "ctor (TConC s _) = (the (map_of ctor_list s))"
-declare One_nat_def[simp del]
-
-lemma end_to_end:
-assumes 
-Red: "(red_cfg_multi A M ((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls)) \<Gamma> [] p_passive_prog.proc_body ((Inl 2),(Normal n_s)) (m',s'))" and 
-VC: "(\<And> (vc_x::int) (vc_a::int) (vc_f::(int => bool)). (vc.vc_PreconditionGeneratedEntry vc_f vc_a))" and 
-Closed: "(\<And> v. (closed ((type_of_val A) v)))" and 
-NonEmptyTypes: "(\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val A) v) = t))))" and 
-FInterp: "(fun_interp_wf A p_before_ast_to_cfg_prog.fdecls \<Gamma>)" and 
-Axioms: "(axiom_assm A \<Gamma> p_before_ast_to_cfg_prog.constants_vdecls (n_s::(('a)nstate)) p_before_ast_to_cfg_prog.axioms)" and 
-ParamsLocal: "(state_typ_wf A [] (local_state n_s) (append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))" and 
-ConstsGlobal: "(state_typ_wf A [] (global_state n_s) (append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls))"
-shows "(s' \<noteq> Failure)"
-proof -
-let ?n_s_c = "(nstate_global_restriction n_s p_before_ast_to_cfg_prog.constants_vdecls)"
-let ?\<Lambda> = "((append p_before_ast_to_cfg_prog.constants_vdecls p_before_ast_to_cfg_prog.globals_vdecls),(append p_passive_prog.params_vdecls p_passive_prog.locals_vdecls))"
-let ?\<Lambda>c = "((p_before_ast_to_cfg_prog.constants_vdecls,[])::(var_context))"
-let ?f = "opaque_comp the \<Gamma> ''f''"
-have im_f:"((\<Gamma> ''f'') = (Some ?f))"
-apply (simp only:opaque_comp_def)
-by (rule finterp_member[OF FInterp p_before_ast_to_cfg_prog.mfun_f])
-from ParamsLocal have sc_x:"(((lookup_var ?\<Lambda> n_s 0) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 0)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 0))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_x])
-apply (subst lookup_var_local[OF p_passive_prog.m_x])+
-by (fastforce dest: tint_intv tbool_boolv)
-from ParamsLocal have sc_a:"(((lookup_var ?\<Lambda> n_s 1) = (Some (IntV (convert_val_to_int (the (lookup_var ?\<Lambda> n_s 1)))))) \<and> (((type_of_val A) (the (lookup_var ?\<Lambda> n_s 1))) = (TPrim TInt)))"
-apply (simp only:state_typ_wf_def)
-apply (erule allE, erule allE, erule impE, rule map_of_lookup_vdecls_ty[OF p_passive_prog.m_a])
-apply (subst lookup_var_local[OF p_passive_prog.m_a])+
-by (fastforce dest: tint_intv tbool_boolv)
-show "(s' \<noteq> Failure)"
-apply (rule passification.cfg_PreconditionGeneratedEntry[OF _ Red])
-apply (simp only:passification_def)
-apply (intro conjI)?
-apply (simp add:im_f)
-apply ((rule allI | rule impI)+)?
-apply ((tactic \<open> vc_fun_corres_tac @{context} @{thm vc_f_corres} @{thm FInterp} @{thm p_before_ast_to_cfg_prog.mfun_f} @{thm im_f} 1\<close>))
-apply (rule HOL.conjunct1[OF sc_x])
-apply (rule HOL.conjunct1[OF sc_a])
-apply (simp add:Closed)
-apply (rule VC)
-done
-qed
-
-
-
-end

From f5af8b1a69126342eee35527524e7ba190f71e5b Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Mon, 29 Aug 2022 11:32:35 +0200
Subject: [PATCH 21/74] parameterizing the red_cmd relation to take arbitrary
 procedure context

---
 BoogieLang/Ast.thy       | 2 +-
 BoogieLang/Semantics.thy | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 44e8b56..54224b8 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -89,7 +89,7 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> ast proc_context \<Rig
   for A :: "'a absval_ty_fun" and M :: "ast proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
   where
     RedSimpleCmds: 
-    "\<lbrakk>\<forall>M'. (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, (Normal n_s)\<rangle> [\<rightarrow>] s1) \<and> (cs \<noteq> Nil) \<rbrakk> 
+    "\<lbrakk>(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, (Normal n_s)\<rangle> [\<rightarrow>] s1) \<and> (cs \<noteq> Nil) \<rbrakk> 
       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name cs str_cmd tr_cmd), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                               ((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1)"  
 
diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index e2a64fa..4ab0ea8 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -473,9 +473,9 @@ definition where_clauses_all_sat_context :: "'a absval_ty_fun \<Rightarrow> var_
 
 text \<open>Command reduction (big-step semantics)\<close>
 
-inductive red_cmd :: "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
+inductive red_cmd :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
   ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) \<rightarrow>/ _)" [51,51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: "mbodyCFG proc_context" and \<Lambda> :: var_context and  \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
+  for A :: "'a absval_ty_fun" and M :: "'m proc_context" and \<Lambda> :: var_context and  \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where
     RedAssertOk: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<rangle> \<Down> LitV (LBool True) \<rbrakk> \<Longrightarrow> 
                  A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Assert e, Normal n_s\<rangle> \<rightarrow> Normal n_s"
@@ -527,9 +527,9 @@ inductive_cases RedHavoc_case: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<l
 
 text \<open>Command list reduction (big-step semantics)\<close>
 
-inductive red_cmd_list :: "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd list \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
+inductive red_cmd_list :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd list \<Rightarrow> 'a state \<Rightarrow> 'a state \<Rightarrow> bool"
   ("_,_,_,_,_ \<turnstile> ((\<langle>_,_\<rangle>) [\<rightarrow>]/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: "mbodyCFG proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
+  for A :: "'a absval_ty_fun" and M :: "'m proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env
   where
     RedCmdListNil: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[],s\<rangle> [\<rightarrow>] s"
   | RedCmdListCons: "\<lbrakk> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s''; A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s''\<rangle> [\<rightarrow>] s' \<rbrakk> \<Longrightarrow> 

From 8e13211c6c8b629f6fc84426fcf600fa59442953 Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Thu, 6 Oct 2022 14:04:50 +0200
Subject: [PATCH 22/74] resolving some pull request comments + a few smts
 removed

---
 BoogieLang/Ast.thy                    |  12 +-
 BoogieLang/Ast_Cfg_Transformation.thy | 426 +++++++++++++-------------
 BoogieLang/Passification.thy          |   2 +-
 BoogieLang/Semantics.thy              |   2 +-
 4 files changed, 225 insertions(+), 217 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 54224b8..a124dbb 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -84,9 +84,9 @@ fun is_final :: "'a ast_config \<Rightarrow> bool"
 
 text\<open>function defining the semantics of bigblocks; small-step semantics 
       Note: arrow symbols in the 'syntactic sugar' clash if the exact same syntax is used as in red_cmd\<close>
-inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> ast proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
+inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
   ("_,_,_,_,_,_ \<turnstile> (\<langle>_\<rangle> \<longrightarrow>/ _)" [51,0,0,0] 81)
-  for A :: "'a absval_ty_fun" and M :: "ast proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
+  for A :: "'a absval_ty_fun" and M :: "'m proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
   where
     RedSimpleCmds: 
     "\<lbrakk>(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, (Normal n_s)\<rangle> [\<rightarrow>] s1) \<and> (cs \<noteq> Nil) \<rbrakk> 
@@ -188,7 +188,7 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> ast proc_context \<Rig
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None (Some (Goto label))), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                             (found_bigblock, found_cont, (Normal n_s))"
 
-abbreviation red_bigblock_k_step :: "'a absval_ty_fun \<Rightarrow> ast proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> nat \<Rightarrow> 'a ast_config \<Rightarrow> bool"
+abbreviation red_bigblock_k_step :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> nat \<Rightarrow> 'a ast_config \<Rightarrow> bool"
   ("_,_,_,_,_,_ \<turnstile>_ -n\<longrightarrow>^_/ _" [51,0,0,0,0] 81)
 where "red_bigblock_k_step A M \<Lambda> \<Gamma> \<Omega> T c1 n c2 \<equiv> ((red_bigblock A M \<Lambda> \<Gamma> \<Omega> T)^^n) c1 c2"
 
@@ -203,10 +203,10 @@ fun init_ast :: "ast \<Rightarrow> 'a nstate \<Rightarrow> 'a ast_config"
 
 definition valid_configuration 
   where "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts bb cont state \<equiv> 
-         (get_state (bb, cont, state)) \<noteq> Failure \<and> 
-         (is_final (bb, cont, state) \<longrightarrow> (\<forall>ns'. (get_state (bb, cont, state)) = Normal ns' \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns' posts))"
+         state \<noteq> Failure \<and> 
+         (is_final (bb, cont, state) \<longrightarrow> (\<forall>ns'. state = Normal ns' \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns' posts))"
 
-definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> ast proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool"
+definition proc_body_satisfies_spec :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool"
   where "proc_body_satisfies_spec A M \<Lambda> \<Gamma> \<Omega> pres posts ast ns \<equiv>
          expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns pres \<longrightarrow> 
           (\<forall> bb cont state. (rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> ast) (init_ast ast ns) (bb, cont, state)) \<longrightarrow> 
diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index fdf59e4..62cfa5c 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -2,9 +2,9 @@ section \<open>Generic lemmas used to validate AST-to-CFG phase\<close>
 
 theory Ast_Cfg_Transformation
    imports Main
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "Boogie_Lang.BackedgeElim"
+           Ast
+           Semantics
+           BackedgeElim
 begin
 subsection \<open>Miscellaneous helper lemmas\<close>
 
@@ -15,7 +15,7 @@ lemma not_true_equals_false:
   proof cases
     case (RedUnOp v)
     from this obtain b1 where "v = LitV (LBool b1)"
-      by (metis (no_types, lifting) map_option_eq_Some option.simps(3) unop_eval.simps(1) unop_eval_val.elims unop_not.elims)   
+      by (metis (no_types) map_option_eq_Some option.simps(3) unop_eval.simps(1) unop_eval_val.elims unop_not.elims)   
     from this RedUnOp have 
       expand1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr,ns1\<rangle> \<Down> (LitV (LBool b1))" and 
       expand2: "unop_eval_val unop.Not (LitV (LBool b1)) = Some (BoolV True)"
@@ -30,7 +30,7 @@ lemma not_false_equals_true:
   proof cases
     case (RedUnOp v)
     from this obtain b1 where "v = LitV (LBool b1)"
-      by (metis (no_types, lifting) map_option_eq_Some option.simps(3) unop_eval.simps(1) unop_eval_val.elims unop_not.elims)   
+      by (metis (no_types) map_option_eq_Some option.simps(3) unop_eval.simps(1) unop_eval_val.elims unop_not.elims)   
     from this RedUnOp have 
       expand1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr,ns1\<rangle> \<Down> (LitV (LBool b1))" and 
       expand2: "unop_eval_val unop.Not (LitV (LBool b1)) = Some (BoolV False)"
@@ -77,9 +77,9 @@ next
     from this obtain v1 v2 where
       redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
       redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-    from this eq_false have "v1 \<noteq> v2" 
-      using RedBinOp_case
-      by (smt (verit, del_insts) RedBinOp_case binop_eval_val.simps(1) expr_eval_determ(1) lit.inject(1) option.inject val.inject(1))
+    from this eq_false RedBinOp_case have "binop_eval_val Eq v1 v2 = Some (BoolV False)" 
+      by (metis expr_eval_determ(1)) 
+    from this eq_false have "v1 \<noteq> v2" by simp 
 
     hence "binop_eval_val Neq v1 v2 = Some (LitV (LBool (v1 \<noteq> v2)))" by simp
     thus ?thesis using neg_eq redE1 redE2 by (simp add: RedBinOp True \<open>v1 \<noteq> v2\<close>)
@@ -91,9 +91,9 @@ next
     from this obtain v1 v2 where
       redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
       redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-    from this eq_false have "v1 = v2" 
-      using RedBinOp_case
-      by (smt (verit, del_insts) RedBinOp_case binop_eval_val.simps(1) expr_eval_determ(1) lit.inject(1) option.inject val.inject(1))
+    from this eq_false RedBinOp_case have "binop_eval_val Eq v1 v2 = Some (BoolV True)"
+      by (metis expr_eval_determ(1)) 
+    from this eq_false have "v1 = v2" by simp 
 
     hence "binop_eval_val Neq v1 v2 = Some (LitV (LBool (v1 \<noteq> v2)))" by simp
     thus ?thesis using neg_eq redE1 redE2 by (simp add: RedBinOp False \<open>v1 = v2\<close>)
@@ -110,9 +110,9 @@ next
     from this obtain v1 v2 where
       redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
       redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-    from this neq_false have "v1 = v2" 
-      using RedBinOp_case
-      by (smt (verit) binop_eval_val.simps(2) expr_eval_determ(1) lit.inject(1) option.inject val.inject(1))
+     from this neq_false RedBinOp_case have "binop_eval_val Neq v1 v2 = Some (BoolV False)"
+      by (metis expr_eval_determ(1)) 
+    from this neq_false have "v1 = v2" by simp 
 
     hence "binop_eval_val Eq v1 v2 = Some (LitV (LBool (v1 = v2)))" by simp
     thus ?thesis using neg_neq redE1 redE2 by (simp add: RedBinOp True \<open>v1 = v2\<close>)
@@ -124,9 +124,9 @@ next
     from this obtain v1 v2 where
       redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
       redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-    from this neq_false have "v1 \<noteq> v2" 
-      using RedBinOp_case
-      by (smt (verit) binop_eval_val.simps(2) expr_eval_determ(1) lit.inject(1) option.inject val.inject(1))
+    from this neq_false RedBinOp_case have "binop_eval_val Neq v1 v2 = Some (BoolV True)"
+      by (metis expr_eval_determ(1)) 
+    from this neq_false have "v1 \<noteq> v2" by simp 
 
     hence "binop_eval_val Eq v1 v2 = Some (LitV (LBool (v1 = v2)))" by simp
     thus ?thesis using neg_neq redE1 redE2 by (simp add: RedBinOp False \<open>v1 \<noteq> v2\<close>)
@@ -377,14 +377,10 @@ next
   qed
 qed
 
-(* TODO: Can I avoid needing this? *)
-fun inv_into_assertion :: "expr \<Rightarrow> cmd" where
-  "inv_into_assertion e = (Assert e)"
-
 text \<open>If all invariants hold, then the block containing the assertions corresponding to the invariants doesn't fail\<close>
 lemma asserts_hold_if_invs_hold: 
   assumes "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs"
-  and "assertions = map inv_into_assertion invs"
+  and "assertions = map Assert invs"
   shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1"
   using assms
 proof (induction invs arbitrary: assertions)
@@ -393,7 +389,7 @@ proof (induction invs arbitrary: assertions)
 next
   case (Cons e_inv invs_tail)
   from Cons(2) have prem1: "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs_tail" by (simp add: expr_all_sat_def)
-  from Cons(3) have prem2: "List.tl assertions = map inv_into_assertion invs_tail" by simp
+  from Cons(3) have prem2: "List.tl assertions = map Assert invs_tail" by simp
   from prem1 prem2 have end2: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>List.tl assertions,Normal ns1\<rangle> [\<rightarrow>] Normal ns1" using Cons(1) by blast
 
   from Cons(2) have act1: "expr_sat A \<Lambda> \<Gamma> \<Omega> ns1 e_inv" by (simp add: expr_all_sat_def)
@@ -408,7 +404,7 @@ lemma invs_hold_if_asserts_reduce:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, s0\<rangle> [\<rightarrow>] s1"
   and "s0 = Normal ns1"
   and "s1 \<noteq> Failure"
-  and "assertions = map inv_into_assertion invs"
+  and "assertions = map Assert invs"
   shows "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs"
   using assms
 proof (induction arbitrary: invs rule: red_cmd_list.induct)
@@ -417,13 +413,13 @@ proof (induction arbitrary: invs rule: red_cmd_list.induct)
   then show ?case by (simp add: expr_all_sat_def)
 next
   case (RedCmdListCons c s s'' cs s')  
-  from RedCmdListCons have "cs = map inv_into_assertion (List.tl invs)" using assms by auto
+  from RedCmdListCons have "cs = map Assert (List.tl invs)" using assms by auto
   from RedCmdListCons have "c = Assert (hd invs)" by auto 
 
   from RedCmdListCons(1) this \<open>s = Normal ns1\<close> show ?case
   proof cases
     case RedAssertOk thus ?thesis 
-      using RedCmdListCons(1) \<open>c = Assert (hd invs)\<close> \<open>s = Normal ns1\<close> \<open>cs = map inv_into_assertion (List.tl invs)\<close> 
+      using RedCmdListCons(1) \<open>c = Assert (hd invs)\<close> \<open>s = Normal ns1\<close> \<open>cs = map Assert (List.tl invs)\<close> 
       by (metis RedCmdListCons.IH RedCmdListCons.prems(2)
           RedCmdListCons.prems(3) cmd.inject(1) expr_all_sat_def expr_sat_def 
           list.collapse list.discI list.map_disc_iff list_all_simps(1) state.inject)
@@ -437,14 +433,14 @@ lemma one_inv_fails_assertions:
   assumes "invs = invs1 @ [I] @ invs2"
       and "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs1"
       and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>I,ns1\<rangle> \<Down> BoolV False"
-      and "assertions = map inv_into_assertion invs"
+      and "assertions = map Assert invs"
     shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Failure"
   using assms
 proof -
   from assms(4) assms(1) obtain assum1 a_fail assum2 where
-    left: "assum1 = map inv_into_assertion invs1" and
-    mid_fail: "a_fail = inv_into_assertion I" and
-    right: "assum2 = map inv_into_assertion invs2" and
+    left: "assum1 = map Assert invs1" and
+    mid_fail: "a_fail = Assert I" and
+    right: "assum2 = map Assert invs2" and
     concat: "assertions = assum1 @ [a_fail] @ assum2"
     by simp
   from assms(2) left have left_red: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assum1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1" using asserts_hold_if_invs_hold by simp
@@ -467,13 +463,13 @@ lemma valid_config_implies_satisfied_posts:
 text \<open>If an \<^term>\<open>ast_config\<close> (bigblock, cont, state) is an ending configuration, then any correspoding cfg block is locally correct.\<close>
 lemma end_static:
   assumes "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock any [] None None, KStop, Normal ns1)\<rangle> \<longrightarrow> (step_bb, step_cont, step_state)"
-  shows "step_state \<noteq> Failure \<and> (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> A,M',\<Lambda>0,\<Gamma>,[] \<turnstile> \<langle>any_block ,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')"
+  shows "step_state \<noteq> Failure \<and> (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>0,\<Gamma>,[] \<turnstile> \<langle>any_block ,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')"
   using assms
   by (cases) auto 
 
 lemma end_return:
   assumes "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock any [] None (Some Return), KStop, Normal ns1)\<rangle> \<longrightarrow> (step_bb, step_cont, step_state)"
-  shows "step_state \<noteq> Failure \<and> (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> A,M',\<Lambda>0,\<Gamma>,[] \<turnstile> \<langle>[] ,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')"
+  shows "step_state \<noteq> Failure \<and> (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>0,\<Gamma>,[] \<turnstile> \<langle>[] ,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')"
   using assms
   by (cases) (auto simp add: RedCmdListNil)
 
@@ -742,7 +738,7 @@ next
     from 1 assms obtain inter_bb inter_cont inter_state  where
       step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock name [] None None, KEndBlock cont0, Normal ns3) (inter_bb, inter_cont, inter_state))" and 
       rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(inter_bb, inter_cont, inter_state) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)" 
-      by (metis (no_types, opaque_lifting) prod_cases3 relpowp_Suc_D2)
+      by (metis (no_types) prod_cases3 relpowp_Suc_D2)
     from this step1 have "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, cont0, Normal ns3)"
       by (cases) auto
     then show ?thesis using "1" assms(2) rest by blast
@@ -753,15 +749,15 @@ lemma ending_after_skipping_endblock:
   assumes "j = Suc j'" 
       and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
       and "bb = BigBlock None [] None None"
-      and "\<And>m3 s3. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
-      and "\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+      and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
+      and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
       and "(cont_guard = Some guard) \<Longrightarrow> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False)" 
       and "\<And> j''. 
             j' = Suc j'' \<Longrightarrow>                           
             A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-           (\<And>m' s'. A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
-           (\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+           (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
            ((cont_guard = Some guard) \<Longrightarrow> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False)) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
@@ -825,7 +821,7 @@ next
       step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, KEndBlock (KSeq bb_next cont0), Normal ns3) (inter_bb, inter_cont, inter_state))" and 
       step2: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb, inter_cont, inter_state) (inter_bb2, inter_cont2, inter_state2))" and
       rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(inter_bb2, inter_cont2, inter_state2) -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)" 
-      by (metis (no_types, opaque_lifting) prod_cases3 relpowp_Suc_D2)
+      by (metis (no_types) prod_cases3 relpowp_Suc_D2)
     from this step1 have "(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq bb_next cont0), Normal ns3)"
     proof cases
       case RedSkipEndBlock thus ?thesis 
@@ -844,15 +840,15 @@ lemma ending_after_skipping_endblock2:
   assumes "j = Suc j'" 
       and "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, KEndBlock (KSeq bigblock_next cont0), Normal ns1'') -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
       and "bb = BigBlock None [] None None"
-      and "\<And>m3 s3. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
-      and "\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+      and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
+      and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
       and "(cont_guard = Some guard) \<Longrightarrow> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False)"
       and "\<And> j''. 
             j' = Suc (Suc j'') \<Longrightarrow>
             A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-           (\<And>m' s'. A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
-           (\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+           (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
            ((cont_guard = Some guard) \<Longrightarrow> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False)) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
@@ -906,7 +902,7 @@ next
     from 1 assms obtain inter_bb inter_cont inter_state where
       step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb0, cont0, Normal ns) (inter_bb, inter_cont, inter_state))" and 
       rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(inter_bb, inter_cont, inter_state) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)" 
-      by (metis (no_types, opaque_lifting) prod_cases3 relpowp_Suc_D2)
+      by (metis (no_types) prod_cases3 relpowp_Suc_D2)
     from this have "(inter_bb, inter_cont, inter_state) = (BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns)"
     proof cases
       case RedParsedWhileWrapper thus ?thesis using assms(2) by auto
@@ -920,14 +916,14 @@ qed
 lemma ending_after_unwrapping:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)" 
       and "bb = BigBlock name [] (Some (WhileWrapper loop)) None"
-      and "\<And>m3 s3. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
-      and "\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+      and "\<And>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<Longrightarrow> s3 \<noteq> Failure"
+      and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
       and "\<And> j''. 
             j = Suc j'' \<Longrightarrow>
             A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-           (\<And>m' s'. A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
-           (\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+           (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+           (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
            (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
@@ -1012,7 +1008,7 @@ next
           step2: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb, inter_cont, inter_state) (inter_bb2, inter_cont2, inter_state2))" and 
           step3: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb2, inter_cont2, inter_state2) (inter_bb3, inter_cont3, inter_state3))" and
           rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb3, inter_cont3, inter_state3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)" 
-          by (metis (no_types, opaque_lifting) get_state.cases relpowp_Suc_D2)
+          by (metis (no_types) get_state.cases relpowp_Suc_D2)
   
         from this step1 have "(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)"
         proof cases
@@ -1041,8 +1037,8 @@ lemma ending_after_skipping_endblock_and_unwrapping:
                       Normal ns1'') -n\<longrightarrow>^j'
            (reached_bb, reached_cont, reached_state)"
       and "bb = BigBlock None [] None None"
-      and corr: "\<forall>m3 s3. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
-      and "\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+      and corr: "\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure"
+      and "\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts"
       and guard_false: "(cont_guard = Some guard) \<Longrightarrow> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False)"
       and "node_to_block G ! n = [Assume c]" 
@@ -1055,8 +1051,8 @@ lemma ending_after_skipping_endblock_and_unwrapping:
           List.member (out_edges(G) ! n) n1 \<Longrightarrow>
           A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') -n\<longrightarrow>^j''' 
               (reached_bb, reached_cont, reached_state) \<Longrightarrow>
-          (\<And>m' s'. A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
-          (\<And>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
+          (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
+          (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow> 
           (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
     shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
@@ -1107,12 +1103,12 @@ lemma block_local_rel_generic:
   and "guard = None"
   and "invs = []"
   and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
   and "bb = (BigBlock name cs1 any_str any_tr)"
   and "cs1 \<noteq> Nil"
   and "cs2 \<noteq> Nil"
   shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
   using assms
 proof (induction arbitrary: ns1)
   case (Rel_Main_test bb name cs1 any_str any_tr)
@@ -1124,11 +1120,11 @@ proof (induction arbitrary: ns1)
     case (Cons a list)
     then have "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name (a#list) any_str any_tr), cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
       using Rel_Main_test by blast
-    then have "A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(a#list), Normal ns1\<rangle> [\<rightarrow>] reached_state" using Rel_Main_test(5) 
+    then have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(a#list), Normal ns1\<rangle> [\<rightarrow>] reached_state" using Rel_Main_test(5) 
     proof cases
       case RedSimpleCmds thus ?thesis by blast
     qed
-    then have "A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs1, Normal ns1\<rangle> [\<rightarrow>] reached_state" using Cons by simp
+    then have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs1, Normal ns1\<rangle> [\<rightarrow>] reached_state" using Cons by simp
     
     then show ?thesis using Rel_Main_test by auto
   qed 
@@ -1138,33 +1134,33 @@ text \<open>Local relation between a loop-only(no simple commands) ast-bigblock
 lemma block_local_rel_loop_head:
   assumes block_rel: "ast_cfg_rel None assert_invs bb assertions"
   and "bb =  (BigBlock name [] (Some (ParsedWhile loop_guard invs (bb0#body_bbs))) any_tr)"
-  and "assert_invs = map inv_into_assertion invs"
+  and "assert_invs = map Assert invs"
   and Red_bb: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
   shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
   using assms
 proof cases
   case Rel_Invs
-  hence "assertions = map inv_into_assertion invs" using assms(3) by simp
+  hence "assertions = map Assert invs" using assms(3) by simp
   from Red_bb show ?thesis
   proof cases
-    case RedParsedWhileTrue thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
+    case RedParsedWhileTrue thus ?thesis using \<open>assertions = (map Assert invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
   next
-    case RedParsedWhileFalse thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
+    case RedParsedWhileFalse thus ?thesis using \<open>assertions = (map Assert invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
   next
-    case RedParsedWhile_InvFail thus ?thesis using Red_impl \<open>assertions = map inv_into_assertion invs\<close> one_inv_fails_assertions assms(2) by blast
+    case RedParsedWhile_InvFail thus ?thesis using Red_impl \<open>assertions = map Assert invs\<close> one_inv_fails_assertions assms(2) by blast
   qed (auto simp add: assms(2))
 next
   case Rel_Main_test
-  hence "assertions = map inv_into_assertion invs" using assms(2-3) by simp
+  hence "assertions = map Assert invs" using assms(2-3) by simp
   from Red_bb show ?thesis
   proof cases
-    case RedParsedWhileTrue thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
+    case RedParsedWhileTrue thus ?thesis using \<open>assertions = (map Assert invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
   next
-    case RedParsedWhileFalse thus ?thesis using \<open>assertions = (map inv_into_assertion invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
+    case RedParsedWhileFalse thus ?thesis using \<open>assertions = (map Assert invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
   next
-    case RedParsedWhile_InvFail thus ?thesis using Red_impl \<open>assertions = map inv_into_assertion invs\<close> one_inv_fails_assertions assms(2) by blast
+    case RedParsedWhile_InvFail thus ?thesis using Red_impl \<open>assertions = map Assert invs\<close> one_inv_fails_assertions assms(2) by blast
   qed (auto simp add: assms(2))
 qed
 
@@ -1184,14 +1180,14 @@ lemma generic_ending_block_global_rel:
        (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
        (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
   and "out_edges G ! n = []"
-  and cfg_reaches_not_failure: "\<And> m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
+  and cfg_reaches_not_failure: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
                                       is_final_config (m',s') \<Longrightarrow> (\<forall> ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) post_invs)"
   and local_rel: "\<And> step_bb step_cont step_state. 
                     red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, KStop, (Normal ns1)) (step_bb, step_cont, step_state) \<Longrightarrow> 
-                    (\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>
+                    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>
                     step_state \<noteq> Failure  \<and>
-                    (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+                    (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
 shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs reached_bb reached_cont reached_state)"
   using assms
 proof (cases cs2)
@@ -1201,7 +1197,7 @@ proof (cases cs2)
     proof (cases any_tr)
       case None thus ?thesis
       proof -
-        have "(red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" 
+        have "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" 
           using block_id \<open>out_edges G ! n = []\<close> Nil node_to_block_assm
           by (metis RedCmdListNil RedNormalReturn push_through_assumption0 push_through_assumption1 r_into_rtranclp)
         hence "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" using cfg_satisfies_posts 
@@ -1228,7 +1224,7 @@ proof (cases cs2)
             rest0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
             by (metis prod_cases3 relpowp_Suc_D2) 
           from cfg_reaches_not_failure have 
-            cfg_local: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+            cfg_local: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
             using assms(5) dag_verifies_propagate_2 by blast
 
           from step0 Return assms(3) Some Nil syn_rel have
@@ -1240,19 +1236,19 @@ proof (cases cs2)
 
           from this cfg_local step0 have 
             "inter_state \<noteq> Failure  \<and>
-            (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+            (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
             using assms by (metis RedReturn \<open>cs1 = []\<close>)
 
           from step0 have inter_conc: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KStop, Normal ns1)" 
             using \<open>cs1 = []\<close> Return Some
             by (cases) auto
 
-          hence "(red_cfg A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))"
+          hence "(red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))"
             by (simp add: RedNormalReturn 
-                          \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block G ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+                          \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block G ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
                           assms(8))
 
-          hence "(red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" by simp
+          hence "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" by simp
           hence "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" 
             using cfg_satisfies_posts is_final_config.simps(2) by blast
           then have "is_final (inter_bb, inter_cont, inter_state)"
@@ -1305,20 +1301,20 @@ next
       from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, cont0, inter_state)"
       by (cases) (auto simp add: RedSimpleCmds ending)
  
-      have Red_impl: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+      have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
         using assms(5) cfg_reaches_not_failure dag_verifies_propagate_2 by blast
 
       have "cont0 = KStop" using None by (simp add: ending)
   
       from step \<open>cont0 = KStop\<close> have local_corr:
             "inter_state \<noteq> Failure  \<and>
-            (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+            (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
         using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms by (cases) blast+
 
-      hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
+      hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
         by (simp add: RedCmdListNil RedNormalReturn assms(7-8) local.Cons)
 
-      hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
+      hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
       hence posts_sat: "\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1') post_invs" 
         using cfg_satisfies_posts is_final_config.simps(2) by blast
 
@@ -1342,24 +1338,25 @@ next
           case RedSimpleCmds thus ?thesis using Return Some by blast
         qed (auto simp add: \<open>cs1 \<noteq> []\<close>)
 
-        have Red_impl: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
+        have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" 
           using dag_verifies_propagate_2  assms(5) cfg_reaches_not_failure by blast
 
         from step have local_corr:
               "inter_state \<noteq> Failure  \<and>
-              (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-          using Red_impl block_local_rel_generic local.Cons assms
-          by (metis (no_types, lifting) \<open>cs1 \<noteq> []\<close> list.distinct(1) push_through_assumption0 push_through_assumption1)
+              (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+          using Red_impl \<open>cs1 \<noteq> []\<close> assms(3) block_id block_local_rel_generic list.distinct(1) 
+                          local.Cons node_to_block_assm push_through_assumption0 push_through_assumption1 syn_rel
+          by metis
   
-        hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
+        hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
           by (simp add: RedCmdListNil RedNormalReturn assms(7-8) local.Cons)
   
-        hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
+        hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
         hence posts_sat: "\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1') post_invs" 
           using cfg_satisfies_posts is_final_config.simps(2) by blast
     
         from step have "inter_state \<noteq> Failure" using Red_impl block_local_rel_generic local.Cons assms
-        by (metis (no_types, lifting) \<open>cs1 \<noteq> []\<close> list.distinct(1) push_through_assumption0 push_through_assumption1)
+        using local_corr by fastforce
   
         then show ?thesis
         proof (cases inter_state)
@@ -1379,7 +1376,7 @@ next
             by (cases) blast+
             hence "is_final (inter_bb2, inter_cont2, inter_state2)" by simp
             hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs inter_bb2 inter_cont2 inter_state2)" 
-              by (simp add: Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> inter2_conc posts_sat)
+              using Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> inter2_conc posts_sat by blast
             then show ?thesis
               by (metis \<open>is_final (inter_bb2, inter_cont2, inter_state2)\<close> final_is_static_propagate inter2_conc prod.inject relpowp_imp_rtranclp snd_rest)
           qed
@@ -1388,7 +1385,7 @@ next
           then show ?thesis using \<open>inter_state \<noteq> Failure\<close> by simp
         next
           case Magic
-          then show ?thesis by (metis valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps magic_propagates rest state.simps(5))
+          then show ?thesis by (metis valid_configuration_def \<open>inter_state \<noteq> Failure\<close>  magic_propagates rest state.simps(5))
         qed
       qed
     qed
@@ -1408,19 +1405,19 @@ lemma block_global_rel_while_successor:
       "(related_block = cmds) \<or> 
        (related_block = c#cmds) \<and> c = Assume entry_guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> entry_guard ns1 (BoolV True)) \<or> 
        (related_block = c#cmds) \<and> c = Assume not_guard \<and> (UnOp Not entry_guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> entry_guard ns1 (BoolV False))"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
+  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+  and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
                                       is_final_config (m',s') \<Longrightarrow> (\<forall> ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and block_local_rel:
     "\<And> reached_bb_inter reached_cont_inter reached_state_inter. 
     (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-    (\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block G ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block G ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and global_rel_succ:
         "\<And> ns2 k.
          k < j \<Longrightarrow>
-         (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, Normal ns2) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
-         (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns2) -n\<rightarrow>* (m', s')) \<longrightarrow>
+         (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, Normal ns2) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+         (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns2) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                              is_final_config (m', s') \<longrightarrow> 
                                                              (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) \<Longrightarrow>
          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] (Some (ParsedWhile guard invs (body_bb0#body_bbs))) None), KEndBlock cont1, Normal ns2) -n\<longrightarrow>^k 
@@ -1439,19 +1436,19 @@ next
   from this j_step_ast_trace assms(3) obtain inter_bb inter_cont inter_state where
     first_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None), cont1, Normal ns1)\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and 
     rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-    by (metis (no_types, opaque_lifting) get_state.cases relpowp_Suc_D2)
+    by (metis (no_types) get_state.cases relpowp_Suc_D2)
   from this have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None), cont1, inter_state)"
   proof cases
     case RedSimpleCmds thus ?thesis by blast
   qed (auto simp add: \<open>cmds \<noteq> []\<close>)
-  have Red_impl: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block G ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" using dag_verifies_propagate_2 cfg_is_correct assms(5) 
+  have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block G ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))" using dag_verifies_propagate_2 cfg_is_correct assms(5) 
     by blast
-  have local_conclusion: "inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+  have local_conclusion: "inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
     using Red_impl first_step assms(3-4) block_local_rel_generic syn_rel block_local_rel by blast
   show ?thesis 
   proof (cases inter_state)
     case (Normal x1)
-    hence "(A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] inter_state)" using local_conclusion by blast
+    hence "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] inter_state)" using local_conclusion by blast
     then show ?thesis
     proof (cases j')
       case 0
@@ -1461,14 +1458,14 @@ next
       case 2: (Suc j'')
 
       hence Red_cfg_conc: 
-        "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))" 
-        using dag_verifies_propagate Normal \<open>A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n),Normal ns1\<rangle> [\<rightarrow>] inter_state\<close> assms(5) cfg_is_correct by blast
+        "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))" 
+        using dag_verifies_propagate Normal \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n),Normal ns1\<rangle> [\<rightarrow>] inter_state\<close> assms(5) cfg_is_correct by blast
 
       hence Red_cfg_sat_conc: 
-        "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+        "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                              is_final_config (m', s') \<longrightarrow> 
                                                              (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))" 
-        by (metis (no_types, lifting) Normal RedNormalSucc cfg_satisfies_posts converse_rtranclp_into_rtranclp local_conclusion)
+        by (metis (no_types) Normal RedNormalSucc cfg_satisfies_posts converse_rtranclp_into_rtranclp local_conclusion)
 
       from 2 j_step_ast_trace assms(3) obtain inter_bb2 inter_cont2 inter_state2 where
         first_step_2: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(inter_bb, inter_cont, inter_state)\<rangle> \<longrightarrow> (inter_bb2, inter_cont2, inter_state2)" and 
@@ -1489,7 +1486,7 @@ next
     then show ?thesis using local_conclusion by blast
   next
     case Magic
-    then show ?thesis by (metis valid_configuration_def get_state.simps local_conclusion magic_propagates rest state.simps(5))
+    then show ?thesis by (metis valid_configuration_def local_conclusion magic_propagates rest state.simps(5))
   qed
 qed
 
@@ -1499,22 +1496,22 @@ text \<open>Global lemma for a big block that's the head of a loop.
 lemma block_global_rel_loop_head:
   assumes block_rel: "ast_cfg_rel None assertions bb assertions"
   and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
                                         is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and "bb = (BigBlock name [] any_str any_tr)"
   and bb_successor_while: "any_str = Some (ParsedWhile cont_guard invs (bb0#body_bbs))"
   and block_local_rel:
     "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-    (\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and "node_to_block(G) ! n = assertions"
   and "cont0 = KEndBlock cont1"
   and succ_correct: 
    "\<And> ns1'' loop_guard j'. 
     j = Suc j' \<Longrightarrow>
-    (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
-    (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
+    (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
+    (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
     ((cont_guard = Some loop_guard) \<and> 
@@ -1554,17 +1551,17 @@ proof -
             using bb_successor_while None by blast
   
           from first_step
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
             by (metis Pair_inject assms(5) assms(8) block_local_rel cfg_correct concrete_inter1 dag_verifies_propagate dag_verifies_propagate_2)
 
           from first_step
           have succ_cfg_satisfies_post: 
               "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
-                                                        (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                        (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
             using cfg_satisfies_post 
-            by (metis (no_types, lifting) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileTrue(4))
+            by (metis (no_types) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileTrue(4))
   
           show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post None rest concrete_inter1 succ_correct assms(5) \<open>cont0 = KEndBlock cont1\<close> by blast 
         next 
@@ -1572,17 +1569,17 @@ proof -
           hence concrete_inter2: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), cont0, (Normal ns1))" by simp
   
           from first_step
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
             by (metis assms(5) assms(8) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
 
           from first_step
           have succ_cfg_satisfies_post: 
               "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
-                                                        (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                        (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
             using cfg_satisfies_post 
-            by (metis (no_types, lifting) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+            by (metis (no_types) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
   
           show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post None rest concrete_inter2 succ_correct \<open>cont0 = KEndBlock cont1\<close>  by blast
         next 
@@ -1602,17 +1599,17 @@ proof -
               using bb_successor_while Some by blast
   
             from first_step
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               by (metis Pair_inject assms(5) assms(8) block_local_rel cfg_correct concrete_inter3 dag_verifies_propagate dag_verifies_propagate_2)
 
             from first_step
             have succ_cfg_satisfies_post: 
                 "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
-                                                          (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                                                          (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                           is_final_config (m', s') \<longrightarrow> 
                                                           (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
               using cfg_satisfies_post 
-            by (metis (no_types, lifting) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileTrue(4))
+            by (metis (no_types) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileTrue(4))
   
             show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post Some guard_true rest concrete_inter3 succ_correct assms(5) \<open>cont0 = KEndBlock cont1\<close>  by blast 
         next 
@@ -1630,17 +1627,17 @@ proof -
             hence concrete_inter4: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), cont0, (Normal ns1))" by simp
 
           from first_step
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
             by (metis assms(5) assms(8) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
 
           from first_step
           have succ_cfg_satisfies_post: 
               "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
-                                                        (\<forall>m' s'. (((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s'))) \<longrightarrow>
+                                                        (\<forall>m' s'. (((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s'))) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
             using cfg_satisfies_post 
-            by (metis (no_types, lifting) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+            by (metis (no_types) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
   
             show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post Some guard_false rest concrete_inter4 succ_correct \<open>cont0 = KEndBlock cont1\<close> by blast
           next
@@ -1668,20 +1665,20 @@ lemma block_global_rel_if_successor:
       "(related_block = cs2) \<or> 
        (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
        (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
                                         is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   and bb_successor_if: "any_str = Some (ParsedIf cont_guard (then0#then_bbs) (else0#else_bbs))"
   and block_local_rel:
         "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> 
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> 
         cs1 \<noteq> [] \<Longrightarrow> cs2 \<noteq> [] \<Longrightarrow>  
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and succ_correct: 
        "\<And> ns1'' block_guard k.
          k < j \<Longrightarrow> 
-        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
-        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
+        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
+        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                             is_final_config (m', s') \<longrightarrow> 
                                                             (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
         ( (cont_guard = Some block_guard) \<and> 
@@ -1719,12 +1716,12 @@ proof cases
         by (metis ast_trace get_state.cases relpowp_Suc_E2)
   
       from cfg_correct Cons block_id
-      have local_rel_corr: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+      have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
         using dag_verifies_propagate_2 
         by (metis push_through_assumption0 push_through_assumption1 \<open>node_to_block(G) ! n = related_block\<close>)
   
       from local_rel_corr first_step Cons
-      have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
+      have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
         using block_local_rel local.Rel_Main_test assms(3) 
         by (metis \<open>cs1 \<noteq> []\<close> assume_ml bigblock.inject block_id state.simps(7) \<open>node_to_block(G) ! n = related_block\<close>)
   
@@ -1758,16 +1755,16 @@ proof cases
               hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
 
               from first_step 
-              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               proof cases
                 case RedSimpleCmds show ?thesis using 2 RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
               qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
 
-              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct local.Cons
-                by (metis (no_types, lifting) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
+                by (metis (no_types) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
               have "j'' < j" using 1 3 using Suc_lessD by blast
               
@@ -1777,16 +1774,16 @@ proof cases
               hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
   
               from first_step 
-              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               proof cases
                 case RedSimpleCmds show ?thesis using 2 RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
               qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
 
-              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct local.Cons
-                by (metis (no_types, lifting) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
+                by (metis (no_types) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
               have "j'' < j" using 1 3 using Suc_lessD by blast
   
@@ -1804,16 +1801,16 @@ proof cases
               qed (auto simp add: guard_not_false bb_successor_if 2 Some)
   
               from first_step 
-              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               proof cases
                 case RedSimpleCmds show ?thesis using 2 eq RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
               qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
 
-              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct local.Cons
-                by (metis (no_types, lifting) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
+                by (metis (no_types) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
               have "j'' < j" using 1 3 using Suc_lessD by blast
               
@@ -1829,16 +1826,16 @@ proof cases
                 qed (auto simp add: guard_not_true bb_successor_if 2 Some)
   
                 from first_step 
-                have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+                have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
                 proof cases
                   case RedSimpleCmds show ?thesis using 2 RedSimpleCmds(3) dag_verifies_propagate assms(3-4) Rel_Main_test(1) cfg_correct a2 by blast
                 qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>)
 
-                have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                           is_final_config (m', s') \<longrightarrow> 
                                                           (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                   using cfg_satisfies_post cfg_correct local.Cons
-                  by (metis (no_types, lifting) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
+                  by (metis (no_types) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
                 have "j'' < j" using 1 3 using Suc_lessD by blast
           
@@ -1859,11 +1856,11 @@ proof cases
       next
         case Failure
         then show ?thesis
-          using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n),Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+          using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n),Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
           by linarith
       next
         case Magic
-        then show ?thesis by (metis Ast.valid_configuration_def a2 get_state.simps magic_propagates rest_of_steps state.distinct(3))
+        then show ?thesis by (metis Ast.valid_configuration_def a2 magic_propagates rest_of_steps state.distinct(3))
       qed
     qed
   qed
@@ -1895,15 +1892,18 @@ next
             case RedParsedIfTrue
             hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
 
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
               by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                       is_final_config (m', s') \<longrightarrow> 
                                                       (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
-              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil RedCmdListNil RedNormalSucc \<open>node_to_block(G) ! n = related_block\<close>
-              by (smt (verit, best)  block_id converse_rtranclp_into_rtranclp push_through_assumption1 )
+              apply (auto simp add: member_rec)
+              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  
+                    local.Nil RedCmdListNil RedNormalSucc \<open>node_to_block(G) ! n = related_block\<close>
+                    block_id converse_rtranclp_into_rtranclp push_through_assumption1 
+              by (smt (verit))
   
             have "j' < j" using 1 using Suc_lessD by blast
             
@@ -1913,15 +1913,17 @@ next
             hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, Normal ns1)" using None bb_successor_if 1 by auto
 
             from snd_step 
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
               by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                       is_final_config (m', s') \<longrightarrow> 
                                                       (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
-              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
-              by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1 \<open>node_to_block(G) ! n = related_block\<close>)
+              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil
+                    RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1
+                    \<open>node_to_block(G) ! n = related_block\<close>
+              by (smt (verit, best))
   
             have "j' < j" using 1 using Suc_lessD by blast
   
@@ -1939,15 +1941,17 @@ next
             qed (auto simp add: guard_not_false bb_successor_if Some)
   
             from snd_step 
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
               by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                       is_final_config (m', s') \<longrightarrow> 
                                                       (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
-              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
-              by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1 \<open>node_to_block(G) ! n = related_block\<close>)
+              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil
+                    RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1
+                     \<open>node_to_block(G) ! n = related_block\<close>
+              by (smt (verit, best))
   
             have "j' < j" using 1 using Suc_lessD by blast
             
@@ -1963,15 +1967,17 @@ next
               qed (auto simp add: guard_not_true bb_successor_if Some)
   
               from snd_step 
-              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
                 using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
                 by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2) 
 
-              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
-                by (smt (verit, best) RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1 \<open>node_to_block(G) ! n = related_block\<close>)
+                      RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1
+                      \<open>node_to_block(G) ! n = related_block\<close>
+                by (smt (verit, best))
   
               have "j' < j" using 1 using Suc_lessD by blast
         
@@ -2004,20 +2010,20 @@ lemma block_global_rel_generic:
       "(related_block = cs2) \<or> 
        (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
        (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
+  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
                                         is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)"
   and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
   and block_local_rel: 
         "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
         cs1 \<noteq> [] \<Longrightarrow> cs2 \<noteq> [] \<Longrightarrow>
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
+        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
   and succ_correct: 
        "\<And>  ns1'' k.
         k < j \<Longrightarrow> 
-        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
-       (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
+        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
+       (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                             is_final_config (m', s') \<longrightarrow> 
                                                             (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)))) \<Longrightarrow>
         A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
@@ -2047,7 +2053,7 @@ proof cases
         by (metis ast_trace get_state.cases relpowp_Suc_D2)
   
       from cfg_correct Cons block_id node_to_block_assm
-      have local_rel_corr: "(\<And> s2'.((red_cmd_list A M' \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+      have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
         apply (simp)
         apply (rule disjE)
           apply simp
@@ -2062,7 +2068,7 @@ proof cases
         done
   
       from local_rel_corr first_step 
-      have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
+      have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
         using block_local_rel assms(3) \<open>cs1 \<noteq> []\<close> Cons 
         by (metis bigblock.inject cfg_correct dag_verifies_propagate_2 local.Rel_Main_test(1))
   
@@ -2093,18 +2099,18 @@ proof cases
           qed (auto simp add: trivial_bb_successor "1")
   
           from first_step 
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
           proof cases
             case RedSimpleCmds show ?thesis 
-              using 1 snd_step_equiv  RedSimpleCmds(3) dag_verifies_propagate Rel_Main_test(1) cfg_correct assms(3-5) 
-              by (metis bigblock.inject push_through_assumption0 push_through_assumption1)
+              using 1 snd_step_equiv  RedSimpleCmds(3) dag_verifies_propagate Rel_Main_test(1) cfg_correct assms(3-5) a2 
+              by blast
           qed (auto simp add: \<open>cs1 \<noteq> Nil\<close>) 
 
-          have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
+          have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                     is_final_config (m', s') \<longrightarrow> 
                                                     (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts))))"
             using cfg_satisfies_post cfg_correct local.Cons
-            by (metis (no_types, lifting) "1" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
+            by (metis (no_types) "1" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
   
           have "j'' < j" using succ_0 2 by simp
   
@@ -2113,7 +2119,7 @@ proof cases
       next
         case Failure
         then show ?thesis
-          using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M',\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+          using \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
           by linarith
       next
         case Magic
@@ -2142,15 +2148,16 @@ next
         hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1,  cont1, (Normal ns1))" using trivial_bb_successor 1 
           by (cases) auto 
 
-        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
           using assms(4-5) cfg_correct correctness_propagates_through_empty local.Nil
-          by (metis (no_types, lifting) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
+          by (metis (no_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-        have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+        have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                   is_final_config (m', s') \<longrightarrow> 
                                                   (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts))))"
           using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
-          by (smt (verit, best) RedCmdListNil RedNormalSucc block_id node_to_block_assm converse_rtranclp_into_rtranclp push_through_assumption1)
+                RedCmdListNil RedNormalSucc block_id node_to_block_assm converse_rtranclp_into_rtranclp push_through_assumption1
+          by (smt (verit, best))
 
         have "j' < j" using 1 using Suc_lessD by blast
         
@@ -2164,6 +2171,38 @@ next
   qed
 qed
 
+definition loop_IH 
+  where "loop_IH j A M \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state \<equiv> 
+          (\<forall>k ns1. k < j \<longrightarrow>
+                    (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<longrightarrow>
+                    (\<forall>m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure)) \<longrightarrow>
+                    (\<forall>m' s'.  (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                               is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)) \<longrightarrow>
+                    (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
+
+lemma loop_IH_prove:
+  assumes "\<And> k ns1. k < j \<Longrightarrow>
+                    (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
+                    (\<forall>m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
+                    (\<forall>m' s'.  (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                               is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)) \<Longrightarrow>
+                    (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  shows "loop_IH j A M \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state"
+  using assms
+  unfolding loop_IH_def
+  by blast
+
+lemma loop_IH_apply:
+  assumes "loop_IH j A M \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state" and
+          "k < j" and
+          "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state))" and
+          "(\<forall>m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure))" and
+          "(\<forall>m' s'.  (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+                               is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)))"
+        shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+  using assms
+  unfolding loop_IH_def 
+  by blast
 
 subsection \<open>Procedure correctness\<close>
 
@@ -2244,37 +2283,6 @@ proof -
   qed
 qed
 
-definition loop_IH 
-  where "loop_IH j A M M' \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state \<equiv> 
-          (\<forall>k ns1. k < j \<longrightarrow>
-                    (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<longrightarrow>
-                    (\<forall>m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure)) \<longrightarrow>
-                    (\<forall>m' s'.  (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
-                               is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)) \<longrightarrow>
-                    (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
 
-lemma loop_IH_prove:
-  assumes "\<And> k ns1. k < j \<Longrightarrow>
-                    (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<Longrightarrow>
-                    (\<forall>m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure)) \<Longrightarrow>
-                    (\<forall>m' s'.  (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
-                               is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)) \<Longrightarrow>
-                    (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  shows "loop_IH j A M M' \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state"
-  using assms
-  unfolding loop_IH_def
-  by blast
-
-lemma loop_IH_apply:
-  assumes "loop_IH j A M M' \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state" and
-          "k < j" and
-          "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state))" and
-          "(\<forall>m' s'. (red_cfg_multi A M' \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure))" and
-          "(\<forall>m' s'.  (A,M',\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
-                               is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)))"
-        shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  using assms
-  unfolding loop_IH_def 
-  by blast
 
 end
\ No newline at end of file
diff --git a/BoogieLang/Passification.thy b/BoogieLang/Passification.thy
index 6c51615..2c73680 100644
--- a/BoogieLang/Passification.thy
+++ b/BoogieLang/Passification.thy
@@ -27,7 +27,7 @@ lemma dependent_ext:
   unfolding dependent_def
   by blast
 
-definition set_red_cmd :: "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd \<Rightarrow> 'a nstate set \<Rightarrow> 'a state set"
+definition set_red_cmd :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> cmd \<Rightarrow> 'a nstate set \<Rightarrow> 'a state set"
   where "set_red_cmd A M \<Lambda> \<Gamma> \<Omega> c N = {s. \<exists>n_s. n_s \<in> N \<and> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, Normal n_s\<rangle> \<rightarrow> s}"
 
 text \<open>\<^term>\<open>set_red_cmd\<close> lifts the command reduction to the reduction of a a set of input states \<close>
diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index 4ab0ea8..4e94008 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -664,7 +664,7 @@ fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdec
                        ('a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> 'struct_ty \<Rightarrow> 'a nstate \<Rightarrow> bool) \<Rightarrow> 
                          bool"
   where 
-    "proc_is_correct A fun_decls constants global_vars axioms proc (proc_body_satisfies_spec_general) =  
+    "proc_is_correct A fun_decls constants global_vars axioms proc proc_body_satisfies_spec_general =  
       (case proc_body(proc) of
         Some (locals, struct) \<Rightarrow> 
           ( ( (\<forall>t. closed t \<longrightarrow> (\<exists>v. type_of_val A (v :: 'a val) = t)) \<and> (\<forall>v. closed ((type_of_val A) v)) ) \<longrightarrow>

From 70f7b8583cef742d233abeaa68aeac46395d10f5 Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Mon, 10 Oct 2022 17:05:32 +0200
Subject: [PATCH 23/74] removed smts + fixed proc_context error, only slow
 metis remains

---
 BoogieLang/Ast_Cfg_Transformation.thy | 125 +++++++++++++++++---------
 1 file changed, 84 insertions(+), 41 deletions(-)

diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index 62cfa5c..5901dd0 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -1896,17 +1896,23 @@ next
               using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
               by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
-                                                      is_final_config (m', s') \<longrightarrow> 
-                                                      (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
-              apply (auto simp add: member_rec)
-              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  
-                    local.Nil RedCmdListNil RedNormalSucc \<open>node_to_block(G) ! n = related_block\<close>
-                    block_id converse_rtranclp_into_rtranclp push_through_assumption1 
-              by (smt (verit))
-  
+            have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                                                      is_final_config (m', s') \<Longrightarrow> 
+                                                      (s' = Normal ns_end) \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts"
+            proof
+              fix msuc2 m' s' ns_end
+              assume a: "List.member (out_edges G ! n) msuc2" and
+                     b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
+                     c: "is_final_config (m', s')" and 
+                     d: "(s' = Normal ns_end)"
+              have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
+                using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
+                      a b c
+                by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
+              show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
+                by (meson converse_rtranclp_into_rtranclp d) 
+            qed  
             have "j' < j" using 1 using Suc_lessD by blast
-            
             thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct succ_cfg_sat by blast
           next
             case (RedParsedIfFalse)
@@ -1917,13 +1923,22 @@ next
               using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
               by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
-                                                      is_final_config (m', s') \<longrightarrow> 
-                                                      (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
-              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil
-                    RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1
-                    \<open>node_to_block(G) ! n = related_block\<close>
-              by (smt (verit, best))
+            have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                                                      is_final_config (m', s') \<Longrightarrow> 
+                                                      (s' = Normal ns_end) \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts"
+            proof
+              fix msuc2 m' s' ns_end
+              assume a: "List.member (out_edges G ! n) msuc2" and
+                     b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
+                     c: "is_final_config (m', s')" and 
+                     d: "(s' = Normal ns_end)"
+              have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
+                using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
+                      a b c
+                by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
+              show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
+                by (meson converse_rtranclp_into_rtranclp d) 
+            qed
   
             have "j' < j" using 1 using Suc_lessD by blast
   
@@ -1945,13 +1960,22 @@ next
               using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
               by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-            have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
-                                                      is_final_config (m', s') \<longrightarrow> 
-                                                      (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
-              using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil
-                    RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1
-                     \<open>node_to_block(G) ! n = related_block\<close>
-              by (smt (verit, best))
+            have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                                                      is_final_config (m', s') \<Longrightarrow> 
+                                                      (s' = Normal ns_end) \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts"
+            proof
+              fix msuc2 m' s' ns_end
+              assume a: "List.member (out_edges G ! n) msuc2" and
+                     b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
+                     c: "is_final_config (m', s')" and 
+                     d: "(s' = Normal ns_end)"
+              have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
+                using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
+                      a b c
+                by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
+              show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
+                by (meson converse_rtranclp_into_rtranclp d) 
+            qed
   
             have "j' < j" using 1 using Suc_lessD by blast
             
@@ -1971,13 +1995,22 @@ next
                 using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
                 by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2) 
 
-              have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
-                                                        is_final_config (m', s') \<longrightarrow> 
-                                                        (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
-                using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
-                      RedCmdListNil RedNormalSucc block_id converse_rtranclp_into_rtranclp push_through_assumption1
-                      \<open>node_to_block(G) ! n = related_block\<close>
-                by (smt (verit, best))
+            have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                                                      is_final_config (m', s') \<Longrightarrow> 
+                                                      (s' = Normal ns_end) \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts"
+            proof
+              fix msuc2 m' s' ns_end
+              assume a: "List.member (out_edges G ! n) msuc2" and
+                     b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
+                     c: "is_final_config (m', s')" and 
+                     d: "(s' = Normal ns_end)"
+              have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
+                using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
+                      a b c
+                by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
+              show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
+                by (meson converse_rtranclp_into_rtranclp d) 
+            qed
   
               have "j' < j" using 1 using Suc_lessD by blast
         
@@ -2123,7 +2156,7 @@ proof cases
           by linarith
       next
         case Magic
-        then show ?thesis by (metis valid_configuration_def a2 get_state.simps magic_propagates rest_of_steps state.distinct(3))
+        then show ?thesis by (metis valid_configuration_def a2  magic_propagates rest_of_steps state.distinct(3))
       qed
     qed 
   qed
@@ -2152,12 +2185,22 @@ next
           using assms(4-5) cfg_correct correctness_propagates_through_empty local.Nil
           by (metis (no_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-        have succ_cfg_sat: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
-                                                  is_final_config (m', s') \<longrightarrow> 
-                                                  (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts))))"
-          using cfg_satisfies_post cfg_correct correctness_propagates_through_empty push_through_assumption0  local.Nil 
-                RedCmdListNil RedNormalSucc block_id node_to_block_assm converse_rtranclp_into_rtranclp push_through_assumption1
-          by (smt (verit, best))
+        have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                                                  is_final_config (m', s') \<Longrightarrow> 
+                                                  (s' = Normal ns_end) \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts"
+        proof
+          fix msuc2 m' s' ns_end
+          assume a: "List.member (out_edges G ! n) msuc2" and
+                 b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
+                 c: "is_final_config (m', s')" and 
+                 d: "(s' = Normal ns_end)"
+          have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
+            using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
+                  a b c
+            by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
+          show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
+            by (meson converse_rtranclp_into_rtranclp d) 
+        qed
 
         have "j' < j" using 1 using Suc_lessD by blast
         
@@ -2208,7 +2251,7 @@ subsection \<open>Procedure correctness\<close>
 
 text \<open>The main lemma used to complete proof of the correctness of an \<^term>\<open>ast_procedure\<close>.\<close>
 lemma end_to_end_util2:
-  assumes AExpanded: "\<And> \<Gamma> end_bb end_cont end_state ns M.
+  assumes AExpanded: "\<And> \<Gamma> end_bb end_cont end_state ns (M::ast proc_context).
            rtranclp (red_bigblock B M \<Lambda> \<Gamma> [] ast) (init_ast ast ns) (end_bb, end_cont, end_state) \<Longrightarrow>
            (\<And> v. (closed ((type_of_val B) v))) \<Longrightarrow>
            (\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val B) v) = t)))) \<Longrightarrow>
@@ -2247,7 +2290,7 @@ proof -
         \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (map fst (proc_pres proc_ast))" and
         Ared: "rtranclp 
                (red_bigblock 
-                B [] (constants @ global_vars,
+                B ([]::ast proc_context) (constants @ global_vars,
                 proc_args proc_ast @
                 locals @
                 proc_rets
@@ -2259,7 +2302,7 @@ proof -
     have "Ast.valid_configuration B \<Lambda> \<Gamma> [] checked_posts end_bb end_cont end_state"
       apply (rule AExpanded)
                 apply (subst Contexteq)
-      using Ared \<open>\<Omega> = []\<close>
+      using Ared \<open>\<Omega> = []\<close> 
                 apply fastforce
               apply (simp add: Atyp)
              apply (simp add: Atyp)

From dba9e6ab02b264954a766bf94a097bf906e44afc Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Mon, 10 Oct 2022 17:39:19 +0200
Subject: [PATCH 24/74] changed the slow metis with a seemingly faster metis

---
 BoogieLang/Ast_Cfg_Transformation.thy | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index 5901dd0..e664f91 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -1197,14 +1197,13 @@ proof (cases cs2)
     proof (cases any_tr)
       case None thus ?thesis
       proof -
-        have "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" 
+        have complete: "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" 
           using block_id \<open>out_edges G ! n = []\<close> Nil node_to_block_assm
           by (metis RedCmdListNil RedNormalReturn push_through_assumption0 push_through_assumption1 r_into_rtranclp)
         hence "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" using cfg_satisfies_posts 
           using is_final_config.simps(2) by blast
-        thus ?thesis 
-          by (metis Ast.valid_configuration_def None \<open>cs1 = []\<close> assms(3) final_is_static_propagate 
-                    get_state.simps is_final.simps(1) j_step_ast_trace relpowp_imp_rtranclp state.inject state.simps(3) ending[OF \<open>any_tr = None\<close>])
+        thus ?thesis using complete Ast.valid_configuration_def
+          by (metis None Pair_inject \<open>cs1 = []\<close> assms(3) cfg_satisfies_posts ending final_is_static_propagate is_final.simps(1) is_final_config.simps(2) j_step_ast_trace relpowp_imp_rtranclp state.distinct(1))
       qed
     next
       case (Some a)

From 334580ad5c9ca715b3902f65984099ac5391d873 Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Tue, 11 Oct 2022 17:38:01 +0200
Subject: [PATCH 25/74] decoupled the procedure type parameter from the
 proc_context type parameter

---
 BoogieLang/Ast_Cfg_Transformation.thy | 8 ++++----
 BoogieLang/Semantics.thy              | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index e664f91..d309d82 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -2250,7 +2250,7 @@ subsection \<open>Procedure correctness\<close>
 
 text \<open>The main lemma used to complete proof of the correctness of an \<^term>\<open>ast_procedure\<close>.\<close>
 lemma end_to_end_util2:
-  assumes AExpanded: "\<And> \<Gamma> end_bb end_cont end_state ns (M::ast proc_context).
+  assumes AExpanded: "\<And> \<Gamma> end_bb end_cont end_state ns (M::mbodyCFG proc_context).
            rtranclp (red_bigblock B M \<Lambda> \<Gamma> [] ast) (init_ast ast ns) (end_bb, end_cont, end_state) \<Longrightarrow>
            (\<And> v. (closed ((type_of_val B) v))) \<Longrightarrow>
            (\<And> t. ((closed t) \<Longrightarrow> (\<exists> v. (((type_of_val B) v) = t)))) \<Longrightarrow>
@@ -2271,9 +2271,9 @@ lemma end_to_end_util2:
           "axs = prog_axioms prog" and*)
           "proc_ty_args proc_ast = 0" 
           (*"const_decls = prog_consts prog"*)
-        shows "proc_is_correct B fun_decls constants global_vars axioms proc_ast Ast.proc_body_satisfies_spec"
+        shows "proc_is_correct B fun_decls constants global_vars axioms proc_ast (Ast.proc_body_satisfies_spec :: 'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool)"
 proof -
-  show "proc_is_correct B fun_decls constants global_vars axioms proc_ast Ast.proc_body_satisfies_spec"
+  show "proc_is_correct B fun_decls constants global_vars axioms proc_ast (Ast.proc_body_satisfies_spec :: 'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool)"
   proof( (simp only: proc_is_correct.simps), subst ABody, simp split: option.split, (rule allI | rule impI)+,
          unfold proc_body_satisfies_spec_def,(rule allI | rule impI)+)  
     fix \<Gamma> \<Omega> gs ls end_bb end_cont end_state
@@ -2289,7 +2289,7 @@ proof -
         \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (map fst (proc_pres proc_ast))" and
         Ared: "rtranclp 
                (red_bigblock 
-                B ([]::ast proc_context) (constants @ global_vars,
+                B ([]::mbodyCFG proc_context) (constants @ global_vars,
                 proc_args proc_ast @
                 locals @
                 proc_rets
diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index 4e94008..e00406b 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -660,8 +660,8 @@ abbreviation axiom_assm
   where "axiom_assm A \<Gamma> consts ns axioms \<equiv> 
      (axioms_sat A (consts, []) \<Gamma> (nstate_global_restriction ns consts) axioms)"
 
-fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdecls \<Rightarrow> vdecls \<Rightarrow> axiom list \<Rightarrow> 'struct_ty procedure \<Rightarrow> 
-                       ('a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> 'struct_ty \<Rightarrow> 'a nstate \<Rightarrow> bool) \<Rightarrow> 
+fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdecls \<Rightarrow> vdecls \<Rightarrow> axiom list \<Rightarrow> 'struct_ty2 procedure \<Rightarrow> 
+                       ('a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> 'struct_ty2 \<Rightarrow> 'a nstate \<Rightarrow> bool) \<Rightarrow> 
                          bool"
   where 
     "proc_is_correct A fun_decls constants global_vars axioms proc proc_body_satisfies_spec_general =  

From 91b6f22f8611076d6c350da0cfdd21d1a6c4dffb Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Tue, 18 Oct 2022 17:31:38 +0200
Subject: [PATCH 26/74] add type synonym used in end-to-end lemma for
 AST-to-CFG phase

---
 BoogieLang/Ast_Cfg_Transformation.thy | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index d309d82..3ef08dc 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -6,6 +6,10 @@ theory Ast_Cfg_Transformation
            Semantics
            BackedgeElim
 begin
+
+type_synonym 'a satisfies_spec_func_type = 
+  "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool"
+
 subsection \<open>Miscellaneous helper lemmas\<close>
 
 lemma not_true_equals_false:

From f81f1fccab8c72f5d864ea942451c0219a1da193 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Tue, 18 Oct 2022 19:04:15 +0200
Subject: [PATCH 27/74] fix proofs that did not work for reals extension

simplify proofs in the process
---
 BoogieLang/Ast_Cfg_Transformation.thy | 288 ++++++--------------------
 1 file changed, 62 insertions(+), 226 deletions(-)

diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index 3ef08dc..b33ed95 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -138,247 +138,83 @@ next
 next
   case (neg_lt e1 e2)
   from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Lt\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
-  show ?thesis
-  proof (cases boolean)
-    case True
-    from this assms neg_lt have 
-      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Lt\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by simp
-    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Lt\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by (metis not_true_equals_false)
-    
-    from this obtain v1 v2 where
+    from this obtain v1 v2 bopRes where
       redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-
-    from this eq_false have "binop_eval_val Lt v1 v2 = (Some (BoolV False))" by (metis RedBinOp_case expr_eval_determ(1))
-
-    from this obtain lit1 lit2 where
-      "v1 = (LitV lit1)" and 
-      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(26) binop_eval_val.simps(27) option.discI val.exhaust)
-
-    from this \<open>binop_eval_val Lt v1 v2 = (Some (BoolV False))\<close> have "binop_less lit1 lit2 = Some (LBool False)" by simp 
-
-    from this obtain i1 i2 where
-      "lit1 = LInt i1" and
-      "lit2 = LInt i2" by (metis binop_less.elims option.simps(3))
-
-    from this \<open>binop_less lit1 lit2 = Some (LBool False)\<close> have "\<not>(i1 < i2)" by simp
-    hence "i2 \<le> i1" by simp
-    hence "binop_lessOrEqual lit2 lit1 = (Some (LBool True))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval Le lit2 lit1 = Some (LBool True)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval_val Le (LitV lit2) (LitV lit1) = Some (BoolV True)" by simp 
-    thus ?thesis using neg_lt redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> True by (simp add: RedBinOp) 
-  next
-    case False
-    from this assms neg_lt have 
-      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Lt\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by simp
-    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Lt\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by (metis not_false_equals_true)
-    
-    from this obtain v1 v2 where
-      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-
-    from this eq_false have "binop_eval_val Lt v1 v2 = (Some (BoolV True))" by (metis RedBinOp_case expr_eval_determ(1))
-
-    from this obtain lit1 lit2 where
-      "v1 = (LitV lit1)" and 
-      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(26) binop_eval_val.simps(27) option.discI val.exhaust)
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" and
+      binopEval: "binop_eval_val Lt v1 v2 = Some bopRes" and
+      unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
+      by auto
 
-    from this \<open>binop_eval_val Lt v1 v2 = (Some (BoolV True))\<close> have "binop_less lit1 lit2 = Some (LBool True)" by simp 
+    have bopResEq:"bopRes = BoolV (\<not>boolean)" 
+      by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
 
-    from this obtain i1 i2 where
-      "lit1 = LInt i1" and
-      "lit2 = LInt i2" by (metis binop_less.elims option.simps(3))
+    have "binop_eval_val Le v2 v1 = Some (BoolV boolean)"
+      apply (insert binopEval bopResEq)
+      apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
+      by auto
 
-    from this \<open>binop_less lit1 lit2 = Some (LBool True)\<close> have "(i1 < i2)" by simp
-    hence "\<not>(i2 \<le> i1)" by simp
-    hence "binop_lessOrEqual lit2 lit1 = (Some (LBool False))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval Le lit2 lit1 = Some (LBool False)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval_val Le (LitV lit2) (LitV lit1) = Some (BoolV False)" by simp 
-    thus ?thesis using neg_lt redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> False by (simp add: RedBinOp) 
-  qed
+    thus ?thesis
+      by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
 next
   case (neg_le e1 e2)
   from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Le\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
-  show ?thesis
-  proof (cases boolean)
-    case True
-    from this assms neg_le have 
-      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Le\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by simp
-    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Le\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by (metis not_true_equals_false)
-    
-    from this obtain v1 v2 where
-      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-
-    from this eq_false have "binop_eval_val Le v1 v2 = (Some (BoolV False))" by (metis RedBinOp_case expr_eval_determ(1))
-
-    from this obtain lit1 lit2 where
-      "v1 = (LitV lit1)" and 
-      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(28) binop_eval_val.simps(29) option.discI val.exhaust)
-
-    from this \<open>binop_eval_val Le v1 v2 = (Some (BoolV False))\<close> have "binop_lessOrEqual lit1 lit2 = Some (LBool False)" by simp 
-
-    from this obtain i1 i2 where
-      "lit1 = LInt i1" and
-      "lit2 = LInt i2" by (metis binop_lessOrEqual.elims option.simps(3))
-
-    from this \<open>binop_lessOrEqual lit1 lit2 = Some (LBool False)\<close> have "\<not>(i1 \<le> i2)" by simp
-    hence "i2 < i1" by simp
-    hence "binop_less lit2 lit1 = (Some (LBool True))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval Lt lit2 lit1 = Some (LBool True)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval_val Lt (LitV lit2) (LitV lit1) = Some (BoolV True)" by simp 
-    thus ?thesis using neg_le redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> True by (simp add: RedBinOp) 
-  next
-    case False
-    from this assms neg_le have 
-      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Le\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by simp
-    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Le\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by (metis not_false_equals_true)
-    
-    from this obtain v1 v2 where
-      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-
-    from this eq_false have "binop_eval_val Le v1 v2 = (Some (BoolV True))" by (metis RedBinOp_case expr_eval_determ(1))
-
-    from this obtain lit1 lit2 where
-      "v1 = (LitV lit1)" and 
-      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(28) binop_eval_val.simps(29) option.discI val.exhaust)
-
-    from this \<open>binop_eval_val Le v1 v2 = (Some (BoolV True))\<close> have "binop_lessOrEqual lit1 lit2 = Some (LBool True)" by simp 
-
-    from this obtain i1 i2 where
-      "lit1 = LInt i1" and
-      "lit2 = LInt i2" by (metis binop_lessOrEqual.elims option.simps(3))
+  from this obtain v1 v2 bopRes where
+    redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+    redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" and
+    binopEval: "binop_eval_val Le v1 v2 = Some bopRes" and
+    unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
+    by auto
+
+    have bopResEq:"bopRes = BoolV (\<not>boolean)" 
+      by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
+
+    have "binop_eval_val Lt v2 v1 = Some (BoolV boolean)"
+      apply (insert binopEval bopResEq)
+      apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
+      by auto
 
-    from this \<open>binop_lessOrEqual lit1 lit2 = Some (LBool True)\<close> have "(i1 \<le> i2)" by simp
-    hence "\<not>(i2 < i1)" by simp
-    hence "binop_less lit2 lit1 = (Some (LBool False))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval Lt lit2 lit1 = Some (LBool False)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval_val Lt (LitV lit2) (LitV lit1) = Some (BoolV False)" by simp 
-    thus ?thesis using neg_le redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> False by (simp add: RedBinOp) 
-  qed
+    thus ?thesis
+      by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
 next
   case (neg_gt e1 e2)
   from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Gt\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
-  show ?thesis
-  proof (cases boolean)
-    case True
-    from this assms neg_gt have 
-      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Gt\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by simp
-    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Gt\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by (metis not_true_equals_false)
-    
-    from this obtain v1 v2 where
-      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-
-    from this eq_false have "binop_eval_val Gt v1 v2 = (Some (BoolV False))" by (metis RedBinOp_case expr_eval_determ(1))
-
-    from this obtain lit1 lit2 where
-      "v1 = (LitV lit1)" and 
-      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(30) binop_eval_val.simps(31) option.discI val.exhaust)
-
-    from this \<open>binop_eval_val Gt v1 v2 = (Some (BoolV False))\<close> have "binop_greater lit1 lit2 = Some (LBool False)" by simp 
-
-    from this obtain i1 i2 where
-      "lit1 = LInt i1" and
-      "lit2 = LInt i2" by (metis binop_greater.elims option.simps(3))
-
-    from this \<open>binop_greater lit1 lit2 = Some (LBool False)\<close> have "\<not>(i1 > i2)" by simp
-    hence "i2 \<ge> i1" by simp
-    hence "binop_greaterOrEqual lit2 lit1 = (Some (LBool True))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval Ge lit2 lit1 = Some (LBool True)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval_val Ge (LitV lit2) (LitV lit1) = Some (BoolV True)" by simp 
-    thus ?thesis using neg_gt redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> True by (simp add: RedBinOp) 
-  next
-    case False
-    from this assms neg_gt have 
-      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Gt\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by simp
-    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Gt\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by (metis not_false_equals_true)
-    
-    from this obtain v1 v2 where
-      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-
-    from this eq_false have "binop_eval_val Gt v1 v2 = (Some (BoolV True))" by (metis RedBinOp_case expr_eval_determ(1))
-
-    from this obtain lit1 lit2 where
-      "v1 = (LitV lit1)" and 
-      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(30) binop_eval_val.simps(31) option.discI val.exhaust)
-
-    from this \<open>binop_eval_val Gt v1 v2 = (Some (BoolV True))\<close> have "binop_greater lit1 lit2 = Some (LBool True)" by simp 
-
-    from this obtain i1 i2 where
-      "lit1 = LInt i1" and
-      "lit2 = LInt i2" by (metis binop_greater.elims option.simps(3))
+  from this obtain v1 v2 bopRes where
+    redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+    redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" and
+    binopEval: "binop_eval_val Gt v1 v2 = Some bopRes" and
+    unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
+    by auto
+
+    have bopResEq:"bopRes = BoolV (\<not>boolean)" 
+      by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
+
+    have "binop_eval_val Ge v2 v1 = Some (BoolV boolean)"
+      apply (insert binopEval bopResEq)
+      apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
+      by auto
 
-    from this \<open>binop_greater lit1 lit2 = Some (LBool True)\<close> have "(i1 > i2)" by simp
-    hence "\<not>(i2 \<ge> i1)" by simp
-    hence "binop_greaterOrEqual lit2 lit1 = (Some (LBool False))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval Ge lit2 lit1 = Some (LBool False)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval_val Ge (LitV lit2) (LitV lit1) = Some (BoolV False)" by simp 
-    thus ?thesis using neg_gt redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> False by (simp add: RedBinOp) 
-  qed
+    thus ?thesis
+      by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
 next
   case (neg_ge e1 e2)
-    from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Ge\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
-  show ?thesis
-  proof (cases boolean)
-    case True
-    from this assms neg_ge have 
-      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Ge\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by simp
-    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Ge\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by (metis not_true_equals_false)
-    
-    from this obtain v1 v2 where
-      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-
-    from this eq_false have "binop_eval_val Ge v1 v2 = (Some (BoolV False))" by (metis RedBinOp_case expr_eval_determ(1))
-
-    from this obtain lit1 lit2 where
-      "v1 = (LitV lit1)" and 
-      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(32) binop_eval_val.simps(33) option.discI val.exhaust)
-
-    from this \<open>binop_eval_val Ge v1 v2 = (Some (BoolV False))\<close> have "binop_greaterOrEqual lit1 lit2 = Some (LBool False)" by simp 
-
-    from this obtain i1 i2 where
-      "lit1 = LInt i1" and
-      "lit2 = LInt i2" by (metis binop_greaterOrEqual.elims option.simps(3))
-
-    from this \<open>binop_greaterOrEqual lit1 lit2 = Some (LBool False)\<close> have "\<not>(i1 \<ge> i2)" by simp
-    hence "i2 > i1" by simp
-    hence "binop_greater lit2 lit1 = (Some (LBool True))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval Gt lit2 lit1 = Some (LBool True)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval_val Gt (LitV lit2) (LitV lit1) = Some (BoolV True)" by simp 
-    thus ?thesis using neg_ge redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> True by (simp add: RedBinOp) 
-  next
-    case False
-    from this assms neg_ge have 
-      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Ge\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by simp
-    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Ge\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by (metis not_false_equals_true)
-    
-    from this obtain v1 v2 where
-      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-
-    from this eq_false have "binop_eval_val Ge v1 v2 = (Some (BoolV True))" by (metis RedBinOp_case expr_eval_determ(1))
-
-    from this obtain lit1 lit2 where
-      "v1 = (LitV lit1)" and 
-      "v2 = (LitV lit2)" by (metis binop_eval_val.simps(32) binop_eval_val.simps(33) option.discI val.exhaust)
-
-    from this \<open>binop_eval_val Ge v1 v2 = (Some (BoolV True))\<close> have "binop_greaterOrEqual lit1 lit2 = Some (LBool True)" by simp 
-
-    from this obtain i1 i2 where
-      "lit1 = LInt i1" and
-      "lit2 = LInt i2" by (metis binop_greaterOrEqual.elims option.simps(3))
+  from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Ge\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
+  from this obtain v1 v2 bopRes where
+    redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+    redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" and
+    binopEval: "binop_eval_val Ge v1 v2 = Some bopRes" and
+    unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
+    by auto
+
+    have bopResEq:"bopRes = BoolV (\<not>boolean)" 
+      by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
+
+    have "binop_eval_val Gt v2 v1 = Some (BoolV boolean)"
+      apply (insert binopEval bopResEq)
+      apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
+      by auto
 
-    from this \<open>binop_greaterOrEqual lit1 lit2 = Some (LBool True)\<close> have "(i1 \<ge> i2)" by simp
-    hence "\<not>(i2 > i1)" by simp
-    hence "binop_greater lit2 lit1 = (Some (LBool False))" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval Gt lit2 lit1 = Some (LBool False)" by (simp add: \<open>lit1 = LInt i1\<close> \<open>lit2 = LInt i2\<close>)
-    hence "binop_eval_val Gt (LitV lit2) (LitV lit1) = Some (BoolV False)" by simp 
-    thus ?thesis using neg_ge redE1 redE2  \<open>v1 = (LitV lit1)\<close> \<open>v2 = (LitV lit2)\<close> False by (simp add: RedBinOp) 
-  qed
+    thus ?thesis
+      by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
 qed
 
 text \<open>If all invariants hold, then the block containing the assertions corresponding to the invariants doesn't fail\<close>

From 92ede487c5f323ba76cb857cd6eabcb51d130910 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Tue, 18 Oct 2022 20:15:41 +0200
Subject: [PATCH 28/74] simplify proofs

---
 BoogieLang/Ast_Cfg_Transformation.thy | 92 ++++++++++-----------------
 1 file changed, 33 insertions(+), 59 deletions(-)

diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index b33ed95..47389f9 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -34,8 +34,8 @@ lemma not_false_equals_true:
   proof cases
     case (RedUnOp v)
     from this obtain b1 where "v = LitV (LBool b1)"
-      by (metis (no_types) map_option_eq_Some option.simps(3) unop_eval.simps(1) unop_eval_val.elims unop_not.elims)   
-    from this RedUnOp have 
+      by (auto elim: lit_val_elim[where v=v])      
+    with RedUnOp have 
       expand1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr,ns1\<rangle> \<Down> (LitV (LBool b1))" and 
       expand2: "unop_eval_val unop.Not (LitV (LBool b1)) = Some (BoolV False)"
       by auto
@@ -45,12 +45,12 @@ lemma not_false_equals_true:
 lemma true_equals_not_false:
   assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV True"
   shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV (False)"
-  using assms by (simp add: red_expr_red_exprs.intros(5))
+  using assms by (auto intro: RedUnOp)
 
 lemma false_equals_not_true:
   assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV False"
   shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV (True)"
-  using assms by (simp add: red_expr_red_exprs.intros(5))
+  using assms by (auto intro: RedUnOp)
 
 lemma equiv_preserves_value:
   assumes "a \<sim> b"
@@ -72,69 +72,43 @@ next
 next
   case (neg_eq e1 e2)
   from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Eq\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
-  show ?thesis
-  proof (cases boolean)
-    case True
-    from this assms neg_eq have 
-      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Eq\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by simp
-    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Eq\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by (metis not_true_equals_false)
-    from this obtain v1 v2 where
+     from this obtain v1 v2 bopRes where
       redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-    from this eq_false RedBinOp_case have "binop_eval_val Eq v1 v2 = Some (BoolV False)" 
-      by (metis expr_eval_determ(1)) 
-    from this eq_false have "v1 \<noteq> v2" by simp 
+      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" and
+      binopEval: "binop_eval_val Eq v1 v2 = Some bopRes" and
+      unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
+       by auto
 
-    hence "binop_eval_val Neq v1 v2 = Some (LitV (LBool (v1 \<noteq> v2)))" by simp
-    thus ?thesis using neg_eq redE1 redE2 by (simp add: RedBinOp True \<open>v1 \<noteq> v2\<close>)
-  next
-    case False
-    from this assms neg_eq have 
-      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Eq\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by simp
-    hence eq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Eq\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by (metis not_false_equals_true)
-    from this obtain v1 v2 where
-      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-    from this eq_false RedBinOp_case have "binop_eval_val Eq v1 v2 = Some (BoolV True)"
-      by (metis expr_eval_determ(1)) 
-    from this eq_false have "v1 = v2" by simp 
+  have bopResEq:"bopRes = BoolV (\<not>boolean)" 
+    by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
 
-    hence "binop_eval_val Neq v1 v2 = Some (LitV (LBool (v1 \<noteq> v2)))" by simp
-    thus ?thesis using neg_eq redE1 redE2 by (simp add: RedBinOp False \<open>v1 = v2\<close>)
-  qed
+  have "binop_eval_val Neq v2 v1 = Some (BoolV boolean)"
+    apply (insert binopEval bopResEq)
+    apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
+    by auto
+
+    thus ?thesis
+      by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
 next
   case (neg_neq e1 e2)
   from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Neq\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
-  show ?thesis
-  proof (cases boolean)
-    case True
-    from this assms neg_neq have 
-      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Neq\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by simp
-    hence neq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Neq\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by (metis not_true_equals_false)
-    from this obtain v1 v2 where
-      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-     from this neq_false RedBinOp_case have "binop_eval_val Neq v1 v2 = Some (BoolV False)"
-      by (metis expr_eval_determ(1)) 
-    from this neq_false have "v1 = v2" by simp 
+  from this obtain v1 v2 bopRes where
+    redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+    redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" and
+    binopEval: "binop_eval_val Neq v1 v2 = Some bopRes" and
+    unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
+     by auto
 
-    hence "binop_eval_val Eq v1 v2 = Some (LitV (LBool (v1 = v2)))" by simp
-    thus ?thesis using neg_neq redE1 redE2 by (simp add: RedBinOp True \<open>v1 = v2\<close>)
-  next
-    case False
-    from this assms neg_neq have 
-      "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Neq\<guillemotright> e2), ns\<rangle> \<Down> BoolV False" by simp
-    hence neq_false: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>Neq\<guillemotright> e2), ns\<rangle> \<Down> BoolV True" by (metis not_false_equals_true)
-    from this obtain v1 v2 where
-      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" by blast
-    from this neq_false RedBinOp_case have "binop_eval_val Neq v1 v2 = Some (BoolV True)"
-      by (metis expr_eval_determ(1)) 
-    from this neq_false have "v1 \<noteq> v2" by simp 
+  have bopResEq:"bopRes = BoolV (\<not>boolean)" 
+    by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
 
-    hence "binop_eval_val Eq v1 v2 = Some (LitV (LBool (v1 = v2)))" by simp
-    thus ?thesis using neg_neq redE1 redE2 by (simp add: RedBinOp False \<open>v1 \<noteq> v2\<close>)
-  qed
+  have "binop_eval_val Eq v2 v1 = Some (BoolV boolean)"
+    apply (insert binopEval bopResEq)
+    apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
+    by auto
+
+    thus ?thesis
+      by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
 next
   case (neg_lt e1 e2)
   from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Lt\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp

From 589c3270e1a20fde09933de1ace62dc3b5c5dd12 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Tue, 18 Oct 2022 20:52:10 +0200
Subject: [PATCH 29/74] style adjustments

---
 BoogieLang/Ast_Cfg_Transformation.thy | 159 +++++++++++++++++---------
 1 file changed, 106 insertions(+), 53 deletions(-)

diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index 47389f9..80682f2 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -230,10 +230,10 @@ next
   from RedCmdListCons have "cs = map Assert (List.tl invs)" using assms by auto
   from RedCmdListCons have "c = Assert (hd invs)" by auto 
 
-  from RedCmdListCons(1) this \<open>s = Normal ns1\<close> show ?case
+  from RedCmdListCons this \<open>s = Normal ns1\<close> show ?case
   proof cases
     case RedAssertOk thus ?thesis 
-      using RedCmdListCons(1) \<open>c = Assert (hd invs)\<close> \<open>s = Normal ns1\<close> \<open>cs = map Assert (List.tl invs)\<close> 
+      using RedCmdListCons \<open>c = Assert (hd invs)\<close> \<open>s = Normal ns1\<close> \<open>cs = map Assert (List.tl invs)\<close> 
       by (metis RedCmdListCons.IH RedCmdListCons.prems(2)
           RedCmdListCons.prems(3) cmd.inject(1) expr_all_sat_def expr_sat_def 
           list.collapse list.discI list.map_disc_iff list_all_simps(1) state.inject)
@@ -244,20 +244,20 @@ qed
 
 text \<open>If one invariant doesn't hold, then the block containing the assert cmds corresponding to the invariants fails\<close>
 lemma one_inv_fails_assertions: 
-  assumes "invs = invs1 @ [I] @ invs2"
-      and "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs1"
-      and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>I,ns1\<rangle> \<Down> BoolV False"
-      and "assertions = map Assert invs"
+  assumes InvsEq: "invs = invs1 @ [I] @ invs2"
+      and AllSat: "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs1"
+      and InvFail: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>I,ns1\<rangle> \<Down> BoolV False"
+      and AssertionsEq: "assertions = map Assert invs"
     shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Failure"
   using assms
 proof -
-  from assms(4) assms(1) obtain assum1 a_fail assum2 where
+  from InvsEq AssertionsEq obtain assum1 a_fail assum2 where
     left: "assum1 = map Assert invs1" and
     mid_fail: "a_fail = Assert I" and
     right: "assum2 = map Assert invs2" and
     concat: "assertions = assum1 @ [a_fail] @ assum2"
     by simp
-  from assms(2) left have left_red: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assum1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1" using asserts_hold_if_invs_hold by simp
+  from AllSat left have left_red: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assum1, Normal ns1\<rangle> [\<rightarrow>] Normal ns1" using asserts_hold_if_invs_hold by simp
   from mid_fail have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>a_fail, Normal ns1\<rangle> \<rightarrow> Failure" using red_cmd.intros(2) assms(3) by simp
   from this left_red have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assum1 @ [a_fail] @ assum2, Normal ns1\<rangle> [\<rightarrow>] Failure" using failure_stays_cmd_list 
     by (simp add: RedCmdListCons failure_red_cmd_list red_cmd_list_append)
@@ -274,7 +274,7 @@ lemma valid_config_implies_satisfied_posts:
   shows "is_final_config (m', s') \<Longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
   using Semantics.valid_configuration_def assms by (metis)
 
-text \<open>If an \<^term>\<open>ast_config\<close> (bigblock, cont, state) is an ending configuration, then any correspoding cfg block is locally correct.\<close>
+text \<open>If an \<^term>\<open>ast_config\<close> (bigblock, cont, state) is an ending configuration, then any corresponding cfg block is locally correct.\<close>
 lemma end_static:
   assumes "A,M,\<Lambda>1_local,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(BigBlock any [] None None, KStop, Normal ns1)\<rangle> \<longrightarrow> (step_bb, step_cont, step_state)"
   shows "step_state \<noteq> Failure \<and> (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>0,\<Gamma>,[] \<turnstile> \<langle>any_block ,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')"
@@ -305,7 +305,7 @@ proof -
 qed
 
 lemma final_is_static_propagate:
-  assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) start_config  end_config" 
+  assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) start_config end_config" 
   and "is_final start_config"
   and "start_config = ((BigBlock name [] None None), start_cont, start_state)"
   shows "end_config = ((BigBlock name [] None None), start_cont, start_state)"
@@ -347,7 +347,8 @@ next
     by (metis get_state.simps is_final.elims(2))
   from this obtain name1 where concrete: "first_inter = ((BigBlock name1 [] None None), KStop, Magic)" 
     by blast 
-  from red_rest show ?thesis using final_config magic_reached concrete final_is_static_propagate by (metis prod.inject relpowp_imp_rtranclp)
+  from red_rest show ?thesis using final_config magic_reached concrete final_is_static_propagate 
+    by (metis prod.inject relpowp_imp_rtranclp)
 qed 
 
 text \<open>The following are simple helper lemmas used in the proofs that involve applying induction hypotheses to prove global correctness of loop-heads.\<close>
@@ -373,11 +374,11 @@ lemma smaller_helper5: "j = Suc j1 \<Longrightarrow> j1 = Suc (Suc j2) \<Longrig
 
 text \<open>The following are helper lemmas related to taking steps through assume cmds in a given ast- or cfg-trace.\<close>
 lemma push_through_assumption_test1: 
-  assumes "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)"
+  assumes ExtendedCorrect: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)"
   and  assume_cmd: "c = Assume guard"
   and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
 shows "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)"  
-  using RedAssumeOk RedCmdListCons assms(1) assume_cmd guard_holds by blast
+  using RedAssumeOk RedCmdListCons ExtendedCorrect assume_cmd guard_holds by blast
 
 lemma push_through_assumption0: 
   assumes assume_cmd: "c = Assume guard"
@@ -387,32 +388,40 @@ lemma push_through_assumption0:
 
 lemma push_through_assumption1: 
   assumes assume_cmd: "c = Assume not_guard"
-  and "UnOp Not guard \<sim> not_guard"
+  and NotGuardEquiv: "UnOp Not guard \<sim> not_guard"
   and guard_fails: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool False)"
 shows "\<And> s. (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s) \<Longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s)"
-  by (metis assms(2) assume_cmd equiv_preserves_value false_equals_not_true guard_fails push_through_assumption0)
+  by (metis NotGuardEquiv assume_cmd equiv_preserves_value false_equals_not_true guard_fails push_through_assumption0)
 
 lemma guard_holds_push_through_assumption: 
-  assumes block_correctness: "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))"
+  assumes block_correctness:  
+       "reached_state \<noteq> Failure \<and> 
+        (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))"
   and assume_cmd: "c = Assume guard"
   and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
-shows "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))" 
+shows "reached_state \<noteq> Failure \<and> 
+       (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))" 
   by (simp add: assume_cmd block_correctness guard_holds push_through_assumption0)
 
 lemma guard_holds_push_through_assumption2: 
-  assumes block_correctness: "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))"
+  assumes block_correctness: 
+   "reached_state \<noteq> Failure \<and> 
+    (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))"
   and assume_cmd: "c = Assume guard"
   and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
-shows "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))" 
+shows "reached_state \<noteq> Failure \<and> 
+       (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))" 
   using assume_cmd assume_true_cmds block_correctness by blast
 
 lemma guard_fails_push_through_assumption: 
-  assumes block_correctness: "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))"
+  assumes block_correctness: 
+    "reached_state \<noteq> Failure \<and> 
+     (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))"
   and assume_cmd: "c = Assume not_guard"
-  and "UnOp Not guard \<sim> not_guard"
+  and NotGuardEquiv: "UnOp Not guard \<sim> not_guard"
   and guard_fails: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool False)"
 shows "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))" 
-  using assms(3) assume_cmd block_correctness guard_fails push_through_assumption1 by blast
+  using NotGuardEquiv assume_cmd block_correctness guard_fails push_through_assumption1 by blast
 
 lemma guard_fails_push_through_assumption2: 
   assumes block_correctness: "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))"
@@ -457,17 +466,23 @@ proof -
 qed
 
 lemma correctness_propagates_through_assumption3:
-  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> (is_final_config (m, s) \<longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> 
+                   (is_final_config (m, s) \<longrightarrow> 
+                      (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
       and "node_to_block G ! n0 = [Assume c]"
       and "UnOp Not guard \<sim> c"
       and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV False"
       and "List.member (out_edges G ! n0) n1"
-    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> (is_final_config (m, s) \<Longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> 
+                   (is_final_config (m, s) \<Longrightarrow> 
+                   (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
 proof -
   fix m1 s1
   have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c, ns1\<rangle> \<Down> BoolV True" using assms(3-4) equiv_preserves_value false_equals_not_true by blast
   then have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume c], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk RedCmdListCons RedCmdListNil)
-  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> (is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> 
+          (is_final_config (m1, s1) \<Longrightarrow> 
+          (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
   proof -
     assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
     thus "(is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
@@ -484,7 +499,9 @@ lemma correctness_propagates_through_assumption4:
 proof -
   fix m1 s1
   have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume guard], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk assms(3) red_cmd_list.simps)
-  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> (is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> 
+          (is_final_config (m1, s1) \<Longrightarrow> 
+            (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
   proof -
     assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
     thus "(is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
@@ -508,14 +525,20 @@ proof -
 qed
 
 lemma correctness_propagates_through_empty2:
-  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> (is_final_config (m, s) \<longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> 
+                 (is_final_config (m, s) \<longrightarrow> 
+                 (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
       and "node_to_block G ! n0 = []"
       and "List.member (out_edges G ! n0) n1"
-    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> (is_final_config (m, s) \<Longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> 
+                  (is_final_config (m, s) \<Longrightarrow> 
+                  (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
 proof -
   fix m1 s1
   have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk assms(3) red_cmd_list.simps)
-  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> (is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
+  show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> 
+        (is_final_config (m1, s1) \<Longrightarrow> 
+         (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
   proof -
     assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
     thus "(is_final_config (m1, s1) \<Longrightarrow> (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
@@ -606,7 +629,8 @@ proof -
   qed
 qed
 
-text \<open>Pair 2: The starting configuration represents a point in the program after a loop and the continuation needs to be adjusted and subsequently entered.
+text \<open>Pair 2: The starting configuration represents a point in the program after a loop and the 
+              continuation needs to be adjusted and subsequently entered.
               (This could be replaced by a simpler lemma.)\<close>
 lemma endblock_skip2:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, KEndBlock (KSeq bb_next cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
@@ -643,9 +667,14 @@ next
     qed auto
     from step2 this have "(inter_bb2, inter_cont2, inter_state2) = (bb_next, cont0, Normal ns3)" 
     proof cases 
-      case RedSkip thus ?thesis  using \<open>(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, KSeq bb_next cont0, Normal ns3)\<close> by fastforce
+      case RedSkip 
+      thus ?thesis  
+        using \<open>(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, KSeq bb_next cont0, Normal ns3)\<close> 
+        by fastforce
     qed auto
-    hence "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont0, Normal ns3) -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc (Suc l2))" using rest \<open>l = Suc (Suc l2)\<close> by simp
+    hence "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont0, Normal ns3) -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc (Suc l2))" 
+      using rest \<open>l = Suc (Suc l2)\<close> 
+      by simp
     then show ?thesis by blast
   qed
 qed
@@ -664,25 +693,29 @@ lemma ending_after_skipping_endblock2:
            (\<And>m' s'. A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s') \<Longrightarrow> s' \<noteq> Failure) \<Longrightarrow>
            (\<And>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1'') -n\<rightarrow>* (m', s')) \<Longrightarrow>
            is_final_config (m', s') \<Longrightarrow> \<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts) \<Longrightarrow>
-           ((cont_guard = Some guard) \<Longrightarrow> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False)) \<Longrightarrow> (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+           ((cont_guard = Some guard) \<Longrightarrow> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard,ns1''\<rangle> \<Down> BoolV False)) \<Longrightarrow> 
+           valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
     shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state"
 proof -
   from assms(2-3) have disj_a:
     "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
-       (\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc l2)) )" 
+       (\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> 
+              (j' = Suc (Suc l2)) )" 
     by (simp add: endblock_skip2)
   thus ?thesis
   proof cases
     assume "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" thus ?thesis by simp
   next 
     assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
-    hence "(\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc l2)) )" 
+    hence "(\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> 
+                  (j' = Suc (Suc l2)) )" 
       using disj_a by blast
     thus ?thesis
     proof -
       obtain l2_conc where conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2_conc (reached_bb, reached_cont, reached_state))" and 
                            succ_rel: "(j' = Suc (Suc l2_conc))"
-        using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j' = Suc (Suc l2)\<close> by blast
+        using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j' = Suc (Suc l2)\<close>
+        by blast
       show ?thesis
         apply (rule assms(7))
            apply (rule succ_rel)
@@ -777,7 +810,8 @@ lemma endblock_skip_wrapper:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
       and "bb0 = BigBlock None [] None None"
   shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
-         (\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock name [] (Some str) tr), KEndBlock cont0, Normal ns3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc (Suc (Suc l3))) )"
+         (\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock name [] (Some str) tr), KEndBlock cont0, Normal ns3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and>
+                (l = Suc (Suc (Suc l3))) )"
   using assms
 proof (cases l)
   case 0
@@ -959,22 +993,36 @@ proof cases
   hence "assertions = map Assert invs" using assms(3) by simp
   from Red_bb show ?thesis
   proof cases
-    case RedParsedWhileTrue thus ?thesis using \<open>assertions = (map Assert invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
+    case RedParsedWhileTrue 
+    thus ?thesis using \<open>assertions = (map Assert invs)\<close>  
+      by (simp add: asserts_hold_if_invs_hold assms(2))
   next
-    case RedParsedWhileFalse thus ?thesis using \<open>assertions = (map Assert invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
+    case RedParsedWhileFalse 
+    thus ?thesis using \<open>assertions = (map Assert invs)\<close>
+      by (simp add: asserts_hold_if_invs_hold assms(2))
   next
-    case RedParsedWhile_InvFail thus ?thesis using Red_impl \<open>assertions = map Assert invs\<close> one_inv_fails_assertions assms(2) by blast
+    case RedParsedWhile_InvFail 
+    thus ?thesis 
+      using Red_impl \<open>assertions = map Assert invs\<close> one_inv_fails_assertions assms(2) 
+      by blast
   qed (auto simp add: assms(2))
 next
   case Rel_Main_test
-  hence "assertions = map Assert invs" using assms(2-3) by simp
+  hence "assertions = map Assert invs" 
+    using assms(2-3) by simp
   from Red_bb show ?thesis
   proof cases
-    case RedParsedWhileTrue thus ?thesis using \<open>assertions = (map Assert invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
+    case RedParsedWhileTrue 
+    thus ?thesis using \<open>assertions = (map Assert invs)\<close>  
+      by (simp add: asserts_hold_if_invs_hold assms(2))
   next
-    case RedParsedWhileFalse thus ?thesis using \<open>assertions = (map Assert invs)\<close>  by (simp add: asserts_hold_if_invs_hold assms(2))
+    case RedParsedWhileFalse 
+    thus ?thesis using \<open>assertions = (map Assert invs)\<close> 
+      by (simp add: asserts_hold_if_invs_hold assms(2))
   next
-    case RedParsedWhile_InvFail thus ?thesis using Red_impl \<open>assertions = map Assert invs\<close> one_inv_fails_assertions assms(2) by blast
+    case RedParsedWhile_InvFail 
+    thus ?thesis using Red_impl \<open>assertions = map Assert invs\<close> one_inv_fails_assertions assms(2)
+      by blast
   qed (auto simp add: assms(2))
 qed
 
@@ -1024,7 +1072,8 @@ proof (cases cs2)
       then show ?thesis
       proof (cases j)
         case 0
-        from this j_step_ast_trace assms(3) have "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] None (Some Return)), cont0, (Normal ns1))" 
+        from this j_step_ast_trace assms(3) 
+        have "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] None (Some Return)), cont0, (Normal ns1))" 
           using \<open>cs1 = []\<close> Some assms(4) by simp
         then show ?thesis by (simp add: valid_configuration_def)
       next
@@ -1043,9 +1092,9 @@ proof (cases cs2)
           from step0 Return assms(3) Some Nil syn_rel have
             inter_state_resolution: "inter_state = Normal ns1"
           proof cases
-            case RedReturn thus ?thesis by (simp add: RedReturn)
-          qed (auto simp add: \<open>cs1 = []\<close>)
-            
+            case RedReturn 
+            thus ?thesis by (simp add: RedReturn)
+          qed (auto simp add: \<open>cs1 = []\<close>)            
 
           from this cfg_local step0 have 
             "inter_state \<noteq> Failure  \<and>
@@ -1085,7 +1134,8 @@ next
   thus ?thesis
   proof (cases j)
     case 0
-    from this j_step_ast_trace assms(3) have eq: "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), cont0, (Normal ns1))" by simp
+    from this j_step_ast_trace assms(3) 
+    have eq: "(reached_bb, reached_cont, reached_state) = ((BigBlock name cs1 None any_tr), cont0, (Normal ns1))" by simp
     then show ?thesis 
     proof (cases any_tr)
       case None
@@ -1127,7 +1177,8 @@ next
       hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
         by (simp add: RedCmdListNil RedNormalReturn assms(7-8) local.Cons)
 
-      hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
+      hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" 
+        by blast
       hence posts_sat: "\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1') post_invs" 
         using cfg_satisfies_posts is_final_config.simps(2) by blast
 
@@ -1137,7 +1188,8 @@ next
         unfolding valid_configuration_def
         using posts_sat local_corr by auto
  
-      then show ?thesis by (metis Pair_inject \<open>is_final (inter_bb, inter_cont, inter_state)\<close> concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest)
+      then show ?thesis 
+        by (metis Pair_inject \<open>is_final (inter_bb, inter_cont, inter_state)\<close> concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest)
     next
       case (Some transfer)
       then show ?thesis
@@ -1177,7 +1229,8 @@ next
           then show ?thesis
           proof (cases j')
             case 0
-            then show ?thesis using concrete_inter by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps is_final.simps(4) relpowp_0_E rest)
+            then show ?thesis using concrete_inter 
+              by (metis Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> get_state.simps is_final.simps(4) relpowp_0_E rest)
           next
             case (Suc j'')
             from this rest obtain inter_bb2 inter_cont2 inter_state2 where
@@ -1186,7 +1239,7 @@ next
               by (metis get_state.cases relpowp_Suc_E2)
             then have inter2_conc: "(inter_bb2, inter_cont2, inter_state2) = ((BigBlock name [] None None), KStop, inter_state)" 
               using concrete_inter \<open>inter_state \<noteq> Failure\<close> Normal
-            by (cases) blast+
+              by (cases) blast+
             hence "is_final (inter_bb2, inter_cont2, inter_state2)" by simp
             hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs inter_bb2 inter_cont2 inter_state2)" 
               using Ast.valid_configuration_def \<open>inter_state \<noteq> Failure\<close> inter2_conc posts_sat by blast

From 68e55116592af81678457c46455cfa3760ec3f8d Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 10 Nov 2022 09:55:45 +0100
Subject: [PATCH 30/74] minor

---
 BoogieLang/Ast_Cfg_Transformation.thy | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index 80682f2..8904ea2 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -119,7 +119,7 @@ next
       unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
       by auto
 
-    have bopResEq:"bopRes = BoolV (\<not>boolean)" 
+    have bopResEq:"bopRes = BoolV (\<not>boolean)"      
       by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
 
     have "binop_eval_val Le v2 v1 = Some (BoolV boolean)"
@@ -1341,7 +1341,8 @@ next
                           ((BigBlock name [] (Some (ParsedWhile guard invs (body_bb0#body_bbs))) None), KEndBlock cont1, inter_state)"
         using a1 Normal
       proof cases
-        case RedParsedWhileWrapper thus ?thesis using a1 by fastforce
+        case RedParsedWhileWrapper 
+        thus ?thesis using a1 by fastforce
       qed auto 
 
       have "j'' < j" by (simp add: "2" \<open>j = Suc j'\<close>)

From 2653a19337358aeec862b35bde9149e49c0c19a6 Mon Sep 17 00:00:00 2001
From: ahubanov-eth <ahubanov@student.ethz.ch>
Date: Sat, 19 Nov 2022 21:02:19 +0100
Subject: [PATCH 31/74] removed rev for AST and AST_CFG_Transformation

---
 BoogieLang/Ast.thy                    | 22 +++++++++---------
 BoogieLang/Ast_Cfg_Transformation.thy | 32 +++++++++++++--------------
 2 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index a124dbb..719dfc9 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -37,7 +37,7 @@ type_synonym 'a ast_config = "bigblock * cont * ('a state)"
 
 fun convert_list_to_cont :: "bigblock list \<Rightarrow> cont \<Rightarrow> cont" where
     "convert_list_to_cont [] cont0 = cont0"
-  | "convert_list_to_cont (x#xs) cont0 = convert_list_to_cont xs (KSeq x cont0)" 
+  | "convert_list_to_cont (x#xs) cont0 = KSeq x (convert_list_to_cont xs cont0)" 
 
 
 text\<open>auxillary function to find the label a Goto statement is referring to\<close>
@@ -47,29 +47,29 @@ fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Righta
       (if (Some lbl = bb_name) then (Some ((BigBlock bb_name cmds None None), cont)) else (None))" 
   | "find_label lbl ((BigBlock bb_name cmds None None) # bbs) cont = 
       (if (Some lbl = bb_name) 
-        then (Some ((BigBlock bb_name cmds None None), (convert_list_to_cont (rev bbs) cont))) 
+        then (Some ((BigBlock bb_name cmds None None), (convert_list_to_cont ( bbs) cont))) 
         else (find_label lbl bbs cont))" 
   | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None) # bbs) cont = 
       (if (Some lbl = bb_name) 
-        then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (convert_list_to_cont (rev bbs) cont))) 
+        then (Some ((BigBlock bb_name cmds (Some (ParsedIf guard then_bbs else_bbs)) None), (convert_list_to_cont ( bbs) cont))) 
         else (if (find_label lbl then_bbs cont \<noteq> None) 
                 then (find_label lbl (then_bbs @ bbs) cont) 
                 else (find_label lbl (else_bbs @ bbs) cont)))" 
   | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None) # bbs) cont = 
       (if (Some lbl = bb_name) 
-        then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (convert_list_to_cont (rev bbs) cont))) 
+        then (Some ((BigBlock bb_name cmds (Some (ParsedWhile guard invariants body_bbs)) None), (convert_list_to_cont ( bbs) cont))) 
         else (if (find_label lbl body_bbs cont \<noteq> None) 
-                then (find_label lbl body_bbs (convert_list_to_cont ((BigBlock None [] (Some (ParsedWhile guard invariants body_bbs)) None)#(rev bbs)) cont)) 
+                then (find_label lbl body_bbs (convert_list_to_cont ((bbs)@[(BigBlock None [] (Some (ParsedWhile guard invariants body_bbs)) None)]) cont)) 
                 else (find_label lbl bbs cont)))"  
   | "find_label lbl ((BigBlock bb_name cmds (Some (ParsedBreak n)) None) # bbs) cont = 
       (if (Some lbl = bb_name) 
-        then (Some ((BigBlock bb_name cmds (Some (ParsedBreak n)) None), (convert_list_to_cont (rev bbs) cont))) 
+        then (Some ((BigBlock bb_name cmds (Some (ParsedBreak n)) None), (convert_list_to_cont ( bbs) cont))) 
         else (find_label lbl bbs cont))" 
   | "find_label lbl ((BigBlock bb_name cmds (Some (WhileWrapper while_loop)) None) # bbs) cont = 
       find_label lbl ((BigBlock bb_name cmds (Some while_loop) None) # bbs) cont"
   | "find_label lbl ((BigBlock bb_name cmds None (Some transfer_stmt)) # bbs) cont = 
       (if (Some lbl = bb_name) 
-        then (Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (convert_list_to_cont (rev bbs) cont))) 
+        then (Some ((BigBlock bb_name cmds None (Some transfer_stmt)), (convert_list_to_cont ( bbs) cont))) 
         else (find_label lbl bbs cont))"
   | "find_label lbl ((BigBlock bb_name cmds (Some s) (Some t)) # bbs) cont = None"
 
@@ -115,13 +115,13 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Righ
     "\<lbrakk>\<And> b. bb_guard = (Some b) \<Longrightarrow>  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool True) \<rbrakk>  
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] 
                                 (Some (ParsedIf bb_guard (then_hd # then_bbs) elsebigblocks)) None), cont0, Normal n_s)\<rangle> \<longrightarrow> 
-                            (then_hd, (convert_list_to_cont (rev then_bbs) cont0), Normal n_s)"
+                            (then_hd, (convert_list_to_cont ( then_bbs) cont0), Normal n_s)"
 
   | RedParsedIfFalse: 
     "\<lbrakk>\<And>b. bb_guard = (Some b) \<Longrightarrow>  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool False) \<rbrakk> 
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name []
                                 (Some (ParsedIf bb_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow>
-                            (else_hd, (convert_list_to_cont (rev else_bbs) cont0), Normal n_s)"
+                            (else_hd, (convert_list_to_cont ( else_bbs) cont0), Normal n_s)"
   (*
   | RedParsedIfFalseNoElseBranchSeq: 
     "\<lbrakk>\<And>b. bb_guard = (Some b) \<Longrightarrow>  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool False) \<rbrakk> 
@@ -159,7 +159,7 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Righ
        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
             \<langle>((BigBlock bb_name [] 
                      (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow> 
-              (bb_hd, convert_list_to_cont ((BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)#(rev body_bbs)) cont0, Normal n_s)"
+              (bb_hd, convert_list_to_cont ((body_bbs)@[(BigBlock bb_name [] (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None)]) cont0, Normal n_s)"
 
 
   | RedParsedWhileFalse: 
@@ -199,7 +199,7 @@ text\<open>defining correctness of the AST\<close>
 fun init_ast :: "ast \<Rightarrow> 'a nstate \<Rightarrow> 'a ast_config"
   where
     "init_ast [] ns1 = ((BigBlock None [] None None), KStop, Normal ns1)"
-  | "init_ast (b#bbs) ns1 = (b, convert_list_to_cont (rev bbs) KStop, Normal ns1)"
+  | "init_ast (b#bbs) ns1 = (b, convert_list_to_cont ( bbs) KStop, Normal ns1)"
 
 definition valid_configuration 
   where "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts bb cont state \<equiv> 
diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index 8904ea2..b6ef662 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -1383,13 +1383,13 @@ lemma block_global_rel_loop_head:
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
     ((cont_guard = Some loop_guard) \<and> 
       (red_expr A \<Lambda> \<Gamma> \<Omega> loop_guard ns1'' (BoolV True)) \<and> 
-      A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (bb#(rev body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or> 
+      A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (( body_bbs)@[bb]) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or> 
     ((cont_guard = Some loop_guard) \<and> 
       (red_expr A \<Lambda> \<Gamma> \<Omega> loop_guard ns1'' (BoolV False)) \<and> 
       A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or>
     ((cont_guard = None) \<and> 
      ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or>
-      (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (bb#(rev body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state))))  \<Longrightarrow>  
+      (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (( body_bbs)@[bb]) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state))))  \<Longrightarrow>  
     (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
   using assms cases
@@ -1414,7 +1414,7 @@ proof -
         from first_step show ?thesis using bb_successor_while
         proof cases
           case RedParsedWhileTrue
-          hence concrete_inter1: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont ((BigBlock name [] any_str any_tr)#(rev body_bbs)) cont0, (Normal ns1))"
+          hence concrete_inter1: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont (( body_bbs)@[(BigBlock name [] any_str any_tr)]) cont0, (Normal ns1))"
             using bb_successor_while None by blast
   
           from first_step
@@ -1462,7 +1462,7 @@ proof -
           from first_step show ?thesis 
           proof cases
             case RedParsedWhileTrue
-            hence concrete_inter3: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont ((BigBlock name [] any_str any_tr)#(rev body_bbs)) (cont0), (Normal ns1))"
+            hence concrete_inter3: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont (( body_bbs)@[(BigBlock name [] any_str any_tr)]) (cont0), (Normal ns1))"
               using bb_successor_while Some by blast
   
             from first_step
@@ -1550,13 +1550,13 @@ lemma block_global_rel_if_successor:
                                                             (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)))) \<Longrightarrow>
         ( (cont_guard = Some block_guard) \<and> 
           (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV True)) \<and> 
-          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) ) \<or> 
+          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont ( then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) ) \<or> 
         ( (cont_guard = Some block_guard) \<and> 
           (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV False)) \<and>
-          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) ) \<or>
+          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont ( else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) ) \<or>
         ( (cont_guard = None) \<and> 
-          ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or>
-           (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) ) ) \<Longrightarrow>  
+          ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont ( then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or>
+           (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont ( else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) ) ) \<Longrightarrow>  
         (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
   using assms cases
@@ -1619,7 +1619,7 @@ proof cases
             from snd_step this show ?thesis
             proof cases
               case RedParsedIfTrue
-              hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
+              hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont ( then_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
 
               from first_step 
               have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
@@ -1638,7 +1638,7 @@ proof cases
               thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct succ_cfg_sat by blast
             next
               case (RedParsedIfFalse)
-              hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
+              hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont ( else_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
   
               from first_step 
               have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
@@ -1662,7 +1662,7 @@ proof cases
             proof cases
               assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True))"
               hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False))" using expr_eval_determ by blast
-              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, inter_state)" 
+              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont ( then_bbs) cont0, inter_state)" 
               proof cases
                 case RedParsedIfTrue thus ?thesis using guard_true bb_successor_if by (simp add: RedParsedIfTrue)
               qed (auto simp add: guard_not_false bb_successor_if 2 Some)
@@ -1687,7 +1687,7 @@ proof cases
               thus ?thesis 
               proof cases
                 assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False))"
-                from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, inter_state)"
+                from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont ( else_bbs) cont0, inter_state)"
                 proof cases
                   case RedParsedIfFalse thus ?thesis using guard_false bb_successor_if by (simp add: RedParsedIfFalse)
                 qed (auto simp add: guard_not_true bb_successor_if 2 Some)
@@ -1757,7 +1757,7 @@ next
           from snd_step this show ?thesis
           proof cases
             case RedParsedIfTrue
-            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
+            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont ( then_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
 
             have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
@@ -1783,7 +1783,7 @@ next
             thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct succ_cfg_sat by blast
           next
             case (RedParsedIfFalse)
-            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, Normal ns1)" using None bb_successor_if 1 by auto
+            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont ( else_bbs) cont0, Normal ns1)" using None bb_successor_if 1 by auto
 
             from snd_step 
             have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
@@ -1817,7 +1817,7 @@ next
           proof cases
             assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True))"
             hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))" using expr_eval_determ by blast
-            from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont (rev then_bbs) cont0, Normal ns1)" 
+            from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont ( then_bbs) cont0, Normal ns1)" 
             proof cases
               case RedParsedIfTrue thus ?thesis using guard_true bb_successor_if by (simp add: RedParsedIfTrue)
             qed (auto simp add: guard_not_false bb_successor_if Some)
@@ -1852,7 +1852,7 @@ next
             thus ?thesis 
             proof cases
               assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))"
-              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont (rev else_bbs) cont0, Normal ns1)"
+              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont ( else_bbs) cont0, Normal ns1)"
               proof cases
                 case RedParsedIfFalse thus ?thesis using guard_false bb_successor_if by (simp add: RedParsedIfFalse)
               qed (auto simp add: guard_not_true bb_successor_if Some)

From d8584a577991021096c26b2ed8b06bcf4e75a24a Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Tue, 10 Jan 2023 16:48:25 +0100
Subject: [PATCH 32/74] fix bug in goto semantics

---
 BoogieLang/Ast.thy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 719dfc9..cf85040 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -184,7 +184,7 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Righ
             ((BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
 
   | RedGoto: 
-    "\<lbrakk> (find_label label ast KStop) = Some (found_bigblock, found_cont) \<rbrakk> 
+    "\<lbrakk> (find_label label T KStop) = Some (found_bigblock, found_cont) \<rbrakk> 
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] None (Some (Goto label))), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                             (found_bigblock, found_cont, (Normal n_s))"
 

From 86827743efcb4a3665162387acb5e4f097fee518 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Wed, 14 Sep 2022 10:56:26 +0200
Subject: [PATCH 33/74] start adding support for conditional expressions

---
 BoogieLang/BoogieDeBruijn.thy |  5 ++++-
 BoogieLang/Lang.thy           |  1 +
 BoogieLang/Passification.thy  |  8 ++++++++
 BoogieLang/Semantics.thy      | 18 ++++++++++++++++++
 BoogieLang/TypeSafety.thy     |  6 ++++++
 BoogieLang/Typing.thy         |  4 ++++
 6 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/BoogieLang/BoogieDeBruijn.thy b/BoogieLang/BoogieDeBruijn.thy
index 8156f96..3a594d7 100644
--- a/BoogieLang/BoogieDeBruijn.thy
+++ b/BoogieLang/BoogieDeBruijn.thy
@@ -22,6 +22,7 @@ where
 | "\<up> n k (UnOp uop e) = UnOp uop (\<up> n k e)"
 | "\<up> n k (e1 \<guillemotleft>bop\<guillemotright> e2) = (\<up> n k e1) \<guillemotleft>bop\<guillemotright> (\<up> n k e2)"
 | "\<up> n k (FunExp f ty_args args) = FunExp f ty_args (map (\<up> n k) args)"
+| "\<up> n k (CondExp cond els thn) = CondExp (\<up> n k cond) (\<up> n k els) (\<up> n k thn)"
 | "\<up> n k (Old e) = Old (\<up> n k e)"
 | "\<up> n k (Forall ty e) = (Forall ty (\<up> n (k+1) e))"
 | "\<up> n k (Exists ty e) = (Exists ty (\<up> n (k+1) e))"
@@ -39,6 +40,7 @@ primrec shift_ty_term :: "nat \<Rightarrow> nat \<Rightarrow> expr \<Rightarrow>
 | "\<up>\<^sub>\<tau> n k (UnOp uop e) = UnOp uop (\<up>\<^sub>\<tau> n k e)"
 | "\<up>\<^sub>\<tau> n k (e1 \<guillemotleft>bop\<guillemotright> e2) = (\<up>\<^sub>\<tau> n k e1) \<guillemotleft>bop\<guillemotright> (\<up>\<^sub>\<tau> n k e2)"
 | "\<up>\<^sub>\<tau> n k (FunExp f ty_args args) = FunExp f (map (shiftT n k) ty_args) (map (\<up>\<^sub>\<tau> n k) args)"
+| "\<up>\<^sub>\<tau> n k (CondExp cond thn els) = CondExp (\<up>\<^sub>\<tau> n k cond) (\<up>\<^sub>\<tau> n k thn) (\<up>\<^sub>\<tau> n k els)"
 | "\<up>\<^sub>\<tau> n k (Old e) = Old (\<up>\<^sub>\<tau> n k e)"
 | "\<up>\<^sub>\<tau> n k (Forall ty e) = (Forall (shiftT n k ty) (\<up>\<^sub>\<tau> n k e))"
 | "\<up>\<^sub>\<tau> n k (Exists ty e) = (Exists (shiftT n k ty) (\<up>\<^sub>\<tau> n k e))"
@@ -63,6 +65,7 @@ primrec subst_ty_expr :: "expr \<Rightarrow> nat \<Rightarrow> ty \<Rightarrow>
   | "(UnOp uop e)[k \<mapsto>\<^sub>\<tau> S] = UnOp uop (e[k \<mapsto>\<^sub>\<tau> S])"
   | "(e1 \<guillemotleft>bop\<guillemotright> e2)[k \<mapsto>\<^sub>\<tau> S] = (e1[k \<mapsto>\<^sub>\<tau> S]) \<guillemotleft>bop\<guillemotright> (e2[k \<mapsto>\<^sub>\<tau> S])"
   | "(FunExp f ty_args args)[k \<mapsto>\<^sub>\<tau> S] = FunExp f (map (\<lambda>t. t[k \<mapsto>\<^sub>\<tau> S]\<^sub>\<tau>) ty_args) (map (\<lambda>e. e[k \<mapsto>\<^sub>\<tau> S]) args)"
+  | "(CondExp cond thn els)[k \<mapsto>\<^sub>\<tau> S] = CondExp (cond[k \<mapsto>\<^sub>\<tau> S]) (thn[k \<mapsto>\<^sub>\<tau> S]) (els[k \<mapsto>\<^sub>\<tau> S])"
   | "(Old e)[k \<mapsto>\<^sub>\<tau> S] = Old (e[k \<mapsto>\<^sub>\<tau> S])"
   | "(Forall ty e)[k \<mapsto>\<^sub>\<tau> S] = (Forall (ty[k \<mapsto>\<^sub>\<tau> S]\<^sub>\<tau>) (e[k \<mapsto>\<^sub>\<tau> S]))"
   | "(Exists ty e)[k \<mapsto>\<^sub>\<tau> S] = (Exists (ty[k \<mapsto>\<^sub>\<tau> S]\<^sub>\<tau>) (e[k \<mapsto>\<^sub>\<tau> S]))"
@@ -96,7 +99,7 @@ lemma shiftT0 [simp]: "shiftT 0 i T = T"
   apply (induct T arbitrary: i) by (auto simp add: map_idI)
 
 lemma shift0 [simp]: "\<up> 0 i t = t"
-  by (induct t arbitrary: i) (auto simp add: map_idI) 
+  by (induct t arbitrary: i) (auto simp add: map_idI)
 
 theorem substT_shiftT [simp]:
   "k \<le> k' \<Longrightarrow> k' < k + n \<Longrightarrow> (shiftT n k T)[k' \<mapsto>\<^sub>\<tau> U]\<^sub>\<tau> = shiftT (n - 1) k T"
diff --git a/BoogieLang/Lang.thy b/BoogieLang/Lang.thy
index a9fe218..d0db732 100644
--- a/BoogieLang/Lang.thy
+++ b/BoogieLang/Lang.thy
@@ -37,6 +37,7 @@ datatype expr
   | UnOp unop "expr"
   | BinOp "(expr)" binop "(expr)" ("_ \<guillemotleft>_\<guillemotright> _" [80,0,81] 80) 
   | FunExp fname "ty list" "(expr list)" (* second argument: type instantiation *)
+  | CondExp expr expr expr
   | Old expr
 (* value quantification *)
   | Forall ty expr
diff --git a/BoogieLang/Passification.thy b/BoogieLang/Passification.thy
index 7f45adc..f9b386a 100644
--- a/BoogieLang/Passification.thy
+++ b/BoogieLang/Passification.thy
@@ -252,6 +252,7 @@ fun push_old_expr :: "bool \<Rightarrow> expr \<Rightarrow> expr"
   | "push_old_expr b (UnOp unop e) = UnOp unop (push_old_expr b e)"
   | "push_old_expr b (e1 \<guillemotleft>bop\<guillemotright> e2) = (push_old_expr b e1) \<guillemotleft>bop\<guillemotright> (push_old_expr b e2)"
   | "push_old_expr b (FunExp f ts args) = FunExp f ts (map (push_old_expr b) args)"
+  | "push_old_expr b (CondExp cond thn els) = CondExp (push_old_expr b cond) (push_old_expr b thn) (push_old_expr b els)"
   | "push_old_expr b (Old e) = push_old_expr True e"
   | "push_old_expr b (Forall ty e) = Forall ty (push_old_expr b e)"
   | "push_old_expr b (Exists ty e) = Exists ty (push_old_expr b e)"
@@ -288,6 +289,8 @@ We mainly require a relationship between the variables.\<close>
 text \<open> R: active variable relation, 
        R_old: old global variable to passive variable relation, 
        loc_vars: parameters and locals \<close>
+
+(* TODO: add relation for cond exp *)
 inductive expr_rel :: "passive_rel \<Rightarrow> passive_rel \<Rightarrow> vdecls \<Rightarrow> expr \<Rightarrow> expr \<Rightarrow> bool" and 
  expr_list_rel :: "passive_rel \<Rightarrow> passive_rel \<Rightarrow> vdecls \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> bool"
   for R :: passive_rel and R_old :: passive_rel and loc_vars :: vdecls
@@ -301,6 +304,11 @@ inductive expr_rel :: "passive_rel \<Rightarrow> passive_rel \<Rightarrow> vdecl
               expr_rel R R_old loc_vars (e11 \<guillemotleft>bop\<guillemotright> e12) (e21 \<guillemotleft>bop\<guillemotright> e22)"
  | FunExp_Rel: "\<lbrakk> expr_list_rel R R_old loc_vars args1 args2 \<rbrakk>  \<Longrightarrow> 
               expr_rel R R_old loc_vars (FunExp f ts args1) (FunExp f ts args2)"
+ | CondExp_rel:
+              "\<lbrakk> expr_rel R R_old loc_vars cond1 cond2;
+                 expr_rel R R_old loc_vars thn1 thn2;
+                 expr_rel R R_old loc_vars els1 els2 \<rbrakk> \<Longrightarrow>
+              expr_rel R R_old loc_vars (CondExp cond1 thn1 els1) (CondExp cond2 thn2 els2)"
  | OldGlobalVar_Rel: "\<lbrakk>R_old x = Some (Inl y)\<rbrakk> \<Longrightarrow>
               expr_rel R R_old loc_vars (Old (Var x)) (Var y)"
  | OldLocalVar_Rel: "\<lbrakk>map_of loc_vars x = Some v; expr_rel R R_old loc_vars (Var x) (Var y)\<rbrakk> \<Longrightarrow> 
diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index 9c234b2..b1525f5 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -429,6 +429,14 @@ inductive red_expr :: "'a absval_ty_fun \<Rightarrow> var_context \<Rightarrow>
                 A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>args, n_s\<rangle> [\<Down>] v_args;
                 f_interp (map (instantiate \<Omega>) ty_args) v_args = Some v \<rbrakk> \<Longrightarrow>
              A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle> FunExp f ty_args args, n_s \<rangle> \<Down> v"
+  | RedCondExpTrue: 
+               "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond, n_s\<rangle> \<Down> (BoolV True); 
+                  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>thn, n_s\<rangle> \<Down> v \<rbrakk> \<Longrightarrow>
+            A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle> CondExp cond thn els, n_s \<rangle> \<Down> v"
+  | RedCondExpFalse: 
+               "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond, n_s\<rangle> \<Down> (BoolV False); 
+                  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>els, n_s\<rangle> \<Down> v \<rbrakk> \<Longrightarrow>
+            A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle> CondExp cond thn els, n_s \<rangle> \<Down> v"
   | RedOld: "\<lbrakk> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle> e, n_s\<lparr>global_state := old_global_state n_s \<rparr> \<rangle> \<Down> v\<rbrakk> \<Longrightarrow> 
             A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle> Old e, n_s \<rangle> \<Down> v"
   | RedExpListNil:
@@ -780,6 +788,16 @@ next
 next
   case (RedOld \<Omega> e n_s v) 
   thus ?case by (blast elim: red_expr.cases)
+next
+  case (RedCondExpTrue \<Omega> cond n_s thn v els)
+  from RedCondExpTrue.prems
+  show ?case 
+    by (cases, insert RedCondExpTrue.IH, blast+)
+next
+  case (RedCondExpFalse \<Omega> cond n_s thn v els)
+  from RedCondExpFalse.prems
+  show ?case 
+    by (cases, insert RedCondExpFalse.IH, blast+)
 next
   case (RedForAllTrue ty e n_s v')
   thus ?case by (blast elim: red_expr.cases)
diff --git a/BoogieLang/TypeSafety.thy b/BoogieLang/TypeSafety.thy
index 3457f66..2c6bd00 100644
--- a/BoogieLang/TypeSafety.thy
+++ b/BoogieLang/TypeSafety.thy
@@ -246,6 +246,9 @@ next
     by (metis (no_types, lifting) A1 \<open>fi (map (instantiate \<Omega>) ty_params) vargs = Some v\<close> option.inject) 
   thus ?case using TypFunExp.IH(1)
     by (simp add: TypFunExp.hyps(1) Wf_ret_ty instantiate_msubst_opt)
+next
+  case (TypCondExp \<Delta> cond thn ty els)
+  then show ?case oops
 next
   case (TypOld \<Delta> e ty)
   from TypOld have RedE:"A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<lparr>global_state := old_global_state n_s \<rparr>\<rangle> \<Down> v" by auto
@@ -422,6 +425,9 @@ next
   ultimately have "\<exists>v. fi (map (instantiate \<Omega>) ty_params) vargs = Some v" using FunSingleWf \<open>length ty_params = n_ty_params\<close>
     fun_interp_single_wf.simps length_map by blast
   with RedArgs show ?case by (metis Mem RedFunOp)
+next
+  case (TypCondExp \<Delta> cond thn ty els)
+  then show ?case oops
 next
   case (TypOld \<Delta> e ty)
   have "\<exists>a. A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e,n_s\<lparr>global_state := old_global_state n_s\<rparr>\<rangle> \<Down> a"
diff --git a/BoogieLang/Typing.thy b/BoogieLang/Typing.thy
index 2a7b26d..e83b1c4 100644
--- a/BoogieLang/Typing.thy
+++ b/BoogieLang/Typing.thy
@@ -68,6 +68,10 @@ and typing_list :: "fdecls \<Rightarrow> type_env \<Rightarrow> expr list \<Righ
                   length args = length args_ty;
                   F,\<Delta> \<turnstile> args [:] (map (msubstT_opt ty_params) args_ty) \<rbrakk> \<Longrightarrow> 
                 F,\<Delta> \<turnstile> FunExp f ty_params args : (msubstT_opt ty_params ret_ty)"
+  | TypCondExp: "\<lbrakk> F,\<Delta> \<turnstile> cond : TPrim (TBool);
+                   F,\<Delta> \<turnstile> thn : ty;
+                   F,\<Delta> \<turnstile> els: ty \<rbrakk> \<Longrightarrow>
+                F,\<Delta> \<turnstile> CondExp cond thn els : ty"
   | TypOld: "\<lbrakk> F, \<Delta> \<turnstile> e : ty \<rbrakk> \<Longrightarrow> F, \<Delta>  \<turnstile> Old e : ty"
   | TypForall: "\<lbrakk> F, (fst \<Delta>, ext_env (snd \<Delta>) ty) \<turnstile> e : TPrim (TBool) \<rbrakk> \<Longrightarrow> F,\<Delta> \<turnstile> Forall ty e : TPrim (TBool)"
   | TypExists: "\<lbrakk> F, (fst \<Delta>, ext_env (snd \<Delta>) ty) \<turnstile> e : TPrim (TBool) \<rbrakk> \<Longrightarrow> F,\<Delta> \<turnstile> Exists ty e : TPrim (TBool)"

From a12a1c0653596c8a28c2abf1db8987dc3611ae74 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Mon, 16 Jan 2023 11:16:49 +0100
Subject: [PATCH 34/74] progress

---
 BoogieLang/Passification.thy |  4 +++-
 BoogieLang/Semantics.thy     | 11 +++++++++++
 BoogieLang/TypeSafety.thy    | 27 ++++++++++++++++++++++-----
 BoogieLang/Typing.thy        |  2 +-
 4 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/BoogieLang/Passification.thy b/BoogieLang/Passification.thy
index f9b386a..e95fd19 100644
--- a/BoogieLang/Passification.thy
+++ b/BoogieLang/Passification.thy
@@ -290,7 +290,6 @@ text \<open> R: active variable relation,
        R_old: old global variable to passive variable relation, 
        loc_vars: parameters and locals \<close>
 
-(* TODO: add relation for cond exp *)
 inductive expr_rel :: "passive_rel \<Rightarrow> passive_rel \<Rightarrow> vdecls \<Rightarrow> expr \<Rightarrow> expr \<Rightarrow> bool" and 
  expr_list_rel :: "passive_rel \<Rightarrow> passive_rel \<Rightarrow> vdecls \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> bool"
   for R :: passive_rel and R_old :: passive_rel and loc_vars :: vdecls
@@ -418,6 +417,9 @@ next
 next
   case (FunExp_Rel args1 args2 f ts)
   then show ?case by (blast intro: red_expr_red_exprs.intros)
+next
+  case (CondExp_rel cond1 cond2 thn1 thn2 els1 els2)
+  then show ?case by (blast intro: red_expr_red_exprs.intros)    
 next
   case (Forall_Rel e1 e2 ty)
   hence RelExt:"\<And>v. nstate_rel \<Lambda> \<Lambda>' R (full_ext_env ns1 v) (full_ext_env ns2 v)" using binder_update_nstate_rel by blast
diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index b1525f5..81e3c6f 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -474,6 +474,7 @@ inductive red_expr :: "'a absval_ty_fun \<Rightarrow> var_context \<Rightarrow>
 inductive_cases RedBinOp_case[elim!]: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(e1 \<guillemotleft>bop\<guillemotright> e2), n_s\<rangle> \<Down> v"
 inductive_cases RedUnOp_case[elim!]: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp uop e1, n_s\<rangle> \<Down> v"
 inductive_cases RedFunOp_case[elim!]: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle> FunExp f ty_args args, n_s \<rangle> \<Down> v"
+inductive_cases RedCondExp_case[elim!]: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle> CondExp cond thn els, n_s \<rangle> \<Down> v"
 inductive_cases RedOld_case[elim!]: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Old  e, n_s\<rangle> \<Down> v"
 inductive_cases RedLit_case[elim!]: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(Lit l), n_s\<rangle> \<Down> LitV l"
 inductive_cases RedVar_case[elim!]: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(Var x), n_s\<rangle> \<Down> v"
@@ -481,6 +482,16 @@ inductive_cases RedBVar_case[elim!]: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile>
 inductive_cases RedForallTrue_case: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Forall ty e, n_s\<rangle> \<Down> LitV (LBool True)"
 inductive_cases RedForallFalse_case: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Forall ty e, n_s\<rangle> \<Down> LitV (LBool False)"
 
+lemma red_cond_exp_cases:
+  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>CondExp cond thn els, n_s \<rangle> \<Down> v"
+  obtains b
+  where "(A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond, n_s\<rangle> \<Down> BoolV b) \<and> (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>if b then thn else els, n_s\<rangle> \<Down> v)"
+  using assms
+  apply cases
+   apply fastforce
+  apply fastforce
+  done
+
 definition expr_sat :: "'a absval_ty_fun \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> 'a nstate \<Rightarrow> expr \<Rightarrow> bool"
   where "expr_sat A \<Lambda> \<Gamma> \<Omega> n_s e = (A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<rangle> \<Down> LitV (LBool True))"
 
diff --git a/BoogieLang/TypeSafety.thy b/BoogieLang/TypeSafety.thy
index 2c6bd00..314cfaa 100644
--- a/BoogieLang/TypeSafety.thy
+++ b/BoogieLang/TypeSafety.thy
@@ -12,6 +12,9 @@ fun expr_is_defined :: "var_context \<Rightarrow> 'a nstate \<Rightarrow> expr \
    | "expr_is_defined \<Lambda> ns (UnOp uop e) = expr_is_defined \<Lambda> ns e"
    | "expr_is_defined \<Lambda> ns (e1 \<guillemotleft>bop\<guillemotright> e2) = ((expr_is_defined \<Lambda> ns e1) \<and> (expr_is_defined \<Lambda> ns e2))"
    | "expr_is_defined \<Lambda> ns (FunExp f tys e) = ((list_all closed tys) \<and> (list_all (expr_is_defined \<Lambda> ns) e))"
+   | "expr_is_defined \<Lambda> ns (CondExp cond thn els) = ( (expr_is_defined \<Lambda> ns cond) \<and> 
+                                                      (expr_is_defined \<Lambda> ns thn) \<and> 
+                                                      (expr_is_defined \<Lambda> ns els) )"
    | "expr_is_defined \<Lambda> ns (Old e) = expr_is_defined \<Lambda> ns e"
    | "expr_is_defined \<Lambda> ns (Forall ty e) = ((closed ty) \<and> (\<forall>w. (expr_is_defined \<Lambda> (full_ext_env ns w) e)))"
    | "expr_is_defined \<Lambda> ns (Exists ty e) =  ((closed ty) \<and> (\<forall>w. (expr_is_defined \<Lambda> (full_ext_env ns w) e)))"
@@ -72,6 +75,7 @@ primrec wf_expr :: "nat \<Rightarrow> expr \<Rightarrow> bool"
   | "wf_expr k (UnOp uop e) = wf_expr k e"
   | "wf_expr k (e1 \<guillemotleft>bop\<guillemotright> e2) = (wf_expr k e1 \<and> wf_expr k e2)"
   | "wf_expr k (FunExp f ty_args args) = ((list_all (wf_ty k) ty_args) \<and> (list_all (wf_expr k) args))"
+  | "wf_expr k (CondExp cond e1 e2) = (wf_expr k cond \<and> wf_expr k e1 \<and> wf_expr k e2)"
   | "wf_expr k (Old e) = wf_expr k e"
   | "wf_expr k (Forall ty e) = ((wf_ty k ty) \<and> (wf_expr k e))"
   | "wf_expr k (Exists ty e) = ((wf_ty k ty) \<and> (wf_expr k e))"
@@ -248,7 +252,7 @@ next
     by (simp add: TypFunExp.hyps(1) Wf_ret_ty instantiate_msubst_opt)
 next
   case (TypCondExp \<Delta> cond thn ty els)
-  then show ?case oops
+  thus ?case by auto
 next
   case (TypOld \<Delta> e ty)
   from TypOld have RedE:"A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<lparr>global_state := old_global_state n_s \<rparr>\<rangle> \<Down> v" by auto
@@ -427,7 +431,20 @@ next
   with RedArgs show ?case by (metis Mem RedFunOp)
 next
   case (TypCondExp \<Delta> cond thn ty els)
-  then show ?case oops
+  hence RedCond: "\<exists>v. A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond,n_s\<rangle> \<Down> v" and
+        RedThn: "\<exists>v. A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>thn,n_s\<rangle> \<Down> v" and
+        RedElse: "\<exists>v. A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>els,n_s\<rangle> \<Down> v"        
+    by auto
+
+  moreover from RedCond obtain b where
+       "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond,n_s\<rangle> \<Down> BoolV b"
+    using preservation(1)[OF \<open>list_all closed \<Omega>\<close> TypCondExp.prems(5) TypCondExp.prems(6) TypCondExp.prems(7) 
+                             Wf_\<Gamma> Wf_F \<open>F,\<Delta> \<turnstile> cond : TPrim TBool\<close>]
+          \<open>wf_expr _ _\<close>
+    by (metis instantiate.simps(2) type_of_val_bool_elim wf_expr.simps(7))
+
+  ultimately show ?case
+    by (metis (full_types) RedCondExpFalse RedCondExpTrue)
 next
   case (TypOld \<Delta> e ty)
   have "\<exists>a. A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e,n_s\<lparr>global_state := old_global_state n_s\<rparr>\<rangle> \<Down> a"
@@ -462,7 +479,7 @@ next
         type_of_val A v' = TPrim TBool"
     using preservation(1)[OF \<open>list_all closed \<Omega>\<close> _ AuxOld EnvCorres Wf_\<Gamma> Wf_F _ _ ]
           TypForall.IH(1) TypForall.prems 
-    by (metis fst_conv full_ext_env.simps instantiate.simps(2) lookup_var_binder_upd wf_expr.simps(8))
+    by (metis fst_conv instantiate.simps(2) lookup_full_ext_env_same wf_expr.simps(9))
   show ?case
   proof (cases "\<forall> w. type_of_val A w = instantiate \<Omega> ty \<longrightarrow> A, \<Lambda>, \<Gamma>, \<Omega> \<turnstile> \<langle>e, full_ext_env n_s w\<rangle> \<Down> LitV (LBool True)")
     case True
@@ -498,8 +515,8 @@ next
   have RedBodyTy:"\<And>w v'. type_of_val A w = instantiate \<Omega> ty \<Longrightarrow> A, \<Lambda>, \<Gamma>, \<Omega> \<turnstile> \<langle>e, full_ext_env n_s w\<rangle> \<Down> v' \<Longrightarrow>
         type_of_val A v' = TPrim TBool"
     using preservation(1)[OF \<open>list_all closed \<Omega>\<close> _ AuxOld EnvCorres Wf_\<Gamma> Wf_F]
-          TypExists.IH(1) TypExists.prems 
-    by (metis fst_conv full_ext_env.simps instantiate.simps(2) lookup_var_binder_upd wf_expr.simps(9))
+          TypExists.IH(1) TypExists.prems     
+    by (metis fst_conv instantiate.simps(2) lookup_full_ext_env_same wf_expr.simps(10))
   show ?case
   proof (cases "\<forall> w. type_of_val A w = instantiate \<Omega> ty \<longrightarrow> A, \<Lambda>, \<Gamma>, \<Omega> \<turnstile> \<langle>e, full_ext_env n_s w\<rangle> \<Down> LitV (LBool False)")
     case True
diff --git a/BoogieLang/Typing.thy b/BoogieLang/Typing.thy
index e83b1c4..b756817 100644
--- a/BoogieLang/Typing.thy
+++ b/BoogieLang/Typing.thy
@@ -70,7 +70,7 @@ and typing_list :: "fdecls \<Rightarrow> type_env \<Rightarrow> expr list \<Righ
                 F,\<Delta> \<turnstile> FunExp f ty_params args : (msubstT_opt ty_params ret_ty)"
   | TypCondExp: "\<lbrakk> F,\<Delta> \<turnstile> cond : TPrim (TBool);
                    F,\<Delta> \<turnstile> thn : ty;
-                   F,\<Delta> \<turnstile> els: ty \<rbrakk> \<Longrightarrow>
+                   F,\<Delta> \<turnstile> els : ty \<rbrakk> \<Longrightarrow>
                 F,\<Delta> \<turnstile> CondExp cond thn els : ty"
   | TypOld: "\<lbrakk> F, \<Delta> \<turnstile> e : ty \<rbrakk> \<Longrightarrow> F, \<Delta>  \<turnstile> Old e : ty"
   | TypForall: "\<lbrakk> F, (fst \<Delta>, ext_env (snd \<Delta>) ty) \<turnstile> e : TPrim (TBool) \<rbrakk> \<Longrightarrow> F,\<Delta> \<turnstile> Forall ty e : TPrim (TBool)"

From 31d709925b0eddacf88e34712c0ebfe1fb526b38 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Mon, 16 Jan 2023 12:28:31 +0100
Subject: [PATCH 35/74] VC support for conditional expressions

---
 BoogieLang/VCExprHelper.thy | 15 +++++++++++++++
 BoogieLang/VCPhaseML.thy    |  1 +
 2 files changed, 16 insertions(+)

diff --git a/BoogieLang/VCExprHelper.thy b/BoogieLang/VCExprHelper.thy
index e918ec5..9e1ab42 100644
--- a/BoogieLang/VCExprHelper.thy
+++ b/BoogieLang/VCExprHelper.thy
@@ -4,6 +4,9 @@ theory VCExprHelper
 imports Semantics Util
 begin
 
+abbreviation ite_vc :: "bool \<Rightarrow> 'a \<Rightarrow> 'a \<Rightarrow> 'a"
+  where "ite_vc cond thn els \<equiv> if cond then thn else els"
+
 subsection \<open>vc_to_expr and expr_to_vc\<close>
 
 lemma vc_to_expr:"\<lbrakk>vc; A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e,ns\<rangle> \<Down> LitV (LBool vc)\<rbrakk> \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e,ns\<rangle> \<Down> LitV (LBool True)"
@@ -134,6 +137,18 @@ lemma uminus_vc_rel:
   using assms
   by (auto intro: RedUnOp)
 
+text \<open>conditional expressions\<close>
+
+text \<open>In the following, \<^term>\<open>C\<close> is either the identity function or a literal value constructor such 
+as \<^const>\<open>BoolV\<close> and \<^const>\<open>IntV\<close>.\<close>
+lemma condexp_vc_rel:        
+  assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond, ns\<rangle> \<Down> BoolV vc_cond" and 
+          "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>thn, ns\<rangle> \<Down> C vc_thn" and
+          "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>els, ns\<rangle> \<Down> C vc_els"
+  shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>CondExp cond thn els, ns\<rangle> \<Down> C (ite_vc vc_cond vc_thn vc_els)"
+  using assms
+  by (auto intro: RedCondExpTrue RedCondExpFalse)
+
 subsection \<open>Closed types\<close>
 
 text \<open>We define a new data type to model the closed types. We (implicitly) instantiate the type sort 
diff --git a/BoogieLang/VCPhaseML.thy b/BoogieLang/VCPhaseML.thy
index fd1f4d4..8e4558e 100644
--- a/BoogieLang/VCPhaseML.thy
+++ b/BoogieLang/VCPhaseML.thy
@@ -118,6 +118,7 @@ red_var_tac ctxt assms del_thms,
 (resolve_tac ctxt [@{thm eq_real_vc_rel}]),
 (resolve_tac ctxt [@{thm eq_abs_vc_rel}]),
 (resolve_tac ctxt [@{thm iff_vc_rel}]),
+(resolve_tac ctxt [@{thm condexp_vc_rel}]),
 (resolve_tac ctxt [@{thm forallt_vc}]),
 (forall_main_tac ctxt (fst (forall_and_exists_thm_tuple))),
 (exists_main_tac ctxt (snd (forall_and_exists_thm_tuple))),

From 6694cda800eb82f403684ad46636b30703f4908b Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Mon, 16 Jan 2023 14:49:17 +0100
Subject: [PATCH 36/74] add convert_ast_to_program_point

---
 BoogieLang/Ast.thy | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index cf85040..dea946e 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -37,7 +37,11 @@ type_synonym 'a ast_config = "bigblock * cont * ('a state)"
 
 fun convert_list_to_cont :: "bigblock list \<Rightarrow> cont \<Rightarrow> cont" where
     "convert_list_to_cont [] cont0 = cont0"
-  | "convert_list_to_cont (x#xs) cont0 = KSeq x (convert_list_to_cont xs cont0)" 
+  | "convert_list_to_cont (x#xs) cont0 = KSeq x (convert_list_to_cont xs cont0)"
+
+fun convert_ast_to_program_point :: "ast \<Rightarrow> bigblock \<times> cont" where
+    "convert_ast_to_program_point [] = ((BigBlock None [] None None), KStop)"
+  | "convert_ast_to_program_point (b#bs) = (b, convert_list_to_cont bs KStop)"
 
 
 text\<open>auxillary function to find the label a Goto statement is referring to\<close>

From 0be78515d33ea035ec23e03e950ca5c8b0a427cb Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Thu, 20 Apr 2023 09:14:19 +0200
Subject: [PATCH 37/74] Create CfgOptimizations.thy

CfgOptimizations lemmas for block coalescing and pruning of unreachable blocks
---
 BoogieLang/CfgOptimizations.thy | 687 ++++++++++++++++++++++++++++++++
 1 file changed, 687 insertions(+)
 create mode 100644 BoogieLang/CfgOptimizations.thy

diff --git a/BoogieLang/CfgOptimizations.thy b/BoogieLang/CfgOptimizations.thy
new file mode 100644
index 0000000..1c6515a
--- /dev/null
+++ b/BoogieLang/CfgOptimizations.thy
@@ -0,0 +1,687 @@
+theory CfgOptimizations
+  imports Boogie_Lang.Semantics Boogie_Lang.Util "../global_data"
+begin
+
+subsection \<open>Global block and hybrid global block lemma definition\<close>
+
+definition hybrid_block_lemma_target_succ_verifies
+  where "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' \<equiv>
+         (\<forall>ns1'. s1' = Normal ns1' \<longrightarrow>
+                     (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow>
+                          (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow>
+                                  s2' \<noteq> Failure)
+                     )
+                   )"
+
+definition hybrid_block_lemma_target_verifies
+  where "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns \<equiv>              
+            (\<forall>s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds, Normal ns\<rangle> [\<rightarrow>] s1') \<longrightarrow>  \<comment>\<open>First reduce the coalesced commands\<close>
+                   s1' \<noteq> Failure \<and> 
+                   \<comment>\<open>All successors blocks of \<^term>\<open>tgt_block\<close> must verify\<close>
+                   hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'
+              )"
+
+definition hybrid_block_lemma
+  where "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds \<equiv> 
+          \<forall>m' ns s'.  
+             (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>* (m', s')) \<longrightarrow>
+             hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns \<longrightarrow>
+             s' \<noteq> Failure"
+
+text \<open>\<^prop>\<open>hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds\<close> formalizes the ``hybrid''
+global block lemma that we discussed on 22.03. with which one can deal with the case where blocks
+are coalesced. \<^term>\<open>src_block\<close> expresses the source block id that we are currently considering
+(i.e., one of the blocks that will be coalesced). \<^term>\<open>tgt_block\<close> expresses the target block id
+that of the coalesced block. \<^term>\<open>tgt_cmds\<close> expresses the currently considered 
+coalesced commands in the target CFG (this corresponds to \<open>cs_i@cs_(i+1)@...@cs_n\<close> in our discussion).
+\<close>
+
+text \<open>We now define the standard global block lemma that we want to use for the cases where no blocks
+are coalesced.\<close>
+
+definition global_block_lemma
+  where "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block \<equiv> 
+          \<forall>m' ns s'.  
+             (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>* (m', s')) \<longrightarrow>
+             (\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl tgt_block, (Normal ns)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure) \<longrightarrow>
+             s' \<noteq> Failure"
+
+subsection \<open>Helper lemmas\<close>
+
+lemma hybrid_block_lemma_target_succ_verifies_intro:
+  assumes 
+   "\<And>ns1' target_succ m2' s2'. s1' = Normal ns1' \<Longrightarrow>
+           List.member (out_edges(G') ! tgt_block) target_succ \<Longrightarrow>
+           (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<Longrightarrow>
+            s2' \<noteq> Failure"
+ shows "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
+  using assms
+  unfolding hybrid_block_lemma_target_succ_verifies_def
+  by blast
+
+lemma hybrid_block_lemma_elim:
+  assumes "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds" and
+          "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>* (m', s')" and
+          "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns"
+  shows "s' \<noteq> Failure"
+  using assms
+  unfolding hybrid_block_lemma_def
+  by blast
+
+
+
+
+text \<open>The lemmas above are just for convenience. They make it more pleasant to prove (..._intro) 
+and use (..._elim) the hybrid global block lemma definitions\<close>
+
+
+text \<open>We discussed the following useful lemma (that is used below in the main proofs)\<close>
+
+lemma red_cmd_append_failure_preserved:
+  assumes "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] s)" and 
+          "s = Failure" 
+     \<comment>\<open>Theoretically, it would be fine to directly write
+       \<^term>\<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Failure\<close>, but then the standard induction tactic
+       does not carry over that the resulting state is a failure state\<close>
+  shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs@cs',Normal ns\<rangle> [\<rightarrow>] Failure"
+  using assms
+  apply induction
+   apply (simp add: failure_red_cmd_list)
+  by (simp add: RedCmdListCons)
+
+
+
+
+lemma red_cfg_magic_preserved:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(b, s0) -n\<rightarrow>* (m', s')" and "s0 = Magic"
+  shows "s' = Magic"
+  using assms
+proof (induction rule: rtranclp_induct2)
+  case refl
+  then show ?case by simp
+next
+  case (step a b a b)
+  then show ?case 
+    using red_cfg.cases by blast
+qed
+
+
+
+lemma magic_lemma_assume_false:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, s\<rangle> [\<rightarrow>] s'" and
+          "s'\<noteq>Failure" and
+          "s = Normal ns"
+          "(Assume (Lit (LBool False))) \<in> set (cs)"
+        shows "s' = Magic"
+  using assms
+proof (induction arbitrary: ns)
+  case (RedCmdListNil s)
+  then show ?case
+    by simp
+next
+  case (RedCmdListCons c s s'' cs s')
+  then show ?case
+proof (cases "c = (Assume (Lit (LBool False)))")
+  case True
+  hence "s'' = Magic" using RedCmdListCons
+    by (meson RedLit assume_red_false)
+  then show ?thesis using RedCmdListCons
+    by (simp add: magic_stays_cmd_list_2)
+next
+  case False
+  then show ?thesis
+  proof (cases "s''")
+    case (Normal x1)
+    then show ?thesis
+      by (metis False RedCmdListCons.IH RedCmdListCons.prems(1) RedCmdListCons.prems(3) set_ConsD)
+  next
+    case Failure
+    then show ?thesis
+      using RedCmdListCons.hyps(2) RedCmdListCons.prems(1) failure_stays_cmd_list by blast
+  next
+    case Magic
+    then show ?thesis
+      using RedCmdListCons.hyps(2) magic_stays_cmd_list_2 by blast
+  qed
+qed
+qed
+
+lemma assert_false_failure:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Assert (Lit (LBool False)), Normal ns\<rangle> \<rightarrow> s"
+  shows "s = Failure"
+  using assms
+  by (cases) auto
+
+
+lemma magic_lemma_assert_false:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, s\<rangle> [\<rightarrow>] s'" and
+          "s = Normal ns"
+          "(Assert (Lit (LBool False))) \<in> set (cs)"
+        shows "s' = Magic \<or> s' = Failure"
+  using assms
+proof (induction arbitrary: ns)
+  case (RedCmdListNil s)
+  then show ?case
+    by simp
+next
+  case (RedCmdListCons c s s'' cs s')
+  then show ?case
+proof (cases "c = (Assert (Lit (LBool False)))")
+  case True
+
+  hence "s'' = Failure" using RedCmdListCons
+    by (metis True assert_false_failure)
+  
+  then show ?thesis
+    using RedCmdListCons.hyps(2) failure_stays_cmd_list_aux by blast
+next
+  case False
+  then show ?thesis
+  proof (cases "s''")
+    case (Normal x1)
+    then show ?thesis
+      using False RedCmdListCons.IH RedCmdListCons.prems(2) by auto
+  next
+    case Failure
+    then show ?thesis
+      using RedCmdListCons.hyps(2) RedCmdListCons.prems(1) failure_stays_cmd_list by blast
+  next
+    case Magic
+    then show ?thesis
+      using RedCmdListCons.hyps(2) magic_stays_cmd_list_2 by blast
+  qed
+qed
+qed
+
+
+subsection \<open>Main lemmas\<close>
+
+text \<open>In the following subsection, we show the two main lemmas that are interested in:
+    \<^item> Given the hybrid global lemma for block i, we can construct the hybrid block lemma for block i-1 
+    \<^item> Given the hybrid global lemma for block 1 (the first one of a sequence of blocks that is coalesced),
+     we can construct the global block lemma (i.e., not hybrid global block lemma) for block 1.
+\<close>
+
+subsubsection \<open>Main lemma 1 (extending hybrid global block lemmas)\<close>
+
+text \<open>The following lemma shows that given the hybrid global block lemma for block i, we can construct
+the hybrid block lemma for block i-1. Below the suffix 1 is used for i and 0 is used for i-1.\<close>
+
+lemma extend_hybrid_global_block_lemma:
+ assumes 
+      NextGlobal: "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block_1 tgt_block tgt_cmds_1" and      
+      SourceBlock: "node_to_block G ! src_block_0 = cs" and
+      SourceSucc: "out_edges G ! src_block_0 = [src_block_1]" and
+                  "tgt_cmds_0 = cs@tgt_cmds_1"
+ shows 
+      "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block_0 tgt_block tgt_cmds_0"
+  unfolding hybrid_block_lemma_def
+proof (rule allI | rule impI)+ \<comment>\<open>Here, we are applying initial proof rule to get rid of universal quantifiers and implications\<close>
+  fix m' ns s'
+  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block_0, Normal ns) -n\<rightarrow>* (m', s')" and
+         TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_0 ns"
+
+  show "s' \<noteq> Failure"
+  proof (cases rule: converse_rtranclpE2[OF RedSource]) 
+    \<comment>\<open>converse_tranclpE2 shows that if (a,b) are in the transitive closure of R, then this means that either
+       a = b or there is some y s.t. (a,y) is in R and (y,b) is in the transitive closure of R (the standard
+       case  distinction has the dual second case where (a,y) is in the transitive closure of R and
+       (y,b) is in R\<close>
+    case 1
+    \<comment>\<open>Source takes 0 steps \<longrightarrow> trivial\<close>
+    then show ?thesis 
+      by fast
+  next
+    case (2 b s0)
+    \<comment>\<open>Source takes 1 step to \<^term>\<open>(b,s0)\<close> and then 0 more steps to \<^term>\<open>(m',s')\<close>\<close>
+
+    \<comment>\<open>We now first show that b must be \<^term>\<open>src_block_1\<close>, \<^term>\<open>s0\<close> cannot be a failure, and that if \<^term>\<open>s0\<close> is
+      a normal state, then we can reduce the commands of \<^term>\<open>src_block_0\<close> (i.e., \<^term>\<open>cs\<close>) to \<^term>\<open>s0\<close>.\<close>
+
+    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block_0, Normal ns) -n\<rightarrow> (b, s0)\<close>
+    have OneStepResult: "s0 \<noteq> Failure \<and> (\<forall>ns0. (s0 = Normal ns0 \<longrightarrow> b = Inl src_block_1 \<and> 
+                                                A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns0))"
+    proof cases \<comment>\<open>Because we used "from \<open>fact\<close>" where \<open>fact\<close> is defined inductively, \<open>cases\<close> 
+                   does a case distinction over all rules that could have been used to derive 
+                   \<open>fact\<close>\<close>
+      case (RedNormalSucc cs ns' n')
+      then show ?thesis 
+        using SourceSucc SourceBlock
+        by (simp add: member_rec(1) member_rec(2))
+    next
+      case (RedNormalReturn cs ns')
+      then show ?thesis 
+        using SourceSucc
+        by simp
+    next
+      case (RedFailure cs)
+      hence "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs@tgt_cmds_1,Normal ns\<rangle> [\<rightarrow>] Failure"
+        using red_cmd_append_failure_preserved
+        by fast
+      hence False 
+        using TargetVerifies \<open> node_to_block G ! src_block_0 = cs\<close> \<open>tgt_cmds_0 = _\<close> SourceBlock
+        unfolding hybrid_block_lemma_target_verifies_def
+        by blast
+      thus ?thesis
+        by simp        
+    next
+      case (RedMagic cs)
+      then show ?thesis by auto
+    qed
+
+    \<comment>\<open>Using this result we now prove the goal by doing a case distinction on whether \<^term>\<open>s0\<close> is
+       a magic state (if it is, we are trivially done; if not we know we are in a normal state and must
+       continue the proof) \<close>
+    
+    show ?thesis
+    proof (cases "s0 = Magic")
+      case True
+      \<comment>\<open>Once we are in the Magic state, we will always remain in the Magic state.\<close>
+      thus "s' \<noteq> Failure"
+        using red_cfg_magic_preserved[OF \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(b, s0) -n\<rightarrow>* (m', s')\<close>]
+        by simp        
+    next
+      case False
+      \<comment>\<open>In this case, we know that there must be a normal execution from \<^term>\<open>src_block_1\<close> to \<^term>\<open>(m', s')\<close>.
+         Using this execution we can then get that \<^term>\<open>s'\<close> does not fail using the successor global block lemma
+         that we are given as an assumption.\<close>
+
+      from this obtain ns0 where "s0 = Normal ns0" 
+        using OneStepResult state.exhaust by auto
+
+      hence RedBlock0:  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns0" and
+          RedSuccBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block_1, Normal ns0) -n\<rightarrow>* (m', s')"
+        using OneStepResult \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(b, s0) -n\<rightarrow>* (m', s')\<close>
+        by auto
+        
+      \<comment>\<open>We now want to obtain the conclusion of the successor global lemma lemma (which shows our goal). 
+         To do so, we will have to prove the corresponding assumptions.\<close>
+      show ?thesis
+      proof (rule hybrid_block_lemma_elim[OF NextGlobal RedSuccBlock]) 
+        \<comment>\<open>\<open>thm\<close>[OF \<open>fact\<close>] works if \<open>fact1\<close> proves the first assumption of \<open>thm\<close> and renders the same
+           as \<open>thm\<close> without the first assumption (one can discharge multiple assumptions using OF)\<close>
+
+        \<comment>\<open>We now just need to show that the target assumption of the successor global block lemma
+          holds\<close>
+        show "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_1 ns0"
+          unfolding hybrid_block_lemma_target_verifies_def
+        proof (rule allI, rule impI, rule conjI)
+           \<comment>\<open>We first need to show that executing \<^emph>\<open>just\<close> the coalesced blocks associated with the 
+             successor block cannot fail\<close>
+          fix s1'
+          assume "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds_1,Normal ns0\<rangle> [\<rightarrow>] s1'"
+          with RedBlock0 have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs@tgt_cmds_1,Normal ns\<rangle> [\<rightarrow>] s1'"
+            by (simp add: red_cmd_list_append)
+          thus "s1' \<noteq> Failure"
+            using TargetVerifies \<open>tgt_cmds_0 = cs @ tgt_cmds_1\<close>
+            unfolding hybrid_block_lemma_target_verifies_def
+            by simp
+        next
+          \<comment>\<open>We next need to show that for any execution E of the successor coalesced blocks that continues
+            in the CFG will not fail. We show this by first show that execution E can be extended
+            to an execution of the extended coalesced blocks (i.e., \<^prop>\<open>tgt_cmds_0 = cs @ tgt_cmds_1\<close>).
+            Using this assumption we automatically get from our own assumptions (TargetVerifies) that
+            if E continues through the CFG (through \<open>tgt_block\<close>) there won't be any issues\<close>
+          fix s1'
+          assume "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds_1,Normal ns0\<rangle> [\<rightarrow>] s1'"
+          with RedBlock0 have RedTgtCmds0:"A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds_0 ,Normal ns\<rangle> [\<rightarrow>] s1'"
+            using \<open>tgt_cmds_0 = _\<close>
+            by (simp add: red_cmd_list_append)
+
+          
+          thus "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
+            using TargetVerifies
+            unfolding hybrid_block_lemma_target_verifies_def
+            by fast
+        qed
+      qed    
+    qed
+  qed
+qed
+
+subsubsection \<open>Main lemma 2 (converting hybrid global block lemma to normal global block lemma)\<close>  
+
+lemma convert_hybrid_global_block_lemma:
+ assumes 
+      HybridGlobal: "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds" and      
+      \<comment>\<open>The coalesced block id has commands \<^term>\<open>tgt_cmds\<close>\<close> 
+      TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds"
+ shows 
+      "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block"  
+  unfolding global_block_lemma_def
+proof (rule allI | rule impI)+
+  fix m' ns s'
+  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')" and
+     TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"         
+
+  \<comment>\<open>We prove the conclusion by proving the assumptions of the hybrid global block lemma and then 
+     using its conclusion, which solves the goal\<close>
+  show "s' \<noteq> Failure"
+  proof (rule hybrid_block_lemma_elim[OF HybridGlobal RedSource]) \<comment>\<open>We discharge the first assumption via OF\<close> 
+    show "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns"
+      unfolding hybrid_block_lemma_target_verifies_def
+    proof (rule allI, rule impI)
+      fix s1'
+      assume RedTgtCmds: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds,Normal ns\<rangle> [\<rightarrow>] s1'"
+      text \<open>We need to show that \<^term>\<open>s1'\<close> does not fail. Since we know \<^term>\<open>tgt_cmds\<close> denotes exactly
+            the commands of \<^term>\<open>tgt_block\<close>, we get automatically that there is a one step execution
+            from \<^term>\<open>tgt_block\<close> to state \<^term>\<open>s1'\<close> and according to our TargetVerifies assumption
+            we thus get that  \<^term>\<open>s1'\<close> is not a failing state\<close>
+
+      have "s1' \<noteq> Failure"
+      proof (rule ccontr) \<comment>\<open>proof by contradiction\<close>
+        assume "\<not> s1' \<noteq> Failure" 
+        hence "s1' = Failure" by simp
+        have "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (Inr (), Failure))"
+          apply (rule converse_rtranclp_into_rtranclp)
+           apply (rule RedFailure)
+            apply (rule TargetBlock)
+          using  RedTgtCmds \<open>s1' = Failure\<close>
+           apply blast
+          by simp
+        thus False
+          using TargetVerifies
+          by blast        
+      qed
+    
+        
+      text \<open>Next, we show the second assumption: If the execution continues through the CFG, then the
+            execution won't fail. \<close>
+  
+      moreover have "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
+      proof (rule hybrid_block_lemma_target_succ_verifies_intro)
+        fix ns1' tgt_succ m2' s2'
+        assume "s1' = Normal ns1'" and 
+               TargetSucc: "List.member (out_edges G' ! tgt_block) tgt_succ" and
+               RedTargetSucc: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_succ, Normal ns1') -n\<rightarrow>* (m2', s2')"
+
+        text \<open>We can construct an execution beginning from \<^term>\<open>tgt_block\<close>\<close>
+        have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m2', s2')"
+          apply (rule converse_rtranclp_into_rtranclp)
+           apply (rule RedNormalSucc) 
+             apply (rule TargetBlock)
+          using RedTgtCmds \<open>s1' = Normal ns1'\<close>
+            apply blast
+           apply (rule TargetSucc)
+          apply (rule RedTargetSucc)
+          done
+
+        thus "s2' \<noteq> Failure"
+          using TargetVerifies
+          by blast
+      qed
+
+      ultimately show 
+       "s1' \<noteq> Failure \<and> hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
+        by simp
+    qed
+  qed
+qed
+
+text \<open>The following lemma shows that if in a block the global block lemma holds for all successors and the block was not coalesced, then the global block lemma holds\<close>
+
+lemma global_block_succ:
+  assumes SuccBlocks: "out_edges G ! src_block = ls" and
+          GlobalBlockSucc: "\<forall>x\<in>set(ls). global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x))" and
+          FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
+          TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
+          SourceBlock: "node_to_block G ! src_block = src_cmds" and
+          NotCoalesced: "tgt_cmds = src_cmds"
+        shows "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block"
+  unfolding global_block_lemma_def
+proof (rule allI | rule impI)+
+  fix m' ns s'
+  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')" and
+         TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+  show "s'\<noteq>Failure"
+
+  proof (cases rule: converse_rtranclpE2[OF RedSource])
+    case 1
+    then show ?thesis
+      by blast
+  next
+    case (2 b s0)
+    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (b, s0)\<close> have OneStepResult: "s0 \<noteq> Failure"
+    proof cases
+      case (RedNormalSucc cs ns' n')
+      then show ?thesis
+        by auto
+    next
+      case (RedNormalReturn cs ns')
+      then show ?thesis
+        by simp
+    next
+      case (RedFailure cs)
+      then show ?thesis
+        by (metis NotCoalesced SourceBlock TargetBlock TargetVerifies r_into_rtranclp red_cfg.RedFailure)
+    next
+      case (RedMagic cs)
+      then show ?thesis
+        by simp
+    qed
+
+    show ?thesis
+    proof (cases "s0 = Magic")
+      case True
+      thus "s' \<noteq> Failure"
+        using "2"(2) red_cfg_magic_preserved by blast
+    next
+      case False
+
+      from this obtain ns0 where "s0 = Normal ns0"
+        using OneStepResult state.exhaust by blast
+
+      show ?thesis
+      proof (cases "ls = []")
+        case True
+        hence "(m', s') = (Inl src_block, Normal ns) \<or> m' = Inr()"
+          by (smt (verit) "2"(1) "2"(2) SuccBlocks finished_remains no_out_edges_return old.unit.exhaust sumE)
+        then show ?thesis
+          by (smt (verit) "2"(1) "2"(2) OneStepResult Pair_inject SuccBlocks True finished_remains no_out_edges_return red_cfg.simps)
+      next
+        case False
+
+        from this obtain succ where cond: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns0)) \<and> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl succ, Normal ns0) -n\<rightarrow>* (m',s'))" 
+          by (smt (verit) "2"(1) "2"(2) Inl_inject OneStepResult Pair_inject SuccBlocks \<open>s0 = Normal ns0\<close> red_cfg.cases state.distinct(3))
+
+
+        have cond_global_block: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl (f(succ)), (Normal ns0)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+        proof (rule allI | rule impI)+
+          fix m1' s1'
+          assume "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f succ), Normal ns0) -n\<rightarrow>* (m1', s1')"
+          show "s1' \<noteq> Failure"
+          proof (cases "((m1', s1') = (Inl (f succ), Normal ns0))")
+            case True
+            then show ?thesis
+              by auto
+          next
+            case False
+            hence "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow> (Inl (f succ), Normal ns0)"
+              by (metis FunctionCorr NotCoalesced RedNormalSucc RedNormalSucc_case SourceBlock SuccBlocks TargetBlock cond in_set_member)
+            hence "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1'))"
+              by (simp add: \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f succ), Normal ns0) -n\<rightarrow>* (m1', s1')\<close> converse_rtranclp_into_rtranclp)
+            then show ?thesis
+              by (simp add: TargetVerifies)
+          qed
+        qed
+
+        hence "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ))"
+          by (metis GlobalBlockSucc RedNormalSucc_case SuccBlocks cond in_set_member)
+
+        thus "s'\<noteq>Failure"
+          using cond_global_block cond
+          unfolding global_block_lemma_def
+          by blast
+      qed
+    qed
+  qed
+qed
+
+text \<open>The following lemma shows that if in a block the global block lemma holds for all successors and the block was coalesced, then the hybrid block lemma holds\<close>
+
+lemma hybrid_block_succ:
+  assumes SuccBlocks: "out_edges G ! src_block = ls" and
+          GlobalBlockSucc: "\<forall>x\<in>set(ls). global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x))" and
+          FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
+          SourceBlock: "node_to_block G ! src_block = src_cmds"
+        shows "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds"
+  unfolding hybrid_block_lemma_def
+proof (rule allI | rule impI)+
+  fix m' ns s'
+  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')" and
+         TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block src_cmds ns"
+  show "s' \<noteq> Failure"
+  proof (cases rule: converse_rtranclpE2[OF RedSource])
+    case 1
+    then show ?thesis by blast
+  next
+    case (2 b s0)
+    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (b, s0)\<close> have OneStepResult: "s0 \<noteq> Failure"
+    proof cases
+      case (RedNormalSucc cs ns' n')
+      then show ?thesis
+        by simp
+    next
+      case (RedNormalReturn cs ns')
+      then show ?thesis
+        by simp
+    next
+      case (RedFailure cs)
+      then show ?thesis
+        using SourceBlock TargetVerifies hybrid_block_lemma_target_verifies_def by blast
+    next
+      case (RedMagic cs)
+      then show ?thesis
+        by blast
+    qed
+
+    show ?thesis
+    proof (cases "s0 = Magic")
+      case True
+      then show ?thesis
+        using "2"(2) red_cfg_magic_preserved by blast
+    next
+      case False
+      from this obtain ns0 where "s0 = Normal ns0"
+        using OneStepResult state.exhaust by blast
+      show ?thesis
+      proof (cases "ls = []")
+        case True
+        hence "(m', s') = (Inl src_block, Normal ns) \<or> m' = Inr()"
+          by (smt (verit) "2"(1) "2"(2) SuccBlocks finished_remains no_out_edges_return prod.inject red_cfg.cases)
+        then show ?thesis
+          by (smt (verit) "2"(1) "2"(2) OneStepResult Pair_inject SuccBlocks True finished_remains no_out_edges_return red_cfg.cases)
+      next
+        case False
+
+        from this obtain succ where cond: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns0)) \<and> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl succ, Normal ns0) -n\<rightarrow>* (m',s'))"
+          by (smt (verit) "2"(1) "2"(2) Inl_inject Pair_inject SourceBlock SuccBlocks TargetVerifies \<open>s0 = Normal ns0\<close> hybrid_block_lemma_target_verifies_def red_cfg.simps state.distinct(3))
+
+        hence "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] Normal ns0"
+          using RedNormalSucc_case SourceBlock by blast
+
+        have cond_global_block: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl (f(succ)), (Normal ns0)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+          using GlobalBlockSucc TargetVerifies
+          unfolding hybrid_block_lemma_target_verifies_def global_block_lemma_def hybrid_block_lemma_target_succ_verifies_def
+          by (metis FunctionCorr RedNormalSucc_case SuccBlocks \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] Normal ns0\<close> cond in_set_member)
+
+        hence "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ))"
+          by (metis GlobalBlockSucc RedNormalSucc_case SuccBlocks cond in_set_member)
+        then show ?thesis
+          using cond global_block_lemma_def cond_global_block by blast
+      qed
+
+    qed
+  qed
+
+qed
+
+
+
+lemma pruning_not_coalesced:
+  assumes SuccBlocks: "out_edges G ! src_block = ls" and
+          TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
+          SourceBlock: "node_to_block G ! src_block = src_cmds" and
+          Pruning: "(Assume (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assert (Lit (LBool False))) \<in> set (src_cmds)" and
+          NotCoalesced: "tgt_cmds = src_cmds"
+        shows "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block"
+  unfolding global_block_lemma_def
+
+proof (rule allI | rule impI)+
+  fix m' ns s'
+  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')" and
+         TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+  show "s'\<noteq>Failure"
+  proof (cases rule: converse_rtranclpE2[OF RedSource])
+    case 1
+    then show ?thesis
+      by blast
+  next
+    case (2 a b)
+    then show ?thesis
+    proof (cases "(Assume (Lit (LBool False))) \<in> set (src_cmds)")
+      case True
+      hence  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'"
+        by (smt (verit) "2"(1) "2"(2) Inl_inject Pair_inject SourceBlock converse_rtranclpE magic_lemma_assume_false red_cfg.simps state.distinct(1) state.distinct(3))
+      hence "s' = Magic"
+        using magic_lemma_assume_false
+        by (metis NotCoalesced RedFailure TargetBlock TargetVerifies True r_into_rtranclp)
+      then show ?thesis 
+        by simp
+    next
+      case False
+      hence "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'"
+        by (smt (verit) "2"(1) "2"(2) Inl_inject Pair_inject Pruning SourceBlock converse_rtranclpE magic_lemma_assert_false red_cfg.simps state.distinct(1) state.distinct(3))
+      hence "s' = Magic \<or> s' = Failure" using magic_lemma_assert_false False Pruning 
+        by blast
+      then show ?thesis
+        using NotCoalesced RedFailure TargetBlock TargetVerifies \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'\<close> by blast
+    qed
+  qed
+qed
+
+lemma pruning_coalesced:
+  assumes SuccBlocks: "out_edges G ! src_block = ls" and
+          TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
+          SourceBlock: "node_to_block G ! src_block = src_cmds" and
+          Pruning: "(Assert (Lit (LBool False))) \<in> set (src_cmds)" and
+          Coalesced: "tgt_cmds = cs@src_cmds"
+        shows "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds"
+  unfolding hybrid_block_lemma_def
+
+proof (rule allI | rule impI)+
+  fix m' ns s'
+  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')" and
+         TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block src_cmds ns"
+  show "s' \<noteq> Failure"
+  proof (cases rule: converse_rtranclpE2[OF RedSource])
+    case 1
+    then show ?thesis
+      by blast
+  next
+    case (2 a b)
+    then show ?thesis
+    proof (cases "(Assume (Lit (LBool False))) \<in> set (src_cmds)")
+      case True
+      have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'"
+        by (smt (verit) "2"(1) "2"(2) Inl_inject Pair_inject Pruning SourceBlock converse_rtranclpE magic_lemma_assert_false red_cfg.simps state.distinct(1) state.distinct(3))
+      hence "s' = Magic"
+        using TargetVerifies True hybrid_block_lemma_target_verifies_def magic_lemma_assume_false by blast
+      then show ?thesis
+        by simp
+    next
+      case False
+      have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'"
+        by (smt (verit) "2"(1) "2"(2) Inl_inject Pair_inject Pruning SourceBlock converse_rtranclpE magic_lemma_assert_false red_cfg.simps state.distinct(1) state.distinct(3))
+      hence "s' = Magic \<or> s' = Failure" using magic_lemma_assert_false Pruning 
+        by blast
+      then show ?thesis using Coalesced RedFailure TargetBlock TargetVerifies \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'\<close>
+        by (simp add: hybrid_block_lemma_target_verifies_def)
+    qed
+  qed
+qed
+
+
+term "global_data.fdecls"
+
+end
\ No newline at end of file

From 812ce424d3e74491fab6bd1e25cf4d320148e796 Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Wed, 10 May 2023 13:26:58 +0200
Subject: [PATCH 38/74] Update CfgOptimizations.thy

Main Lemma for dead variables elimination (work is still in progress to get rid of the remaining sorry statements)
---
 BoogieLang/CfgOptimizations.thy | 942 +++++++++++++++++++++++++++++++-
 1 file changed, 930 insertions(+), 12 deletions(-)

diff --git a/BoogieLang/CfgOptimizations.thy b/BoogieLang/CfgOptimizations.thy
index 1c6515a..c6bcfd6 100644
--- a/BoogieLang/CfgOptimizations.thy
+++ b/BoogieLang/CfgOptimizations.thy
@@ -1,7 +1,16 @@
 theory CfgOptimizations
-  imports Boogie_Lang.Semantics Boogie_Lang.Util "../global_data"
+  imports Boogie_Lang.Semantics Boogie_Lang.Util
 begin
 
+subsection \<open>Definition loop induction hypothesis\<close>
+
+definition loop_ih_optimizations
+  where "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeader LoopHeader'  m' s' j \<equiv> 
+          \<forall>j' ns1'. ((j' \<le> j) \<longrightarrow> 
+                     (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl LoopHeader, Normal ns1') -n\<rightarrow>^j' (m', s')) \<longrightarrow>
+         (\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl LoopHeader', Normal ns1') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure) \<longrightarrow>
+                     s' \<noteq> Failure)"
+
 subsection \<open>Global block and hybrid global block lemma definition\<close>
 
 definition hybrid_block_lemma_target_succ_verifies
@@ -194,7 +203,7 @@ qed
 qed
 
 
-subsection \<open>Main lemmas\<close>
+subsection \<open>Main lemmas for block coalescing and pruning of unreachable blocks\<close>
 
 text \<open>In the following subsection, we show the two main lemmas that are interested in:
     \<^item> Given the hybrid global lemma for block i, we can construct the hybrid block lemma for block i-1 
@@ -418,7 +427,7 @@ proof (rule allI | rule impI)+
   qed
 qed
 
-text \<open>The following lemma shows that if in a block the global block lemma holds for all successors and the block was not coalesced, then the global block lemma holds\<close>
+subsubsection \<open>Main Lemma 3 (The following lemma shows that if in a block the global block lemma holds for all successors and the block was not coalesced, then the global block lemma holds)\<close>
 
 lemma global_block_succ:
   assumes SuccBlocks: "out_edges G ! src_block = ls" and
@@ -517,7 +526,7 @@ proof (rule allI | rule impI)+
   qed
 qed
 
-text \<open>The following lemma shows that if in a block the global block lemma holds for all successors and the block was coalesced, then the hybrid block lemma holds\<close>
+subsubsection \<open>Main Lemma 4: The following lemma shows that if in a block the global block lemma holds for all successors and the block was coalesced, then the hybrid block lemma holds\<close>
 
 lemma hybrid_block_succ:
   assumes SuccBlocks: "out_edges G ! src_block = ls" and
@@ -596,7 +605,7 @@ proof (rule allI | rule impI)+
 
 qed
 
-
+subsubsection \<open>Main Lemma 5: Following Lemma shows correctness of pruning of unreachable blocks if the block was not coalesced\<close>
 
 lemma pruning_not_coalesced:
   assumes SuccBlocks: "out_edges G ! src_block = ls" and
@@ -640,11 +649,12 @@ proof (rule allI | rule impI)+
   qed
 qed
 
+subsubsection \<open>Main Lemma 6: Following Lemma shows correctness of pruning of unreachable blocks if the block was coalesced\<close>
+
 lemma pruning_coalesced:
-  assumes SuccBlocks: "out_edges G ! src_block = ls" and
-          TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
+  assumes TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
           SourceBlock: "node_to_block G ! src_block = src_cmds" and
-          Pruning: "(Assert (Lit (LBool False))) \<in> set (src_cmds)" and
+          Pruning: "(Assert (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assume (Lit (LBool False))) \<in> set (src_cmds)" and
           Coalesced: "tgt_cmds = cs@src_cmds"
         shows "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds"
   unfolding hybrid_block_lemma_def
@@ -664,7 +674,7 @@ proof (rule allI | rule impI)+
     proof (cases "(Assume (Lit (LBool False))) \<in> set (src_cmds)")
       case True
       have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'"
-        by (smt (verit) "2"(1) "2"(2) Inl_inject Pair_inject Pruning SourceBlock converse_rtranclpE magic_lemma_assert_false red_cfg.simps state.distinct(1) state.distinct(3))
+        by (smt (verit) "2"(1) "2"(2) Inl_inject Pair_inject SourceBlock True converse_rtranclpE magic_lemma_assume_false red_cfg.cases state.distinct(1) state.distinct(3))
       hence "s' = Magic"
         using TargetVerifies True hybrid_block_lemma_target_verifies_def magic_lemma_assume_false by blast
       then show ?thesis
@@ -672,16 +682,924 @@ proof (rule allI | rule impI)+
     next
       case False
       have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'"
-        by (smt (verit) "2"(1) "2"(2) Inl_inject Pair_inject Pruning SourceBlock converse_rtranclpE magic_lemma_assert_false red_cfg.simps state.distinct(1) state.distinct(3))
+        by (smt (verit) "2"(1) "2"(2) False Inl_inject Pair_inject Pruning SourceBlock converse_rtranclpE magic_lemma_assert_false red_cfg.cases state.distinct(1) state.distinct(3))
       hence "s' = Magic \<or> s' = Failure" using magic_lemma_assert_false Pruning 
-        by blast
+        using False by blast
       then show ?thesis using Coalesced RedFailure TargetBlock TargetVerifies \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'\<close>
         by (simp add: hybrid_block_lemma_target_verifies_def)
     qed
   qed
 qed
 
+subsection \<open>Definition of free variables\<close>
+
+fun free_var_expr :: "expr \<Rightarrow> vname set"
+where 
+  "free_var_expr (Var n) = {n}"
+| "free_var_expr (BVar n) = {}"
+| "free_var_expr (Lit n) = {}"
+| "free_var_expr (UnOp unop ex) = free_var_expr (ex)"
+| "free_var_expr (BinOp ex1 binop ex2) = free_var_expr (ex1) \<union> free_var_expr (ex2)"
+| "free_var_expr (FunExp fname ty_list ex_ls)  = \<Union> (Set.image free_var_expr (set ex_ls))" 
+| "free_var_expr (Old ex) = free_var_expr (ex)"
+| "free_var_expr (Forall ty ex) = free_var_expr (ex)"
+| "free_var_expr (Exists ty ex) = free_var_expr (ex)"
+| "free_var_expr (ForallT ex) = free_var_expr (ex)"
+| "free_var_expr (ExistsT ex) = free_var_expr (ex)"
+
+fun free_var_exprlist :: "expr list \<Rightarrow> vname set"
+where
+  "free_var_exprlist cs = \<Union> (Set.image free_var_expr (set cs))"
+
+
+fun free_var_cmd :: "cmd \<Rightarrow> vname set"
+where
+  "free_var_cmd (Assert ex) = free_var_expr ex"
+| "free_var_cmd (Assume ex) = free_var_expr ex"
+| "free_var_cmd (Assign vname expr) = {vname} \<union> free_var_expr expr"
+| "free_var_cmd (Havoc vname) = {vname}"
+| "free_var_cmd (ProcCall pname ex_ls vname_ls) = set vname_ls \<union> (\<Union> (Set.image free_var_expr (set ex_ls)))" (* is this correct?" *)
+
+fun free_var_cmdlist :: "cmd list \<Rightarrow> vname set"
+where
+  "free_var_cmdlist cs = \<Union> (Set.image free_var_cmd (set cs))"
+
+subsection \<open>Helper Lemmas for the final dead variables elimination lemma\<close>
+
+lemma validConf:
+  assumes proc_cor: "proc_is_correct A fun_decls constants global_vars axioms proc Semantics.proc_body_satisfies_spec" and
+                    "proc_body proc = Some (locals, mbody)" and
+                    "(((\<forall>t. closed t \<longrightarrow> (\<exists>v. type_of_val A (v :: 'a val) = t)) \<and> (\<forall>v. closed ((type_of_val A) v))))" and
+                    "fun_interp_wf A fun_decls \<Gamma>" and
+                    "list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc" and        
+                    "state_typ_wf A \<Omega> gs (constants @ global_vars)" and
+                    "state_typ_wf A \<Omega> ls ((proc_args proc)@ (locals @ proc_rets proc))" and
+                    "axioms_sat A (constants, []) \<Gamma> (global_to_nstate (state_restriction gs constants)) axioms" and            
+                    "expr_all_sat A (constants@global_vars, (proc_args proc)@(locals@(proc_rets proc))) \<Gamma> \<Omega> \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (proc_all_pres proc)" and 
+                    "A, [], (constants@global_vars, (proc_args proc)@(locals@(proc_rets proc))), \<Gamma>, \<Omega>, mbody \<turnstile> (Inl (entry(mbody)), Normal \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr>) -n\<rightarrow>* (m',s')"
+
+  shows             "valid_configuration A (constants@global_vars, (proc_args proc)@(locals@(proc_rets proc))) \<Gamma> \<Omega> (proc_checked_posts proc) m' s'"
+  using assms
+  unfolding proc_body_satisfies_spec_def
+  by fastforce
+
+lemma map_le_append_pre:
+  assumes "map_of xs \<subseteq>\<^sub>m map_of xs'"
+  shows "map_of (ys@xs) \<subseteq>\<^sub>m map_of (ys@xs')" 
+  using assms
+  by (metis Map.map_of_append append_assoc map_add_subsumed2 map_le_map_add)
+  
+lemma map_le_append_post:
+  assumes "map_of xs \<subseteq>\<^sub>m map_of xs'" and 
+          \<comment>\<open>This second assumption is necessary, because otherwise \<^term>\<open>map_of (xs@ys) y\<close> may lookup
+             a value in \<^term>\<open>ys\<close>, while \<^term>\<open>map_of (xs'@ys) y\<close> looks up the value in \<^term>\<open>xs'\<close>\<close>
+          "dom (map_of xs') \<inter> dom (map_of ys) = {}"
+  shows "map_of (xs@ys) \<subseteq>\<^sub>m map_of (xs'@ys)"
+  using assms
+  by (metis Map.map_of_append map_add_comm map_add_le_mapI map_le_map_add map_le_trans)
+
+lemma map_le_append_pre_post:
+  assumes "map_of xs \<subseteq>\<^sub>m map_of xs'" and 
+          \<comment>\<open>This second assumption is necessary, because otherwise \<^term>\<open>map_of (xs@ys) y\<close> may lookup
+             a value in \<^term>\<open>ys\<close>, while \<^term>\<open>map_of (xs'@ys) y\<close> looks up the value in \<^term>\<open>xs'\<close>\<close>
+          "dom (map_of xs') \<inter> dom (map_of ys) = {}"
+  shows "map_of (ws@xs@ys) \<subseteq>\<^sub>m map_of (ws@xs'@ys)"
+  using assms map_le_append_pre map_le_append_post
+  by blast 
+
+lemma lookup_var_decl_map_le:
+  assumes "map_of vs \<subseteq>\<^sub>m map_of vs'"          
+  shows "lookup_vdecls_ty vs \<subseteq>\<^sub>m lookup_vdecls_ty vs'"
+  unfolding lookup_vdecls_ty_def map_le_def
+proof 
+  fix a
+  assume "a \<in> dom (\<lambda>x. map_option fst (map_of vs x))"
+
+  thus "map_option fst (map_of vs a) = map_option fst (map_of vs' a)"
+    using assms
+    by (metis (full_types) domIff map_le_def option.map_disc_iff)
+qed
+
+text \<open>The following lemma should be helpful to prove that variables reduce to the same values in 
+      in the program with and without dead variables.\<close>
+lemma lookup_var_map_le_local:
+  assumes MapLeLocal: "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>') \<and> x \<notin> (dom (map_of (snd \<Lambda>')) - (dom (map_of (snd \<Lambda>))))) 
+                       \<or> (map_of (snd \<Lambda>') \<subseteq>\<^sub>m map_of (snd \<Lambda>) \<and> x \<notin> (dom (map_of (snd \<Lambda>)) - (dom (map_of (snd \<Lambda>'))))) "
+  shows "lookup_var \<Lambda> ns x = lookup_var \<Lambda>' ns x"
+proof (cases "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>') \<and> x \<notin> (dom (map_of (snd \<Lambda>')) - (dom (map_of (snd \<Lambda>)))))")
+  case True
+  then show ?thesis
+  proof (cases "map_of (snd \<Lambda>) x = None")
+    case True
+    hence "map_of (snd \<Lambda>') x = None"
+      by (metis (mono_tags, lifting) DiffI assms domIff map_le_def)
+    with True show ?thesis 
+      unfolding lookup_var_def
+      by simp
+  next
+    case False
+    then show ?thesis
+      using MapLeLocal
+      unfolding lookup_var_def
+      by (metis (mono_tags, lifting) True domIff map_le_def)
+  qed
+next
+  case False
+  then show ?thesis
+  proof (cases "map_of (snd \<Lambda>') x = None")
+    case True
+    hence "map_of (snd \<Lambda>) x = None"
+      using False assms by blast
+    with True show ?thesis 
+      unfolding lookup_var_def
+      by simp
+  next
+    case False
+    then show ?thesis 
+      using MapLeLocal
+      unfolding lookup_var_def
+      by (metis (mono_tags, lifting) DiffI domIff map_le_def)
+  qed
+qed
+
+
+lemma binder_map_le_local:
+  assumes MapLeLocal: "map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>')" and
+          "x \<notin> (dom (map_of (snd \<Lambda>')) - (dom (map_of (snd \<Lambda>))))"
+        shows "binder_state ns i = binder_state ns i"
+  by simp
+
+
+
+lemma state_typ_wf_map_le:
+  assumes StateTypWf: "state_typ_wf A \<Omega> ls (proc_args proc @ locals' @ proc_rets proc)" (is "state_typ_wf A \<Omega> ls ?V'") and
+         MapLe: "map_of locals \<subseteq>\<^sub>m map_of locals'" and
+         DomLocalInterRetsEmpty:   "dom (map_of locals') \<inter> dom (map_of (proc_rets proc)) = {}"
+        shows "state_typ_wf A \<Omega> ls (proc_args proc @ locals @ proc_rets proc)" (is "state_typ_wf A \<Omega> ls ?V")
+  unfolding state_typ_wf_def
+proof (rule allI | rule impI)+
+  fix v t
+  assume LookupV: "lookup_vdecls_ty (proc_args proc @ locals @ proc_rets proc) v = Some t"
+
+  from MapLe have "map_of ?V \<subseteq>\<^sub>m map_of ?V'"
+    using map_le_append_pre_post[OF MapLe DomLocalInterRetsEmpty]
+    by blast        
+
+  with LookupV
+  have "lookup_vdecls_ty (proc_args proc @ locals' @ proc_rets proc) v = Some t"
+    using lookup_var_decl_map_le
+    by (metis (full_types) domI map_le_def)
+
+  thus "map_option (type_of_val A) (ls v) = Some (instantiate \<Omega> t)"
+    using StateTypWf
+    unfolding state_typ_wf_def
+    by blast
+qed
+
+
+
+
+lemma expr_eval_different_locals_same_value:
+  assumes  "fst \<Lambda> = fst \<Lambda>'" and
+           "map_of (snd \<Lambda>') \<subseteq>\<^sub>m map_of (snd \<Lambda>)  \<or> map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>')" 
+  shows    "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, s\<rangle> \<Down> v \<Longrightarrow> 
+              free_var_expr e \<inter> ((dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) \<union> (dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>')))) = {} 
+              \<Longrightarrow> A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>e, s\<rangle> \<Down> v" and
+           "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>es, s\<rangle> [\<Down>] vs \<Longrightarrow>
+              \<Union> {free_var_expr e' | e'. e' \<in> set es} \<inter> ((dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) \<union> (dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>')))) = {} 
+              \<Longrightarrow> A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>es, s\<rangle> [\<Down>] vs"
+  using assms
+proof (induction rule: red_expr_red_exprs.inducts)
+  case (RedVar n_s x v \<Omega>)
+  then show ?case
+  proof (cases "map_of (snd \<Lambda>') \<subseteq>\<^sub>m map_of (snd \<Lambda>)")
+    case True
+    have "free_var_expr (Var x) \<inter> (dom (map_of (snd \<Lambda>)) - (dom (map_of (snd \<Lambda>')))) = {}"
+      using RedVar.prems(1)
+      by blast
+
+    hence notin: "x \<notin> (dom (map_of (snd \<Lambda>)) - (dom (map_of (snd \<Lambda>'))))"
+      using Int_Un_eq(2) RedVar.prems(1) by auto
+
+    have "lookup_var \<Lambda>' n_s x = lookup_var \<Lambda> n_s x"
+      apply (rule lookup_var_map_le_local)
+      using True notin by auto
+
+    then show ?thesis
+      by (simp add: RedVar.IH red_expr_red_exprs.RedVar)
+  next
+    case False
+
+    have "free_var_expr (Var x) \<inter> (dom (map_of (snd \<Lambda>')) - (dom (map_of (snd \<Lambda>)))) = {}"
+      using RedVar.prems(1)
+      by blast
+
+    hence notin: "x \<notin> (dom (map_of (snd \<Lambda>')) - (dom (map_of (snd \<Lambda>))))"
+      by simp
+
+    have "lookup_var \<Lambda>' n_s x = lookup_var \<Lambda> n_s x"
+      apply (rule lookup_var_map_le_local)
+      using False notin assms(2) by blast
+
+    then show ?thesis
+      by (simp add: RedVar.IH red_expr_red_exprs.RedVar)
+  qed
+next
+  case (RedBVar n_s i v \<Omega>)
+  then show ?case
+    by (simp add: red_expr_red_exprs.RedBVar)
+next
+  case (RedLit \<Omega> v n_s)
+  then show ?case
+    by (simp add: red_expr_red_exprs.RedLit)
+next
+  case (RedBinOp \<Omega> e1 n_s v1 e2 v2 bop v)
+
+
+  have v1: "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>e1,n_s\<rangle> \<Down> v1"
+    by (metis (no_types, lifting) Diff_Compl Int_Diff Int_empty_right RedBinOp.IH(2) RedBinOp.prems(1) RedBinOp.prems(3) Un_Int_eq(3) assms(1) free_var_expr.simps(5))
+
+  have v2: "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>e2,n_s\<rangle> \<Down> v2"
+    using RedBinOp.IH(4) RedBinOp.prems(1) RedBinOp.prems(3) assms(1) free_var_expr.simps(5) by blast
+  show ?case
+    using v1 v2
+    using RedBinOp.hyps red_expr_red_exprs.RedBinOp by blast
+next
+  case (RedUnOp \<Omega> e n_s v uop v')
+  then show ?case
+    by (simp add: red_expr_red_exprs.RedUnOp)
+next
+  case (RedFunOp f f_interp \<Omega> args n_s v_args ty_args v)
+
+
+  have "\<Union> {free_var_expr e' |e'. e' \<in> set args} \<inter> ((dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) \<union> (dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>')))) = {}"
+    using RedFunOp.prems(1) free_var_expr.simps(6)
+    by blast
+
+  hence "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>args, n_s\<rangle> [\<Down>] v_args"
+    by (simp add: RedFunOp.IH(3) RedFunOp.prems(3) assms(1))
+
+  then show ?case
+    using RedFunOp
+    by (simp add: red_expr_red_exprs.RedFunOp)
+next
+(*case (RedCondExpTrue \<Omega> cond n_s thn v els)
+  then show ?case sorry
+next
+  case (RedCondExpFalse \<Omega> cond n_s els v thn)
+  then show ?case sorry
+next *)
+  case (RedOld \<Omega> e n_s v)
+  then show ?case
+    by (simp add: red_expr_red_exprs.RedOld)
+next
+  case (RedExpListNil \<Omega> n_s)
+  then show ?case
+    by (meson red_expr_red_exprs.RedExpListNil)
+next
+  case (RedExpListCons \<Omega> e n_s v es vs)
+
+  have free_var_e: "free_var_expr e \<inter> ((dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) \<union> (dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>')))) = {}"
+    using RedExpListCons.prems(1) by auto
+
+  then have expr: "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>e,n_s\<rangle> \<Down> v"
+    by (simp add: RedExpListCons.IH(2) RedExpListCons.prems(3) assms(1))
+
+  have "\<Union> {free_var_expr e' |e'. e' \<in> set es} \<subseteq> \<Union> {free_var_expr e' |e'. e' \<in> set (e # es)}"
+    by auto
+
+  then have "\<Union> {free_var_expr e' |e'. e' \<in> set es} \<inter> ((dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) \<union> (dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>')))) = {}"
+    using RedExpListCons.prems(1) boolean_algebra_cancel.inf1 inf.absorb_iff1 inf_bot_right by blast
+
+  then have expr: "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>es,n_s\<rangle> [\<Down>] vs"
+    by (simp add: RedExpListCons.IH(4) RedExpListCons.prems(3) assms(1))
+  then show ?case
+    using expr
+    by (simp add: RedExpListCons.IH(2) RedExpListCons.prems(3) assms(1) free_var_e red_expr_red_exprs.RedExpListCons)
+next
+  case (RedForAllTrue \<Omega> ty e n_s)
+  then show ?case
+    by (simp add: red_expr_red_exprs.RedForAllTrue)
+next
+  case (RedForAllFalse v \<Omega> ty e n_s)
+  then show ?case
+    using free_var_expr.simps(8) red_expr_red_exprs.RedForAllFalse by blast
+next
+  case (RedExistsTrue v \<Omega> ty e n_s)
+  then show ?case
+    using free_var_expr.simps(9) red_expr_red_exprs.RedExistsTrue by blast
+next
+  case (RedExistsFalse \<Omega> ty e n_s)
+  then show ?case
+    by (simp add: red_expr_red_exprs.RedExistsFalse)
+next
+  case (RedForallT_True \<Omega> e n_s)
+  then show ?case
+    by (simp add: inf_set_def red_expr_red_exprs.RedForallT_True)
+next
+  case (RedForallT_False \<tau> \<Omega> e n_s)
+  then show ?case
+    by (simp add: red_expr_red_exprs.RedForallT_False)
+next
+  case (RedExistsT_True \<tau> \<Omega> e n_s)
+  then show ?case
+    by (simp add: red_expr_red_exprs.RedExistsT_True)
+next
+  case (RedExistsT_False \<Omega> e n_s)
+  then show ?case
+    by (simp add: red_expr_red_exprs.RedExistsT_False)
+qed
+
+
+
+lemma expr_sat_locals_same_value:
+  assumes ExprSat: "fst \<Lambda> = fst \<Lambda>'" and
+                   "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>') \<and> free_var_expr e \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {}) 
+                    \<or> (map_of (snd \<Lambda>') \<subseteq>\<^sub>m map_of (snd \<Lambda>) \<and> free_var_expr e \<inter> ((dom (map_of (snd \<Lambda>))) - (dom (map_of (snd \<Lambda>')))) = {})" 
+                   "expr_sat A \<Lambda> \<Gamma> \<Omega> s e"
+                 shows "expr_sat A \<Lambda>' \<Gamma> \<Omega> s e"
+  unfolding expr_sat_def
+  apply (rule expr_eval_different_locals_same_value[where ?\<Lambda> = "\<Lambda>"])
+     apply (simp add: ExprSat)
+  using assms(2) apply auto[1]
+  using assms(3) expr_sat_def apply blast
+  by (metis Diff_eq_empty_iff Int_Un_distrib Int_empty_right Un_empty_right assms(2) map_le_implies_dom_le)
+  
+
+
+
+
+
+
+
+
+lemma expr_sat_dead_variables:
+  assumes ExprSat: "expr_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> 
+                   ns expr" and
+          NoDeadVariables: "(map_of (proc_args proc @ locals @ proc_rets proc) \<subseteq>\<^sub>m map_of (proc_args proc @ locals' @ proc_rets proc) \<and> free_var_expr expr \<inter> (dom (map_of (proc_args proc @ locals' @ proc_rets proc))) - (dom (map_of (proc_args proc @ locals @ proc_rets proc))) = {}) 
+                           \<or> (map_of (proc_args proc @ locals' @ proc_rets proc) \<subseteq>\<^sub>m map_of (proc_args proc @ locals @ proc_rets proc) \<and> free_var_expr expr \<inter> (dom (map_of (proc_args proc @ locals @ proc_rets proc))) - (dom (map_of (proc_args proc @ locals' @ proc_rets proc))) = {})"
+
+shows "expr_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega> ns expr"
+  apply (rule expr_sat_locals_same_value[where ?\<Lambda> = "(constants @ global_vars, proc_args proc @ locals @ proc_rets proc)"])
+    apply simp
+  using NoDeadVariables
+   apply simp
+  using ExprSat by auto
+
+
+
+
+  
+
+
+lemma expr_list_sat_dead_variables:
+  assumes ExprSat: "expr_all_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> ns expr_list" and
+          MapLocal: "(map_of locals \<subseteq>\<^sub>m map_of locals' \<and> dom (map_of locals') \<inter> dom (map_of (proc_rets proc)) = {} \<and> free_var_exprlist expr_list \<inter> (dom (map_of (locals'))) - (dom (map_of (locals))) = {}) 
+                     \<or> (map_of locals' \<subseteq>\<^sub>m map_of locals \<and> dom (map_of locals) \<inter> dom (map_of (proc_rets proc)) = {} \<and> free_var_exprlist expr_list \<inter> (dom (map_of (locals))) - (dom (map_of (locals'))) = {})"
+
+shows "expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega> ns expr_list"
+  unfolding expr_all_sat_def list_all_def Ball_def
+proof (rule allI | rule impI)+
+  fix x
+  assume "x \<in> set (expr_list)"
+  show "expr_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega>
+          ns x"
+  proof (cases "map_of locals \<subseteq>\<^sub>m map_of locals'")
+    case True
+    have "dom (map_of locals') \<inter> dom (map_of (proc_rets proc)) = {}"
+      by (metis MapLocal True map_le_antisym)
+
+    have freeVarList: "free_var_exprlist expr_list \<inter> (dom (map_of (locals'))) - (dom (map_of (locals))) = {}"
+      by (metis MapLocal True map_le_antisym)
+
+    hence "free_var_exprlist expr_list \<inter> (dom (map_of (proc_args proc @ locals' @ proc_rets proc))) - (dom (map_of (proc_args proc @ locals @ proc_rets proc))) = {}"
+      by auto
+
+    hence freeVar: "free_var_expr x \<inter> (dom (map_of (proc_args proc @ locals' @ proc_rets proc))) - (dom (map_of (proc_args proc @ locals @ proc_rets proc))) = {}"
+      using \<open>x \<in> set expr_list\<close> free_var_exprlist.simps
+      by (simp add: Int_Diff Sup_inf_eq_bot_iff) 
+
+
+    have exprSat: "expr_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> ns x"
+      using ExprSat
+      unfolding expr_all_sat_def list_all_def Ball_def
+      by (simp add: \<open>x \<in> set expr_list\<close>)
 
-term "global_data.fdecls"
+    have MapLe: "map_of (proc_args proc @ locals @ proc_rets proc) \<subseteq>\<^sub>m map_of (proc_args proc @ locals' @ proc_rets proc)"
+      by (metis MapLocal True map_le_antisym map_le_append_pre_post)
+    
+    
+    show ?thesis
+      apply (rule expr_sat_dead_variables)
+       apply (rule exprSat)
+      using MapLe freeVar by blast
+  next
+    case False
+
+    have exprSat: "expr_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> ns x"
+       using ExprSat
+       unfolding expr_all_sat_def list_all_def Ball_def
+       by (simp add: \<open>x \<in> set expr_list\<close>)
+    have map_of: "map_of (proc_args proc @ locals' @ proc_rets proc) \<subseteq>\<^sub>m map_of (proc_args proc @ locals @ proc_rets proc)"
+      using False MapLocal map_le_append_pre_post by blast
+
+    have domain: "dom (map_of locals) \<inter> dom (map_of (proc_rets proc)) = {}"
+      using False MapLocal by auto
+
+    have freeVarList: "free_var_exprlist expr_list \<inter> (dom (map_of (locals))) - (dom (map_of (locals'))) = {}"
+      by (metis MapLocal False)
+
+    hence "free_var_exprlist expr_list \<inter> (dom (map_of (proc_args proc @ locals @ proc_rets proc))) - (dom (map_of (proc_args proc @ locals' @ proc_rets proc))) = {}"
+      by auto
+
+    hence freeVar: "free_var_expr x \<inter> (dom (map_of (proc_args proc @ locals @ proc_rets proc))) - (dom (map_of (proc_args proc @ locals' @ proc_rets proc))) = {}"
+      using \<open>x \<in> set expr_list\<close> free_var_exprlist.simps
+      by (simp add: Int_Diff Union_disjoint)
+
+
+    show ?thesis 
+      apply (rule expr_sat_dead_variables[where ?locals = "locals"])
+       apply (rule exprSat)
+      using map_of freeVar by blast
+  qed
+qed
+
+lemma dom_diff_empty: 
+  assumes "A \<subseteq> B"
+  shows "A - B = {}"
+  by (simp add: assms)
+
+lemma red_cfg_dead_variables_cmd:
+  assumes "A,[],\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s'" and
+          "fst \<Lambda> = fst \<Lambda>'" and
+          MapLocal: "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>'))" and
+          "free_var_cmd c \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {}" and
+          WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl \<Lambda>' x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {} "
+        shows "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s'"
+  using assms
+proof (induction rule: red_cmd.inducts)
+  case (RedAssertOk e n_s)
+  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e,n_s\<rangle> \<Down> BoolV True"
+    apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
+    apply (simp add: assms(2))
+    apply (simp add: RedAssertOk.prems(2))
+    apply (simp add: RedAssertOk.hyps)
+    by (metis Diff_mono RedAssertOk.prems(2) RedAssertOk.prems(3) Un_absorb1 free_var_cmd.simps(1) map_le_implies_dom_le)
+  then show ?case
+    by (meson red_cmd.RedAssertOk)
+next
+  case (RedAssertFail e n_s)
+  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e,n_s\<rangle> \<Down> BoolV False"
+    apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
+    apply (simp add: assms(2))
+    apply (simp add: RedAssertFail.prems(2))
+    apply (simp add: RedAssertFail.hyps)
+    by (metis Diff_mono RedAssertFail.prems(2) RedAssertFail.prems(3) Un_absorb1 free_var_cmd.simps(1) map_le_implies_dom_le)
+  then show ?case
+    by (meson red_cmd.RedAssertFail)
+next
+  case (RedAssumeOk e n_s)
+  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e,n_s\<rangle> \<Down> BoolV True"
+    apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
+    apply (simp add: assms(2))
+    apply (simp add: RedAssumeOk.prems(2))
+    apply (simp add: RedAssumeOk.hyps)
+    by (metis Diff_eq_empty_iff RedAssumeOk.prems(2) RedAssumeOk.prems(3) boolean_algebra.disj_zero_right free_var_cmd.simps(2) map_le_implies_dom_le sup_commute)
+  then show ?case
+    by (meson red_cmd.RedAssumeOk)
+next
+  case (RedAssumeMagic e n_s)
+  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e,n_s\<rangle> \<Down> BoolV False"
+    apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
+    apply (simp add: assms(2))
+    apply (simp add: RedAssumeMagic.prems(2))
+    apply (simp add: RedAssumeMagic.hyps)
+    by (metis Diff_eq_empty_iff RedAssumeMagic.prems(2) RedAssumeMagic.prems(3) boolean_algebra.disj_zero_right free_var_cmd.simps(2) map_le_implies_dom_le sup_commute)
+  then show ?case
+    by (meson red_cmd.RedAssumeMagic)
+next
+  case (RedAssign x ty v e n_s)
+  hence "x \<notin> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>)))"
+    by simp
+
+  hence "lookup_var_ty \<Lambda> x  = lookup_var_ty \<Lambda>' x"
+    unfolding lookup_var_ty_def lookup_var_decl_def
+    using assms
+    by (metis (no_types, lifting) DiffI domIff map_le_def)
+
+    
+  then have lookupEq: "lookup_var_ty \<Lambda> x = Some ty"
+    by (simp add: RedAssign.hyps(1))
+
+  have otherDirEmpty: "(dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>'))) = {}"
+    apply (rule dom_diff_empty)
+    using assms
+    by (simp add: map_le_implies_dom_le)
+
+  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<rangle> \<Down> v"
+    apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
+    apply (simp add: assms(2))
+    apply (simp add: RedAssign.prems(2))
+    apply (simp add: RedAssign.hyps)
+    using RedAssign(6) MapLocal
+    unfolding free_var_cmd.simps
+    by (metis Int_Un_eq(2) Int_commute otherDirEmpty disjoint_insert(2) insert_is_Un)
+
+
+  then have step: "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Assign x e,Normal n_s\<rangle> \<rightarrow> Normal (update_var \<Lambda> n_s x v)"
+    using lookupEq RedAssign.hyps(2) RedAssign
+    by (meson red_cmd.RedAssign)
+
+  have "(update_var \<Lambda> n_s x v) = (update_var \<Lambda>' n_s x v)"
+    unfolding update_var_def
+    using assms
+    by (smt (verit) Int_iff RedAssign.prems(3) Un_Diff_Int Un_iff domIff free_var_cmd.simps(3) insertCI insert_absorb insert_not_empty map_le_def)
+  then show ?case
+    using step by auto
+next
+  case (RedHavocNormal x ty w v n_s)
+
+  hence "x \<notin> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>)))"
+    by simp
+
+  hence lookupVarEq: "lookup_var_decl \<Lambda> x = lookup_var_decl \<Lambda>' x"
+    unfolding lookup_var_ty_def lookup_var_decl_def
+    using assms
+    by (metis (no_types, lifting) Diff_iff domIff map_le_def)
+
+  have otherDirEmpty: "(dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>'))) = {}"
+    apply (rule dom_diff_empty)
+    using assms
+    by (simp add: map_le_implies_dom_le)
+
+  have updVarEq:"(update_var \<Lambda> n_s x v) = (update_var \<Lambda>' n_s x v)"
+    unfolding update_var_def
+    using assms
+    by (smt (verit) Diff_Diff_Int Int_Diff Int_Diff_disjoint Int_insert_left RedHavocNormal.prems(3) Un_Diff_Int domIff free_var_cmd.simps(4) insert_disjoint(1) map_le_def)
+
+  have step: "\<And>cond. w = Some cond \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond, (update_var \<Lambda> n_s x v)\<rangle> \<Down> BoolV True"
+  proof -
+    fix cond
+    assume "w = Some cond"
+    hence "free_var_expr cond \<inter> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) = {}"
+      using RedHavocNormal.hyps(1) WhereClausesFreeVars by auto
+    show "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond, (update_var \<Lambda> n_s x v)\<rangle> \<Down> BoolV True"
+      apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
+      apply (simp add: assms(2))
+      apply (simp add: RedHavocNormal.prems(2))
+      using RedHavocNormal.hyps(3)[OF \<open>w = Some cond\<close>]
+      apply (simp add: updVarEq)
+      by (simp add: \<open>free_var_expr cond \<inter> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) = {}\<close> otherDirEmpty)
+  qed
+
+
+  have "(update_var \<Lambda> n_s x v) = (update_var \<Lambda>' n_s x v)"
+    unfolding update_var_def
+    using assms
+    by (smt (verit) Diff_Diff_Int Diff_disjoint Diff_empty Diff_insert Diff_triv Int_insert_left Int_insert_right RedHavocNormal.hyps(1) RedHavocNormal.prems(2) RedHavocNormal.prems(3) domIff free_var_cmd.simps(4) insert_Diff_if insert_Diff_single insert_disjoint(1) insert_dom insert_inter_insert lookup_var_decl_local_2 map_le_def)
+
+
+  then show ?case
+    using updVarEq RedHavocNormal
+    by (metis local.step lookupVarEq red_cmd.RedHavocNormal)
+next
+  case (RedHavocMagic x ty cond v n_s)
+  have temp1: "lookup_var_decl \<Lambda> x = Some (ty,Some(cond))"
+    unfolding lookup_var_ty_def lookup_var_decl_def
+    using assms
+    by (metis (no_types, lifting) Int_Diff Int_insert_left_if1 RedHavocMagic.hyps(1) RedHavocMagic.prems(3) domIff free_var_cmd.simps(4) insert_Diff_if insert_not_empty lookup_var_decl_def map_le_def)
+
+  have updateEqual: "(update_var \<Lambda> n_s x v) = (update_var \<Lambda>' n_s x v)"
+    unfolding update_var_def
+    using assms
+    by (smt (verit) Diff_Diff_Int Diff_disjoint Diff_empty Diff_insert Diff_triv Int_insert_left Int_insert_right RedHavocMagic.hyps(1) RedHavocMagic.prems(2) RedHavocMagic.prems(3) domIff free_var_cmd.simps(4) insert_Diff_if insert_Diff_single insert_disjoint(1) insert_dom insert_inter_insert lookup_var_decl_local_2 map_le_def)
+
+  have otherDirEmpty: "(dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>'))) = {}"
+    apply (rule dom_diff_empty)
+    using assms
+    by (simp add: map_le_implies_dom_le)
+  
+  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond, (update_var \<Lambda> n_s x v)\<rangle> \<Down> BoolV False"
+    apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
+    apply (simp add: assms(2))
+    apply (simp add: RedHavocMagic.prems(2))
+    using updateEqual RedHavocMagic.hyps(3) apply simp
+    using assms RedHavocMagic otherDirEmpty
+    by (metis Int_Un_eq(2) snd_eqD)
+
+    
+  then show ?case 
+    using RedHavocMagic.hyps(2) red_cmd.RedHavocMagic temp1 by blast
+next
+  case (RedProcCallOkAndMagic m msig args n_s v_args pre_ls new_ls ty_modifs vs_modifs vs_ret post_ls post_gs post_state post_success post_fail n_s' rets)
+  then show ?case 
+    by simp
+next
+  case (RedProcCallFail m msig args n_s v_args pre_ls new_ls rets)
+  then show ?case 
+    by simp
+next
+  case (RedPropagateMagic s)
+  then show ?case
+    by (simp add: red_cmd.RedPropagateMagic)
+next
+  case (RedPropagateFailure s)
+  then show ?case
+    by (simp add: red_cmd.RedPropagateFailure)
+qed
+  
+
+lemma red_cfg_dead_variables_cmdlist:
+assumes "A,[],\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s\<rangle> [\<rightarrow>] s'" and
+        "fst \<Lambda> = fst \<Lambda>'" and
+        MapLocal: "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>'))" and 
+        "free_var_cmdlist cs \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {}" and 
+        WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl \<Lambda>' x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {} "
+      shows "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s\<rangle> [\<rightarrow>] s'"
+  using assms
+proof (induction rule: red_cmd_list.inducts)
+  case (RedCmdListNil s)
+  then show ?case
+    by (meson red_cmd_list.RedCmdListNil)
+next
+  case (RedCmdListCons c s s'' cs s')
+
+  then have oneStep: "A,[],\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s''"
+    by (metis Diff_cancel Int_empty_right map_le_refl red_cfg_dead_variables_cmd)
+
+
+  have freeVarCmdList: "free_var_cmdlist cs \<inter> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) = {}"
+    using RedCmdListCons.prems(3)
+    unfolding free_var_cmdlist.simps
+    by auto
+
+  have freeVarCmd: "free_var_cmd c \<inter> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) = {}"
+    using RedCmdListCons.prems(3)
+    unfolding free_var_cmdlist.simps
+    by auto
+
+  have oneStepCmd: "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s''"
+    by (rule red_cfg_dead_variables_cmd[OF oneStep assms(2) assms(3) freeVarCmd WhereClausesFreeVars])
+
+
+
+  have "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s''\<rangle> [\<rightarrow>] s'"
+    using RedCmdListCons(3) freeVarCmdList assms(2) MapLocal WhereClausesFreeVars
+    sorry (*Why doesn't this hold trivially? Shouldn't it directly follow from the implication?*)
+
+  
+    
+  then show ?case
+    using RedCmdListCons.IH RedCmdListCons.prems(2) RedCmdListCons.prems(3) assms(2) red_cmd_list.RedCmdListCons oneStepCmd by blast
+qed
+
+lemma red_cfg_dead_variables_cmdlist_onestep:
+  assumes oneStep: "A,[],\<Lambda>',\<Gamma>,\<Omega>,body \<turnstile>(Inl m, Normal ns) -n\<rightarrow> (m', s')" and
+          fstEq: "fst \<Lambda> = fst \<Lambda>'" and
+          MapLocal: "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>'))" and
+          NoDeadVariables: "free_var_cmdlist (node_to_block body ! m) \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {}" and
+          WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl \<Lambda>' x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {} "
+        shows   "A,[],\<Lambda>,\<Gamma>,\<Omega>,body \<turnstile>(Inl m, Normal ns) -n\<rightarrow> (m', s')"
+  using assms
+proof cases
+  case (RedNormalSucc cs ns' n')
+  have "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns'"
+    apply (rule red_cfg_dead_variables_cmdlist[OF RedNormalSucc(4) fstEq MapLocal _ WhereClausesFreeVars])
+    using NoDeadVariables local.RedNormalSucc(3) by auto
+
+  then show ?thesis
+    using local.RedNormalSucc(1) local.RedNormalSucc(2) local.RedNormalSucc(3) local.RedNormalSucc(5) red_cfg.RedNormalSucc by blast
+next
+  case (RedNormalReturn cs ns')
+  have "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns'"
+    apply (rule red_cfg_dead_variables_cmdlist[OF RedNormalReturn(4) fstEq MapLocal _ WhereClausesFreeVars])
+    using NoDeadVariables local.RedNormalReturn(3) by auto
+
+  then show ?thesis
+    using local.RedNormalReturn(1) local.RedNormalReturn(2) local.RedNormalReturn(3) local.RedNormalReturn(5) red_cfg.RedNormalReturn by blast
+next
+  case (RedFailure cs)
+  have "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Failure"
+    apply (rule red_cfg_dead_variables_cmdlist[OF RedFailure(4) fstEq MapLocal _ WhereClausesFreeVars])
+    using NoDeadVariables local.RedFailure(3) by auto
+  then show ?thesis
+    using local.RedFailure(1) local.RedFailure(2) local.RedFailure(3) red_cfg.RedFailure by blast
+next
+  case (RedMagic cs)
+  have "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Magic"
+    apply (rule red_cfg_dead_variables_cmdlist[OF RedMagic(4) fstEq MapLocal _ WhereClausesFreeVars])
+    using NoDeadVariables local.RedMagic(3) by auto
+  then show ?thesis
+    using local.RedMagic(1) local.RedMagic(2) local.RedMagic(3) red_cfg.RedMagic by blast
+qed
+
+lemma dom_map_of_append_pre_post:
+  assumes "map_of A \<subseteq>\<^sub>m map_of B" and
+          "dom (map_of A) \<inter> dom (map_of C) = {}"
+        shows "dom (map_of (D@B@C)) - dom (map_of (D@A@C)) = dom (map_of B) - dom (map_of A)"
+  using assms
+  apply (simp)
+  sorry
+
+lemma red_cfg_multi_dead_variables:
+  assumes RedCfg: "A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(Inl m, Normal ns) -n\<rightarrow>* (m', s')" and
+          MapLocal: "map_of locals \<subseteq>\<^sub>m map_of locals'" and
+          DomLocalInterRetsEmpty:   "dom (map_of locals') \<inter> dom (map_of (proc_rets proc)) = {}" and
+          NoDeadVariables: "\<forall>b\<in>set(node_to_block body). free_var_cmdlist b \<inter> (dom (map_of locals') - (dom (map_of locals))) = {}" and
+          WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc)))) - (dom (map_of (snd (constants @ global_vars, proc_args proc @ locals @ proc_rets proc))))) = {} "
+        shows   "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(Inl m, Normal ns) -n\<rightarrow>* (m', s')"
+  using RedCfg WhereClausesFreeVars NoDeadVariables
+proof (induction rule: converse_rtranclp_induct2)
+  case refl
+  then show ?case
+    by simp
+next
+  case (step a b c d)
+  have restSteps: "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(c, d) -n\<rightarrow>* (m', s')"
+    using step.IH step.prems(1) step.prems(2) by blast
+  from step show ?case
+  proof (cases)
+    case (RedNormalSucc n cs ns ns' n')
+    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      using local.RedNormalSucc(1) local.RedNormalSucc(2) step.hyps(1) by auto
+
+    have nInBody: "node_to_block body ! n \<in> set(node_to_block body)"
+      sorry
+
+
+    have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
+      apply (simp)
+      using DomLocalInterRetsEmpty MapLocal map_le_append_pre_post apply fastforce
+      using dom_map_of_append_pre_post nInBody NoDeadVariables
+      apply (smt (verit, ccfv_threshold) DomLocalInterRetsEmpty MapLocal disjoint_iff_not_equal domD domI map_le_def snd_eqD)
+      using WhereClausesFreeVars by auto
+    then show ?thesis
+      by (simp add: converse_rtranclp_into_rtranclp local.RedNormalSucc(1) local.RedNormalSucc(2) restSteps)
+  next
+    case (RedNormalReturn n cs ns ns')
+    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      using local.RedNormalReturn(1) local.RedNormalReturn(2) step.hyps(1) by auto
+
+   have nInBody: "node_to_block body ! n \<in> set(node_to_block body)"
+     sorry
+
+   have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
+      apply (simp)
+      using DomLocalInterRetsEmpty MapLocal map_le_append_pre_post apply fastforce
+      using dom_map_of_append_pre_post nInBody NoDeadVariables
+      apply (smt (verit, ccfv_threshold) DomLocalInterRetsEmpty MapLocal disjoint_iff_not_equal domD domI map_le_def snd_eqD)
+      by (meson WhereClausesFreeVars)
+    then show ?thesis
+      by (simp add: converse_rtranclp_into_rtranclp local.RedNormalReturn(1) local.RedNormalReturn(2) restSteps)
+  next
+    case (RedFailure n cs ns)
+    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      using local.RedFailure(1) local.RedFailure(2) step.hyps(1) by auto
+
+   have nInBody: "node_to_block body ! n \<in> set(node_to_block body)"
+     sorry
+
+   have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
+      apply (simp)
+      using DomLocalInterRetsEmpty MapLocal map_le_append_pre_post apply fastforce
+      using dom_map_of_append_pre_post nInBody NoDeadVariables
+      apply (smt (verit, ccfv_threshold) DomLocalInterRetsEmpty MapLocal disjoint_iff_not_equal domD domI map_le_def snd_eqD)
+      by (meson WhereClausesFreeVars)
+    then show ?thesis
+      by (simp add: converse_rtranclp_into_rtranclp local.RedFailure(1) local.RedFailure(2) restSteps)
+  next
+    case (RedMagic n cs ns)
+    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      using local.RedMagic(1) local.RedMagic(2) step.hyps(1) by auto
+
+   have nInBody: "node_to_block body ! n \<in> set(node_to_block body)"
+     sorry
+
+   have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
+      apply (simp)
+      using DomLocalInterRetsEmpty MapLocal map_le_append_pre_post apply fastforce
+      using dom_map_of_append_pre_post nInBody NoDeadVariables
+      apply (smt (verit, ccfv_threshold) DomLocalInterRetsEmpty MapLocal disjoint_iff_not_equal domD domI map_le_def snd_eqD)
+      using WhereClausesFreeVars by auto
+    then show ?thesis
+      by (simp add: converse_rtranclp_into_rtranclp local.RedMagic(1) local.RedMagic(2) restSteps)
+  qed
+qed
+
+
+
+subsection \<open>Dead variables elimination lemma\<close>
+
+lemma elimination:
+  assumes proc_cor: "proc_is_correct A fun_decls constants global_vars axioms proc Semantics.proc_body_satisfies_spec" and
+          Body1: "proc_body proc = Some (locals, body)" and
+          Body2: "proc' = proc \<lparr>proc_body := Some (locals', body)\<rparr>" and
+          LocalVariables: "map_of locals \<subseteq>\<^sub>m map_of locals'" and 
+          FreeVarPres: "free_var_exprlist (proc_all_pres proc) \<inter> dom (map_of locals') - dom (map_of locals) = {}" and
+          FreeVarPosts: "free_var_exprlist (proc_checked_posts proc) \<inter> dom (map_of locals') - dom (map_of locals) = {}" and
+          DeadVariables: "\<forall>b\<in>set(node_to_block body). free_var_cmdlist b \<inter> (dom (map_of locals') - (dom (map_of locals))) = {}" and
+                 \<comment>\<open>The following assumption is needed to lift \<^term>\<open>map_of locals \<subseteq>\<^sub>m map_of locals'\<close>
+                    to the concatenation of all variables in the local state (arguments, locals, return variables)\<close>
+          DomLocalInterRetsEmpty: "dom (map_of locals') \<inter> dom (map_of (proc_rets proc)) = {}" and
+          WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc)))) - (dom (map_of (snd (constants @ global_vars, proc_args proc @ locals @ proc_rets proc))))) = {} "
+        shows "proc_is_correct A fun_decls constants global_vars axioms proc' Semantics.proc_body_satisfies_spec"
+proof (simp add: Body2 del: proc_checked_posts.simps, (rule impI | rule allI)+)
+  fix \<Gamma> \<Omega> gs ls
+  assume  Atyp: "(\<forall>t. closed t \<longrightarrow> (\<exists>v. type_of_val A v = t)) \<and> (\<forall>v. closed (type_of_val A v))" and
+          FunWf:"fun_interp_wf A fun_decls \<Gamma>" and
+          ARenv: "list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc" and
+          WfGlobal: "state_typ_wf A \<Omega> gs (constants @ global_vars)" and
+          WfLocal: "state_typ_wf A \<Omega> ls (proc_args proc @ locals' @ proc_rets proc)" and 
+          AxSat: "axioms_sat A (constants, []) \<Gamma>
+                      \<lparr>old_global_state = Map.empty, global_state = state_restriction gs constants, local_state = Map.empty,
+                      binder_state = Map.empty\<rparr> axioms"
+  show  "proc_body_satisfies_spec A [] (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega>
+        (map fst (proc_pres proc)) (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>)) body
+        \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr>"
+    unfolding proc_body_satisfies_spec_def
+  proof ((rule impI | rule allI)+)
+    fix m' s'
+    assume ExprAllSat: "expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega>
+        \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (map fst (proc_pres proc))" and
+           GoesTo: "A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(Inl (entry body),
+                                Normal \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr>) -n\<rightarrow>* (m', s')"
+    show "valid_configuration A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega>
+        (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>)) m' s'"
+      unfolding valid_configuration_def
+    proof -
+
+      have valid_proc: "valid_configuration A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> ((proc_checked_posts proc)) m' s'"
+      proof (rule validConf [OF proc_cor Body1 Atyp FunWf ARenv WfGlobal])
+        show "state_typ_wf A \<Omega> ls (proc_args proc @ locals @ proc_rets proc)"
+          using state_typ_wf_map_le[OF WfLocal LocalVariables] DomLocalInterRetsEmpty
+          by blast
+      next
+        show "axioms_sat A (constants, []) \<Gamma> (global_to_nstate (state_restriction gs constants)) axioms"
+          using AxSat
+          by simp
+      next
+        show "expr_all_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega>
+             \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (proc_all_pres proc)"
+        proof -
+          have "expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega>
+               \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (proc_all_pres proc)"
+            using ExprAllSat
+            by simp
+
+          thus "expr_all_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega>
+             \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (proc_all_pres proc)"
+            apply (rule expr_list_sat_dead_variables)
+            using LocalVariables FreeVarPres DomLocalInterRetsEmpty by blast
+        qed
+
+      next
+        show "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(Inl (entry body), Normal
+              \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr>) -n\<rightarrow>* (m', s')"
+          by (rule red_cfg_multi_dead_variables[OF GoesTo LocalVariables DomLocalInterRetsEmpty DeadVariables WhereClausesFreeVars])
+      qed
+       
+       
+      hence notFailure: "s' \<noteq> Failure"
+        using valid_configuration_def by blast
+
+      have FinalConfig: "(is_final_config (m', s') \<longrightarrow> (\<forall>ns'. s' = Normal ns' \<longrightarrow> 
+                        expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega> ns' (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>))))" 
+            (is "?isFinal \<longrightarrow> (\<forall>ns'. ?isNormal ns' \<longrightarrow> ?Goal ns')")
+      proof ((rule impI | rule allI)+)
+        fix ns'
+        assume "?isFinal" and "?isNormal ns'" 
+        show "?Goal ns'"
+        proof -
+          
+          have EqPosts: "(proc_checked_posts proc) = (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>))"
+            sorry
+
+          have "expr_all_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> ns' (proc_checked_posts proc)"
+            using valid_proc 
+            unfolding valid_configuration_def
+            using \<open>is_final_config (m', s')\<close> \<open>s' = Normal ns'\<close> by blast
+
+
+          hence "expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega> ns' (proc_checked_posts proc)"
+            apply (rule expr_list_sat_dead_variables)
+            using LocalVariables FreeVarPosts DomLocalInterRetsEmpty by blast
+
+            
+
+          thus "expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega> ns' (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>))"
+            using EqPosts
+            by argo
+        qed
+      qed
+      thus "s' \<noteq> Failure \<and> (is_final_config (m', s') \<longrightarrow> (\<forall>ns'. s' = Normal ns' \<longrightarrow>
+            expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega> ns' (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>))))"
+        using notFailure by blast
+    qed
+  qed
+qed
 
 end
\ No newline at end of file

From 3593d6416a042c35d0b1ba0e0745f5bb9f5f6aab Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Wed, 31 May 2023 09:52:56 +0200
Subject: [PATCH 39/74] Create CfgOptimizationsLoop.thy

CFG Optimizations including loops
---
 BoogieLang/CfgOptimizationsLoop.thy | 978 ++++++++++++++++++++++++++++
 1 file changed, 978 insertions(+)
 create mode 100644 BoogieLang/CfgOptimizationsLoop.thy

diff --git a/BoogieLang/CfgOptimizationsLoop.thy b/BoogieLang/CfgOptimizationsLoop.thy
new file mode 100644
index 0000000..b6e2a68
--- /dev/null
+++ b/BoogieLang/CfgOptimizationsLoop.thy
@@ -0,0 +1,978 @@
+theory CfgOptimizationsLoop
+  imports Boogie_Lang.Semantics Boogie_Lang.Util CfgOptimizations
+begin
+
+
+
+subsection \<open>Definition loop induction hypothesis and global block Lemma for blocks in a loop\<close>
+
+definition loop_ih_optimizations
+  where "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeader LoopHeader'  m' s' j \<equiv> 
+          \<forall>j' ns1'. ((j' \<le> j) \<longrightarrow> 
+                     (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl LoopHeader, Normal ns1') -n\<rightarrow>^j' (m', s')) \<longrightarrow>
+         (\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl LoopHeader', Normal ns1') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure) \<longrightarrow>
+                     s' \<noteq> Failure)"
+
+
+
+definition global_block_lemma_loop
+  where "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead \<equiv> 
+          \<forall>m' ns s' j.  
+             (red_cfg_k_step A M \<Lambda> \<Gamma> \<Omega> G ((Inl src_block),(Normal ns)) j (m',s')) \<longrightarrow>
+             (\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl tgt_block, (Normal ns)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure) \<longrightarrow>
+             (\<forall>(LoopHead,LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead'  m' s' j) \<longrightarrow>
+             s' \<noteq> Failure"
+
+definition hybrid_block_lemma_loop
+  where "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead\<equiv> 
+          \<forall>m' ns s' j.  
+             (red_cfg_k_step A M \<Lambda> \<Gamma> \<Omega> G ((Inl src_block),(Normal ns)) j (m',s')) \<longrightarrow>
+             hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns \<longrightarrow>
+             (\<forall>(LoopHead,LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead'  m' s' j) \<longrightarrow>
+             s' \<noteq> Failure"
+
+
+subsection \<open>Helper Lemmas\<close>
+
+lemma target_verifies: 
+  assumes oneStep: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl a, Normal ns) -n\<rightarrow> (Inl b, Normal ns')" and
+          cmd: "node_to_block(G) ! a = node_to_block(G') ! c" and
+          targetVerifies: "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl c, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure)" and
+          member: "List.member (out_edges(G') ! c) d"
+        shows "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G'\<turnstile>(Inl d, Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+proof -
+  have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G'  \<turnstile> (Inl c, Normal ns) -n\<rightarrow> (Inl d, Normal ns')"
+    using oneStep cmd
+    apply (cases)
+    by (simp add: RedNormalSucc cmd member)
+
+  then show ?thesis 
+    by (meson targetVerifies converse_rtranclp_into_rtranclp)
+qed
+
+lemma one_step_not_failure:
+  assumes "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl a, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure)" and
+          "node_to_block G ! b = node_to_block G' ! a" and
+          "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl b, Normal ns) -n\<rightarrow> (c, d)"
+        shows "d \<noteq> Failure"
+  using assms(3)
+proof cases
+  case (RedNormalSucc cs ns' n')
+  then show ?thesis by auto
+next
+  case (RedNormalReturn cs ns')
+  then show ?thesis by auto
+next
+  case (RedFailure cs)
+  then show ?thesis
+    by (metis assms(1) assms(2) r_into_rtranclp red_cfg.RedFailure)
+next
+  case (RedMagic cs)
+  then show ?thesis by auto
+qed
+
+lemma hybrid_block_lemma_loop_elim:
+  assumes "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead" and
+          "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>^j (m', s')" and
+          "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns" and 
+          "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
+  shows "s' \<noteq> Failure"
+  using assms
+  unfolding hybrid_block_lemma_loop_def
+  by blast
+
+lemma loop_ih_optimizations_one_less:
+  assumes "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
+  shows "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j-1)"
+  using assms
+  unfolding loop_ih_optimizations_def
+  by (meson diff_le_self le_trans)
+
+lemma loop_ih_optimizations_more_less:
+  assumes "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j" and
+          "j' \<le> j"
+  shows "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j'"
+  using assms
+  unfolding loop_ih_optimizations_def
+  by (meson diff_le_self le_trans)
+
+
+lemma loop_global_block_subset: 
+  assumes "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsSubset" and
+          "(lsSubset) \<subseteq> (lsLoopHead)"
+     shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead"
+  using assms
+  unfolding global_block_lemma_loop_def
+  by blast
+
+lemma normal_target_verfies_show_hybrid_verifies:
+  assumes TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure" and
+          TgtCmds: "node_to_block G' ! tgt_block = tgt_cmds"
+        shows "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns"
+  unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
+proof (rule allI | rule impI)+
+  fix s1'
+  assume oneStep: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds,Normal ns\<rangle> [\<rightarrow>] s1'"
+  show "(s1' \<noteq> Failure) \<and> (\<forall>ns1'. s1' = Normal ns1' \<longrightarrow> (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow> (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow> s2' \<noteq> Failure)))"
+  proof -
+    have "s1' \<noteq> Failure"
+      using TargetVerifies
+      using RedFailure TgtCmds oneStep by blast
+    have "(\<forall>ns1'. s1' = Normal ns1' \<longrightarrow> (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow> (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow> s2' \<noteq> Failure)))"
+      by (metis (no_types, lifting) RedNormalSucc TargetVerifies TgtCmds converse_rtranclp_into_rtranclp oneStep)
+    then show ?thesis
+      using \<open>s1' \<noteq> Failure\<close> by blast
+  qed
+qed
+
+
+
+
+subsection \<open>Main Lemmas for Loops\<close>
+
+subsubsection \<open>Main Lemma 1: Shows that the Loop Global Block Lemma holds if for all successors either the global 
+              block lemma holds or there exists a pair of Loop Headers such that the Loop global block 
+              lemma holds or the successor is equal to one of the Loop Heads\<close>
+
+lemma loopBlock_global_block:
+  assumes   SuccBlocks: "out_edges G ! src_block = ls" and
+          GlobalBlockSucc: "\<forall>x\<in>set(ls).(\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList) \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))" and
+          FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
+          TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
+          SourceBlock: "node_to_block G ! src_block = src_cmds" and
+          NotCoalesced: "tgt_cmds = src_cmds"
+        shows     "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead"
+  unfolding global_block_lemma_loop_def
+proof (rule allI | rule impI)+
+  fix m' ns s' j
+  assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
+         IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j" and
+         TargetVerifies: "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure)"
+  show   "s' \<noteq> Failure "
+  proof (cases rule: relpowp_E2_2[OF k_step])
+    case 1
+    then show ?thesis 
+      by blast
+  next
+    case (2 a b m)
+    have OneStepResult: "b \<noteq> Failure"
+      apply (rule one_step_not_failure[where ?G = G and ?b = src_block and ?c = a])
+      apply (rule TargetVerifies)
+      apply (simp add: NotCoalesced SourceBlock TargetBlock)
+      by (simp add: "2"(2))
+    then show ?thesis 
+    proof (cases "b = Magic")
+      case True
+      have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(a, b) -n\<rightarrow>* (m', s')"
+        by (meson "2"(3) rtranclp_power)
+      then show ?thesis
+        using True red_cfg_magic_preserved by blast
+    next
+      case False
+      from this obtain ns1 where "b = Normal ns1"
+        using OneStepResult state.exhaust by blast
+      from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
+      proof cases
+        case (RedNormalSucc cs ns' succ)
+        have succInList: "succ \<in> set(ls)"
+          using SuccBlocks in_set_member local.RedNormalSucc(5) by force
+        have oneStepG: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns')"
+          using "2"(2) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
+        then show ?thesis
+        proof (cases "\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList")
+          case True
+          from this obtain lsSubset where subset: "lsSubset\<subseteq>lsLoopHead" and globalBlockLoop: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubset"
+            by auto
+          have steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^(j - 1) (m', s')"
+            using "2"(1) "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
+          have "\<forall>(LoopHeadG,LoopHeadG')\<in>lsSubset. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j"
+            using IH subset by auto
+          hence loopIH: "\<forall>(LoopHeadG,LoopHeadG')\<in>lsSubset. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' (j - 1)"
+            using loop_ih_optimizations_one_less
+            using case_prodI2 by blast
+          have "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+            apply (rule target_verifies[where ?c = tgt_block])
+            apply (rule oneStepG)
+            apply (simp add: NotCoalesced SourceBlock TargetBlock)
+            apply (rule TargetVerifies)
+            using succInList FunctionCorr in_set_member by fastforce
+          then show ?thesis 
+            using globalBlockLoop loopIH steps
+            unfolding global_block_lemma_loop_def
+            by simp
+        next
+          case False
+          from this obtain LoopHeadG LoopHeadG' where "succ = LoopHeadG \<and> f(succ) = LoopHeadG'" and "(LoopHeadG, LoopHeadG')\<in>lsLoopHead"
+            using GlobalBlockSucc succInList by force
+          hence SuccEqLoopHead: "succ = LoopHeadG \<and> f(succ) = LoopHeadG'"
+            using GlobalBlockSucc global_block_lemma_def succInList
+            by force
+
+          have verifies: "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+            apply (rule target_verifies[where ?c = tgt_block])
+            apply (rule oneStepG)
+            apply (simp add: NotCoalesced SourceBlock TargetBlock)
+            apply (rule TargetVerifies)
+            using succInList FunctionCorr in_set_member by fastforce
+
+          have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j"
+            using IH SuccEqLoopHead False \<open>(LoopHeadG, LoopHeadG') \<in> lsLoopHead\<close> 
+            by fastforce
+
+          then show ?thesis
+            using SuccEqLoopHead verifies
+            unfolding loop_ih_optimizations_def
+            by (metis "2"(1) "2"(3) diff_Suc_1 diff_le_self local.RedNormalSucc(1) local.RedNormalSucc(2))
+        qed
+      next
+        case (RedNormalReturn cs ns')
+        then show ?thesis
+          by (metis "2"(3) OneStepResult Pair_inject finished_remains relpowp_imp_rtranclp)
+      next
+        case (RedFailure cs)
+        then show ?thesis
+          using OneStepResult by auto
+      next
+        case (RedMagic cs)
+        then show ?thesis
+          by (simp add: False)
+      qed
+    qed
+  qed
+qed
+
+subsubsection \<open>Main Lemma 2: Shows that the Loop Global Block Lemma holds for a loop Head. 
+              Note that src_block and tgt_block are both Loop Heads in this case.\<close>
+
+
+lemma loopHead_global_block:
+  assumes SuccBlocks: "out_edges G ! src_block = ls" and
+          GlobalBlockSucc: "\<forall>x\<in>set(ls). (\<exists>lsSubsetList. lsSubsetList\<subseteq>(lsLoopHead \<union> {(src_block,tgt_block)}) \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList) \<or> (\<exists>(LoopHead, LoopHead')\<in>(lsLoopHead\<union>{(src_block,tgt_block)}). (x = LoopHead \<and> f(x) = LoopHead'))"  and
+          FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
+          TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
+          SourceBlock: "node_to_block G ! src_block = src_cmds" and
+          NotCoalesced: "tgt_cmds = src_cmds"
+        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead" 
+unfolding global_block_lemma_loop_def
+proof (rule allI | rule impI)+
+  fix m' ns s' j
+  assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
+         TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure" and
+         IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
+  show "s' \<noteq> Failure" using TargetVerifies k_step GlobalBlockSucc IH
+  proof (induction j arbitrary: ns rule: less_induct)
+    case (less j)
+    then show ?case
+    proof (cases rule: relpowp_E2_2[OF less(3)])
+      case 1
+      then show ?thesis
+        by auto
+    next
+      case (2 a b m)
+      have OneStepResult: "b \<noteq> Failure"
+        apply (rule one_step_not_failure[where ?G = G and ?b = src_block and ?c = a])
+        apply (rule less.prems(1))
+        apply (simp add: NotCoalesced SourceBlock TargetBlock)
+        by (simp add: "2"(2))
+      then show ?thesis 
+      proof (cases "b = Magic")
+        case True
+        have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(a, b) -n\<rightarrow>* (m', s')"
+          by (meson "2"(3) relpowp_imp_rtranclp)
+        then show ?thesis
+          using True red_cfg_magic_preserved by blast
+      next
+        case False
+        from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
+        proof (cases)
+          case (RedNormalSucc cs ns' succ)
+          have succInList: "succ \<in> set(ls)"
+            using SuccBlocks in_set_member local.RedNormalSucc(5) by fastforce
+
+          obtain LoopHeadG LoopHeadG' lsSubsetList where cond: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList \<or> (succ = LoopHeadG \<and> f(succ) = LoopHeadG')" and elem: "(LoopHeadG, LoopHeadG')\<in>(lsLoopHead\<union>{(src_block, tgt_block)}) \<and> lsSubsetList \<subseteq> lsLoopHead\<union>{(src_block, tgt_block)}"
+            using succInList less.prems(3)
+            by blast
+          have oneStepG: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns')"
+            using "2"(2) local.RedNormalSucc(1) local.RedNormalSucc(2)
+            by simp
+         
+          then show ?thesis
+          proof (cases "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList")
+            case True
+            have loopIHSrcTgt: "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block m' s' (j-1)"
+              unfolding loop_ih_optimizations_def
+              proof (rule allI | rule impI)+
+                fix j' ns1'
+                assume "j' \<le> j-1" and
+                       j'Step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns1') -n\<rightarrow>^j' (m', s')" and 
+                       TargetVer: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns1') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+                show "s' \<noteq> Failure"
+                  using less.IH
+                proof -
+                  have strictlySmaller: "j' < j" 
+                    using "2"(1) \<open>j' \<le> j - 1\<close> verit_comp_simplify1(3) by linarith
+                  have loopIHHolds: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j'"
+                    using less.prems(4) loop_ih_optimizations_more_less
+                    by (metis (no_types, lifting) \<open>j' \<le> j - 1\<close> case_prodD case_prodI2 loop_ih_optimizations_one_less)
+                  thus "s'\<noteq>Failure"
+                    using j'Step TargetVer less.IH strictlySmaller GlobalBlockSucc loopIHHolds
+                    by blast
+                qed
+              qed
+            have  globalBlockLoopHolds: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList"
+              using True by simp
+            have steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^(j - 1) (m', s')"
+              using "2"(1) "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by force
+            have succVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f succ), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+              apply (rule target_verifies[where ?c = tgt_block])
+              apply (rule oneStepG)
+              apply (simp add: NotCoalesced SourceBlock TargetBlock)
+              apply (simp add: less.prems(1))
+              using succInList FunctionCorr in_set_member by fastforce
+            have "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead \<union> {(src_block, tgt_block)}. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j - 1)"
+              using IH loop_ih_optimizations_one_less loopIHSrcTgt less.prems(4) Un_iff 
+              by blast
+            hence "\<forall>(LoopHead, LoopHead')\<in>lsSubsetList. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j - 1)"
+              using elem by auto
+            then show ?thesis
+              using globalBlockLoopHolds steps succVerifies
+              unfolding global_block_lemma_loop_def
+              by blast
+          next
+            case False
+            hence SuccEqLoopHead: "succ = LoopHeadG \<and> f(succ) = LoopHeadG'"
+                using cond by auto
+            then show ?thesis 
+            proof (cases "(LoopHeadG, LoopHeadG') = (src_block, tgt_block)")
+              case True
+              have srcAgain: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns') -n\<rightarrow>^(j-1) (m', s')"
+                using "2"(1) "2"(3) SuccEqLoopHead True local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
+              have TargetVerifiesAgain: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+                using TargetVerifies
+                by (metis FunctionCorr NotCoalesced Pair_inject SourceBlock SuccEqLoopHead TargetBlock True converse_rtranclp_into_rtranclp in_set_member less.prems(1) local.RedNormalSucc(3) local.RedNormalSucc(4) red_cfg.RedNormalSucc succInList)
+              have strictlySmaller: "j-1<j"
+                by (simp add: "2"(1))
+              have "\<forall>(LoopHead,LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j-1)"
+                using less(5) loop_ih_optimizations_one_less
+                by blast
+              then show ?thesis
+                using less.IH srcAgain TargetVerifiesAgain less(4) strictlySmaller
+                by presburger
+            next 
+              case False
+              hence "(LoopHeadG, LoopHeadG') \<in> (lsLoopHead)"
+                using elem by auto
+              hence loopIH: "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j"
+                using less.prems(4)
+                by fastforce
+              have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^m (m', s')"
+                using "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
+              hence stepsFromSucc: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^(j-1) (m', s')"
+                using \<open>j = Suc m\<close>
+                by simp
+              have "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f succ), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+                apply (rule target_verifies[where ?c = tgt_block])
+                apply (rule oneStepG)
+                apply (simp add: NotCoalesced SourceBlock TargetBlock)
+                apply (simp add: less.prems(1))
+                using succInList FunctionCorr in_set_member by fastforce
+              then show ?thesis
+                using stepsFromSucc loopIH SuccEqLoopHead
+                unfolding loop_ih_optimizations_def
+                by (meson diff_le_self)
+            qed
+          qed
+        next
+          case (RedNormalReturn cs ns')
+          then show ?thesis
+            by (metis "2"(3) OneStepResult finished_remains old.prod.inject relpowp_imp_rtranclp)
+        next
+          case (RedFailure cs)
+          then show ?thesis
+            by (simp add: OneStepResult)
+        next
+          case (RedMagic cs)
+          then show ?thesis
+            by (simp add: False)
+        qed
+      qed
+    qed
+  qed
+qed
+
+
+subsubsection \<open>Main Lemma 3: Reduce the set of loop heads when we know that the loop global block lemma holds\<close>
+
+text \<open>The use case for this lemma is when a loop head gets coalesced\<close>
+
+
+
+lemma loopHead_global_block_hybrid_new:
+  assumes OneSucc:"out_edges G ! src_block = [succ]" and 
+          HybridHoldsSucc: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' succ tgt_block tgt_cmds_0 (lsLoopHead\<union>{(src_block, tgt_block)})" and  
+          SrcCmds: "node_to_block G ! src_block = src_cmds" and
+          TgtCmds: "node_to_block G' ! tgt_block = tgt_cmds" and
+          CoalescedBlock: "tgt_cmds = src_cmds@tgt_cmds_0"
+        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' src_block tgt_block lsLoopHead"
+  unfolding global_block_lemma_loop_def
+proof (rule allI | rule impI)+
+  fix m' ns s' j
+  assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
+         TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure" and
+         IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
+  show "s' \<noteq> Failure" using TargetVerifies k_step IH
+  proof (induction j arbitrary: ns rule: less_induct)
+    case (less j)
+    then show ?case
+    proof (cases rule: relpowp_E2_2[OF less(3)])
+      case 1
+      then show ?thesis
+        by auto
+    next
+      case (2 a b m)
+      from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> have OneStepResult: "b \<noteq> Failure"
+        proof cases
+          case (RedNormalSucc cs ns' n')
+          then show ?thesis 
+            by simp
+        next
+          case (RedNormalReturn cs ns')
+          then show ?thesis 
+            by simp
+        next
+          case (RedFailure cs)
+          then show ?thesis
+            by (metis assms(3) assms(4) assms(5) less.prems(1) r_into_rtranclp red_cfg.RedFailure red_cmd_append_failure_preserved)
+        next
+          case (RedMagic cs)
+          then show ?thesis 
+            by simp
+        qed
+      then show ?thesis
+      proof (cases "b = Magic")
+        case True
+        have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(a, b) -n\<rightarrow>* (m', s')"
+          by (meson "2"(3) relpowp_imp_rtranclp)
+        then show ?thesis
+          using True red_cfg_magic_preserved by blast
+      next
+        case False
+        from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
+        proof cases
+          case (RedNormalSucc cs ns' n')
+          have "n' = succ"
+            by (metis OneSucc local.RedNormalSucc(5) member_rec(1) member_rec(2))
+          hence mSteps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^m (m', s')"
+            using "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by blast
+          have "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns"
+            apply (rule normal_target_verfies_show_hybrid_verifies)
+            using less.prems(1) apply blast
+            by (simp add: TgtCmds)
+
+          hence hybridTargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_0 ns'"
+            using less(2)
+            unfolding hybrid_block_lemma_target_verifies_def
+            using SrcCmds CoalescedBlock local.RedNormalSucc(3) local.RedNormalSucc(4) red_cmd_list_append by blast
+          have loopIH: "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block m' s' m"
+            unfolding loop_ih_optimizations_def
+          proof (rule allI | rule impI)+
+            fix j' ns1'
+            assume "j'\<le>m" and
+                   steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns1') -n\<rightarrow>^j' (m', s')" and
+                   TarVer: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns1') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+            show "s' \<noteq> Failure"
+              using less.IH
+            proof -
+              have strictlySmaller:"j'<j"
+                using "2"(1) \<open>j' \<le> m\<close> by auto
+              have "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j'"
+                using loop_ih_optimizations_more_less less(4)
+                by (metis (no_types, lifting) \<open>j' < j\<close> case_prodD case_prodI2 order_less_imp_le)
+              thus "s' \<noteq> Failure"
+                using strictlySmaller TarVer steps less.IH
+                by blast
+            qed
+          qed
+          have "m\<le>j"
+            by (simp add: "2"(1))
+          hence "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead \<union> {(src_block, tgt_block)}.loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m"
+            using loop_ih_optimizations_more_less less(4) loopIH
+            by blast
+          then show ?thesis 
+            using HybridHoldsSucc mSteps hybridTargetVerifies
+            unfolding hybrid_block_lemma_loop_def
+            by blast
+        next
+          case (RedNormalReturn cs ns')
+          then show ?thesis 
+            by (simp add: OneSucc)
+        next
+          case (RedFailure cs)
+          then show ?thesis 
+            by (simp add: OneStepResult)
+        next
+          case (RedMagic cs)
+          then show ?thesis 
+            by (simp add: False)
+        qed
+      qed
+    qed
+  qed
+qed
+
+
+
+
+subsubsection \<open>Main Lemma 4: Shows that the Loop Hybrid Block Lemma holds if a block in a loop was coalesced\<close>
+
+lemma loopBlock_global_block_hybrid:
+assumes   SuccBlocks: "out_edges G ! src_block = ls" and
+          GlobalBlockSucc: "\<forall>x\<in>set(ls). ((global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) {}) \<or>  (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead.(global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsLoopHead) \<or> (x = LoopHead \<and> f(x) = LoopHead')))" and
+          FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
+          SourceBlock: "node_to_block G ! src_block = src_cmds" 
+shows     "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds lsLoopHead"
+unfolding hybrid_block_lemma_loop_def
+proof (rule allI | rule impI)+
+fix m' ns s' j
+assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
+IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j" and
+TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block src_cmds ns"
+show   "s' \<noteq> Failure "
+proof (cases rule: relpowp_E2_2[OF k_step])
+  case 1
+  then show ?thesis
+    by blast
+next
+  case (2 a b m)
+  from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> have OneStepResult: "b \<noteq> Failure"
+  proof cases
+    case (RedNormalSucc cs ns' n')
+    then show ?thesis by blast
+  next
+    case (RedNormalReturn cs ns')
+    then show ?thesis by blast
+  next
+    case (RedFailure cs)
+    then show ?thesis
+      using SourceBlock TargetVerifies hybrid_block_lemma_target_verifies_def by blast
+  next
+    case (RedMagic cs)
+    then show ?thesis by blast
+  qed
+  then show ?thesis 
+  proof (cases "b = Magic")
+    case True
+    have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(a, b) -n\<rightarrow>* (m', s')"
+      by (meson "2"(3) rtranclp_power)
+    then show ?thesis
+      using True red_cfg_magic_preserved by blast
+  next
+    case False
+    from this obtain ns1 where "b = Normal ns1"
+      using OneStepResult state.exhaust by blast
+    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
+    proof cases
+      case (RedNormalSucc cs ns' succ)
+      have succInList: "succ \<in> set(ls)"
+        using SuccBlocks in_set_member local.RedNormalSucc(5) by force
+      have oneStepG: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns')"
+        using "2"(2) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
+      then show ?thesis 
+      proof (cases "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) {}")
+        case True
+        have transCl: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>* (m', s')"
+          by (metis "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) relpowp_imp_rtranclp)
+
+        have "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+          using GlobalBlockSucc TargetVerifies
+          unfolding hybrid_block_lemma_target_verifies_def global_block_lemma_def hybrid_block_lemma_target_succ_verifies_def
+          by (metis (mono_tags, lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
+
+        then show ?thesis
+          using True transCl
+          unfolding global_block_lemma_loop_def
+          using "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by blast
+      next
+        case False
+        from this obtain LoopHeadG LoopHeadG' where cond: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsLoopHead \<or> (succ = LoopHeadG \<and> f(succ) = LoopHeadG')" and inList: "(LoopHeadG, LoopHeadG')\<in>lsLoopHead"
+          using GlobalBlockSucc case_prodE succInList by fastforce
+        then show ?thesis
+        proof (cases "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsLoopHead")
+          case True
+          have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j"
+            using IH inList
+            by blast 
+          hence "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' (j - 1)"
+            using IH
+            unfolding loop_ih_optimizations_def
+            by (meson less_imp_diff_less linorder_not_less)
+
+          have loopIH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j - 1)"
+            using IH loop_ih_optimizations_one_less
+            by blast
+
+          have steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^(j - 1) (m', s')"
+            using "2"(1) "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
+
+          have "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+            using GlobalBlockSucc TargetVerifies
+            unfolding hybrid_block_lemma_target_verifies_def global_block_lemma_def hybrid_block_lemma_target_succ_verifies_def
+            by (metis (no_types, opaque_lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
+          then show ?thesis
+            using True loopIH steps
+            unfolding global_block_lemma_loop_def
+            by presburger
+        next
+          case False
+          hence SuccEqLoopHead: "succ = LoopHeadG \<and> f(succ) = LoopHeadG'"
+            using GlobalBlockSucc global_block_lemma_def succInList cond 
+            by force
+
+          have verifies: "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+            using GlobalBlockSucc TargetVerifies
+            unfolding hybrid_block_lemma_target_verifies_def global_block_lemma_def hybrid_block_lemma_target_succ_verifies_def
+            by (metis (mono_tags, lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
+
+         have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j"
+            using IH inList
+            by fastforce
+
+          then show ?thesis
+            using SuccEqLoopHead verifies
+            unfolding loop_ih_optimizations_def
+            by (metis "2"(1) "2"(3) diff_Suc_1 diff_le_self local.RedNormalSucc(1) local.RedNormalSucc(2))
+        qed
+      qed
+    next
+      case (RedNormalReturn cs ns')
+      then show ?thesis
+        by (metis "2"(3) OneStepResult Pair_inject finished_remains relpowp_imp_rtranclp)
+    next
+      case (RedFailure cs)
+      then show ?thesis 
+        by (simp add: OneStepResult)
+    next
+      case (RedMagic cs)
+      then show ?thesis
+        by (simp add: False)
+    qed
+  qed
+qed
+qed
+
+
+
+subsubsection \<open>Main lemma 5 (extending hybrid global block lemmas for loops)\<close>
+
+text \<open>The following lemma shows that given the loop hybrid global block lemma for block i, we can construct
+the loop hybrid block lemma for block i-1. Below the suffix 1 is used for i and 0 is used for i-1.\<close>
+
+lemma extend_hybrid_global_block_lemma_loop:
+ assumes 
+      NextGlobal: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block_1 tgt_block tgt_cmds_1 lsLoopHead" and      
+      SourceBlock: "node_to_block G ! src_block_0 = cs" and
+      SourceSucc: "out_edges G ! src_block_0 = [src_block_1]" and
+                  "tgt_cmds_0 = cs@tgt_cmds_1"
+ shows                    
+      "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block_0 tgt_block tgt_cmds_0 lsLoopHead"
+  unfolding hybrid_block_lemma_loop_def
+proof (rule allI | rule impI)+ \<comment>\<open>Here, we are applying initial proof rule to get rid of universal quantifiers and implications\<close>
+  fix m' ns s' j
+  assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block_0, Normal ns) -n\<rightarrow>^j (m', s')" and
+         TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_0 ns" and 
+         IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
+
+  show "s' \<noteq> Failure"
+  proof (cases rule: relpowp_E2_2[OF k_step])
+    case 1
+    then show ?thesis 
+      by fast
+  next
+    case (2 b s0)
+    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block_0, Normal ns) -n\<rightarrow> (b, s0)\<close>
+    have OneStepResult: "s0 \<noteq> Failure \<and> (\<forall>ns0. (s0 = Normal ns0 \<longrightarrow> b = Inl src_block_1 \<and> 
+                                                A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns0))"
+    proof cases 
+      case (RedNormalSucc cs ns' n')
+      then show ?thesis 
+        using SourceSucc SourceBlock
+        by (simp add: member_rec(1) member_rec(2))
+    next
+      case (RedNormalReturn cs ns')
+      then show ?thesis 
+        using SourceSucc
+        by simp
+    next
+      case (RedFailure cs)
+      hence "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs@tgt_cmds_1,Normal ns\<rangle> [\<rightarrow>] Failure"
+        using red_cmd_append_failure_preserved
+        by fast
+      hence False 
+        using TargetVerifies \<open> node_to_block G ! src_block_0 = cs\<close> \<open>tgt_cmds_0 = _\<close> SourceBlock
+        unfolding hybrid_block_lemma_target_verifies_def
+        by blast
+      thus ?thesis
+        by simp        
+    next
+      case (RedMagic cs)
+      then show ?thesis by auto
+    qed
+
+    
+    show ?thesis
+    proof (cases "s0 = Magic")
+      case True
+      have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(b, s0) -n\<rightarrow>* (m', s')"
+        by (meson "2"(3) relpowp_imp_rtranclp)
+      thus "s' \<noteq> Failure"
+        using red_cfg_magic_preserved[OF \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(b, s0) -n\<rightarrow>* (m', s')\<close>] True 
+        by blast     
+    next
+      case False
+      from this obtain ns0 where "s0 = Normal ns0" 
+        using OneStepResult state.exhaust by auto
+
+      hence RedBlock0:  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns0" and RedSuccBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block_1, Normal ns0) -n\<rightarrow>^(j-1) (m', s')"
+        using OneStepResult apply auto[1]
+        using "2"(1) "2"(3) OneStepResult \<open>s0 = Normal ns0\<close> by auto
+      show ?thesis
+      proof (rule hybrid_block_lemma_loop_elim[OF NextGlobal RedSuccBlock]) 
+        show "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_1 ns0"
+          unfolding hybrid_block_lemma_target_verifies_def
+        proof (rule allI, rule impI, rule conjI)
+          fix s1'
+          assume "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds_1,Normal ns0\<rangle> [\<rightarrow>] s1'"
+          with RedBlock0 have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs@tgt_cmds_1,Normal ns\<rangle> [\<rightarrow>] s1'"
+            by (simp add: red_cmd_list_append)
+          thus "s1' \<noteq> Failure"
+            using TargetVerifies \<open>tgt_cmds_0 = cs @ tgt_cmds_1\<close>
+            unfolding hybrid_block_lemma_target_verifies_def
+            by simp
+        next
+          fix s1'
+          assume "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds_1,Normal ns0\<rangle> [\<rightarrow>] s1'"
+          with RedBlock0 have RedTgtCmds0:"A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds_0 ,Normal ns\<rangle> [\<rightarrow>] s1'"
+            using \<open>tgt_cmds_0 = _\<close>
+            by (simp add: red_cmd_list_append)
+
+          
+          thus "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
+            using TargetVerifies
+            unfolding hybrid_block_lemma_target_verifies_def
+            by fast
+        qed
+        
+        show "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j-1)"
+          using IH  loop_ih_optimizations_one_less 
+          by blast
+
+      qed    
+    qed
+  qed
+qed
+
+
+subsubsection \<open>Main lemma 6 (converting loop hybrid global block lemma to normal loop global block lemma)\<close>  
+
+lemma convert_hybrid_global_block_lemma_loop:
+ assumes 
+      HybridGlobal: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead" and
+      TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds"
+ shows 
+      "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead"  
+  unfolding global_block_lemma_loop_def
+proof (rule allI | rule impI)+
+  fix m' ns s' j
+  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
+     TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure" and
+     IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
+  show "s' \<noteq> Failure"
+  proof (rule hybrid_block_lemma_loop_elim[OF HybridGlobal RedSource])  
+    show "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns"
+      unfolding hybrid_block_lemma_target_verifies_def
+    proof (rule allI, rule impI)
+      fix s1'
+      assume RedTgtCmds: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds,Normal ns\<rangle> [\<rightarrow>] s1'"
+
+      have "s1' \<noteq> Failure"
+      proof (rule ccontr)
+        assume "\<not> s1' \<noteq> Failure" 
+        hence "s1' = Failure" by simp
+        have "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (Inr (), Failure))"
+          apply (rule converse_rtranclp_into_rtranclp)
+           apply (rule RedFailure)
+            apply (rule TargetBlock)
+          using  RedTgtCmds \<open>s1' = Failure\<close>
+           apply blast
+          by simp
+        thus False
+          using TargetVerifies
+          by blast        
+      qed
+      moreover have "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
+      proof (rule hybrid_block_lemma_target_succ_verifies_intro)
+        fix ns1' tgt_succ m2' s2'
+        assume "s1' = Normal ns1'" and 
+               TargetSucc: "List.member (out_edges G' ! tgt_block) tgt_succ" and
+               RedTargetSucc: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_succ, Normal ns1') -n\<rightarrow>* (m2', s2')"
+
+        text \<open>We can construct an execution beginning from \<^term>\<open>tgt_block\<close>\<close>
+        have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m2', s2')"
+          apply (rule converse_rtranclp_into_rtranclp)
+           apply (rule RedNormalSucc) 
+             apply (rule TargetBlock)
+          using RedTgtCmds \<open>s1' = Normal ns1'\<close>
+            apply blast
+           apply (rule TargetSucc)
+          apply (rule RedTargetSucc)
+          done
+
+        thus "s2' \<noteq> Failure"
+          using TargetVerifies
+          by blast
+      qed
+
+      ultimately show 
+       "s1' \<noteq> Failure \<and> hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
+        by simp
+    qed
+
+    show "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
+      using IH by auto
+  qed
+qed
+
+subsubsection \<open>Main Lemma 7: Following Lemma shows correctness of pruning of unreachable blocks if the block was not coalesced\<close>
+
+lemma pruning_not_coalesced_loop:
+  assumes SuccBlocks: "out_edges G ! src_block = ls" and
+          TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
+          SourceBlock: "node_to_block G ! src_block = src_cmds" and
+          Pruning: "(Assume (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assert (Lit (LBool False))) \<in> set (src_cmds)" and
+          NotCoalesced: "tgt_cmds = src_cmds"
+        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block {}"
+  unfolding global_block_lemma_loop_def
+proof (rule allI | rule impI)+
+  fix m' ns s' j
+  assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
+         TargetVerifies: "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+  show "s' \<noteq> Failure"
+  proof -
+    from k_step have RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')"
+      by (simp add: relpowp_imp_rtranclp)
+    show ?thesis
+    proof (cases rule: converse_rtranclpE2[OF RedSource])
+      case 1
+      then show ?thesis
+        by blast
+    next
+      case (2 a b)
+      from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close>  show ?thesis
+      proof cases
+        case (RedNormalSucc cs ns' n')
+        have "(Assume (Lit (LBool False))) \<in> set (cs) \<or> (Assert (Lit (LBool False))) \<in> set (cs)"
+          using Pruning SourceBlock local.RedNormalSucc(3) by blast
+        then show ?thesis
+        proof (cases "(Assume (Lit (LBool False))) \<in> set (cs)")
+          case True
+          hence "b = Magic"
+            using local.RedNormalSucc(4) magic_lemma_assume_false by blast
+          then show ?thesis
+            by (simp add: local.RedNormalSucc(2))
+        next
+          case False
+          hence "b = Magic \<or> b = Failure"
+            using \<open>Assume (Lit (LBool False)) \<in> set cs \<or> Assert (Lit (LBool False)) \<in> set cs\<close> local.RedNormalSucc(4) magic_lemma_assert_false by blast
+          then show ?thesis
+            by (simp add: local.RedNormalSucc(2))
+        qed
+      next
+        case (RedNormalReturn cs ns')
+        then show ?thesis 
+          by (metis "2"(2) Pair_inject finished_remains state.distinct(1))
+      next
+        case (RedFailure cs)
+        then show ?thesis
+          by (metis NotCoalesced SourceBlock TargetBlock TargetVerifies r_into_rtranclp red_cfg.RedFailure)
+      next
+        case (RedMagic cs)
+        then show ?thesis
+          using "2"(2) red_cfg_magic_preserved by blast
+      qed
+    qed
+  qed
+qed
+
+subsubsection \<open>Main Lemma 8: Following Lemma shows correctness of pruning of unreachable blocks if the block was coalesced\<close>
+
+lemma pruning_coalesced_loop:
+  assumes TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
+          SourceBlock: "node_to_block G ! src_block = src_cmds" and
+          Pruning: "(Assert (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assume (Lit (LBool False))) \<in> set (src_cmds)" and
+          Coalesced: "tgt_cmds = cs@src_cmds"
+        shows "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds {}"
+  unfolding hybrid_block_lemma_loop_def
+
+proof (rule allI | rule impI)+
+  fix m' ns s' j
+  assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
+         TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block src_cmds ns"
+  show "s' \<noteq> Failure"
+  proof -
+    have RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')"
+      by (meson k_step rtranclp_power)
+    show ?thesis
+    proof (cases rule: converse_rtranclpE2[OF RedSource])
+      case 1
+      then show ?thesis
+        by blast
+    next
+      case (2 a b)
+      from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close>  show ?thesis
+      proof cases
+        case (RedNormalSucc cs ns' n')
+        have "(Assume (Lit (LBool False))) \<in> set (cs) \<or> (Assert (Lit (LBool False))) \<in> set (cs)"
+          using Pruning SourceBlock local.RedNormalSucc(3) by blast
+        then show ?thesis
+        proof (cases "(Assume (Lit (LBool False))) \<in> set (cs)")
+          case True
+          hence "b = Magic"
+            using local.RedNormalSucc(4) magic_lemma_assume_false by blast
+          then show ?thesis
+            by (simp add: local.RedNormalSucc(2))
+        next
+          case False
+          hence "b = Magic \<or> b = Failure"
+            using \<open>Assume (Lit (LBool False)) \<in> set cs \<or> Assert (Lit (LBool False)) \<in> set cs\<close> local.RedNormalSucc(4) magic_lemma_assert_false by blast
+          then show ?thesis
+            by (simp add: local.RedNormalSucc(2))
+        qed
+      next
+        case (RedNormalReturn cs ns')
+        then show ?thesis
+         by (metis "2"(2) Pair_inject finished_remains state.distinct(1))
+      next
+        case (RedFailure cs)
+        then show ?thesis 
+          using SourceBlock TargetVerifies hybrid_block_lemma_target_verifies_def by blast
+      next
+        case (RedMagic cs)
+        then show ?thesis 
+          using "2"(2) red_cfg_magic_preserved by blast
+      qed
+    qed
+  qed
+qed
+
+
+subsubsection \<open>Main Lemma 9: Loop Global Block with empty set is equal to normal global block lemma \<close>
+
+lemma empty_loop_global_block_eq_global_block: 
+  assumes "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block {}"
+  shows "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block"
+  using assms 
+  unfolding global_block_lemma_loop_def global_block_lemma_def
+  by (metis (no_types, lifting) ball_empty rtranclp_imp_relpowp)
+
+
+end
\ No newline at end of file

From adc52d898ee5759f834070facb2a743afaf7b834 Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Wed, 31 May 2023 09:53:47 +0200
Subject: [PATCH 40/74] Update CfgOptimizations.thy

progress dead variables elimination
---
 BoogieLang/CfgOptimizations.thy | 350 +++++++++++++++-----------------
 1 file changed, 166 insertions(+), 184 deletions(-)

diff --git a/BoogieLang/CfgOptimizations.thy b/BoogieLang/CfgOptimizations.thy
index c6bcfd6..8de6047 100644
--- a/BoogieLang/CfgOptimizations.thy
+++ b/BoogieLang/CfgOptimizations.thy
@@ -2,14 +2,6 @@ theory CfgOptimizations
   imports Boogie_Lang.Semantics Boogie_Lang.Util
 begin
 
-subsection \<open>Definition loop induction hypothesis\<close>
-
-definition loop_ih_optimizations
-  where "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeader LoopHeader'  m' s' j \<equiv> 
-          \<forall>j' ns1'. ((j' \<le> j) \<longrightarrow> 
-                     (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl LoopHeader, Normal ns1') -n\<rightarrow>^j' (m', s')) \<longrightarrow>
-         (\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl LoopHeader', Normal ns1') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure) \<longrightarrow>
-                     s' \<noteq> Failure)"
 
 subsection \<open>Global block and hybrid global block lemma definition\<close>
 
@@ -449,8 +441,8 @@ proof (rule allI | rule impI)+
     then show ?thesis
       by blast
   next
-    case (2 b s0)
-    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (b, s0)\<close> have OneStepResult: "s0 \<noteq> Failure"
+    case (2 a b)
+    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> have OneStepResult: "b \<noteq> Failure"
     proof cases
       case (RedNormalSucc cs ns' n')
       then show ?thesis
@@ -470,30 +462,19 @@ proof (rule allI | rule impI)+
     qed
 
     show ?thesis
-    proof (cases "s0 = Magic")
+    proof (cases "b = Magic")
       case True
       thus "s' \<noteq> Failure"
         using "2"(2) red_cfg_magic_preserved by blast
     next
       case False
 
-      from this obtain ns0 where "s0 = Normal ns0"
+      from this obtain ns0 where "b = Normal ns0"
         using OneStepResult state.exhaust by blast
 
-      show ?thesis
-      proof (cases "ls = []")
-        case True
-        hence "(m', s') = (Inl src_block, Normal ns) \<or> m' = Inr()"
-          by (smt (verit) "2"(1) "2"(2) SuccBlocks finished_remains no_out_edges_return old.unit.exhaust sumE)
-        then show ?thesis
-          by (smt (verit) "2"(1) "2"(2) OneStepResult Pair_inject SuccBlocks True finished_remains no_out_edges_return red_cfg.simps)
-      next
-        case False
-
-        from this obtain succ where cond: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns0)) \<and> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl succ, Normal ns0) -n\<rightarrow>* (m',s'))" 
-          by (smt (verit) "2"(1) "2"(2) Inl_inject OneStepResult Pair_inject SuccBlocks \<open>s0 = Normal ns0\<close> red_cfg.cases state.distinct(3))
-
-
+      from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
+      proof cases
+        case (RedNormalSucc cs ns' succ)
         have cond_global_block: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl (f(succ)), (Normal ns0)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
         proof (rule allI | rule impI)+
           fix m1' s1'
@@ -501,26 +482,36 @@ proof (rule allI | rule impI)+
           show "s1' \<noteq> Failure"
           proof (cases "((m1', s1') = (Inl (f succ), Normal ns0))")
             case True
-            then show ?thesis
+            then show ?thesis 
               by auto
           next
             case False
             hence "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow> (Inl (f succ), Normal ns0)"
-              by (metis FunctionCorr NotCoalesced RedNormalSucc RedNormalSucc_case SourceBlock SuccBlocks TargetBlock cond in_set_member)
+              by (metis FunctionCorr NotCoalesced SourceBlock SuccBlocks TargetBlock \<open>b = Normal ns0\<close> in_set_member local.RedNormalSucc(2) local.RedNormalSucc(3) local.RedNormalSucc(4) local.RedNormalSucc(5) red_cfg.RedNormalSucc)
             hence "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1'))"
               by (simp add: \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f succ), Normal ns0) -n\<rightarrow>* (m1', s1')\<close> converse_rtranclp_into_rtranclp)
             then show ?thesis
               by (simp add: TargetVerifies)
           qed
         qed
-
         hence "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ))"
-          by (metis GlobalBlockSucc RedNormalSucc_case SuccBlocks cond in_set_member)
-
-        thus "s'\<noteq>Failure"
-          using cond_global_block cond
+          by (metis GlobalBlockSucc SuccBlocks in_set_member local.RedNormalSucc(5))
+        then show ?thesis 
+          using cond_global_block
           unfolding global_block_lemma_def
-          by blast
+          using "2"(2) \<open>b = Normal ns0\<close> local.RedNormalSucc(1) by blast
+      next
+        case (RedNormalReturn cs ns')
+        then show ?thesis 
+          using "2"(2) finished_remains by blast
+      next
+        case (RedFailure cs)
+        then show ?thesis 
+          by (simp add: OneStepResult)
+      next
+        case (RedMagic cs)
+        then show ?thesis 
+          by (simp add: False)
       qed
     qed
   qed
@@ -544,8 +535,8 @@ proof (rule allI | rule impI)+
     case 1
     then show ?thesis by blast
   next
-    case (2 b s0)
-    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (b, s0)\<close> have OneStepResult: "s0 \<noteq> Failure"
+    case (2 a b)
+    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> have OneStepResult: "b \<noteq> Failure"
     proof cases
       case (RedNormalSucc cs ns' n')
       then show ?thesis
@@ -565,46 +556,48 @@ proof (rule allI | rule impI)+
     qed
 
     show ?thesis
-    proof (cases "s0 = Magic")
+    proof (cases "b = Magic")
       case True
       then show ?thesis
         using "2"(2) red_cfg_magic_preserved by blast
     next
       case False
-      from this obtain ns0 where "s0 = Normal ns0"
+      from this obtain ns0 where "b = Normal ns0"
         using OneStepResult state.exhaust by blast
-      show ?thesis
-      proof (cases "ls = []")
-        case True
-        hence "(m', s') = (Inl src_block, Normal ns) \<or> m' = Inr()"
-          by (smt (verit) "2"(1) "2"(2) SuccBlocks finished_remains no_out_edges_return prod.inject red_cfg.cases)
-        then show ?thesis
-          by (smt (verit) "2"(1) "2"(2) OneStepResult Pair_inject SuccBlocks True finished_remains no_out_edges_return red_cfg.cases)
-      next
-        case False
-
-        from this obtain succ where cond: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns0)) \<and> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl succ, Normal ns0) -n\<rightarrow>* (m',s'))"
-          by (smt (verit) "2"(1) "2"(2) Inl_inject Pair_inject SourceBlock SuccBlocks TargetVerifies \<open>s0 = Normal ns0\<close> hybrid_block_lemma_target_verifies_def red_cfg.simps state.distinct(3))
-
+      from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
+      proof cases
+        case (RedNormalSucc cs ns' succ)
         hence "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] Normal ns0"
-          using RedNormalSucc_case SourceBlock by blast
+          using SourceBlock \<open>b = Normal ns0\<close> by force
 
         have cond_global_block: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl (f(succ)), (Normal ns0)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
           using GlobalBlockSucc TargetVerifies
           unfolding hybrid_block_lemma_target_verifies_def global_block_lemma_def hybrid_block_lemma_target_succ_verifies_def
-          by (metis FunctionCorr RedNormalSucc_case SuccBlocks \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] Normal ns0\<close> cond in_set_member)
+          by (metis FunctionCorr SuccBlocks \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] Normal ns0\<close> in_set_member local.RedNormalSucc(5))
 
         hence "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ))"
-          by (metis GlobalBlockSucc RedNormalSucc_case SuccBlocks cond in_set_member)
+          by (metis GlobalBlockSucc SuccBlocks in_set_member local.RedNormalSucc(5))
+        then show ?thesis
+          unfolding global_block_lemma_def
+          using "2"(2) \<open>b = Normal ns0\<close> cond_global_block local.RedNormalSucc(1) by blast
+      next
+        case (RedNormalReturn cs ns')
         then show ?thesis
-          using cond global_block_lemma_def cond_global_block by blast
+          using "2"(2) finished_remains by blast
+      next
+        case (RedFailure cs)
+        then show ?thesis 
+          using OneStepResult by blast
+      next
+        case (RedMagic cs)
+        then show ?thesis 
+          by (simp add: False)
       qed
-
     qed
   qed
-
 qed
 
+
 subsubsection \<open>Main Lemma 5: Following Lemma shows correctness of pruning of unreachable blocks if the block was not coalesced\<close>
 
 lemma pruning_not_coalesced:
@@ -627,24 +620,38 @@ proof (rule allI | rule impI)+
       by blast
   next
     case (2 a b)
-    then show ?thesis
-    proof (cases "(Assume (Lit (LBool False))) \<in> set (src_cmds)")
-      case True
-      hence  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'"
-        by (smt (verit) "2"(1) "2"(2) Inl_inject Pair_inject SourceBlock converse_rtranclpE magic_lemma_assume_false red_cfg.simps state.distinct(1) state.distinct(3))
-      hence "s' = Magic"
-        using magic_lemma_assume_false
-        by (metis NotCoalesced RedFailure TargetBlock TargetVerifies True r_into_rtranclp)
+    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close>  show ?thesis
+    proof cases
+      case (RedNormalSucc cs ns' n')
+      have "(Assume (Lit (LBool False))) \<in> set (cs) \<or> (Assert (Lit (LBool False))) \<in> set (cs)"
+        using Pruning SourceBlock local.RedNormalSucc(3) by blast
+      then show ?thesis
+      proof (cases "(Assume (Lit (LBool False))) \<in> set (cs)")
+        case True
+        hence "b = Magic"
+          using local.RedNormalSucc(4) magic_lemma_assume_false by blast
+        then show ?thesis
+          by (simp add: local.RedNormalSucc(2))
+      next
+        case False
+        hence "b = Magic \<or> b = Failure"
+          using \<open>Assume (Lit (LBool False)) \<in> set cs \<or> Assert (Lit (LBool False)) \<in> set cs\<close> local.RedNormalSucc(4) magic_lemma_assert_false by blast
+        then show ?thesis
+          by (simp add: local.RedNormalSucc(2))
+      qed
+
+    next
+      case (RedNormalReturn cs ns')
       then show ?thesis 
-        by simp
+        by (metis "2"(2) Pair_inject finished_remains state.distinct(1))
     next
-      case False
-      hence "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'"
-        by (smt (verit) "2"(1) "2"(2) Inl_inject Pair_inject Pruning SourceBlock converse_rtranclpE magic_lemma_assert_false red_cfg.simps state.distinct(1) state.distinct(3))
-      hence "s' = Magic \<or> s' = Failure" using magic_lemma_assert_false False Pruning 
-        by blast
+      case (RedFailure cs)
+      then show ?thesis
+        by (metis NotCoalesced SourceBlock TargetBlock TargetVerifies r_into_rtranclp red_cfg.RedFailure)
+    next
+      case (RedMagic cs)
       then show ?thesis
-        using NotCoalesced RedFailure TargetBlock TargetVerifies \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'\<close> by blast
+        using "2"(2) red_cfg_magic_preserved by blast
     qed
   qed
 qed
@@ -670,24 +677,39 @@ proof (rule allI | rule impI)+
       by blast
   next
     case (2 a b)
-    then show ?thesis
-    proof (cases "(Assume (Lit (LBool False))) \<in> set (src_cmds)")
-      case True
-      have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'"
-        by (smt (verit) "2"(1) "2"(2) Inl_inject Pair_inject SourceBlock True converse_rtranclpE magic_lemma_assume_false red_cfg.cases state.distinct(1) state.distinct(3))
-      hence "s' = Magic"
-        using TargetVerifies True hybrid_block_lemma_target_verifies_def magic_lemma_assume_false by blast
+    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close>  show ?thesis
+    proof cases
+      case (RedNormalSucc cs ns' n')
+      have "(Assume (Lit (LBool False))) \<in> set (cs) \<or> (Assert (Lit (LBool False))) \<in> set (cs)"
+        using Pruning SourceBlock local.RedNormalSucc(3) by blast
       then show ?thesis
-        by simp
+      proof (cases "(Assume (Lit (LBool False))) \<in> set (cs)")
+        case True
+        hence "b = Magic"
+          using local.RedNormalSucc(4) magic_lemma_assume_false by blast
+        then show ?thesis
+          by (simp add: local.RedNormalSucc(2))
+      next
+        case False
+        hence "b = Magic \<or> b = Failure"
+          using \<open>Assume (Lit (LBool False)) \<in> set cs \<or> Assert (Lit (LBool False)) \<in> set cs\<close> local.RedNormalSucc(4) magic_lemma_assert_false by blast
+        then show ?thesis
+          by (simp add: local.RedNormalSucc(2))
+      qed
     next
-      case False
-      have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'"
-        by (smt (verit) "2"(1) "2"(2) False Inl_inject Pair_inject Pruning SourceBlock converse_rtranclpE magic_lemma_assert_false red_cfg.cases state.distinct(1) state.distinct(3))
-      hence "s' = Magic \<or> s' = Failure" using magic_lemma_assert_false Pruning 
-        using False by blast
-      then show ?thesis using Coalesced RedFailure TargetBlock TargetVerifies \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] s'\<close>
-        by (simp add: hybrid_block_lemma_target_verifies_def)
+      case (RedNormalReturn cs ns')
+      then show ?thesis
+        by (metis "2"(2) Pair_inject finished_remains state.distinct(1))
+    next
+      case (RedFailure cs)
+      then show ?thesis 
+        using SourceBlock TargetVerifies hybrid_block_lemma_target_verifies_def by blast
+    next
+      case (RedMagic cs)
+      then show ?thesis 
+        using "2"(2) red_cfg_magic_preserved by blast
     qed
+   
   qed
 qed
 
@@ -1129,6 +1151,8 @@ lemma dom_diff_empty:
   shows "A - B = {}"
   by (simp add: assms)
 
+
+
 lemma red_cfg_dead_variables_cmd:
   assumes "A,[],\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s'" and
           "fst \<Lambda> = fst \<Lambda>'" and
@@ -1212,8 +1236,8 @@ next
 
   have "(update_var \<Lambda> n_s x v) = (update_var \<Lambda>' n_s x v)"
     unfolding update_var_def
-    using assms
-    by (smt (verit) Int_iff RedAssign.prems(3) Un_Diff_Int Un_iff domIff free_var_cmd.simps(3) insertCI insert_absorb insert_not_empty map_le_def)
+    using assms RedAssign.prems(3) free_var_cmd.simps(3)
+    by (metis (no_types, lifting) Diff_iff \<open>x \<notin> dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))\<close> domIff map_le_def)
   then show ?case
     using step by auto
 next
@@ -1234,8 +1258,8 @@ next
 
   have updVarEq:"(update_var \<Lambda> n_s x v) = (update_var \<Lambda>' n_s x v)"
     unfolding update_var_def
-    using assms
-    by (smt (verit) Diff_Diff_Int Int_Diff Int_Diff_disjoint Int_insert_left RedHavocNormal.prems(3) Un_Diff_Int domIff free_var_cmd.simps(4) insert_disjoint(1) map_le_def)
+    using assms RedHavocNormal.prems(3) free_var_cmd.simps(3)
+    by (metis (no_types, lifting) Diff_iff \<open>x \<notin> dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))\<close> domIff map_le_def)
 
   have step: "\<And>cond. w = Some cond \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond, (update_var \<Lambda> n_s x v)\<rangle> \<Down> BoolV True"
   proof -
@@ -1253,26 +1277,22 @@ next
   qed
 
 
-  have "(update_var \<Lambda> n_s x v) = (update_var \<Lambda>' n_s x v)"
-    unfolding update_var_def
-    using assms
-    by (smt (verit) Diff_Diff_Int Diff_disjoint Diff_empty Diff_insert Diff_triv Int_insert_left Int_insert_right RedHavocNormal.hyps(1) RedHavocNormal.prems(2) RedHavocNormal.prems(3) domIff free_var_cmd.simps(4) insert_Diff_if insert_Diff_single insert_disjoint(1) insert_dom insert_inter_insert lookup_var_decl_local_2 map_le_def)
-
-
   then show ?case
     using updVarEq RedHavocNormal
     by (metis local.step lookupVarEq red_cmd.RedHavocNormal)
 next
   case (RedHavocMagic x ty cond v n_s)
-  have temp1: "lookup_var_decl \<Lambda> x = Some (ty,Some(cond))"
+  hence "x \<notin> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>)))"
+    by simp
+  have lokupVarDecl: "lookup_var_decl \<Lambda> x = Some (ty,Some(cond))"
     unfolding lookup_var_ty_def lookup_var_decl_def
     using assms
     by (metis (no_types, lifting) Int_Diff Int_insert_left_if1 RedHavocMagic.hyps(1) RedHavocMagic.prems(3) domIff free_var_cmd.simps(4) insert_Diff_if insert_not_empty lookup_var_decl_def map_le_def)
 
   have updateEqual: "(update_var \<Lambda> n_s x v) = (update_var \<Lambda>' n_s x v)"
     unfolding update_var_def
-    using assms
-    by (smt (verit) Diff_Diff_Int Diff_disjoint Diff_empty Diff_insert Diff_triv Int_insert_left Int_insert_right RedHavocMagic.hyps(1) RedHavocMagic.prems(2) RedHavocMagic.prems(3) domIff free_var_cmd.simps(4) insert_Diff_if insert_Diff_single insert_disjoint(1) insert_dom insert_inter_insert lookup_var_decl_local_2 map_le_def)
+    using assms RedHavocMagic.prems(3) free_var_cmd.simps(3)
+    by (metis (no_types, lifting) Diff_iff \<open>x \<notin> dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))\<close> domIff map_le_def)
 
   have otherDirEmpty: "(dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>'))) = {}"
     apply (rule dom_diff_empty)
@@ -1289,7 +1309,7 @@ next
 
     
   then show ?case 
-    using RedHavocMagic.hyps(2) red_cmd.RedHavocMagic temp1 by blast
+    using RedHavocMagic.hyps(2) red_cmd.RedHavocMagic lokupVarDecl by blast
 next
   case (RedProcCallOkAndMagic m msig args n_s v_args pre_ls new_ls ty_modifs vs_modifs vs_ret post_ls post_gs post_state post_success post_fail n_s' rets)
   then show ?case 
@@ -1310,47 +1330,42 @@ qed
   
 
 lemma red_cfg_dead_variables_cmdlist:
-assumes "A,[],\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s\<rangle> [\<rightarrow>] s'" and
+assumes oneStep: "A,[],\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s\<rangle> [\<rightarrow>] s'" and
         "fst \<Lambda> = fst \<Lambda>'" and
         MapLocal: "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>'))" and 
-        "free_var_cmdlist cs \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {}" and 
+        freeVarCmdList: "free_var_cmdlist cs \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {}" and 
         WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl \<Lambda>' x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {} "
       shows "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s\<rangle> [\<rightarrow>] s'"
-  using assms
+  using oneStep freeVarCmdList
 proof (induction rule: red_cmd_list.inducts)
   case (RedCmdListNil s)
   then show ?case
     by (meson red_cmd_list.RedCmdListNil)
 next
-  case (RedCmdListCons c s s'' cs s')
-
-  then have oneStep: "A,[],\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s''"
-    by (metis Diff_cancel Int_empty_right map_le_refl red_cfg_dead_variables_cmd)
-
-
-  have freeVarCmdList: "free_var_cmdlist cs \<inter> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) = {}"
-    using RedCmdListCons.prems(3)
+  case (RedCmdListCons c s s'' cs' s')
+  have freeVarSingleCmd: "free_var_cmd c \<inter> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) = {}"
+    using RedCmdListCons(4)
     unfolding free_var_cmdlist.simps
     by auto
 
-  have freeVarCmd: "free_var_cmd c \<inter> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) = {}"
-    using RedCmdListCons.prems(3)
+  have oneStep: "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s''"
+    apply (rule red_cfg_dead_variables_cmd[OF RedCmdListCons(1) assms(2) MapLocal freeVarSingleCmd])
+    using WhereClausesFreeVars
+    by simp
+
+  have "free_var_cmdlist cs' \<inter> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) = {}"
+    using RedCmdListCons(4)
     unfolding free_var_cmdlist.simps
     by auto
 
-  have oneStepCmd: "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s''"
-    by (rule red_cfg_dead_variables_cmd[OF oneStep assms(2) assms(3) freeVarCmd WhereClausesFreeVars])
-
-
-
-  have "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s''\<rangle> [\<rightarrow>] s'"
-    using RedCmdListCons(3) freeVarCmdList assms(2) MapLocal WhereClausesFreeVars
+  have "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs',s''\<rangle> [\<rightarrow>] s'"
+    using RedCmdListCons.IH 
     sorry (*Why doesn't this hold trivially? Shouldn't it directly follow from the implication?*)
 
   
     
   then show ?case
-    using RedCmdListCons.IH RedCmdListCons.prems(2) RedCmdListCons.prems(3) assms(2) red_cmd_list.RedCmdListCons oneStepCmd by blast
+    using oneStep red_cmd_list.RedCmdListCons by blast
 qed
 
 lemma red_cfg_dead_variables_cmdlist_onestep:
@@ -1393,13 +1408,18 @@ next
     using local.RedMagic(1) local.RedMagic(2) local.RedMagic(3) red_cfg.RedMagic by blast
 qed
 
-lemma dom_map_of_append_pre_post:
-  assumes "map_of A \<subseteq>\<^sub>m map_of B" and
-          "dom (map_of A) \<inter> dom (map_of C) = {}"
-        shows "dom (map_of (D@B@C)) - dom (map_of (D@A@C)) = dom (map_of B) - dom (map_of A)"
+
+lemma list_member_proof: 
+  assumes "ls ! i = ele" and
+          "i < length ls"
+  shows "List.member (ls) ele "
   using assms
-  apply (simp)
-  sorry
+proof -
+  have "ele \<in> set ls"
+    using assms(2) assms(1) nth_mem by blast
+  then show "List.member ls ele"
+    by (simp add: in_set_member)
+qed
 
 lemma red_cfg_multi_dead_variables:
   assumes RedCfg: "A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(Inl m, Normal ns) -n\<rightarrow>* (m', s')" and
@@ -1408,90 +1428,52 @@ lemma red_cfg_multi_dead_variables:
           NoDeadVariables: "\<forall>b\<in>set(node_to_block body). free_var_cmdlist b \<inter> (dom (map_of locals') - (dom (map_of locals))) = {}" and
           WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc)))) - (dom (map_of (snd (constants @ global_vars, proc_args proc @ locals @ proc_rets proc))))) = {} "
         shows   "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(Inl m, Normal ns) -n\<rightarrow>* (m', s')"
-  using RedCfg WhereClausesFreeVars NoDeadVariables
+  using RedCfg 
 proof (induction rule: converse_rtranclp_induct2)
   case refl
-  then show ?case
+  then show ?case 
     by simp
 next
   case (step a b c d)
   have restSteps: "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(c, d) -n\<rightarrow>* (m', s')"
-    using step.IH step.prems(1) step.prems(2) by blast
+    using step.IH  by simp
   from step show ?case
-  proof (cases)
+  proof cases
     case (RedNormalSucc n cs ns ns' n')
     have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
       using local.RedNormalSucc(1) local.RedNormalSucc(2) step.hyps(1) by auto
 
-    have nInBody: "node_to_block body ! n \<in> set(node_to_block body)"
+    have nInBody: "cs \<in> set(node_to_block body)"
+      sorry
+    
+
+    have temp: "dom (map_of (proc_args proc @ locals' @ proc_rets proc)) - dom (map_of (proc_args proc @ locals @ proc_rets proc)) = dom (map_of locals') - (dom (map_of locals))"
+      using DomLocalInterRetsEmpty
       sorry
 
 
     have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
       apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
       apply (simp)
-      using DomLocalInterRetsEmpty MapLocal map_le_append_pre_post apply fastforce
-      using dom_map_of_append_pre_post nInBody NoDeadVariables
-      apply (smt (verit, ccfv_threshold) DomLocalInterRetsEmpty MapLocal disjoint_iff_not_equal domD domI map_le_def snd_eqD)
-      using WhereClausesFreeVars by auto
-    then show ?thesis
+      using MapLocal map_le_append_pre_post DomLocalInterRetsEmpty apply auto[1]
+      using NoDeadVariables local.RedNormalSucc(5) nInBody apply auto[1]
+      using WhereClausesFreeVars by simp
+
+    then show ?thesis 
       by (simp add: converse_rtranclp_into_rtranclp local.RedNormalSucc(1) local.RedNormalSucc(2) restSteps)
   next
     case (RedNormalReturn n cs ns ns')
-    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      using local.RedNormalReturn(1) local.RedNormalReturn(2) step.hyps(1) by auto
-
-   have nInBody: "node_to_block body ! n \<in> set(node_to_block body)"
-     sorry
-
-   have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
-      apply (simp)
-      using DomLocalInterRetsEmpty MapLocal map_le_append_pre_post apply fastforce
-      using dom_map_of_append_pre_post nInBody NoDeadVariables
-      apply (smt (verit, ccfv_threshold) DomLocalInterRetsEmpty MapLocal disjoint_iff_not_equal domD domI map_le_def snd_eqD)
-      by (meson WhereClausesFreeVars)
-    then show ?thesis
-      by (simp add: converse_rtranclp_into_rtranclp local.RedNormalReturn(1) local.RedNormalReturn(2) restSteps)
+    then show ?thesis sorry
   next
     case (RedFailure n cs ns)
-    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      using local.RedFailure(1) local.RedFailure(2) step.hyps(1) by auto
-
-   have nInBody: "node_to_block body ! n \<in> set(node_to_block body)"
-     sorry
-
-   have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
-      apply (simp)
-      using DomLocalInterRetsEmpty MapLocal map_le_append_pre_post apply fastforce
-      using dom_map_of_append_pre_post nInBody NoDeadVariables
-      apply (smt (verit, ccfv_threshold) DomLocalInterRetsEmpty MapLocal disjoint_iff_not_equal domD domI map_le_def snd_eqD)
-      by (meson WhereClausesFreeVars)
-    then show ?thesis
-      by (simp add: converse_rtranclp_into_rtranclp local.RedFailure(1) local.RedFailure(2) restSteps)
+    then show ?thesis sorry
   next
     case (RedMagic n cs ns)
-    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      using local.RedMagic(1) local.RedMagic(2) step.hyps(1) by auto
-
-   have nInBody: "node_to_block body ! n \<in> set(node_to_block body)"
-     sorry
-
-   have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
-      apply (simp)
-      using DomLocalInterRetsEmpty MapLocal map_le_append_pre_post apply fastforce
-      using dom_map_of_append_pre_post nInBody NoDeadVariables
-      apply (smt (verit, ccfv_threshold) DomLocalInterRetsEmpty MapLocal disjoint_iff_not_equal domD domI map_le_def snd_eqD)
-      using WhereClausesFreeVars by auto
-    then show ?thesis
-      by (simp add: converse_rtranclp_into_rtranclp local.RedMagic(1) local.RedMagic(2) restSteps)
+    then show ?thesis sorry
   qed
 qed
 
 
-
 subsection \<open>Dead variables elimination lemma\<close>
 
 lemma elimination:

From da762b7cce25928acd46bf34dc6cd8710cdd84d5 Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Wed, 14 Jun 2023 09:29:22 +0200
Subject: [PATCH 41/74] Change File Name CFGOptimizations

---
 BoogieLang/{CfgOptimizations.thy => CFGOptimizations.thy}       | 0
 .../{CfgOptimizationsLoop.thy => CFGOptimizationsLoop.thy}      | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename BoogieLang/{CfgOptimizations.thy => CFGOptimizations.thy} (100%)
 rename BoogieLang/{CfgOptimizationsLoop.thy => CFGOptimizationsLoop.thy} (99%)

diff --git a/BoogieLang/CfgOptimizations.thy b/BoogieLang/CFGOptimizations.thy
similarity index 100%
rename from BoogieLang/CfgOptimizations.thy
rename to BoogieLang/CFGOptimizations.thy
diff --git a/BoogieLang/CfgOptimizationsLoop.thy b/BoogieLang/CFGOptimizationsLoop.thy
similarity index 99%
rename from BoogieLang/CfgOptimizationsLoop.thy
rename to BoogieLang/CFGOptimizationsLoop.thy
index b6e2a68..4007fe4 100644
--- a/BoogieLang/CfgOptimizationsLoop.thy
+++ b/BoogieLang/CFGOptimizationsLoop.thy
@@ -407,7 +407,7 @@ text \<open>The use case for this lemma is when a loop head gets coalesced\<clos
 
 
 
-lemma loopHead_global_block_hybrid_new:
+lemma loopHead_global_block_hybrid:
   assumes OneSucc:"out_edges G ! src_block = [succ]" and 
           HybridHoldsSucc: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' succ tgt_block tgt_cmds_0 (lsLoopHead\<union>{(src_block, tgt_block)})" and  
           SrcCmds: "node_to_block G ! src_block = src_cmds" and

From b67f4f59985ab828484aece7fed8f4cf4a5443a5 Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Thu, 15 Jun 2023 11:54:48 +0200
Subject: [PATCH 42/74] Fix Main Lemma 4 (Wrong assumption)

---
 BoogieLang/CFGOptimizationsLoop.thy | 201 ++++++++++++++++++++++++++--
 1 file changed, 193 insertions(+), 8 deletions(-)

diff --git a/BoogieLang/CFGOptimizationsLoop.thy b/BoogieLang/CFGOptimizationsLoop.thy
index 4007fe4..b937aeb 100644
--- a/BoogieLang/CFGOptimizationsLoop.thy
+++ b/BoogieLang/CFGOptimizationsLoop.thy
@@ -1,8 +1,37 @@
-theory CfgOptimizationsLoop
-  imports Boogie_Lang.Semantics Boogie_Lang.Util CfgOptimizations
+theory CFGOptimizationsLoop
+  imports Boogie_Lang.Semantics Boogie_Lang.Util
 begin
 
+definition hybrid_block_lemma_target_succ_verifies
+  where "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' \<equiv>
+         (\<forall>ns1'. s1' = Normal ns1' \<longrightarrow>
+                     (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow>
+                          (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow>
+                                  s2' \<noteq> Failure)
+                     )
+                   )"
+
+definition hybrid_block_lemma_target_verifies
+  where "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns \<equiv>              
+            (\<forall>s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds, Normal ns\<rangle> [\<rightarrow>] s1') \<longrightarrow>  \<comment>\<open>First reduce the coalesced commands\<close>
+                   s1' \<noteq> Failure \<and> 
+                   \<comment>\<open>All successors blocks of \<^term>\<open>tgt_block\<close> must verify\<close>
+                   hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'
+              )"
+
+definition hybrid_block_lemma
+  where "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds \<equiv> 
+          \<forall>m' ns s'.  
+             (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>* (m', s')) \<longrightarrow>
+             hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns \<longrightarrow>
+             s' \<noteq> Failure"
 
+definition global_block_lemma
+  where "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block \<equiv> 
+          \<forall>m' ns s'.  
+             (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>* (m', s')) \<longrightarrow>
+             (\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl tgt_block, (Normal ns)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure) \<longrightarrow>
+             s' \<noteq> Failure"
 
 subsection \<open>Definition loop induction hypothesis and global block Lemma for blocks in a loop\<close>
 
@@ -125,6 +154,151 @@ proof (rule allI | rule impI)+
   qed
 qed
 
+lemma hybrid_block_lemma_target_succ_verifies_intro:
+  assumes 
+   "\<And>ns1' target_succ m2' s2'. s1' = Normal ns1' \<Longrightarrow>
+           List.member (out_edges(G') ! tgt_block) target_succ \<Longrightarrow>
+           (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<Longrightarrow>
+            s2' \<noteq> Failure"
+ shows "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
+  using assms
+  unfolding hybrid_block_lemma_target_succ_verifies_def
+  by blast
+
+lemma hybrid_block_lemma_elim:
+  assumes "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds" and
+          "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>* (m', s')" and
+          "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns"
+  shows "s' \<noteq> Failure"
+  using assms
+  unfolding hybrid_block_lemma_def
+  by blast
+
+
+
+
+text \<open>The lemmas above are just for convenience. They make it more pleasant to prove (..._intro) 
+and use (..._elim) the hybrid global block lemma definitions\<close>
+
+
+text \<open>We discussed the following useful lemma (that is used below in the main proofs)\<close>
+
+lemma red_cmd_append_failure_preserved:
+  assumes "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] s)" and 
+          "s = Failure" 
+     \<comment>\<open>Theoretically, it would be fine to directly write
+       \<^term>\<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Failure\<close>, but then the standard induction tactic
+       does not carry over that the resulting state is a failure state\<close>
+  shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs@cs',Normal ns\<rangle> [\<rightarrow>] Failure"
+  using assms
+  apply induction
+   apply (simp add: failure_red_cmd_list)
+  by (simp add: RedCmdListCons)
+
+
+
+
+lemma red_cfg_magic_preserved:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(b, s0) -n\<rightarrow>* (m', s')" and "s0 = Magic"
+  shows "s' = Magic"
+  using assms
+proof (induction rule: rtranclp_induct2)
+  case refl
+  then show ?case by simp
+next
+  case (step a b a b)
+  then show ?case 
+    using red_cfg.cases by blast
+qed
+
+
+
+lemma magic_lemma_assume_false:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, s\<rangle> [\<rightarrow>] s'" and
+          "s'\<noteq>Failure" and
+          "s = Normal ns"
+          "(Assume (Lit (LBool False))) \<in> set (cs)"
+        shows "s' = Magic"
+  using assms
+proof (induction arbitrary: ns)
+  case (RedCmdListNil s)
+  then show ?case
+    by simp
+next
+  case (RedCmdListCons c s s'' cs s')
+  then show ?case
+proof (cases "c = (Assume (Lit (LBool False)))")
+  case True
+  hence "s'' = Magic" using RedCmdListCons
+    by (meson RedLit assume_red_false)
+  then show ?thesis using RedCmdListCons
+    by (simp add: magic_stays_cmd_list_2)
+next
+  case False
+  then show ?thesis
+  proof (cases "s''")
+    case (Normal x1)
+    then show ?thesis
+      by (metis False RedCmdListCons.IH RedCmdListCons.prems(1) RedCmdListCons.prems(3) set_ConsD)
+  next
+    case Failure
+    then show ?thesis
+      using RedCmdListCons.hyps(2) RedCmdListCons.prems(1) failure_stays_cmd_list by blast
+  next
+    case Magic
+    then show ?thesis
+      using RedCmdListCons.hyps(2) magic_stays_cmd_list_2 by blast
+  qed
+qed
+qed
+
+lemma assert_false_failure:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Assert (Lit (LBool False)), Normal ns\<rangle> \<rightarrow> s"
+  shows "s = Failure"
+  using assms
+  by (cases) auto
+
+
+lemma magic_lemma_assert_false:
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, s\<rangle> [\<rightarrow>] s'" and
+          "s = Normal ns"
+          "(Assert (Lit (LBool False))) \<in> set (cs)"
+        shows "s' = Magic \<or> s' = Failure"
+  using assms
+proof (induction arbitrary: ns)
+  case (RedCmdListNil s)
+  then show ?case
+    by simp
+next
+  case (RedCmdListCons c s s'' cs s')
+  then show ?case
+proof (cases "c = (Assert (Lit (LBool False)))")
+  case True
+
+  hence "s'' = Failure" using RedCmdListCons
+    by (metis True assert_false_failure)
+  
+  then show ?thesis
+    using RedCmdListCons.hyps(2) failure_stays_cmd_list_aux by blast
+next
+  case False
+  then show ?thesis
+  proof (cases "s''")
+    case (Normal x1)
+    then show ?thesis
+      using False RedCmdListCons.IH RedCmdListCons.prems(2) by auto
+  next
+    case Failure
+    then show ?thesis
+      using RedCmdListCons.hyps(2) RedCmdListCons.prems(1) failure_stays_cmd_list by blast
+  next
+    case Magic
+    then show ?thesis
+      using RedCmdListCons.hyps(2) magic_stays_cmd_list_2 by blast
+  qed
+qed
+qed
+
 
 
 
@@ -527,7 +701,7 @@ subsubsection \<open>Main Lemma 4: Shows that the Loop Hybrid Block Lemma holds
 
 lemma loopBlock_global_block_hybrid:
 assumes   SuccBlocks: "out_edges G ! src_block = ls" and
-          GlobalBlockSucc: "\<forall>x\<in>set(ls). ((global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) {}) \<or>  (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead.(global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsLoopHead) \<or> (x = LoopHead \<and> f(x) = LoopHead')))" and
+          GlobalBlockSucc: "\<forall>x\<in>set(ls).(\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList) \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))"  and
           FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
           SourceBlock: "node_to_block G ! src_block = src_cmds" 
 shows     "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds lsLoopHead"
@@ -568,8 +742,6 @@ next
       using True red_cfg_magic_preserved by blast
   next
     case False
-    from this obtain ns1 where "b = Normal ns1"
-      using OneStepResult state.exhaust by blast
     from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
     proof cases
       case (RedNormalSucc cs ns' succ)
@@ -578,8 +750,21 @@ next
       have oneStepG: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns')"
         using "2"(2) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
       then show ?thesis 
-      proof (cases "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) {}")
+      proof (cases "\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList")
         case True
+        from this obtain lsSubset where subset: "lsSubset\<subseteq>lsLoopHead" and globalBlockLoop: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubset"
+          by auto
+
+        have mSteps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^m (m', s')"
+          using "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
+        have "m\<le>j"
+          by (simp add: "2"(1))
+        then have "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m"
+          using loop_ih_optimizations_more_less IH
+          by blast
+        then have IH_holds: "\<forall>(LoopHead, LoopHead')\<in>lsSubset. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m"
+          using subset by blast
+
         have transCl: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>* (m', s')"
           by (metis "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) relpowp_imp_rtranclp)
 
@@ -589,9 +774,9 @@ next
           by (metis (mono_tags, lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
 
         then show ?thesis
-          using True transCl
+          using True IH_holds mSteps subset
           unfolding global_block_lemma_loop_def
-          using "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by blast
+          by (smt (verit) case_prodD case_prodI2 globalBlockLoop global_block_lemma_loop_def)
       next
         case False
         from this obtain LoopHeadG LoopHeadG' where cond: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsLoopHead \<or> (succ = LoopHeadG \<and> f(succ) = LoopHeadG')" and inList: "(LoopHeadG, LoopHeadG')\<in>lsLoopHead"

From 20d38f52e51ea3fae58dd1166ca637a512c45c18 Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Wed, 21 Jun 2023 10:58:36 +0200
Subject: [PATCH 43/74] New Document for Dead Variables Elimination

---
 ...timizations.thy => DeadVarElimination.thy} | 778 ++----------------
 1 file changed, 56 insertions(+), 722 deletions(-)
 rename BoogieLang/{CFGOptimizations.thy => DeadVarElimination.thy} (56%)

diff --git a/BoogieLang/CFGOptimizations.thy b/BoogieLang/DeadVarElimination.thy
similarity index 56%
rename from BoogieLang/CFGOptimizations.thy
rename to BoogieLang/DeadVarElimination.thy
index 8de6047..910da3c 100644
--- a/BoogieLang/CFGOptimizations.thy
+++ b/BoogieLang/DeadVarElimination.thy
@@ -1,718 +1,7 @@
-theory CfgOptimizations
+theory DeadVarElimination
   imports Boogie_Lang.Semantics Boogie_Lang.Util
 begin
 
-
-subsection \<open>Global block and hybrid global block lemma definition\<close>
-
-definition hybrid_block_lemma_target_succ_verifies
-  where "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' \<equiv>
-         (\<forall>ns1'. s1' = Normal ns1' \<longrightarrow>
-                     (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow>
-                          (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow>
-                                  s2' \<noteq> Failure)
-                     )
-                   )"
-
-definition hybrid_block_lemma_target_verifies
-  where "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns \<equiv>              
-            (\<forall>s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds, Normal ns\<rangle> [\<rightarrow>] s1') \<longrightarrow>  \<comment>\<open>First reduce the coalesced commands\<close>
-                   s1' \<noteq> Failure \<and> 
-                   \<comment>\<open>All successors blocks of \<^term>\<open>tgt_block\<close> must verify\<close>
-                   hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'
-              )"
-
-definition hybrid_block_lemma
-  where "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds \<equiv> 
-          \<forall>m' ns s'.  
-             (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>* (m', s')) \<longrightarrow>
-             hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns \<longrightarrow>
-             s' \<noteq> Failure"
-
-text \<open>\<^prop>\<open>hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds\<close> formalizes the ``hybrid''
-global block lemma that we discussed on 22.03. with which one can deal with the case where blocks
-are coalesced. \<^term>\<open>src_block\<close> expresses the source block id that we are currently considering
-(i.e., one of the blocks that will be coalesced). \<^term>\<open>tgt_block\<close> expresses the target block id
-that of the coalesced block. \<^term>\<open>tgt_cmds\<close> expresses the currently considered 
-coalesced commands in the target CFG (this corresponds to \<open>cs_i@cs_(i+1)@...@cs_n\<close> in our discussion).
-\<close>
-
-text \<open>We now define the standard global block lemma that we want to use for the cases where no blocks
-are coalesced.\<close>
-
-definition global_block_lemma
-  where "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block \<equiv> 
-          \<forall>m' ns s'.  
-             (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>* (m', s')) \<longrightarrow>
-             (\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl tgt_block, (Normal ns)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure) \<longrightarrow>
-             s' \<noteq> Failure"
-
-subsection \<open>Helper lemmas\<close>
-
-lemma hybrid_block_lemma_target_succ_verifies_intro:
-  assumes 
-   "\<And>ns1' target_succ m2' s2'. s1' = Normal ns1' \<Longrightarrow>
-           List.member (out_edges(G') ! tgt_block) target_succ \<Longrightarrow>
-           (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<Longrightarrow>
-            s2' \<noteq> Failure"
- shows "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
-  using assms
-  unfolding hybrid_block_lemma_target_succ_verifies_def
-  by blast
-
-lemma hybrid_block_lemma_elim:
-  assumes "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds" and
-          "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>* (m', s')" and
-          "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns"
-  shows "s' \<noteq> Failure"
-  using assms
-  unfolding hybrid_block_lemma_def
-  by blast
-
-
-
-
-text \<open>The lemmas above are just for convenience. They make it more pleasant to prove (..._intro) 
-and use (..._elim) the hybrid global block lemma definitions\<close>
-
-
-text \<open>We discussed the following useful lemma (that is used below in the main proofs)\<close>
-
-lemma red_cmd_append_failure_preserved:
-  assumes "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] s)" and 
-          "s = Failure" 
-     \<comment>\<open>Theoretically, it would be fine to directly write
-       \<^term>\<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Failure\<close>, but then the standard induction tactic
-       does not carry over that the resulting state is a failure state\<close>
-  shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs@cs',Normal ns\<rangle> [\<rightarrow>] Failure"
-  using assms
-  apply induction
-   apply (simp add: failure_red_cmd_list)
-  by (simp add: RedCmdListCons)
-
-
-
-
-lemma red_cfg_magic_preserved:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(b, s0) -n\<rightarrow>* (m', s')" and "s0 = Magic"
-  shows "s' = Magic"
-  using assms
-proof (induction rule: rtranclp_induct2)
-  case refl
-  then show ?case by simp
-next
-  case (step a b a b)
-  then show ?case 
-    using red_cfg.cases by blast
-qed
-
-
-
-lemma magic_lemma_assume_false:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, s\<rangle> [\<rightarrow>] s'" and
-          "s'\<noteq>Failure" and
-          "s = Normal ns"
-          "(Assume (Lit (LBool False))) \<in> set (cs)"
-        shows "s' = Magic"
-  using assms
-proof (induction arbitrary: ns)
-  case (RedCmdListNil s)
-  then show ?case
-    by simp
-next
-  case (RedCmdListCons c s s'' cs s')
-  then show ?case
-proof (cases "c = (Assume (Lit (LBool False)))")
-  case True
-  hence "s'' = Magic" using RedCmdListCons
-    by (meson RedLit assume_red_false)
-  then show ?thesis using RedCmdListCons
-    by (simp add: magic_stays_cmd_list_2)
-next
-  case False
-  then show ?thesis
-  proof (cases "s''")
-    case (Normal x1)
-    then show ?thesis
-      by (metis False RedCmdListCons.IH RedCmdListCons.prems(1) RedCmdListCons.prems(3) set_ConsD)
-  next
-    case Failure
-    then show ?thesis
-      using RedCmdListCons.hyps(2) RedCmdListCons.prems(1) failure_stays_cmd_list by blast
-  next
-    case Magic
-    then show ?thesis
-      using RedCmdListCons.hyps(2) magic_stays_cmd_list_2 by blast
-  qed
-qed
-qed
-
-lemma assert_false_failure:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Assert (Lit (LBool False)), Normal ns\<rangle> \<rightarrow> s"
-  shows "s = Failure"
-  using assms
-  by (cases) auto
-
-
-lemma magic_lemma_assert_false:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, s\<rangle> [\<rightarrow>] s'" and
-          "s = Normal ns"
-          "(Assert (Lit (LBool False))) \<in> set (cs)"
-        shows "s' = Magic \<or> s' = Failure"
-  using assms
-proof (induction arbitrary: ns)
-  case (RedCmdListNil s)
-  then show ?case
-    by simp
-next
-  case (RedCmdListCons c s s'' cs s')
-  then show ?case
-proof (cases "c = (Assert (Lit (LBool False)))")
-  case True
-
-  hence "s'' = Failure" using RedCmdListCons
-    by (metis True assert_false_failure)
-  
-  then show ?thesis
-    using RedCmdListCons.hyps(2) failure_stays_cmd_list_aux by blast
-next
-  case False
-  then show ?thesis
-  proof (cases "s''")
-    case (Normal x1)
-    then show ?thesis
-      using False RedCmdListCons.IH RedCmdListCons.prems(2) by auto
-  next
-    case Failure
-    then show ?thesis
-      using RedCmdListCons.hyps(2) RedCmdListCons.prems(1) failure_stays_cmd_list by blast
-  next
-    case Magic
-    then show ?thesis
-      using RedCmdListCons.hyps(2) magic_stays_cmd_list_2 by blast
-  qed
-qed
-qed
-
-
-subsection \<open>Main lemmas for block coalescing and pruning of unreachable blocks\<close>
-
-text \<open>In the following subsection, we show the two main lemmas that are interested in:
-    \<^item> Given the hybrid global lemma for block i, we can construct the hybrid block lemma for block i-1 
-    \<^item> Given the hybrid global lemma for block 1 (the first one of a sequence of blocks that is coalesced),
-     we can construct the global block lemma (i.e., not hybrid global block lemma) for block 1.
-\<close>
-
-subsubsection \<open>Main lemma 1 (extending hybrid global block lemmas)\<close>
-
-text \<open>The following lemma shows that given the hybrid global block lemma for block i, we can construct
-the hybrid block lemma for block i-1. Below the suffix 1 is used for i and 0 is used for i-1.\<close>
-
-lemma extend_hybrid_global_block_lemma:
- assumes 
-      NextGlobal: "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block_1 tgt_block tgt_cmds_1" and      
-      SourceBlock: "node_to_block G ! src_block_0 = cs" and
-      SourceSucc: "out_edges G ! src_block_0 = [src_block_1]" and
-                  "tgt_cmds_0 = cs@tgt_cmds_1"
- shows 
-      "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block_0 tgt_block tgt_cmds_0"
-  unfolding hybrid_block_lemma_def
-proof (rule allI | rule impI)+ \<comment>\<open>Here, we are applying initial proof rule to get rid of universal quantifiers and implications\<close>
-  fix m' ns s'
-  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block_0, Normal ns) -n\<rightarrow>* (m', s')" and
-         TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_0 ns"
-
-  show "s' \<noteq> Failure"
-  proof (cases rule: converse_rtranclpE2[OF RedSource]) 
-    \<comment>\<open>converse_tranclpE2 shows that if (a,b) are in the transitive closure of R, then this means that either
-       a = b or there is some y s.t. (a,y) is in R and (y,b) is in the transitive closure of R (the standard
-       case  distinction has the dual second case where (a,y) is in the transitive closure of R and
-       (y,b) is in R\<close>
-    case 1
-    \<comment>\<open>Source takes 0 steps \<longrightarrow> trivial\<close>
-    then show ?thesis 
-      by fast
-  next
-    case (2 b s0)
-    \<comment>\<open>Source takes 1 step to \<^term>\<open>(b,s0)\<close> and then 0 more steps to \<^term>\<open>(m',s')\<close>\<close>
-
-    \<comment>\<open>We now first show that b must be \<^term>\<open>src_block_1\<close>, \<^term>\<open>s0\<close> cannot be a failure, and that if \<^term>\<open>s0\<close> is
-      a normal state, then we can reduce the commands of \<^term>\<open>src_block_0\<close> (i.e., \<^term>\<open>cs\<close>) to \<^term>\<open>s0\<close>.\<close>
-
-    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block_0, Normal ns) -n\<rightarrow> (b, s0)\<close>
-    have OneStepResult: "s0 \<noteq> Failure \<and> (\<forall>ns0. (s0 = Normal ns0 \<longrightarrow> b = Inl src_block_1 \<and> 
-                                                A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns0))"
-    proof cases \<comment>\<open>Because we used "from \<open>fact\<close>" where \<open>fact\<close> is defined inductively, \<open>cases\<close> 
-                   does a case distinction over all rules that could have been used to derive 
-                   \<open>fact\<close>\<close>
-      case (RedNormalSucc cs ns' n')
-      then show ?thesis 
-        using SourceSucc SourceBlock
-        by (simp add: member_rec(1) member_rec(2))
-    next
-      case (RedNormalReturn cs ns')
-      then show ?thesis 
-        using SourceSucc
-        by simp
-    next
-      case (RedFailure cs)
-      hence "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs@tgt_cmds_1,Normal ns\<rangle> [\<rightarrow>] Failure"
-        using red_cmd_append_failure_preserved
-        by fast
-      hence False 
-        using TargetVerifies \<open> node_to_block G ! src_block_0 = cs\<close> \<open>tgt_cmds_0 = _\<close> SourceBlock
-        unfolding hybrid_block_lemma_target_verifies_def
-        by blast
-      thus ?thesis
-        by simp        
-    next
-      case (RedMagic cs)
-      then show ?thesis by auto
-    qed
-
-    \<comment>\<open>Using this result we now prove the goal by doing a case distinction on whether \<^term>\<open>s0\<close> is
-       a magic state (if it is, we are trivially done; if not we know we are in a normal state and must
-       continue the proof) \<close>
-    
-    show ?thesis
-    proof (cases "s0 = Magic")
-      case True
-      \<comment>\<open>Once we are in the Magic state, we will always remain in the Magic state.\<close>
-      thus "s' \<noteq> Failure"
-        using red_cfg_magic_preserved[OF \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(b, s0) -n\<rightarrow>* (m', s')\<close>]
-        by simp        
-    next
-      case False
-      \<comment>\<open>In this case, we know that there must be a normal execution from \<^term>\<open>src_block_1\<close> to \<^term>\<open>(m', s')\<close>.
-         Using this execution we can then get that \<^term>\<open>s'\<close> does not fail using the successor global block lemma
-         that we are given as an assumption.\<close>
-
-      from this obtain ns0 where "s0 = Normal ns0" 
-        using OneStepResult state.exhaust by auto
-
-      hence RedBlock0:  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns0" and
-          RedSuccBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block_1, Normal ns0) -n\<rightarrow>* (m', s')"
-        using OneStepResult \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(b, s0) -n\<rightarrow>* (m', s')\<close>
-        by auto
-        
-      \<comment>\<open>We now want to obtain the conclusion of the successor global lemma lemma (which shows our goal). 
-         To do so, we will have to prove the corresponding assumptions.\<close>
-      show ?thesis
-      proof (rule hybrid_block_lemma_elim[OF NextGlobal RedSuccBlock]) 
-        \<comment>\<open>\<open>thm\<close>[OF \<open>fact\<close>] works if \<open>fact1\<close> proves the first assumption of \<open>thm\<close> and renders the same
-           as \<open>thm\<close> without the first assumption (one can discharge multiple assumptions using OF)\<close>
-
-        \<comment>\<open>We now just need to show that the target assumption of the successor global block lemma
-          holds\<close>
-        show "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_1 ns0"
-          unfolding hybrid_block_lemma_target_verifies_def
-        proof (rule allI, rule impI, rule conjI)
-           \<comment>\<open>We first need to show that executing \<^emph>\<open>just\<close> the coalesced blocks associated with the 
-             successor block cannot fail\<close>
-          fix s1'
-          assume "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds_1,Normal ns0\<rangle> [\<rightarrow>] s1'"
-          with RedBlock0 have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs@tgt_cmds_1,Normal ns\<rangle> [\<rightarrow>] s1'"
-            by (simp add: red_cmd_list_append)
-          thus "s1' \<noteq> Failure"
-            using TargetVerifies \<open>tgt_cmds_0 = cs @ tgt_cmds_1\<close>
-            unfolding hybrid_block_lemma_target_verifies_def
-            by simp
-        next
-          \<comment>\<open>We next need to show that for any execution E of the successor coalesced blocks that continues
-            in the CFG will not fail. We show this by first show that execution E can be extended
-            to an execution of the extended coalesced blocks (i.e., \<^prop>\<open>tgt_cmds_0 = cs @ tgt_cmds_1\<close>).
-            Using this assumption we automatically get from our own assumptions (TargetVerifies) that
-            if E continues through the CFG (through \<open>tgt_block\<close>) there won't be any issues\<close>
-          fix s1'
-          assume "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds_1,Normal ns0\<rangle> [\<rightarrow>] s1'"
-          with RedBlock0 have RedTgtCmds0:"A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds_0 ,Normal ns\<rangle> [\<rightarrow>] s1'"
-            using \<open>tgt_cmds_0 = _\<close>
-            by (simp add: red_cmd_list_append)
-
-          
-          thus "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
-            using TargetVerifies
-            unfolding hybrid_block_lemma_target_verifies_def
-            by fast
-        qed
-      qed    
-    qed
-  qed
-qed
-
-subsubsection \<open>Main lemma 2 (converting hybrid global block lemma to normal global block lemma)\<close>  
-
-lemma convert_hybrid_global_block_lemma:
- assumes 
-      HybridGlobal: "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds" and      
-      \<comment>\<open>The coalesced block id has commands \<^term>\<open>tgt_cmds\<close>\<close> 
-      TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds"
- shows 
-      "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block"  
-  unfolding global_block_lemma_def
-proof (rule allI | rule impI)+
-  fix m' ns s'
-  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')" and
-     TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"         
-
-  \<comment>\<open>We prove the conclusion by proving the assumptions of the hybrid global block lemma and then 
-     using its conclusion, which solves the goal\<close>
-  show "s' \<noteq> Failure"
-  proof (rule hybrid_block_lemma_elim[OF HybridGlobal RedSource]) \<comment>\<open>We discharge the first assumption via OF\<close> 
-    show "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns"
-      unfolding hybrid_block_lemma_target_verifies_def
-    proof (rule allI, rule impI)
-      fix s1'
-      assume RedTgtCmds: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds,Normal ns\<rangle> [\<rightarrow>] s1'"
-      text \<open>We need to show that \<^term>\<open>s1'\<close> does not fail. Since we know \<^term>\<open>tgt_cmds\<close> denotes exactly
-            the commands of \<^term>\<open>tgt_block\<close>, we get automatically that there is a one step execution
-            from \<^term>\<open>tgt_block\<close> to state \<^term>\<open>s1'\<close> and according to our TargetVerifies assumption
-            we thus get that  \<^term>\<open>s1'\<close> is not a failing state\<close>
-
-      have "s1' \<noteq> Failure"
-      proof (rule ccontr) \<comment>\<open>proof by contradiction\<close>
-        assume "\<not> s1' \<noteq> Failure" 
-        hence "s1' = Failure" by simp
-        have "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (Inr (), Failure))"
-          apply (rule converse_rtranclp_into_rtranclp)
-           apply (rule RedFailure)
-            apply (rule TargetBlock)
-          using  RedTgtCmds \<open>s1' = Failure\<close>
-           apply blast
-          by simp
-        thus False
-          using TargetVerifies
-          by blast        
-      qed
-    
-        
-      text \<open>Next, we show the second assumption: If the execution continues through the CFG, then the
-            execution won't fail. \<close>
-  
-      moreover have "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
-      proof (rule hybrid_block_lemma_target_succ_verifies_intro)
-        fix ns1' tgt_succ m2' s2'
-        assume "s1' = Normal ns1'" and 
-               TargetSucc: "List.member (out_edges G' ! tgt_block) tgt_succ" and
-               RedTargetSucc: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_succ, Normal ns1') -n\<rightarrow>* (m2', s2')"
-
-        text \<open>We can construct an execution beginning from \<^term>\<open>tgt_block\<close>\<close>
-        have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m2', s2')"
-          apply (rule converse_rtranclp_into_rtranclp)
-           apply (rule RedNormalSucc) 
-             apply (rule TargetBlock)
-          using RedTgtCmds \<open>s1' = Normal ns1'\<close>
-            apply blast
-           apply (rule TargetSucc)
-          apply (rule RedTargetSucc)
-          done
-
-        thus "s2' \<noteq> Failure"
-          using TargetVerifies
-          by blast
-      qed
-
-      ultimately show 
-       "s1' \<noteq> Failure \<and> hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
-        by simp
-    qed
-  qed
-qed
-
-subsubsection \<open>Main Lemma 3 (The following lemma shows that if in a block the global block lemma holds for all successors and the block was not coalesced, then the global block lemma holds)\<close>
-
-lemma global_block_succ:
-  assumes SuccBlocks: "out_edges G ! src_block = ls" and
-          GlobalBlockSucc: "\<forall>x\<in>set(ls). global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x))" and
-          FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
-          TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
-          SourceBlock: "node_to_block G ! src_block = src_cmds" and
-          NotCoalesced: "tgt_cmds = src_cmds"
-        shows "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block"
-  unfolding global_block_lemma_def
-proof (rule allI | rule impI)+
-  fix m' ns s'
-  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')" and
-         TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
-  show "s'\<noteq>Failure"
-
-  proof (cases rule: converse_rtranclpE2[OF RedSource])
-    case 1
-    then show ?thesis
-      by blast
-  next
-    case (2 a b)
-    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> have OneStepResult: "b \<noteq> Failure"
-    proof cases
-      case (RedNormalSucc cs ns' n')
-      then show ?thesis
-        by auto
-    next
-      case (RedNormalReturn cs ns')
-      then show ?thesis
-        by simp
-    next
-      case (RedFailure cs)
-      then show ?thesis
-        by (metis NotCoalesced SourceBlock TargetBlock TargetVerifies r_into_rtranclp red_cfg.RedFailure)
-    next
-      case (RedMagic cs)
-      then show ?thesis
-        by simp
-    qed
-
-    show ?thesis
-    proof (cases "b = Magic")
-      case True
-      thus "s' \<noteq> Failure"
-        using "2"(2) red_cfg_magic_preserved by blast
-    next
-      case False
-
-      from this obtain ns0 where "b = Normal ns0"
-        using OneStepResult state.exhaust by blast
-
-      from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
-      proof cases
-        case (RedNormalSucc cs ns' succ)
-        have cond_global_block: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl (f(succ)), (Normal ns0)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
-        proof (rule allI | rule impI)+
-          fix m1' s1'
-          assume "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f succ), Normal ns0) -n\<rightarrow>* (m1', s1')"
-          show "s1' \<noteq> Failure"
-          proof (cases "((m1', s1') = (Inl (f succ), Normal ns0))")
-            case True
-            then show ?thesis 
-              by auto
-          next
-            case False
-            hence "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow> (Inl (f succ), Normal ns0)"
-              by (metis FunctionCorr NotCoalesced SourceBlock SuccBlocks TargetBlock \<open>b = Normal ns0\<close> in_set_member local.RedNormalSucc(2) local.RedNormalSucc(3) local.RedNormalSucc(4) local.RedNormalSucc(5) red_cfg.RedNormalSucc)
-            hence "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1'))"
-              by (simp add: \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f succ), Normal ns0) -n\<rightarrow>* (m1', s1')\<close> converse_rtranclp_into_rtranclp)
-            then show ?thesis
-              by (simp add: TargetVerifies)
-          qed
-        qed
-        hence "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ))"
-          by (metis GlobalBlockSucc SuccBlocks in_set_member local.RedNormalSucc(5))
-        then show ?thesis 
-          using cond_global_block
-          unfolding global_block_lemma_def
-          using "2"(2) \<open>b = Normal ns0\<close> local.RedNormalSucc(1) by blast
-      next
-        case (RedNormalReturn cs ns')
-        then show ?thesis 
-          using "2"(2) finished_remains by blast
-      next
-        case (RedFailure cs)
-        then show ?thesis 
-          by (simp add: OneStepResult)
-      next
-        case (RedMagic cs)
-        then show ?thesis 
-          by (simp add: False)
-      qed
-    qed
-  qed
-qed
-
-subsubsection \<open>Main Lemma 4: The following lemma shows that if in a block the global block lemma holds for all successors and the block was coalesced, then the hybrid block lemma holds\<close>
-
-lemma hybrid_block_succ:
-  assumes SuccBlocks: "out_edges G ! src_block = ls" and
-          GlobalBlockSucc: "\<forall>x\<in>set(ls). global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x))" and
-          FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
-          SourceBlock: "node_to_block G ! src_block = src_cmds"
-        shows "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds"
-  unfolding hybrid_block_lemma_def
-proof (rule allI | rule impI)+
-  fix m' ns s'
-  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')" and
-         TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block src_cmds ns"
-  show "s' \<noteq> Failure"
-  proof (cases rule: converse_rtranclpE2[OF RedSource])
-    case 1
-    then show ?thesis by blast
-  next
-    case (2 a b)
-    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> have OneStepResult: "b \<noteq> Failure"
-    proof cases
-      case (RedNormalSucc cs ns' n')
-      then show ?thesis
-        by simp
-    next
-      case (RedNormalReturn cs ns')
-      then show ?thesis
-        by simp
-    next
-      case (RedFailure cs)
-      then show ?thesis
-        using SourceBlock TargetVerifies hybrid_block_lemma_target_verifies_def by blast
-    next
-      case (RedMagic cs)
-      then show ?thesis
-        by blast
-    qed
-
-    show ?thesis
-    proof (cases "b = Magic")
-      case True
-      then show ?thesis
-        using "2"(2) red_cfg_magic_preserved by blast
-    next
-      case False
-      from this obtain ns0 where "b = Normal ns0"
-        using OneStepResult state.exhaust by blast
-      from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
-      proof cases
-        case (RedNormalSucc cs ns' succ)
-        hence "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] Normal ns0"
-          using SourceBlock \<open>b = Normal ns0\<close> by force
-
-        have cond_global_block: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl (f(succ)), (Normal ns0)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
-          using GlobalBlockSucc TargetVerifies
-          unfolding hybrid_block_lemma_target_verifies_def global_block_lemma_def hybrid_block_lemma_target_succ_verifies_def
-          by (metis FunctionCorr SuccBlocks \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>src_cmds,Normal ns\<rangle> [\<rightarrow>] Normal ns0\<close> in_set_member local.RedNormalSucc(5))
-
-        hence "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ))"
-          by (metis GlobalBlockSucc SuccBlocks in_set_member local.RedNormalSucc(5))
-        then show ?thesis
-          unfolding global_block_lemma_def
-          using "2"(2) \<open>b = Normal ns0\<close> cond_global_block local.RedNormalSucc(1) by blast
-      next
-        case (RedNormalReturn cs ns')
-        then show ?thesis
-          using "2"(2) finished_remains by blast
-      next
-        case (RedFailure cs)
-        then show ?thesis 
-          using OneStepResult by blast
-      next
-        case (RedMagic cs)
-        then show ?thesis 
-          by (simp add: False)
-      qed
-    qed
-  qed
-qed
-
-
-subsubsection \<open>Main Lemma 5: Following Lemma shows correctness of pruning of unreachable blocks if the block was not coalesced\<close>
-
-lemma pruning_not_coalesced:
-  assumes SuccBlocks: "out_edges G ! src_block = ls" and
-          TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
-          SourceBlock: "node_to_block G ! src_block = src_cmds" and
-          Pruning: "(Assume (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assert (Lit (LBool False))) \<in> set (src_cmds)" and
-          NotCoalesced: "tgt_cmds = src_cmds"
-        shows "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block"
-  unfolding global_block_lemma_def
-
-proof (rule allI | rule impI)+
-  fix m' ns s'
-  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')" and
-         TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
-  show "s'\<noteq>Failure"
-  proof (cases rule: converse_rtranclpE2[OF RedSource])
-    case 1
-    then show ?thesis
-      by blast
-  next
-    case (2 a b)
-    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close>  show ?thesis
-    proof cases
-      case (RedNormalSucc cs ns' n')
-      have "(Assume (Lit (LBool False))) \<in> set (cs) \<or> (Assert (Lit (LBool False))) \<in> set (cs)"
-        using Pruning SourceBlock local.RedNormalSucc(3) by blast
-      then show ?thesis
-      proof (cases "(Assume (Lit (LBool False))) \<in> set (cs)")
-        case True
-        hence "b = Magic"
-          using local.RedNormalSucc(4) magic_lemma_assume_false by blast
-        then show ?thesis
-          by (simp add: local.RedNormalSucc(2))
-      next
-        case False
-        hence "b = Magic \<or> b = Failure"
-          using \<open>Assume (Lit (LBool False)) \<in> set cs \<or> Assert (Lit (LBool False)) \<in> set cs\<close> local.RedNormalSucc(4) magic_lemma_assert_false by blast
-        then show ?thesis
-          by (simp add: local.RedNormalSucc(2))
-      qed
-
-    next
-      case (RedNormalReturn cs ns')
-      then show ?thesis 
-        by (metis "2"(2) Pair_inject finished_remains state.distinct(1))
-    next
-      case (RedFailure cs)
-      then show ?thesis
-        by (metis NotCoalesced SourceBlock TargetBlock TargetVerifies r_into_rtranclp red_cfg.RedFailure)
-    next
-      case (RedMagic cs)
-      then show ?thesis
-        using "2"(2) red_cfg_magic_preserved by blast
-    qed
-  qed
-qed
-
-subsubsection \<open>Main Lemma 6: Following Lemma shows correctness of pruning of unreachable blocks if the block was coalesced\<close>
-
-lemma pruning_coalesced:
-  assumes TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
-          SourceBlock: "node_to_block G ! src_block = src_cmds" and
-          Pruning: "(Assert (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assume (Lit (LBool False))) \<in> set (src_cmds)" and
-          Coalesced: "tgt_cmds = cs@src_cmds"
-        shows "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds"
-  unfolding hybrid_block_lemma_def
-
-proof (rule allI | rule impI)+
-  fix m' ns s'
-  assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')" and
-         TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block src_cmds ns"
-  show "s' \<noteq> Failure"
-  proof (cases rule: converse_rtranclpE2[OF RedSource])
-    case 1
-    then show ?thesis
-      by blast
-  next
-    case (2 a b)
-    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close>  show ?thesis
-    proof cases
-      case (RedNormalSucc cs ns' n')
-      have "(Assume (Lit (LBool False))) \<in> set (cs) \<or> (Assert (Lit (LBool False))) \<in> set (cs)"
-        using Pruning SourceBlock local.RedNormalSucc(3) by blast
-      then show ?thesis
-      proof (cases "(Assume (Lit (LBool False))) \<in> set (cs)")
-        case True
-        hence "b = Magic"
-          using local.RedNormalSucc(4) magic_lemma_assume_false by blast
-        then show ?thesis
-          by (simp add: local.RedNormalSucc(2))
-      next
-        case False
-        hence "b = Magic \<or> b = Failure"
-          using \<open>Assume (Lit (LBool False)) \<in> set cs \<or> Assert (Lit (LBool False)) \<in> set cs\<close> local.RedNormalSucc(4) magic_lemma_assert_false by blast
-        then show ?thesis
-          by (simp add: local.RedNormalSucc(2))
-      qed
-    next
-      case (RedNormalReturn cs ns')
-      then show ?thesis
-        by (metis "2"(2) Pair_inject finished_remains state.distinct(1))
-    next
-      case (RedFailure cs)
-      then show ?thesis 
-        using SourceBlock TargetVerifies hybrid_block_lemma_target_verifies_def by blast
-    next
-      case (RedMagic cs)
-      then show ?thesis 
-        using "2"(2) red_cfg_magic_preserved by blast
-    qed
-   
-  qed
-qed
-
 subsection \<open>Definition of free variables\<close>
 
 fun free_var_expr :: "expr \<Rightarrow> vname set"
@@ -1358,7 +647,7 @@ next
     unfolding free_var_cmdlist.simps
     by auto
 
-  have "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs',s''\<rangle> [\<rightarrow>] s'"
+  hence "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs',s''\<rangle> [\<rightarrow>] s'"
     using RedCmdListCons.IH 
     sorry (*Why doesn't this hold trivially? Shouldn't it directly follow from the implication?*)
 
@@ -1443,12 +732,8 @@ next
     have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
       using local.RedNormalSucc(1) local.RedNormalSucc(2) step.hyps(1) by auto
 
-    have nInBody: "cs \<in> set(node_to_block body)"
-      sorry
-    
-
-    have temp: "dom (map_of (proc_args proc @ locals' @ proc_rets proc)) - dom (map_of (proc_args proc @ locals @ proc_rets proc)) = dom (map_of locals') - (dom (map_of locals))"
-      using DomLocalInterRetsEmpty
+    have nInBody: "cs \<in> set(node_to_block body)" (* This doesn't work because I dont know if n < length (node_to_block body) *)
+      using RedNormalSucc(5)
       sorry
 
 
@@ -1463,13 +748,61 @@ next
       by (simp add: converse_rtranclp_into_rtranclp local.RedNormalSucc(1) local.RedNormalSucc(2) restSteps)
   next
     case (RedNormalReturn n cs ns ns')
-    then show ?thesis sorry
+    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      using local.RedNormalReturn(1) local.RedNormalReturn(2) step.hyps(1) by auto
+
+    have nInBody: "cs \<in> set(node_to_block body)"
+      using RedNormalReturn(5)
+      sorry
+
+
+    have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
+      apply (simp)
+      using MapLocal map_le_append_pre_post DomLocalInterRetsEmpty apply auto[1]
+      using NoDeadVariables local.RedNormalReturn(5) nInBody apply auto[1]
+      using WhereClausesFreeVars by simp
+
+    then show ?thesis 
+      by (simp add: converse_rtranclp_into_rtranclp local.RedNormalReturn(1) local.RedNormalReturn(2) restSteps)
   next
     case (RedFailure n cs ns)
-    then show ?thesis sorry
+    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      using local.RedFailure(1) local.RedFailure(2) step.hyps(1) by auto
+
+    have nInBody: "cs \<in> set(node_to_block body)"
+      using RedFailure(5)
+      sorry
+
+
+    have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
+      apply (simp)
+      using MapLocal map_le_append_pre_post DomLocalInterRetsEmpty apply auto[1]
+      using NoDeadVariables local.RedFailure(5) nInBody apply auto[1]
+      using WhereClausesFreeVars by simp
+
+    then show ?thesis 
+      by (simp add: converse_rtranclp_into_rtranclp local.RedFailure(1) local.RedFailure(2) restSteps)
   next
     case (RedMagic n cs ns)
-    then show ?thesis sorry
+    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      using local.RedMagic(1) local.RedMagic(2) step.hyps(1) by auto
+
+    have nInBody: "cs \<in> set(node_to_block body)"
+      using RedMagic(5)
+      sorry
+
+
+    have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
+      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
+      apply (simp)
+      using MapLocal map_le_append_pre_post DomLocalInterRetsEmpty apply auto[1]
+      using NoDeadVariables local.RedMagic(5) nInBody apply auto[1]
+      using WhereClausesFreeVars by simp
+
+    then show ?thesis 
+      by (simp add: converse_rtranclp_into_rtranclp local.RedMagic(1) local.RedMagic(2) restSteps)
   qed
 qed
 
@@ -1584,4 +917,5 @@ proof (simp add: Body2 del: proc_checked_posts.simps, (rule impI | rule allI)+)
   qed
 qed
 
+
 end
\ No newline at end of file

From b63d4b44f1abd55d8447e577ddda05a41afb35be Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Mon, 26 Jun 2023 17:13:03 +0200
Subject: [PATCH 44/74] Changed Definition of Global Block and Hybrid Block
 Lemma

---
 BoogieLang/CFGOptimizationsLoop.thy | 351 ++++++++++++++--------------
 1 file changed, 178 insertions(+), 173 deletions(-)

diff --git a/BoogieLang/CFGOptimizationsLoop.thy b/BoogieLang/CFGOptimizationsLoop.thy
index b937aeb..6033370 100644
--- a/BoogieLang/CFGOptimizationsLoop.thy
+++ b/BoogieLang/CFGOptimizationsLoop.thy
@@ -3,62 +3,51 @@ theory CFGOptimizationsLoop
 begin
 
 definition hybrid_block_lemma_target_succ_verifies
-  where "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' \<equiv>
+  where "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts\<equiv>
          (\<forall>ns1'. s1' = Normal ns1' \<longrightarrow>
                      (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow>
                           (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow>
-                                  s2' \<noteq> Failure)
+                                  valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m2' s2')
                      )
                    )"
 
 definition hybrid_block_lemma_target_verifies
-  where "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns \<equiv>              
+  where "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts\<equiv>              
             (\<forall>s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds, Normal ns\<rangle> [\<rightarrow>] s1') \<longrightarrow>  \<comment>\<open>First reduce the coalesced commands\<close>
                    s1' \<noteq> Failure \<and> 
                    \<comment>\<open>All successors blocks of \<^term>\<open>tgt_block\<close> must verify\<close>
-                   hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'
+                   hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts
               )"
 
-definition hybrid_block_lemma
-  where "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds \<equiv> 
-          \<forall>m' ns s'.  
-             (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>* (m', s')) \<longrightarrow>
-             hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns \<longrightarrow>
-             s' \<noteq> Failure"
 
-definition global_block_lemma
-  where "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block \<equiv> 
-          \<forall>m' ns s'.  
-             (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>* (m', s')) \<longrightarrow>
-             (\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl tgt_block, (Normal ns)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure) \<longrightarrow>
-             s' \<noteq> Failure"
+
+
 
 subsection \<open>Definition loop induction hypothesis and global block Lemma for blocks in a loop\<close>
 
 definition loop_ih_optimizations
-  where "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeader LoopHeader'  m' s' j \<equiv> 
+  where "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeader LoopHeader'  m' s' j posts\<equiv> 
           \<forall>j' ns1'. ((j' \<le> j) \<longrightarrow> 
                      (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl LoopHeader, Normal ns1') -n\<rightarrow>^j' (m', s')) \<longrightarrow>
-         (\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl LoopHeader', Normal ns1') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure) \<longrightarrow>
-                     s' \<noteq> Failure)"
-
+         (\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl LoopHeader', Normal ns1') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1') \<longrightarrow>
+                     valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s')"
 
 
 definition global_block_lemma_loop
-  where "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead \<equiv> 
+  where "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts \<equiv> 
           \<forall>m' ns s' j.  
              (red_cfg_k_step A M \<Lambda> \<Gamma> \<Omega> G ((Inl src_block),(Normal ns)) j (m',s')) \<longrightarrow>
-             (\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl tgt_block, (Normal ns)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure) \<longrightarrow>
-             (\<forall>(LoopHead,LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead'  m' s' j) \<longrightarrow>
-             s' \<noteq> Failure"
+             (\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl tgt_block, (Normal ns)) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1') \<longrightarrow>
+             (\<forall>(LoopHead,LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead'  m' s' j posts) \<longrightarrow>
+             valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
 
 definition hybrid_block_lemma_loop
-  where "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead\<equiv> 
+  where "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead posts\<equiv> 
           \<forall>m' ns s' j.  
              (red_cfg_k_step A M \<Lambda> \<Gamma> \<Omega> G ((Inl src_block),(Normal ns)) j (m',s')) \<longrightarrow>
-             hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns \<longrightarrow>
-             (\<forall>(LoopHead,LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead'  m' s' j) \<longrightarrow>
-             s' \<noteq> Failure"
+             hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts \<longrightarrow>
+             (\<forall>(LoopHead,LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead'  m' s' j posts) \<longrightarrow>
+             valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
 
 
 subsection \<open>Helper Lemmas\<close>
@@ -66,9 +55,9 @@ subsection \<open>Helper Lemmas\<close>
 lemma target_verifies: 
   assumes oneStep: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl a, Normal ns) -n\<rightarrow> (Inl b, Normal ns')" and
           cmd: "node_to_block(G) ! a = node_to_block(G') ! c" and
-          targetVerifies: "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl c, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure)" and
+          targetVerifies: "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl c, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1')" and
           member: "List.member (out_edges(G') ! c) d"
-        shows "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G'\<turnstile>(Inl d, Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+        shows "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G'\<turnstile>(Inl d, Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
 proof -
   have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G'  \<turnstile> (Inl c, Normal ns) -n\<rightarrow> (Inl d, Normal ns')"
     using oneStep cmd
@@ -80,7 +69,7 @@ proof -
 qed
 
 lemma one_step_not_failure:
-  assumes "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl a, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure)" and
+  assumes "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl a, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1')" and
           "node_to_block G ! b = node_to_block G' ! a" and
           "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl b, Normal ns) -n\<rightarrow> (c, d)"
         shows "d \<noteq> Failure"
@@ -94,60 +83,61 @@ next
 next
   case (RedFailure cs)
   then show ?thesis
-    by (metis assms(1) assms(2) r_into_rtranclp red_cfg.RedFailure)
+    by (metis assms(1) assms(2) r_into_rtranclp red_cfg.RedFailure valid_configuration_def)
 next
   case (RedMagic cs)
   then show ?thesis by auto
 qed
 
 lemma hybrid_block_lemma_loop_elim:
-  assumes "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead" and
+  assumes "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead posts" and
           "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>^j (m', s')" and
-          "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns" and 
-          "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
-  shows "s' \<noteq> Failure"
+          "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts" and 
+          "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts"
+  shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
   using assms
   unfolding hybrid_block_lemma_loop_def
   by blast
 
 lemma loop_ih_optimizations_one_less:
-  assumes "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
-  shows "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j-1)"
+  assumes "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts"
+  shows "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j-1) posts"
   using assms
   unfolding loop_ih_optimizations_def
   by (meson diff_le_self le_trans)
 
 lemma loop_ih_optimizations_more_less:
-  assumes "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j" and
+  assumes "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts" and
           "j' \<le> j"
-  shows "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j'"
+  shows "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j' posts"
   using assms
   unfolding loop_ih_optimizations_def
   by (meson diff_le_self le_trans)
 
 
 lemma loop_global_block_subset: 
-  assumes "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsSubset" and
+  assumes "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsSubset posts" and
           "(lsSubset) \<subseteq> (lsLoopHead)"
-     shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead"
+     shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"
   using assms
   unfolding global_block_lemma_loop_def
   by blast
 
 lemma normal_target_verfies_show_hybrid_verifies:
-  assumes TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure" and
+  assumes TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'" and
           TgtCmds: "node_to_block G' ! tgt_block = tgt_cmds"
-        shows "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns"
+        shows "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts"
   unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
 proof (rule allI | rule impI)+
   fix s1'
   assume oneStep: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds,Normal ns\<rangle> [\<rightarrow>] s1'"
-  show "(s1' \<noteq> Failure) \<and> (\<forall>ns1'. s1' = Normal ns1' \<longrightarrow> (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow> (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow> s2' \<noteq> Failure)))"
+  show "(s1' \<noteq> Failure) \<and> (\<forall>ns1'. s1' = Normal ns1' \<longrightarrow> (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow> (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m2' s2')))"
   proof -
     have "s1' \<noteq> Failure"
       using TargetVerifies
+      unfolding valid_configuration_def
       using RedFailure TgtCmds oneStep by blast
-    have "(\<forall>ns1'. s1' = Normal ns1' \<longrightarrow> (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow> (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow> s2' \<noteq> Failure)))"
+    have "(\<forall>ns1'. s1' = Normal ns1' \<longrightarrow> (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow> (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m2' s2')))"
       by (metis (no_types, lifting) RedNormalSucc TargetVerifies TgtCmds converse_rtranclp_into_rtranclp oneStep)
     then show ?thesis
       using \<open>s1' \<noteq> Failure\<close> by blast
@@ -159,28 +149,15 @@ lemma hybrid_block_lemma_target_succ_verifies_intro:
    "\<And>ns1' target_succ m2' s2'. s1' = Normal ns1' \<Longrightarrow>
            List.member (out_edges(G') ! tgt_block) target_succ \<Longrightarrow>
            (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<Longrightarrow>
-            s2' \<noteq> Failure"
- shows "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
+            valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m2' s2'"
+ shows "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts"
   using assms
   unfolding hybrid_block_lemma_target_succ_verifies_def
   by blast
 
-lemma hybrid_block_lemma_elim:
-  assumes "hybrid_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds" and
-          "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>* (m', s')" and
-          "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns"
-  shows "s' \<noteq> Failure"
-  using assms
-  unfolding hybrid_block_lemma_def
-  by blast
-
 
 
 
-text \<open>The lemmas above are just for convenience. They make it more pleasant to prove (..._intro) 
-and use (..._elim) the hybrid global block lemma definitions\<close>
-
-
 text \<open>We discussed the following useful lemma (that is used below in the main proofs)\<close>
 
 lemma red_cmd_append_failure_preserved:
@@ -310,23 +287,24 @@ subsubsection \<open>Main Lemma 1: Shows that the Loop Global Block Lemma holds
 
 lemma loopBlock_global_block:
   assumes   SuccBlocks: "out_edges G ! src_block = ls" and
-          GlobalBlockSucc: "\<forall>x\<in>set(ls).(\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList) \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))" and
+          GlobalBlockSucc: "\<forall>x\<in>set(ls).(\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts) \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))" and
           FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
           TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
           SourceBlock: "node_to_block G ! src_block = src_cmds" and
           NotCoalesced: "tgt_cmds = src_cmds"
-        shows     "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead"
+        shows     "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"
   unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
   fix m' ns s' j
   assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
-         IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j" and
-         TargetVerifies: "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure)"
-  show   "s' \<noteq> Failure "
+         IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts" and
+         TargetVerifies: "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1')"
+  show   "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
   proof (cases rule: relpowp_E2_2[OF k_step])
     case 1
     then show ?thesis 
-      by blast
+      unfolding valid_configuration_def 
+      by fastforce
   next
     case (2 a b m)
     have OneStepResult: "b \<noteq> Failure"
@@ -340,7 +318,9 @@ proof (rule allI | rule impI)+
       have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(a, b) -n\<rightarrow>* (m', s')"
         by (meson "2"(3) rtranclp_power)
       then show ?thesis
-        using True red_cfg_magic_preserved by blast
+        using True red_cfg_magic_preserved 
+        unfolding valid_configuration_def
+        by blast
     next
       case False
       from this obtain ns1 where "b = Normal ns1"
@@ -353,18 +333,18 @@ proof (rule allI | rule impI)+
         have oneStepG: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns')"
           using "2"(2) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
         then show ?thesis
-        proof (cases "\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList")
+        proof (cases "\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList posts")
           case True
-          from this obtain lsSubset where subset: "lsSubset\<subseteq>lsLoopHead" and globalBlockLoop: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubset"
+          from this obtain lsSubset where subset: "lsSubset\<subseteq>lsLoopHead" and globalBlockLoop: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubset posts"
             by auto
           have steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^(j - 1) (m', s')"
             using "2"(1) "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
-          have "\<forall>(LoopHeadG,LoopHeadG')\<in>lsSubset. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j"
+          have "\<forall>(LoopHeadG,LoopHeadG')\<in>lsSubset. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j posts"
             using IH subset by auto
-          hence loopIH: "\<forall>(LoopHeadG,LoopHeadG')\<in>lsSubset. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' (j - 1)"
+          hence loopIH: "\<forall>(LoopHeadG,LoopHeadG')\<in>lsSubset. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' (j - 1) posts"
             using loop_ih_optimizations_one_less
             using case_prodI2 by blast
-          have "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+          have "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
             apply (rule target_verifies[where ?c = tgt_block])
             apply (rule oneStepG)
             apply (simp add: NotCoalesced SourceBlock TargetBlock)
@@ -372,24 +352,24 @@ proof (rule allI | rule impI)+
             using succInList FunctionCorr in_set_member by fastforce
           then show ?thesis 
             using globalBlockLoop loopIH steps
-            unfolding global_block_lemma_loop_def
-            by simp
+            unfolding global_block_lemma_loop_def valid_configuration_def
+            by blast
         next
           case False
           from this obtain LoopHeadG LoopHeadG' where "succ = LoopHeadG \<and> f(succ) = LoopHeadG'" and "(LoopHeadG, LoopHeadG')\<in>lsLoopHead"
             using GlobalBlockSucc succInList by force
           hence SuccEqLoopHead: "succ = LoopHeadG \<and> f(succ) = LoopHeadG'"
-            using GlobalBlockSucc global_block_lemma_def succInList
+            using GlobalBlockSucc succInList
             by force
 
-          have verifies: "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+          have verifies: "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
             apply (rule target_verifies[where ?c = tgt_block])
             apply (rule oneStepG)
             apply (simp add: NotCoalesced SourceBlock TargetBlock)
             apply (rule TargetVerifies)
             using succInList FunctionCorr in_set_member by fastforce
 
-          have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j"
+          have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j posts"
             using IH SuccEqLoopHead False \<open>(LoopHeadG, LoopHeadG') \<in> lsLoopHead\<close> 
             by fastforce
 
@@ -400,8 +380,14 @@ proof (rule allI | rule impI)+
         qed
       next
         case (RedNormalReturn cs ns')
+        have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds, Normal ns\<rangle> [\<rightarrow>] s'"
+          by (metis "2"(3) NotCoalesced Pair_inject SourceBlock finished_remains local.RedNormalReturn(1) local.RedNormalReturn(2) local.RedNormalReturn(3) local.RedNormalReturn(4) relpowp_imp_rtranclp)
+        hence "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow> (m', s')"
+          sorry
+        
         then show ?thesis
-          by (metis "2"(3) OneStepResult Pair_inject finished_remains relpowp_imp_rtranclp)
+          unfolding valid_configuration_def
+          using TargetVerifies valid_configuration_def by blast
       next
         case (RedFailure cs)
         then show ?thesis
@@ -421,25 +407,26 @@ subsubsection \<open>Main Lemma 2: Shows that the Loop Global Block Lemma holds
 
 lemma loopHead_global_block:
   assumes SuccBlocks: "out_edges G ! src_block = ls" and
-          GlobalBlockSucc: "\<forall>x\<in>set(ls). (\<exists>lsSubsetList. lsSubsetList\<subseteq>(lsLoopHead \<union> {(src_block,tgt_block)}) \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList) \<or> (\<exists>(LoopHead, LoopHead')\<in>(lsLoopHead\<union>{(src_block,tgt_block)}). (x = LoopHead \<and> f(x) = LoopHead'))"  and
+          GlobalBlockSucc: "\<forall>x\<in>set(ls). (\<exists>lsSubsetList. lsSubsetList\<subseteq>(lsLoopHead \<union> {(src_block,tgt_block)}) \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts) \<or> (\<exists>(LoopHead, LoopHead')\<in>(lsLoopHead\<union>{(src_block,tgt_block)}). (x = LoopHead \<and> f(x) = LoopHead'))"  and
           FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
           TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
           SourceBlock: "node_to_block G ! src_block = src_cmds" and
           NotCoalesced: "tgt_cmds = src_cmds"
-        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead" 
+        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts" 
 unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
   fix m' ns s' j
   assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
-         TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure" and
-         IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
-  show "s' \<noteq> Failure" using TargetVerifies k_step GlobalBlockSucc IH
+         TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'" and
+         IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts"
+  show "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'" using TargetVerifies k_step GlobalBlockSucc IH
   proof (induction j arbitrary: ns rule: less_induct)
     case (less j)
     then show ?case
     proof (cases rule: relpowp_E2_2[OF less(3)])
       case 1
       then show ?thesis
+        unfolding valid_configuration_def
         by auto
     next
       case (2 a b m)
@@ -454,7 +441,9 @@ proof (rule allI | rule impI)+
         have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(a, b) -n\<rightarrow>* (m', s')"
           by (meson "2"(3) relpowp_imp_rtranclp)
         then show ?thesis
-          using True red_cfg_magic_preserved by blast
+          using True red_cfg_magic_preserved 
+          unfolding valid_configuration_def
+          by blast
       next
         case False
         from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
@@ -463,7 +452,7 @@ proof (rule allI | rule impI)+
           have succInList: "succ \<in> set(ls)"
             using SuccBlocks in_set_member local.RedNormalSucc(5) by fastforce
 
-          obtain LoopHeadG LoopHeadG' lsSubsetList where cond: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList \<or> (succ = LoopHeadG \<and> f(succ) = LoopHeadG')" and elem: "(LoopHeadG, LoopHeadG')\<in>(lsLoopHead\<union>{(src_block, tgt_block)}) \<and> lsSubsetList \<subseteq> lsLoopHead\<union>{(src_block, tgt_block)}"
+          obtain LoopHeadG LoopHeadG' lsSubsetList where cond: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList posts \<or> (succ = LoopHeadG \<and> f(succ) = LoopHeadG')" and elem: "(LoopHeadG, LoopHeadG')\<in>(lsLoopHead\<union>{(src_block, tgt_block)}) \<and> lsSubsetList \<subseteq> lsLoopHead\<union>{(src_block, tgt_block)}"
             using succInList less.prems(3)
             by blast
           have oneStepG: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns')"
@@ -471,42 +460,42 @@ proof (rule allI | rule impI)+
             by simp
          
           then show ?thesis
-          proof (cases "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList")
+          proof (cases "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList posts")
             case True
-            have loopIHSrcTgt: "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block m' s' (j-1)"
+            have loopIHSrcTgt: "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block m' s' (j-1) posts"
               unfolding loop_ih_optimizations_def
               proof (rule allI | rule impI)+
                 fix j' ns1'
                 assume "j' \<le> j-1" and
                        j'Step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns1') -n\<rightarrow>^j' (m', s')" and 
-                       TargetVer: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns1') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
-                show "s' \<noteq> Failure"
+                       TargetVer: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns1') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
+                show "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
                   using less.IH
                 proof -
                   have strictlySmaller: "j' < j" 
                     using "2"(1) \<open>j' \<le> j - 1\<close> verit_comp_simplify1(3) by linarith
-                  have loopIHHolds: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j'"
+                  have loopIHHolds: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j' posts"
                     using less.prems(4) loop_ih_optimizations_more_less
                     by (metis (no_types, lifting) \<open>j' \<le> j - 1\<close> case_prodD case_prodI2 loop_ih_optimizations_one_less)
-                  thus "s'\<noteq>Failure"
+                  thus "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
                     using j'Step TargetVer less.IH strictlySmaller GlobalBlockSucc loopIHHolds
                     by blast
                 qed
               qed
-            have  globalBlockLoopHolds: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList"
+            have  globalBlockLoopHolds: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList posts"
               using True by simp
             have steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^(j - 1) (m', s')"
               using "2"(1) "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by force
-            have succVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f succ), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+            have succVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f succ), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
               apply (rule target_verifies[where ?c = tgt_block])
               apply (rule oneStepG)
               apply (simp add: NotCoalesced SourceBlock TargetBlock)
               apply (simp add: less.prems(1))
               using succInList FunctionCorr in_set_member by fastforce
-            have "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead \<union> {(src_block, tgt_block)}. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j - 1)"
+            have "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead \<union> {(src_block, tgt_block)}. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j - 1) posts"
               using IH loop_ih_optimizations_one_less loopIHSrcTgt less.prems(4) Un_iff 
               by blast
-            hence "\<forall>(LoopHead, LoopHead')\<in>lsSubsetList. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j - 1)"
+            hence "\<forall>(LoopHead, LoopHead')\<in>lsSubsetList. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j - 1) posts"
               using elem by auto
             then show ?thesis
               using globalBlockLoopHolds steps succVerifies
@@ -521,12 +510,12 @@ proof (rule allI | rule impI)+
               case True
               have srcAgain: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns') -n\<rightarrow>^(j-1) (m', s')"
                 using "2"(1) "2"(3) SuccEqLoopHead True local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
-              have TargetVerifiesAgain: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+              have TargetVerifiesAgain: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
                 using TargetVerifies
                 by (metis FunctionCorr NotCoalesced Pair_inject SourceBlock SuccEqLoopHead TargetBlock True converse_rtranclp_into_rtranclp in_set_member less.prems(1) local.RedNormalSucc(3) local.RedNormalSucc(4) red_cfg.RedNormalSucc succInList)
               have strictlySmaller: "j-1<j"
                 by (simp add: "2"(1))
-              have "\<forall>(LoopHead,LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j-1)"
+              have "\<forall>(LoopHead,LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j-1) posts"
                 using less(5) loop_ih_optimizations_one_less
                 by blast
               then show ?thesis
@@ -536,7 +525,7 @@ proof (rule allI | rule impI)+
               case False
               hence "(LoopHeadG, LoopHeadG') \<in> (lsLoopHead)"
                 using elem by auto
-              hence loopIH: "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j"
+              hence loopIH: "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j posts"
                 using less.prems(4)
                 by fastforce
               have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^m (m', s')"
@@ -544,7 +533,7 @@ proof (rule allI | rule impI)+
               hence stepsFromSucc: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^(j-1) (m', s')"
                 using \<open>j = Suc m\<close>
                 by simp
-              have "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f succ), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+              have "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f succ), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
                 apply (rule target_verifies[where ?c = tgt_block])
                 apply (rule oneStepG)
                 apply (simp add: NotCoalesced SourceBlock TargetBlock)
@@ -559,7 +548,8 @@ proof (rule allI | rule impI)+
         next
           case (RedNormalReturn cs ns')
           then show ?thesis
-            by (metis "2"(3) OneStepResult finished_remains old.prod.inject relpowp_imp_rtranclp)
+            unfolding valid_configuration_def
+            sorry
         next
           case (RedFailure cs)
           then show ?thesis
@@ -583,24 +573,25 @@ text \<open>The use case for this lemma is when a loop head gets coalesced\<clos
 
 lemma loopHead_global_block_hybrid:
   assumes OneSucc:"out_edges G ! src_block = [succ]" and 
-          HybridHoldsSucc: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' succ tgt_block tgt_cmds_0 (lsLoopHead\<union>{(src_block, tgt_block)})" and  
+          HybridHoldsSucc: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' succ tgt_block tgt_cmds_0 (lsLoopHead\<union>{(src_block, tgt_block)}) posts" and  
           SrcCmds: "node_to_block G ! src_block = src_cmds" and
           TgtCmds: "node_to_block G' ! tgt_block = tgt_cmds" and
           CoalescedBlock: "tgt_cmds = src_cmds@tgt_cmds_0"
-        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' src_block tgt_block lsLoopHead"
+        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' src_block tgt_block lsLoopHead posts"
   unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
   fix m' ns s' j
   assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
-         TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure" and
-         IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
-  show "s' \<noteq> Failure" using TargetVerifies k_step IH
+         TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'" and
+         IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts"
+  show "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'" using TargetVerifies k_step IH
   proof (induction j arbitrary: ns rule: less_induct)
     case (less j)
     then show ?case
     proof (cases rule: relpowp_E2_2[OF less(3)])
       case 1
       then show ?thesis
+        unfolding valid_configuration_def
         by auto
     next
       case (2 a b m)
@@ -616,6 +607,7 @@ proof (rule allI | rule impI)+
         next
           case (RedFailure cs)
           then show ?thesis
+            using valid_configuration_def
             by (metis assms(3) assms(4) assms(5) less.prems(1) r_into_rtranclp red_cfg.RedFailure red_cmd_append_failure_preserved)
         next
           case (RedMagic cs)
@@ -628,7 +620,9 @@ proof (rule allI | rule impI)+
         have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(a, b) -n\<rightarrow>* (m', s')"
           by (meson "2"(3) relpowp_imp_rtranclp)
         then show ?thesis
-          using True red_cfg_magic_preserved by blast
+          using True red_cfg_magic_preserved
+          unfolding valid_configuration_def
+          by blast
       next
         case False
         from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
@@ -638,38 +632,38 @@ proof (rule allI | rule impI)+
             by (metis OneSucc local.RedNormalSucc(5) member_rec(1) member_rec(2))
           hence mSteps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^m (m', s')"
             using "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by blast
-          have "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns"
+          have "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts"
             apply (rule normal_target_verfies_show_hybrid_verifies)
             using less.prems(1) apply blast
             by (simp add: TgtCmds)
 
-          hence hybridTargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_0 ns'"
+          hence hybridTargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_0 ns' posts"
             using less(2)
             unfolding hybrid_block_lemma_target_verifies_def
             using SrcCmds CoalescedBlock local.RedNormalSucc(3) local.RedNormalSucc(4) red_cmd_list_append by blast
-          have loopIH: "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block m' s' m"
+          have loopIH: "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block m' s' m posts"
             unfolding loop_ih_optimizations_def
           proof (rule allI | rule impI)+
             fix j' ns1'
             assume "j'\<le>m" and
                    steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns1') -n\<rightarrow>^j' (m', s')" and
-                   TarVer: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns1') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
-            show "s' \<noteq> Failure"
+                   TarVer: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns1') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
+            show "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
               using less.IH
             proof -
               have strictlySmaller:"j'<j"
                 using "2"(1) \<open>j' \<le> m\<close> by auto
-              have "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j'"
+              have "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j' posts"
                 using loop_ih_optimizations_more_less less(4)
                 by (metis (no_types, lifting) \<open>j' < j\<close> case_prodD case_prodI2 order_less_imp_le)
-              thus "s' \<noteq> Failure"
+              thus "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
                 using strictlySmaller TarVer steps less.IH
                 by blast
             qed
           qed
           have "m\<le>j"
             by (simp add: "2"(1))
-          hence "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead \<union> {(src_block, tgt_block)}.loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m"
+          hence "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead \<union> {(src_block, tgt_block)}.loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m posts"
             using loop_ih_optimizations_more_less less(4) loopIH
             by blast
           then show ?thesis 
@@ -701,21 +695,22 @@ subsubsection \<open>Main Lemma 4: Shows that the Loop Hybrid Block Lemma holds
 
 lemma loopBlock_global_block_hybrid:
 assumes   SuccBlocks: "out_edges G ! src_block = ls" and
-          GlobalBlockSucc: "\<forall>x\<in>set(ls).(\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList) \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))"  and
+          GlobalBlockSucc: "\<forall>x\<in>set(ls).(\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts) \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))"  and
           FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
           SourceBlock: "node_to_block G ! src_block = src_cmds" 
-shows     "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds lsLoopHead"
+shows     "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds lsLoopHead posts"
 unfolding hybrid_block_lemma_loop_def
 proof (rule allI | rule impI)+
 fix m' ns s' j
 assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
-IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j" and
-TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block src_cmds ns"
-show   "s' \<noteq> Failure "
+IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts" and
+TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block src_cmds ns posts"
+show   "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
 proof (cases rule: relpowp_E2_2[OF k_step])
   case 1
   then show ?thesis
-    by blast
+    unfolding valid_configuration_def
+    using is_final_config.simps(1) by blast
 next
   case (2 a b m)
   from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> have OneStepResult: "b \<noteq> Failure"
@@ -739,7 +734,9 @@ next
     have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(a, b) -n\<rightarrow>* (m', s')"
       by (meson "2"(3) rtranclp_power)
     then show ?thesis
-      using True red_cfg_magic_preserved by blast
+      unfolding valid_configuration_def
+      using True red_cfg_magic_preserved 
+      by blast
   next
     case False
     from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
@@ -750,27 +747,27 @@ next
       have oneStepG: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns')"
         using "2"(2) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
       then show ?thesis 
-      proof (cases "\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList")
+      proof (cases "\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList posts")
         case True
-        from this obtain lsSubset where subset: "lsSubset\<subseteq>lsLoopHead" and globalBlockLoop: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubset"
+        from this obtain lsSubset where subset: "lsSubset\<subseteq>lsLoopHead" and globalBlockLoop: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubset posts"
           by auto
 
         have mSteps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^m (m', s')"
           using "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
         have "m\<le>j"
           by (simp add: "2"(1))
-        then have "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m"
+        then have "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m posts"
           using loop_ih_optimizations_more_less IH
           by blast
-        then have IH_holds: "\<forall>(LoopHead, LoopHead')\<in>lsSubset. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m"
+        then have IH_holds: "\<forall>(LoopHead, LoopHead')\<in>lsSubset. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m posts"
           using subset by blast
 
         have transCl: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>* (m', s')"
           by (metis "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) relpowp_imp_rtranclp)
 
-        have "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+        have "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
           using GlobalBlockSucc TargetVerifies
-          unfolding hybrid_block_lemma_target_verifies_def global_block_lemma_def hybrid_block_lemma_target_succ_verifies_def
+          unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
           by (metis (mono_tags, lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
 
         then show ?thesis
@@ -779,29 +776,29 @@ next
           by (smt (verit) case_prodD case_prodI2 globalBlockLoop global_block_lemma_loop_def)
       next
         case False
-        from this obtain LoopHeadG LoopHeadG' where cond: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsLoopHead \<or> (succ = LoopHeadG \<and> f(succ) = LoopHeadG')" and inList: "(LoopHeadG, LoopHeadG')\<in>lsLoopHead"
+        from this obtain LoopHeadG LoopHeadG' where cond: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsLoopHead posts \<or> (succ = LoopHeadG \<and> f(succ) = LoopHeadG')" and inList: "(LoopHeadG, LoopHeadG')\<in>lsLoopHead"
           using GlobalBlockSucc case_prodE succInList by fastforce
         then show ?thesis
-        proof (cases "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsLoopHead")
+        proof (cases "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsLoopHead posts")
           case True
-          have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j"
+          have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j posts"
             using IH inList
             by blast 
-          hence "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' (j - 1)"
+          hence "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' (j - 1) posts"
             using IH
             unfolding loop_ih_optimizations_def
             by (meson less_imp_diff_less linorder_not_less)
 
-          have loopIH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j - 1)"
+          have loopIH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j - 1) posts"
             using IH loop_ih_optimizations_one_less
             by blast
 
           have steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^(j - 1) (m', s')"
             using "2"(1) "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
 
-          have "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+          have "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
             using GlobalBlockSucc TargetVerifies
-            unfolding hybrid_block_lemma_target_verifies_def global_block_lemma_def hybrid_block_lemma_target_succ_verifies_def
+            unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
             by (metis (no_types, opaque_lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
           then show ?thesis
             using True loopIH steps
@@ -810,15 +807,15 @@ next
         next
           case False
           hence SuccEqLoopHead: "succ = LoopHeadG \<and> f(succ) = LoopHeadG'"
-            using GlobalBlockSucc global_block_lemma_def succInList cond 
+            using GlobalBlockSucc succInList cond 
             by force
 
-          have verifies: "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
+          have verifies: "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
             using GlobalBlockSucc TargetVerifies
-            unfolding hybrid_block_lemma_target_verifies_def global_block_lemma_def hybrid_block_lemma_target_succ_verifies_def
+            unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
             by (metis (mono_tags, lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
 
-         have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j"
+         have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j posts"
             using IH inList
             by fastforce
 
@@ -831,7 +828,7 @@ next
     next
       case (RedNormalReturn cs ns')
       then show ?thesis
-        by (metis "2"(3) OneStepResult Pair_inject finished_remains relpowp_imp_rtranclp)
+        sorry
     next
       case (RedFailure cs)
       then show ?thesis 
@@ -854,24 +851,24 @@ the loop hybrid block lemma for block i-1. Below the suffix 1 is used for i and
 
 lemma extend_hybrid_global_block_lemma_loop:
  assumes 
-      NextGlobal: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block_1 tgt_block tgt_cmds_1 lsLoopHead" and      
+      NextGlobal: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block_1 tgt_block tgt_cmds_1 lsLoopHead posts" and      
       SourceBlock: "node_to_block G ! src_block_0 = cs" and
       SourceSucc: "out_edges G ! src_block_0 = [src_block_1]" and
                   "tgt_cmds_0 = cs@tgt_cmds_1"
  shows                    
-      "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block_0 tgt_block tgt_cmds_0 lsLoopHead"
+      "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block_0 tgt_block tgt_cmds_0 lsLoopHead posts"
   unfolding hybrid_block_lemma_loop_def
 proof (rule allI | rule impI)+ \<comment>\<open>Here, we are applying initial proof rule to get rid of universal quantifiers and implications\<close>
   fix m' ns s' j
   assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block_0, Normal ns) -n\<rightarrow>^j (m', s')" and
-         TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_0 ns" and 
-         IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
-
-  show "s' \<noteq> Failure"
+         TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_0 ns posts" and 
+         IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts"
+  show "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
   proof (cases rule: relpowp_E2_2[OF k_step])
     case 1
     then show ?thesis 
-      by fast
+      unfolding valid_configuration_def
+      using is_final_config.simps(1) by blast
   next
     case (2 b s0)
     from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block_0, Normal ns) -n\<rightarrow> (b, s0)\<close>
@@ -909,8 +906,9 @@ proof (rule allI | rule impI)+ \<comment>\<open>Here, we are applying initial pr
       case True
       have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(b, s0) -n\<rightarrow>* (m', s')"
         by (meson "2"(3) relpowp_imp_rtranclp)
-      thus "s' \<noteq> Failure"
+      thus "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
         using red_cfg_magic_preserved[OF \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(b, s0) -n\<rightarrow>* (m', s')\<close>] True 
+        unfolding valid_configuration_def
         by blast     
     next
       case False
@@ -922,7 +920,7 @@ proof (rule allI | rule impI)+ \<comment>\<open>Here, we are applying initial pr
         using "2"(1) "2"(3) OneStepResult \<open>s0 = Normal ns0\<close> by auto
       show ?thesis
       proof (rule hybrid_block_lemma_loop_elim[OF NextGlobal RedSuccBlock]) 
-        show "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_1 ns0"
+        show "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_1 ns0 posts"
           unfolding hybrid_block_lemma_target_verifies_def
         proof (rule allI, rule impI, rule conjI)
           fix s1'
@@ -941,13 +939,13 @@ proof (rule allI | rule impI)+ \<comment>\<open>Here, we are applying initial pr
             by (simp add: red_cmd_list_append)
 
           
-          thus "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
+          thus "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts"
             using TargetVerifies
             unfolding hybrid_block_lemma_target_verifies_def
             by fast
         qed
         
-        show "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j-1)"
+        show "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j-1) posts"
           using IH  loop_ih_optimizations_one_less 
           by blast
 
@@ -961,19 +959,19 @@ subsubsection \<open>Main lemma 6 (converting loop hybrid global block lemma to
 
 lemma convert_hybrid_global_block_lemma_loop:
  assumes 
-      HybridGlobal: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead" and
+      HybridGlobal: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead posts" and
       TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds"
  shows 
-      "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead"  
+      "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"  
   unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
   fix m' ns s' j
   assume RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
-     TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure" and
-     IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
-  show "s' \<noteq> Failure"
+     TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'" and
+     IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts"
+  show "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
   proof (rule hybrid_block_lemma_loop_elim[OF HybridGlobal RedSource])  
-    show "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns"
+    show "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts"
       unfolding hybrid_block_lemma_target_verifies_def
     proof (rule allI, rule impI)
       fix s1'
@@ -992,9 +990,10 @@ proof (rule allI | rule impI)+
           by simp
         thus False
           using TargetVerifies
+          unfolding valid_configuration_def
           by blast        
       qed
-      moreover have "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
+      moreover have "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts"
       proof (rule hybrid_block_lemma_target_succ_verifies_intro)
         fix ns1' tgt_succ m2' s2'
         assume "s1' = Normal ns1'" and 
@@ -1012,17 +1011,17 @@ proof (rule allI | rule impI)+
           apply (rule RedTargetSucc)
           done
 
-        thus "s2' \<noteq> Failure"
+        thus "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m2' s2'"
           using TargetVerifies
           by blast
       qed
 
       ultimately show 
-       "s1' \<noteq> Failure \<and> hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1'"
+       "s1' \<noteq> Failure \<and> hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts"
         by simp
     qed
 
-    show "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j"
+    show "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts"
       using IH by auto
   qed
 qed
@@ -1035,13 +1034,13 @@ lemma pruning_not_coalesced_loop:
           SourceBlock: "node_to_block G ! src_block = src_cmds" and
           Pruning: "(Assume (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assert (Lit (LBool False))) \<in> set (src_cmds)" and
           NotCoalesced: "tgt_cmds = src_cmds"
-        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block {}"
+        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block {} posts"
   unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
   fix m' ns s' j
   assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
-         TargetVerifies: "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> s1' \<noteq> Failure"
-  show "s' \<noteq> Failure"
+         TargetVerifies: "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
+  show "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
   proof -
     from k_step have RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')"
       by (simp add: relpowp_imp_rtranclp)
@@ -1049,7 +1048,8 @@ proof (rule allI | rule impI)+
     proof (cases rule: converse_rtranclpE2[OF RedSource])
       case 1
       then show ?thesis
-        by blast
+        unfolding valid_configuration_def
+        using is_final_config.simps(1) by blast
     next
       case (2 a b)
       from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close>  show ?thesis
@@ -1074,14 +1074,16 @@ proof (rule allI | rule impI)+
       next
         case (RedNormalReturn cs ns')
         then show ?thesis 
-          by (metis "2"(2) Pair_inject finished_remains state.distinct(1))
+          sorry
       next
         case (RedFailure cs)
         then show ?thesis
-          by (metis NotCoalesced SourceBlock TargetBlock TargetVerifies r_into_rtranclp red_cfg.RedFailure)
+          unfolding valid_configuration_def
+          by (metis NotCoalesced SourceBlock TargetBlock TargetVerifies r_into_rtranclp red_cfg.RedFailure valid_configuration_def)
       next
         case (RedMagic cs)
         then show ?thesis
+          unfolding valid_configuration_def
           using "2"(2) red_cfg_magic_preserved by blast
       qed
     qed
@@ -1095,14 +1097,14 @@ lemma pruning_coalesced_loop:
           SourceBlock: "node_to_block G ! src_block = src_cmds" and
           Pruning: "(Assert (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assume (Lit (LBool False))) \<in> set (src_cmds)" and
           Coalesced: "tgt_cmds = cs@src_cmds"
-        shows "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds {}"
+        shows "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds {} posts"
   unfolding hybrid_block_lemma_loop_def
 
 proof (rule allI | rule impI)+
   fix m' ns s' j
   assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
-         TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block src_cmds ns"
-  show "s' \<noteq> Failure"
+         TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block src_cmds ns posts"
+  show "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
   proof -
     have RedSource: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>* (m', s')"
       by (meson k_step rtranclp_power)
@@ -1110,7 +1112,8 @@ proof (rule allI | rule impI)+
     proof (cases rule: converse_rtranclpE2[OF RedSource])
       case 1
       then show ?thesis
-        by blast
+        unfolding valid_configuration_def
+        by fastforce
     next
       case (2 a b)
       from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close>  show ?thesis
@@ -1135,7 +1138,7 @@ proof (rule allI | rule impI)+
       next
         case (RedNormalReturn cs ns')
         then show ?thesis
-         by (metis "2"(2) Pair_inject finished_remains state.distinct(1))
+          sorry
       next
         case (RedFailure cs)
         then show ?thesis 
@@ -1143,6 +1146,7 @@ proof (rule allI | rule impI)+
       next
         case (RedMagic cs)
         then show ?thesis 
+          unfolding valid_configuration_def
           using "2"(2) red_cfg_magic_preserved by blast
       qed
     qed
@@ -1151,13 +1155,14 @@ qed
 
 
 subsubsection \<open>Main Lemma 9: Loop Global Block with empty set is equal to normal global block lemma \<close>
-
+(*
 lemma empty_loop_global_block_eq_global_block: 
   assumes "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block {}"
   shows "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block"
   using assms 
   unfolding global_block_lemma_loop_def global_block_lemma_def
   by (metis (no_types, lifting) ball_empty rtranclp_imp_relpowp)
+*)
 
 
 end
\ No newline at end of file

From caeeac6f8550f14c235ebb76cc4ca3d0dd38eef2 Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Thu, 29 Jun 2023 07:26:10 +0200
Subject: [PATCH 45/74] Edited assumptions of Lemmas and changed the proof
 accordingly

---
 BoogieLang/CFGOptimizationsLoop.thy | 63 +++++++++++++++++------------
 1 file changed, 38 insertions(+), 25 deletions(-)

diff --git a/BoogieLang/CFGOptimizationsLoop.thy b/BoogieLang/CFGOptimizationsLoop.thy
index 6033370..7d0f081 100644
--- a/BoogieLang/CFGOptimizationsLoop.thy
+++ b/BoogieLang/CFGOptimizationsLoop.thy
@@ -21,8 +21,6 @@ definition hybrid_block_lemma_target_verifies
 
 
 
-
-
 subsection \<open>Definition loop induction hypothesis and global block Lemma for blocks in a loop\<close>
 
 definition loop_ih_optimizations
@@ -291,7 +289,8 @@ lemma loopBlock_global_block:
           FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
           TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
           SourceBlock: "node_to_block G ! src_block = src_cmds" and
-          NotCoalesced: "tgt_cmds = src_cmds"
+          NotCoalesced: "tgt_cmds = src_cmds" and
+          NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
         shows     "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"
   unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
@@ -383,7 +382,8 @@ proof (rule allI | rule impI)+
         have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds, Normal ns\<rangle> [\<rightarrow>] s'"
           by (metis "2"(3) NotCoalesced Pair_inject SourceBlock finished_remains local.RedNormalReturn(1) local.RedNormalReturn(2) local.RedNormalReturn(3) local.RedNormalReturn(4) relpowp_imp_rtranclp)
         hence "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow> (m', s')"
-          sorry
+          using NotCoalesced TargetBlock RedNormalReturn NoSuccEq
+          by (metis "2"(3) SourceBlock SuccBlocks finished_remains red_cfg.RedNormalReturn relpowp_imp_rtranclp)
         
         then show ?thesis
           unfolding valid_configuration_def
@@ -411,7 +411,8 @@ lemma loopHead_global_block:
           FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
           TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
           SourceBlock: "node_to_block G ! src_block = src_cmds" and
-          NotCoalesced: "tgt_cmds = src_cmds"
+          NotCoalesced: "tgt_cmds = src_cmds" and
+          NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
         shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts" 
 unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
@@ -547,9 +548,16 @@ proof (rule allI | rule impI)+
           qed
         next
           case (RedNormalReturn cs ns')
+          have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds, Normal ns\<rangle> [\<rightarrow>] s'"
+            by (metis "2"(3) NotCoalesced Pair_inject SourceBlock finished_remains local.RedNormalReturn(1) local.RedNormalReturn(2) local.RedNormalReturn(3) local.RedNormalReturn(4) relpowp_imp_rtranclp)
+          hence "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow> (m', s')"
+            using NotCoalesced TargetBlock RedNormalReturn NoSuccEq
+            by (metis "2"(3) SourceBlock SuccBlocks finished_remains red_cfg.RedNormalReturn relpowp_imp_rtranclp)
+        
           then show ?thesis
             unfolding valid_configuration_def
-            sorry
+            using TargetVerifies
+            by (meson less.prems(1) r_into_rtranclp valid_configuration_def)
         next
           case (RedFailure cs)
           then show ?thesis
@@ -697,7 +705,8 @@ lemma loopBlock_global_block_hybrid:
 assumes   SuccBlocks: "out_edges G ! src_block = ls" and
           GlobalBlockSucc: "\<forall>x\<in>set(ls).(\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts) \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))"  and
           FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
-          SourceBlock: "node_to_block G ! src_block = src_cmds" 
+          SourceBlock: "node_to_block G ! src_block = src_cmds"  and
+          NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
 shows     "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds lsLoopHead posts"
 unfolding hybrid_block_lemma_loop_def
 proof (rule allI | rule impI)+
@@ -771,9 +780,9 @@ next
           by (metis (mono_tags, lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
 
         then show ?thesis
-          using True IH_holds mSteps subset
+          using True IH_holds mSteps subset globalBlockLoop
           unfolding global_block_lemma_loop_def
-          by (smt (verit) case_prodD case_prodI2 globalBlockLoop global_block_lemma_loop_def)
+          by presburger
       next
         case False
         from this obtain LoopHeadG LoopHeadG' where cond: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsLoopHead posts \<or> (succ = LoopHeadG \<and> f(succ) = LoopHeadG')" and inList: "(LoopHeadG, LoopHeadG')\<in>lsLoopHead"
@@ -827,7 +836,11 @@ next
       qed
     next
       case (RedNormalReturn cs ns')
+      have "out_edges G' ! tgt_block = []"
+        using NoSuccEq SuccBlocks local.RedNormalReturn(5) by auto
       then show ?thesis
+        using TargetVerifies
+        unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
         sorry
     next
       case (RedFailure cs)
@@ -1033,7 +1046,8 @@ lemma pruning_not_coalesced_loop:
           TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
           SourceBlock: "node_to_block G ! src_block = src_cmds" and
           Pruning: "(Assume (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assert (Lit (LBool False))) \<in> set (src_cmds)" and
-          NotCoalesced: "tgt_cmds = src_cmds"
+          NotCoalesced: "tgt_cmds = src_cmds" and
+          NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
         shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block {} posts"
   unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
@@ -1073,8 +1087,15 @@ proof (rule allI | rule impI)+
         qed
       next
         case (RedNormalReturn cs ns')
-        then show ?thesis 
-          sorry
+        have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds, Normal ns\<rangle> [\<rightarrow>] s'"
+          by (metis "2"(2) NotCoalesced Pair_inject SourceBlock finished_remains local.RedNormalReturn(1) local.RedNormalReturn(2) local.RedNormalReturn(3) local.RedNormalReturn(4))
+        hence "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow> (m', s')"
+          using NotCoalesced TargetBlock RedNormalReturn NoSuccEq
+          using "2"(2) SuccBlocks finished_remains red_cfg.RedNormalReturn by blast
+        
+        then show ?thesis
+          unfolding valid_configuration_def
+          using TargetVerifies valid_configuration_def by blast
       next
         case (RedFailure cs)
         then show ?thesis
@@ -1096,7 +1117,8 @@ lemma pruning_coalesced_loop:
   assumes TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
           SourceBlock: "node_to_block G ! src_block = src_cmds" and
           Pruning: "(Assert (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assume (Lit (LBool False))) \<in> set (src_cmds)" and
-          Coalesced: "tgt_cmds = cs@src_cmds"
+          Coalesced: "tgt_cmds = cs@src_cmds" and
+          NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
         shows "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds {} posts"
   unfolding hybrid_block_lemma_loop_def
 
@@ -1136,8 +1158,10 @@ proof (rule allI | rule impI)+
             by (simp add: local.RedNormalSucc(2))
         qed
       next
-        case (RedNormalReturn cs ns')
+        case (RedNormalReturn cs ns')        
         then show ?thesis
+          using TargetVerifies valid_configuration_def
+          unfolding hybrid_block_lemma_target_verifies_def 
           sorry
       next
         case (RedFailure cs)
@@ -1154,15 +1178,4 @@ proof (rule allI | rule impI)+
 qed
 
 
-subsubsection \<open>Main Lemma 9: Loop Global Block with empty set is equal to normal global block lemma \<close>
-(*
-lemma empty_loop_global_block_eq_global_block: 
-  assumes "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block {}"
-  shows "global_block_lemma A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block"
-  using assms 
-  unfolding global_block_lemma_loop_def global_block_lemma_def
-  by (metis (no_types, lifting) ball_empty rtranclp_imp_relpowp)
-*)
-
-
 end
\ No newline at end of file

From 6707e6c2170f05f21c1e9e1353677b73f96f52b5 Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Sun, 2 Jul 2023 18:31:09 +0200
Subject: [PATCH 46/74] Changed Hybrid Block Lemma to get rid of the last sorry
 statements

---
 BoogieLang/CFGOptimizationsLoop.thy | 76 ++++++++++++++++++++++-------
 1 file changed, 58 insertions(+), 18 deletions(-)

diff --git a/BoogieLang/CFGOptimizationsLoop.thy b/BoogieLang/CFGOptimizationsLoop.thy
index 7d0f081..ac21ad8 100644
--- a/BoogieLang/CFGOptimizationsLoop.thy
+++ b/BoogieLang/CFGOptimizationsLoop.thy
@@ -14,7 +14,7 @@ definition hybrid_block_lemma_target_succ_verifies
 definition hybrid_block_lemma_target_verifies
   where "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts\<equiv>              
             (\<forall>s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds, Normal ns\<rangle> [\<rightarrow>] s1') \<longrightarrow>  \<comment>\<open>First reduce the coalesced commands\<close>
-                   s1' \<noteq> Failure \<and> 
+                   (if (out_edges(G') ! tgt_block = []) then valid_configuration A \<Lambda> \<Gamma> \<Omega> posts (Inr()) s1' else s1' \<noteq> Failure) \<and> 
                    \<comment>\<open>All successors blocks of \<^term>\<open>tgt_block\<close> must verify\<close>
                    hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts
               )"
@@ -129,8 +129,17 @@ lemma normal_target_verfies_show_hybrid_verifies:
 proof (rule allI | rule impI)+
   fix s1'
   assume oneStep: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds,Normal ns\<rangle> [\<rightarrow>] s1'"
-  show "(s1' \<noteq> Failure) \<and> (\<forall>ns1'. s1' = Normal ns1' \<longrightarrow> (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow> (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m2' s2')))"
-  proof -
+  show "((if out_edges G' ! tgt_block = []
+            then valid_configuration A \<Lambda> \<Gamma> \<Omega> posts (Inr ()) s1'
+            else s1' \<noteq> Failure)) \<and> (\<forall>ns1'. s1' = Normal ns1' \<longrightarrow> (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow> (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m2' s2')))"
+  proof (cases "out_edges G' ! tgt_block = []")
+    case True
+    have "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts (Inr ()) s1'"
+      by (metis RedFailure RedNormalReturn TargetVerifies TgtCmds True oneStep r_into_rtranclp valid_configuration_def)
+    then show ?thesis
+      by (simp add: True member_rec(2))
+  next
+    case False
     have "s1' \<noteq> Failure"
       using TargetVerifies
       unfolding valid_configuration_def
@@ -138,10 +147,12 @@ proof (rule allI | rule impI)+
     have "(\<forall>ns1'. s1' = Normal ns1' \<longrightarrow> (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow> (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m2' s2')))"
       by (metis (no_types, lifting) RedNormalSucc TargetVerifies TgtCmds converse_rtranclp_into_rtranclp oneStep)
     then show ?thesis
-      using \<open>s1' \<noteq> Failure\<close> by blast
+      using \<open>s1' \<noteq> Failure\<close>
+      using False by presburger
   qed
 qed
 
+
 lemma hybrid_block_lemma_target_succ_verifies_intro:
   assumes 
    "\<And>ns1' target_succ m2' s2'. s1' = Normal ns1' \<Longrightarrow>
@@ -274,7 +285,28 @@ next
 qed
 qed
 
-
+lemma BlockID_no_succ:
+  assumes "node_to_block G ! block = cs" and
+          "out_edges G ! block = []" and
+          "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block, Normal ns) -n\<rightarrow> (m', s')"
+        shows "m' = Inr()"
+  using assms(3)
+proof cases
+  case (RedNormalSucc cs ns' n')
+  then show ?thesis
+    by (simp add: assms(2) member_rec(2))
+next
+  case (RedNormalReturn cs ns')
+  then show ?thesis by simp
+next
+  case (RedFailure cs)
+  then show ?thesis 
+    by simp
+next
+  case (RedMagic cs)
+  then show ?thesis 
+    by simp
+qed
 
 
 subsection \<open>Main Lemmas for Loops\<close>
@@ -732,7 +764,7 @@ next
   next
     case (RedFailure cs)
     then show ?thesis
-      using SourceBlock TargetVerifies hybrid_block_lemma_target_verifies_def by blast
+      by (metis SourceBlock TargetVerifies hybrid_block_lemma_target_verifies_def valid_configuration_def)
   next
     case (RedMagic cs)
     then show ?thesis by blast
@@ -838,10 +870,12 @@ next
       case (RedNormalReturn cs ns')
       have "out_edges G' ! tgt_block = []"
         using NoSuccEq SuccBlocks local.RedNormalReturn(5) by auto
+      have "m' = Inr()"
+        by (metis "2"(3) Pair_inject finished_remains local.RedNormalReturn(1) relpowp_imp_rtranclp)
       then show ?thesis
         using TargetVerifies
-        unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
-        sorry
+        unfolding hybrid_block_lemma_target_verifies_def valid_configuration_def
+        by (metis "2"(3) Pair_inject SourceBlock \<open>out_edges G' ! tgt_block = []\<close> finished_remains local.RedNormalReturn(1) local.RedNormalReturn(2) local.RedNormalReturn(3) local.RedNormalReturn(4) relpowp_imp_rtranclp)
     next
       case (RedFailure cs)
       then show ?thesis 
@@ -905,7 +939,7 @@ proof (rule allI | rule impI)+ \<comment>\<open>Here, we are applying initial pr
       hence False 
         using TargetVerifies \<open> node_to_block G ! src_block_0 = cs\<close> \<open>tgt_cmds_0 = _\<close> SourceBlock
         unfolding hybrid_block_lemma_target_verifies_def
-        by blast
+        by (metis valid_configuration_def)
       thus ?thesis
         by simp        
     next
@@ -940,7 +974,7 @@ proof (rule allI | rule impI)+ \<comment>\<open>Here, we are applying initial pr
           assume "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds_1,Normal ns0\<rangle> [\<rightarrow>] s1'"
           with RedBlock0 have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs@tgt_cmds_1,Normal ns\<rangle> [\<rightarrow>] s1'"
             by (simp add: red_cmd_list_append)
-          thus "s1' \<noteq> Failure"
+          thus "if out_edges G' ! tgt_block = [] then valid_configuration A \<Lambda> \<Gamma> \<Omega> posts (Inr ()) s1' else s1' \<noteq> Failure"
             using TargetVerifies \<open>tgt_cmds_0 = cs @ tgt_cmds_1\<close>
             unfolding hybrid_block_lemma_target_verifies_def
             by simp
@@ -1030,8 +1064,8 @@ proof (rule allI | rule impI)+
       qed
 
       ultimately show 
-       "s1' \<noteq> Failure \<and> hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts"
-        by simp
+       "(if out_edges G' ! tgt_block = [] then valid_configuration A \<Lambda> \<Gamma> \<Omega> posts (Inr ()) s1' else s1' \<noteq> Failure) \<and> hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts"
+        by (metis RedNormalReturn RedTgtCmds TargetBlock TargetVerifies r_into_rtranclp valid_configuration_def)
     qed
 
     show "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts"
@@ -1118,7 +1152,7 @@ lemma pruning_coalesced_loop:
           SourceBlock: "node_to_block G ! src_block = src_cmds" and
           Pruning: "(Assert (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assume (Lit (LBool False))) \<in> set (src_cmds)" and
           Coalesced: "tgt_cmds = cs@src_cmds" and
-          NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
+          NoSuccEq: "out_edges G ! src_block = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
         shows "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds {} posts"
   unfolding hybrid_block_lemma_loop_def
 
@@ -1159,14 +1193,20 @@ proof (rule allI | rule impI)+
         qed
       next
         case (RedNormalReturn cs ns')        
-        then show ?thesis
-          using TargetVerifies valid_configuration_def
-          unfolding hybrid_block_lemma_target_verifies_def 
-          sorry
+        have "out_edges G' ! tgt_block = []"
+          by (simp add: NoSuccEq local.RedNormalReturn(5))
+        have "m' = Inr()"
+          using BlockID_no_succ
+          by (metis "2"(1) "2"(2) finished_remains local.RedNormalReturn(5))
+      then show ?thesis
+        using TargetVerifies
+        unfolding hybrid_block_lemma_target_verifies_def valid_configuration_def
+        by (metis "2"(2) Pair_inject SourceBlock \<open>out_edges G' ! tgt_block = []\<close> finished_remains local.RedNormalReturn(1) local.RedNormalReturn(2) local.RedNormalReturn(3) local.RedNormalReturn(4))
       next
         case (RedFailure cs)
         then show ?thesis 
-          using SourceBlock TargetVerifies hybrid_block_lemma_target_verifies_def by blast
+          using SourceBlock TargetVerifies hybrid_block_lemma_target_verifies_def
+          by (metis valid_configuration_def)
       next
         case (RedMagic cs)
         then show ?thesis 

From b0168f9db59cea52b7573a9b1f181a74faee7ab6 Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Wed, 5 Jul 2023 10:23:58 +0200
Subject: [PATCH 47/74] Changed sorry statements dead variables elimination

---
 BoogieLang/DeadVarElimination.thy | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/BoogieLang/DeadVarElimination.thy b/BoogieLang/DeadVarElimination.thy
index 910da3c..9544341 100644
--- a/BoogieLang/DeadVarElimination.thy
+++ b/BoogieLang/DeadVarElimination.thy
@@ -616,7 +616,6 @@ next
   then show ?case
     by (simp add: red_cmd.RedPropagateFailure)
 qed
-  
 
 lemma red_cfg_dead_variables_cmdlist:
 assumes oneStep: "A,[],\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s\<rangle> [\<rightarrow>] s'" and
@@ -732,9 +731,11 @@ next
     have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
       using local.RedNormalSucc(1) local.RedNormalSucc(2) step.hyps(1) by auto
 
-    have nInBody: "cs \<in> set(node_to_block body)" (* This doesn't work because I dont know if n < length (node_to_block body) *)
-      using RedNormalSucc(5)
+    have "n < length (node_to_block body)"
       sorry
+    hence nInBody: "cs \<in> set(node_to_block body)"
+      using RedNormalSucc(5)
+      by auto
 
 
     have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
@@ -751,9 +752,11 @@ next
     have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
       using local.RedNormalReturn(1) local.RedNormalReturn(2) step.hyps(1) by auto
 
-    have nInBody: "cs \<in> set(node_to_block body)"
-      using RedNormalReturn(5)
+    have "n < length (node_to_block body)"
       sorry
+    hence nInBody: "cs \<in> set(node_to_block body)"
+      using RedNormalReturn(5)
+      by auto
 
 
     have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
@@ -770,9 +773,11 @@ next
     have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
       using local.RedFailure(1) local.RedFailure(2) step.hyps(1) by auto
 
-    have nInBody: "cs \<in> set(node_to_block body)"
-      using RedFailure(5)
+    have "n < length (node_to_block body)"
       sorry
+    hence nInBody: "cs \<in> set(node_to_block body)"
+      using RedFailure(5)
+      by auto
 
 
     have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
@@ -789,9 +794,11 @@ next
     have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
       using local.RedMagic(1) local.RedMagic(2) step.hyps(1) by auto
 
-    have nInBody: "cs \<in> set(node_to_block body)"
-      using RedMagic(5)
+    have "n < length (node_to_block body)"
       sorry
+    hence nInBody: "cs \<in> set(node_to_block body)"
+      using RedMagic(5)
+      by auto
 
 
     have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"

From 4bacb2a701cd4fb0a2d6dd902fece3d52ef73c4b Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Sun, 9 Jul 2023 15:18:53 +0200
Subject: [PATCH 48/74] get rid of sorry on line 651

---
 BoogieLang/DeadVarElimination.thy | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/BoogieLang/DeadVarElimination.thy b/BoogieLang/DeadVarElimination.thy
index 9544341..32013a4 100644
--- a/BoogieLang/DeadVarElimination.thy
+++ b/BoogieLang/DeadVarElimination.thy
@@ -1,5 +1,5 @@
 theory DeadVarElimination
-  imports Boogie_Lang.Semantics Boogie_Lang.Util
+  imports Semantics Util
 begin
 
 subsection \<open>Definition of free variables\<close>
@@ -618,12 +618,12 @@ next
 qed
 
 lemma red_cfg_dead_variables_cmdlist:
-assumes oneStep: "A,[],\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s\<rangle> [\<rightarrow>] s'" and
+assumes oneStep: "A,[] :: 'p proc_context,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s\<rangle> [\<rightarrow>] s'" and
         "fst \<Lambda> = fst \<Lambda>'" and
         MapLocal: "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>'))" and 
         freeVarCmdList: "free_var_cmdlist cs \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {}" and 
         WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl \<Lambda>' x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {} "
-      shows "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s\<rangle> [\<rightarrow>] s'"
+      shows "A,[] :: 'p proc_context,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s\<rangle> [\<rightarrow>] s'"
   using oneStep freeVarCmdList
 proof (induction rule: red_cmd_list.inducts)
   case (RedCmdListNil s)
@@ -646,11 +646,9 @@ next
     unfolding free_var_cmdlist.simps
     by auto
 
-  hence "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs',s''\<rangle> [\<rightarrow>] s'"
+  hence "A,[] :: 'p proc_context,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs',s''\<rangle> [\<rightarrow>] s'"
     using RedCmdListCons.IH 
-    sorry (*Why doesn't this hold trivially? Shouldn't it directly follow from the implication?*)
-
-  
+    by blast
     
   then show ?case
     using oneStep red_cmd_list.RedCmdListCons by blast
@@ -666,7 +664,7 @@ lemma red_cfg_dead_variables_cmdlist_onestep:
   using assms
 proof cases
   case (RedNormalSucc cs ns' n')
-  have "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns'"
+  have "A,[] :: mbodyCFG proc_context,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns'"
     apply (rule red_cfg_dead_variables_cmdlist[OF RedNormalSucc(4) fstEq MapLocal _ WhereClausesFreeVars])
     using NoDeadVariables local.RedNormalSucc(3) by auto
 
@@ -674,7 +672,7 @@ proof cases
     using local.RedNormalSucc(1) local.RedNormalSucc(2) local.RedNormalSucc(3) local.RedNormalSucc(5) red_cfg.RedNormalSucc by blast
 next
   case (RedNormalReturn cs ns')
-  have "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns'"
+  have "A,[] :: mbodyCFG proc_context,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns'"
     apply (rule red_cfg_dead_variables_cmdlist[OF RedNormalReturn(4) fstEq MapLocal _ WhereClausesFreeVars])
     using NoDeadVariables local.RedNormalReturn(3) by auto
 
@@ -682,14 +680,14 @@ next
     using local.RedNormalReturn(1) local.RedNormalReturn(2) local.RedNormalReturn(3) local.RedNormalReturn(5) red_cfg.RedNormalReturn by blast
 next
   case (RedFailure cs)
-  have "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Failure"
+  have "A,[] :: mbodyCFG proc_context,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Failure"
     apply (rule red_cfg_dead_variables_cmdlist[OF RedFailure(4) fstEq MapLocal _ WhereClausesFreeVars])
     using NoDeadVariables local.RedFailure(3) by auto
   then show ?thesis
     using local.RedFailure(1) local.RedFailure(2) local.RedFailure(3) red_cfg.RedFailure by blast
 next
   case (RedMagic cs)
-  have "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Magic"
+  have "A,[] :: mbodyCFG proc_context,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Magic"
     apply (rule red_cfg_dead_variables_cmdlist[OF RedMagic(4) fstEq MapLocal _ WhereClausesFreeVars])
     using NoDeadVariables local.RedMagic(3) by auto
   then show ?thesis

From c6699cfa03345b4ffee6ac9c85506be04eb4292a Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Sun, 9 Jul 2023 15:26:06 +0200
Subject: [PATCH 49/74] add CondExp cases (after merging master)

---
 BoogieLang/DeadVarElimination.thy | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/BoogieLang/DeadVarElimination.thy b/BoogieLang/DeadVarElimination.thy
index 32013a4..bb4d098 100644
--- a/BoogieLang/DeadVarElimination.thy
+++ b/BoogieLang/DeadVarElimination.thy
@@ -12,6 +12,7 @@ where
 | "free_var_expr (UnOp unop ex) = free_var_expr (ex)"
 | "free_var_expr (BinOp ex1 binop ex2) = free_var_expr (ex1) \<union> free_var_expr (ex2)"
 | "free_var_expr (FunExp fname ty_list ex_ls)  = \<Union> (Set.image free_var_expr (set ex_ls))" 
+| "free_var_expr (CondExp cond thn els) = free_var_expr cond \<union> free_var_expr thn \<union> free_var_expr els"
 | "free_var_expr (Old ex) = free_var_expr (ex)"
 | "free_var_expr (Forall ty ex) = free_var_expr (ex)"
 | "free_var_expr (Exists ty ex) = free_var_expr (ex)"
@@ -254,12 +255,12 @@ next
     using RedFunOp
     by (simp add: red_expr_red_exprs.RedFunOp)
 next
-(*case (RedCondExpTrue \<Omega> cond n_s thn v els)
+case (RedCondExpTrue \<Omega> cond n_s thn v els)
   then show ?case sorry
 next
   case (RedCondExpFalse \<Omega> cond n_s els v thn)
   then show ?case sorry
-next *)
+next
   case (RedOld \<Omega> e n_s v)
   then show ?case
     by (simp add: red_expr_red_exprs.RedOld)
@@ -294,11 +295,11 @@ next
 next
   case (RedForAllFalse v \<Omega> ty e n_s)
   then show ?case
-    using free_var_expr.simps(8) red_expr_red_exprs.RedForAllFalse by blast
+    using free_var_expr.simps(9) red_expr_red_exprs.RedForAllFalse  by blast
 next
   case (RedExistsTrue v \<Omega> ty e n_s)
   then show ?case
-    using free_var_expr.simps(9) red_expr_red_exprs.RedExistsTrue by blast
+    using free_var_expr.simps(10) red_expr_red_exprs.RedExistsTrue by blast
 next
   case (RedExistsFalse \<Omega> ty e n_s)
   then show ?case

From 78ee660ebcab3e7d942a459de569f5122f9ed4e8 Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Mon, 10 Jul 2023 07:07:38 +0200
Subject: [PATCH 50/74] Sorry statements conditional expressions

---
 BoogieLang/DeadVarElimination.thy | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/BoogieLang/DeadVarElimination.thy b/BoogieLang/DeadVarElimination.thy
index bb4d098..80068fc 100644
--- a/BoogieLang/DeadVarElimination.thy
+++ b/BoogieLang/DeadVarElimination.thy
@@ -255,11 +255,25 @@ next
     using RedFunOp
     by (simp add: red_expr_red_exprs.RedFunOp)
 next
-case (RedCondExpTrue \<Omega> cond n_s thn v els)
-  then show ?case sorry
+  case (RedCondExpTrue \<Omega> cond n_s thn v els)
+  hence condTrue: "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>cond,n_s\<rangle> \<Down> BoolV True"
+    by (simp add: disjoint_iff_not_equal)
+  have "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>thn,n_s\<rangle> \<Down> v"
+    using RedCondExpTrue
+    by (simp add: Int_Un_distrib2)
+  then show ?case 
+    using condTrue
+    by (simp add: red_expr_red_exprs.RedCondExpTrue)
 next
   case (RedCondExpFalse \<Omega> cond n_s els v thn)
-  then show ?case sorry
+  hence condTrue: "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>cond,n_s\<rangle> \<Down> BoolV False"
+    by (simp add: disjoint_iff_not_equal)
+  have "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>els,n_s\<rangle> \<Down> v"
+    using RedCondExpFalse
+    by (simp add: disjoint_eq_subset_Compl)
+  then show ?case 
+    using condTrue
+    by (simp add: red_expr_red_exprs.RedCondExpFalse)
 next
   case (RedOld \<Omega> e n_s v)
   then show ?case

From e87d56f0ce3ab93a23f3667ddc706d6151929b0a Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Tue, 11 Jul 2023 16:41:22 +0200
Subject: [PATCH 51/74] Removed sorry statement

---
 BoogieLang/DeadVarElimination.thy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/BoogieLang/DeadVarElimination.thy b/BoogieLang/DeadVarElimination.thy
index 80068fc..ff4403d 100644
--- a/BoogieLang/DeadVarElimination.thy
+++ b/BoogieLang/DeadVarElimination.thy
@@ -911,7 +911,7 @@ proof (simp add: Body2 del: proc_checked_posts.simps, (rule impI | rule allI)+)
         proof -
           
           have EqPosts: "(proc_checked_posts proc) = (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>))"
-            sorry
+            by simp
 
           have "expr_all_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> ns' (proc_checked_posts proc)"
             using valid_proc 

From 832b1e7a72beef9349ed91daad1e8b3fe0cf0b2f Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Tue, 11 Jul 2023 20:30:37 +0200
Subject: [PATCH 52/74] add CFGOptimizationsLoop

---
 BoogieLang/ROOT | 1 +
 1 file changed, 1 insertion(+)

diff --git a/BoogieLang/ROOT b/BoogieLang/ROOT
index a528044..9cf8665 100644
--- a/BoogieLang/ROOT
+++ b/BoogieLang/ROOT
@@ -18,3 +18,4 @@ session Boogie_Lang = "HOL" +
     BackedgeElim
     Ast
     Ast_Cfg_Transformation
+	CFGOptimizationsLoop

From 4538f3d32a6eba77f9d121e515ecfc95d491cb11 Mon Sep 17 00:00:00 2001
From: lukashimmelreich <lukas.himmelreich@hotmail.ch>
Date: Wed, 12 Jul 2023 15:08:20 +0200
Subject: [PATCH 53/74] Changed Pruning of Unreachable Blocks Lemma

---
 BoogieLang/CFGOptimizationsLoop.thy | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/BoogieLang/CFGOptimizationsLoop.thy b/BoogieLang/CFGOptimizationsLoop.thy
index ac21ad8..a856e38 100644
--- a/BoogieLang/CFGOptimizationsLoop.thy
+++ b/BoogieLang/CFGOptimizationsLoop.thy
@@ -1082,7 +1082,7 @@ lemma pruning_not_coalesced_loop:
           Pruning: "(Assume (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assert (Lit (LBool False))) \<in> set (src_cmds)" and
           NotCoalesced: "tgt_cmds = src_cmds" and
           NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
-        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block {} posts"
+        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"
   unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
   fix m' ns s' j
@@ -1153,7 +1153,7 @@ lemma pruning_coalesced_loop:
           Pruning: "(Assert (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assume (Lit (LBool False))) \<in> set (src_cmds)" and
           Coalesced: "tgt_cmds = cs@src_cmds" and
           NoSuccEq: "out_edges G ! src_block = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
-        shows "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds {} posts"
+        shows "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds lsLoopHead posts"
   unfolding hybrid_block_lemma_loop_def
 
 proof (rule allI | rule impI)+

From d526aa1a370fb955f4e05cdd381510607e598a68 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Tue, 18 Jul 2023 15:31:28 +0200
Subject: [PATCH 54/74] minor

---
 BoogieLang/Ast.thy      | 9 ++++-----
 BoogieLang/HelperML.thy | 4 +++-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index dea946e..195bcbc 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -39,11 +39,6 @@ fun convert_list_to_cont :: "bigblock list \<Rightarrow> cont \<Rightarrow> cont
     "convert_list_to_cont [] cont0 = cont0"
   | "convert_list_to_cont (x#xs) cont0 = KSeq x (convert_list_to_cont xs cont0)"
 
-fun convert_ast_to_program_point :: "ast \<Rightarrow> bigblock \<times> cont" where
-    "convert_ast_to_program_point [] = ((BigBlock None [] None None), KStop)"
-  | "convert_ast_to_program_point (b#bs) = (b, convert_list_to_cont bs KStop)"
-
-
 text\<open>auxillary function to find the label a Goto statement is referring to\<close>
 fun find_label :: "label \<Rightarrow> bigblock list \<Rightarrow> cont \<Rightarrow> ((bigblock * cont) option)" where
     "find_label lbl [] cont = None" 
@@ -200,6 +195,10 @@ subsection \<open>Procedure Correctness\<close>
 
 text\<open>defining correctness of the AST\<close>
 
+fun convert_ast_to_program_point :: "ast \<Rightarrow> bigblock \<times> cont" where
+    "convert_ast_to_program_point [] = ((BigBlock None [] None None), KStop)"
+  | "convert_ast_to_program_point (b#bs) = (b, convert_list_to_cont bs KStop)"
+
 fun init_ast :: "ast \<Rightarrow> 'a nstate \<Rightarrow> 'a ast_config"
   where
     "init_ast [] ns1 = ((BigBlock None [] None None), KStop, Normal ns1)"
diff --git a/BoogieLang/HelperML.thy b/BoogieLang/HelperML.thy
index 65613a4..f368689 100644
--- a/BoogieLang/HelperML.thy
+++ b/BoogieLang/HelperML.thy
@@ -13,7 +13,9 @@ fun assm_full_simp_solved_tac ctxt = (asm_full_simp_tac ctxt |> SOLVED')
 fun assm_full_simp_solved_with_thms_tac thms ctxt = (asm_full_simp_tac (add_simps thms ctxt) |> SOLVED')
 
 fun fastforce_tac ctxt thms = Clasimp.fast_force_tac (add_simps thms ctxt)
-\<close>                                     
+
+fun simp_only_tac thms ctxt = asm_full_simp_tac (add_simps thms (Simplifier.clear_simpset ctxt))
+\<close>                         
 
 ML 
 \<open>

From 007d58d32ff0d5d3c23d7b81975f615226a85571 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Sat, 21 Oct 2023 16:49:40 +0200
Subject: [PATCH 55/74] adjust procedure correctness definition to take unique
 constants into account

---
 BoogieLang/Semantics.thy | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index 0c662c9..745e9ec 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -701,11 +701,19 @@ abbreviation axiom_assm
   where "axiom_assm A \<Gamma> consts ns axioms \<equiv> 
      (axioms_sat A (consts, []) \<Gamma> (nstate_global_restriction ns consts) axioms)"
 
-fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdecls \<Rightarrow> vdecls \<Rightarrow> axiom list \<Rightarrow> 'struct_ty2 procedure \<Rightarrow> 
+text \<open>The following condition specifies what must hold for the list of constants with a unique modifier.
+      The condition states that all corresponding values in the state must be distinct. Note that constants
+      without unique modifiers may have values that clash with unique constants, which is consistent with the 
+      verification condition generated by Boogie (status 21.10.2023).\<close>
+
+definition unique_constants_distinct :: "'a named_state \<Rightarrow> vname list \<Rightarrow> bool"
+  where "unique_constants_distinct ns xs \<longleftrightarrow> distinct (map (\<lambda>x. the (ns x)) xs)"
+
+fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdecls \<Rightarrow> vname list \<Rightarrow> vdecls \<Rightarrow> axiom list \<Rightarrow> 'struct_ty2 procedure \<Rightarrow> 
                        ('a absval_ty_fun \<Rightarrow> 'struct_ty proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> 'struct_ty2 \<Rightarrow> 'a nstate \<Rightarrow> bool) \<Rightarrow> 
                          bool"
   where 
-    "proc_is_correct A fun_decls constants global_vars axioms proc proc_body_satisfies_spec_general =  
+    "proc_is_correct A fun_decls constants unique_consts global_vars axioms proc proc_body_satisfies_spec_general =  
       (case proc_body(proc) of
         Some (locals, struct) \<Rightarrow> 
           ( ( (\<forall>t. closed t \<longrightarrow> (\<exists>v. type_of_val A (v :: 'a val) = t)) \<and> (\<forall>v. closed ((type_of_val A) v)) ) \<longrightarrow>
@@ -714,6 +722,7 @@ fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdec
              (\<forall>\<Omega> gs ls. (list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc) \<longrightarrow>        
              (state_typ_wf A \<Omega> gs (constants @ global_vars) \<longrightarrow>
               state_typ_wf A \<Omega> ls ((proc_args proc)@ (locals @ proc_rets proc)) \<longrightarrow>
+              unique_constants_distinct gs unique_consts \<longrightarrow>
               (axioms_sat A (constants, []) \<Gamma> (global_to_nstate (state_restriction gs constants)) axioms) \<longrightarrow>            
               (proc_body_satisfies_spec_general 
                                         A [] (constants@global_vars, (proc_args proc)@(locals@(proc_rets proc))) \<Gamma> \<Omega> 

From 825300d8716462c2cda9392273e7108dee8ad18a Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Sat, 21 Oct 2023 16:59:51 +0200
Subject: [PATCH 56/74] minor

---
 BoogieLang/Semantics.thy | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index 745e9ec..225f761 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -704,7 +704,11 @@ abbreviation axiom_assm
 text \<open>The following condition specifies what must hold for the list of constants with a unique modifier.
       The condition states that all corresponding values in the state must be distinct. Note that constants
       without unique modifiers may have values that clash with unique constants, which is consistent with the 
-      verification condition generated by Boogie (status 21.10.2023).\<close>
+      verification condition generated by Boogie (status 21.10.2023).
+      Note that the verification condition only forces distinctness between values of unique constants of 
+      the \<^emph>\<open>same\<close> type. Here, we force distinctness between values of all unique constants. These two
+      definitions are equivalent, since values of different types are distinct in Boogie by default
+      (every value can have only one type as reflected by the function \<^term>\<open>type_of_val\<close>).\<close>
 
 definition unique_constants_distinct :: "'a named_state \<Rightarrow> vname list \<Rightarrow> bool"
   where "unique_constants_distinct ns xs \<longleftrightarrow> distinct (map (\<lambda>x. the (ns x)) xs)"

From 6d64175da4c5e2ec78b4eb94152b0458beae583e Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Sat, 21 Oct 2023 17:15:20 +0200
Subject: [PATCH 57/74] theories work again

---
 BoogieLang/Ast_Cfg_Transformation.thy | 8 ++++++--
 BoogieLang/BackedgeElim.thy           | 8 ++++++--
 BoogieLang/PassificationML.thy        | 2 +-
 BoogieLang/Semantics.thy              | 5 +++--
 4 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index b6ef662..fd5a574 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -2127,6 +2127,7 @@ lemma end_to_end_util2:
            (expr_all_sat B \<Lambda> \<Gamma> [] ns all_pres) \<Longrightarrow>
            (state_typ_wf B [] (local_state ns) (snd \<Lambda>)) \<Longrightarrow>
            (state_typ_wf B [] (global_state ns) (fst \<Lambda>)) \<Longrightarrow>
+           (unique_constants_distinct (global_state ns) unique_consts) \<Longrightarrow>
            ((global_state ns) = (old_global_state ns)) \<Longrightarrow>
            ((binder_state ns) = Map.empty) \<Longrightarrow> 
            (Ast.valid_configuration B \<Lambda> \<Gamma> [] checked_posts end_bb end_cont end_state)" and
@@ -2139,9 +2140,9 @@ lemma end_to_end_util2:
           "axs = prog_axioms prog" and*)
           "proc_ty_args proc_ast = 0" 
           (*"const_decls = prog_consts prog"*)
-        shows "proc_is_correct B fun_decls constants global_vars axioms proc_ast (Ast.proc_body_satisfies_spec :: 'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool)"
+        shows "proc_is_correct B fun_decls constants unique_consts global_vars axioms proc_ast (Ast.proc_body_satisfies_spec :: 'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool)"
 proof -
-  show "proc_is_correct B fun_decls constants global_vars axioms proc_ast (Ast.proc_body_satisfies_spec :: 'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool)"
+  show "proc_is_correct B fun_decls constants unique_consts global_vars axioms proc_ast (Ast.proc_body_satisfies_spec :: 'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool)"
   proof( (simp only: proc_is_correct.simps), subst ABody, simp split: option.split, (rule allI | rule impI)+,
          unfold proc_body_satisfies_spec_def,(rule allI | rule impI)+)  
     fix \<Gamma> \<Omega> gs ls end_bb end_cont end_state
@@ -2150,6 +2151,7 @@ proof -
            ARenv: "list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc_ast" and
            WfGlobal: "state_typ_wf B \<Omega> gs (constants @ global_vars)" and
            WfLocal: "state_typ_wf B \<Omega> ls (proc_args proc_ast @ locals @ proc_rets proc_ast)" and
+           UniqueConsts: "unique_constants_distinct gs unique_consts" and
            AxSat: "axioms_sat B (constants, []) \<Gamma>
         \<lparr>old_global_state = Map.empty, global_state = state_restriction gs constants, local_state = Map.empty, binder_state = Map.empty\<rparr>
         axioms" and
@@ -2182,6 +2184,8 @@ proof -
       using Contexteq WfLocal \<open>\<Omega> = []\<close>
          apply simp
       using Contexteq WfGlobal \<open>\<Omega> = []\<close>      
+         apply simp
+      using UniqueConsts
         apply simp
        apply simp
       apply simp
diff --git a/BoogieLang/BackedgeElim.thy b/BoogieLang/BackedgeElim.thy
index f3a471d..aa8b780 100644
--- a/BoogieLang/BackedgeElim.thy
+++ b/BoogieLang/BackedgeElim.thy
@@ -1430,6 +1430,7 @@ lemma end_to_end_util:
            (expr_all_sat A \<Lambda> \<Gamma> [] ns all_pres) \<Longrightarrow>
            (state_typ_wf A [] (local_state ns) (snd \<Lambda>)) \<Longrightarrow>
            (state_typ_wf A [] (global_state ns) (fst \<Lambda>)) \<Longrightarrow>
+            unique_constants_distinct (global_state ns) unique_consts \<Longrightarrow>
            ((global_state ns) = (old_global_state ns)) \<Longrightarrow>
            ((binder_state ns) = Map.empty) \<Longrightarrow> 
            (valid_configuration A \<Lambda> \<Gamma> [] checked_posts m' s')" and
@@ -1443,9 +1444,9 @@ lemma end_to_end_util:
           "proc_ty_args proc = 0" and
           "n = entry cfg_body"
           (*"const_decls = prog_consts prog"*)
-        shows "proc_is_correct A fun_decls constants global_vars axioms proc Semantics.proc_body_satisfies_spec"
+        shows "proc_is_correct A fun_decls constants unique_consts global_vars axioms proc Semantics.proc_body_satisfies_spec"
 proof -
-  show "proc_is_correct A fun_decls constants global_vars axioms proc Semantics.proc_body_satisfies_spec"
+  show "proc_is_correct A fun_decls constants unique_consts global_vars axioms proc Semantics.proc_body_satisfies_spec"
   proof( (simp only: proc_is_correct.simps), subst ABody, simp split: option.split, (rule allI | rule impI)+,
          unfold proc_body_satisfies_spec_def,(rule allI | rule impI)+)  
     fix \<Gamma> \<Omega> gs ls m' s' 
@@ -1454,6 +1455,7 @@ proof -
            ARenv: "list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc" and
            WfGlobal: "state_typ_wf A \<Omega> gs (constants @ global_vars)" and
            WfLocal: "state_typ_wf A \<Omega> ls (proc_args proc @ locals @ proc_rets proc)" and
+           UniqueConsts: "unique_constants_distinct gs unique_consts" and
            AxSat: "axioms_sat A (constants, []) \<Gamma>
         \<lparr>old_global_state = Map.empty, global_state = state_restriction gs constants, local_state = Map.empty, binder_state = Map.empty\<rparr>
         axioms" and
@@ -1486,6 +1488,8 @@ proof -
       using Contexteq WfLocal \<open>\<Omega> = []\<close>
          apply simp
       using Contexteq WfGlobal \<open>\<Omega> = []\<close>      
+         apply simp
+      using UniqueConsts
         apply simp
        apply simp
       apply simp
diff --git a/BoogieLang/PassificationML.thy b/BoogieLang/PassificationML.thy
index 27c8802..9ecc06c 100644
--- a/BoogieLang/PassificationML.thy
+++ b/BoogieLang/PassificationML.thy
@@ -1,5 +1,5 @@
 theory PassificationML
-imports Boogie_Lang.Semantics HelperML Passification
+imports Semantics HelperML Passification
 begin
 
 ML \<open>
diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index 225f761..9a1b09c 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -757,14 +757,15 @@ fun proc_is_correct :: "'a absval_ty_fun \<Rightarrow> fdecls \<Rightarrow> vdec
       | None \<Rightarrow> True)"
 *)
 
-text \<open>\<^term>\<open>proc_is_correct A fun_decls constants global_vars axioms proc proc_body_satisfies_spec_general\<close> gives the definition
+text \<open>\<^term>\<open>proc_is_correct A fun_decls constants unique_consts global_vars axioms proc proc_body_satisfies_spec_general\<close> gives the definition
 that a procedure \<^term>\<open>proc\<close> is correct w.r.t. the type interpretation \<^term>\<open>A\<close> the function declarations \<open>fun_decls\<close>, 
 constants \<^term>\<open>constants\<close>, global variables \<^term>\<open>global_vars\<close> and Boogie axioms \<^term>\<open>axioms\<close>. 
+\<^term>\<open>unique_consts\<close> denotes the list of constants with a unique modifier.
 
 Since the current proof generation does not support procedure calls yet, we just instantiate the
 procedure context to the empty list here. 
 
-In our certificates, we prove (\<^term>\<open>\<And>A. proc_is_correct A fun_decls constants global_vars axioms proc proc_body_satisfies_spec_general\<close>),
+In our certificates, we prove (\<^term>\<open>\<And>A. proc_is_correct A fun_decls constants unique_consts global_vars axioms proc proc_body_satisfies_spec_general\<close>),
 i.e., we prove procedure correctness for every type interpretation (\<And> is a universal quantifier at 
 the meta level). Note that for certain type interpretations procedure correctness is trivial (see
 the definition of \<^term>\<open>proc_is_correct\<close>).

From cf83439f790f5e5a46cb8fc532476c8f86bab53c Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 16 Nov 2023 23:19:30 +0100
Subject: [PATCH 58/74] remove Boogie_Lang session references

---
 BoogieLang/Ast_to_Cfg_Validation.thy | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/BoogieLang/Ast_to_Cfg_Validation.thy b/BoogieLang/Ast_to_Cfg_Validation.thy
index e57d928..f15f4bd 100644
--- a/BoogieLang/Ast_to_Cfg_Validation.thy
+++ b/BoogieLang/Ast_to_Cfg_Validation.thy
@@ -1,10 +1,10 @@
 theory Ast_to_Cfg_Validation
    imports Main
-          "Boogie_Lang.Ast"
-          "Boogie_Lang.Semantics"
-          "Boogie_Lang.BackedgeElim"
-          "Boogie_Lang.Ast_Cfg_Transformation"
-          "Boogie_Lang.Lang"
+          "Ast"
+          "Semantics"
+          "BackedgeElim"
+          "Ast_Cfg_Transformation"
+          "Lang"
 begin 
 
 fun local_validation :: "bigblock \<Rightarrow> block \<Rightarrow> expr option \<Rightarrow> expr option \<Rightarrow> 'a absval_ty_fun \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> 'a nstate \<Rightarrow> bool" where

From b054111c0573ad1e6cce8fad616e2cf762b5083c Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 16 Nov 2023 23:20:43 +0100
Subject: [PATCH 59/74] comment out file that does not type check

---
 BoogieLang/Ast_to_Cfg_Validation.thy | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/BoogieLang/Ast_to_Cfg_Validation.thy b/BoogieLang/Ast_to_Cfg_Validation.thy
index f15f4bd..c775903 100644
--- a/BoogieLang/Ast_to_Cfg_Validation.thy
+++ b/BoogieLang/Ast_to_Cfg_Validation.thy
@@ -186,6 +186,7 @@ lemma block_global_rel_if_successor:
   shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
 *)
 
+(*
 fun global_validation :: "ast_procedure \<Rightarrow> procedure \<Rightarrow> expr option \<Rightarrow> expr option \<Rightarrow> 'a absval_ty_fun \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> 'a nstate \<Rightarrow> bool" where
   "global_validation ast_proc cfg_proc guard_option transformed_guard_option A \<Lambda> \<Gamma> \<Omega> ns = 
     (case proc_body(ast_proc) of
@@ -200,7 +201,7 @@ fun global_validation :: "ast_procedure \<Rightarrow> procedure \<Rightarrow> ex
                                      (local_validation bb (node_to_block(mCFG) ! (entry(mCFG))) guard_option transformed_guard_option A \<Lambda> \<Gamma> \<Omega> ns) \<and> 
                                       False)
     | Some (locals, []) \<Rightarrow> False )"
-            
+*)            
 
 
 

From a326da1cc215c4325807c358e48fb6695d3e8f71 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Tue, 5 Dec 2023 16:45:57 +0100
Subject: [PATCH 60/74] add globals_locals_helper lemma

---
 BoogieLang/Util.thy | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/BoogieLang/Util.thy b/BoogieLang/Util.thy
index 684a623..3e897d8 100644
--- a/BoogieLang/Util.thy
+++ b/BoogieLang/Util.thy
@@ -367,6 +367,14 @@ lemma lookup_var_global_no_locals: "lookup_var (G,[]) n_s x = global_state n_s x
   unfolding lookup_var_def
   by simp
 
+lemma globals_locals_helper:
+  assumes "\<forall> a. a \<in> A \<longrightarrow> a \<le> a_max"
+      and "\<forall> b. b \<in> B \<longrightarrow> b_min \<le> (b :: vname)"
+      and "a_max < b_min"
+    shows "A \<inter> B = {}"
+  using assms
+  by fastforce
+
 lemma map_of_append:
 "map_of (xs1) x = Some y \<Longrightarrow> map_of (xs1@xs2) x = Some y"
   by simp

From af1d8ec11182752a284c2fb66da6b21860f44338 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Tue, 5 Dec 2023 16:48:26 +0100
Subject: [PATCH 61/74] fix break case

---
 BoogieLang/Ast.thy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 195bcbc..9e226b9 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -180,7 +180,7 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Righ
   | RedBreakNPlus1: 
     "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
            \<langle>((BigBlock bb_name [] (Some (ParsedBreak (n + 1))) None), (KEndBlock cont0), Normal n_s)\<rangle> \<longrightarrow> 
-            ((BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s1)"
+            ((BigBlock None [] (Some (ParsedBreak n)) None), cont0, Normal n_s)"
 
   | RedGoto: 
     "\<lbrakk> (find_label label T KStop) = Some (found_bigblock, found_cont) \<rbrakk> 

From b005c01e3ca395cea80e3e4310e3bf0cc206ab27 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 25 Apr 2024 09:57:51 +0200
Subject: [PATCH 62/74] allow WhileWrapper around any control-flow construct in
 AST semantics

should rename WhileWrapper eventually to something like "Boundary"
---
 BoogieLang/Ast.thy | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 9e226b9..5ab40fc 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -121,26 +121,13 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Righ
         \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name []
                                 (Some (ParsedIf bb_guard thenbigblocks (else_hd # else_bbs))) None), cont0, Normal n_s)\<rangle> \<longrightarrow>
                             (else_hd, (convert_list_to_cont ( else_bbs) cont0), Normal n_s)"
-  (*
-  | RedParsedIfFalseNoElseBranchSeq: 
-    "\<lbrakk>\<And>b. bb_guard = (Some b) \<Longrightarrow>  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool False) \<rbrakk> 
-        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name []
-                                (Some (ParsedIf bb_guard thenbigblocks [])) None), KSeq pr cont_pr, Normal n_s)\<rangle> \<longrightarrow>
-                            (pr, cont_pr, Normal n_s)"
-
-  | RedParsedIfFalseNoElseBranchStop: 
-    "\<lbrakk>\<And>b. bb_guard = (Some b) \<Longrightarrow>  A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool False) \<rbrakk> 
-        \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name []
-                                (Some (ParsedIf bb_guard thenbigblocks [])) None), KStop, Normal n_s)\<rangle> \<longrightarrow>
-                            (BigBlock bb_name [] None None, KStop, Normal n_s)"
-  *)
 
   | RedParsedWhileWrapper: 
     "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> 
       \<langle>((BigBlock bb_name [] 
-              (Some (WhileWrapper (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs)))) None), cont0,  Normal n_s)\<rangle> \<longrightarrow>
+              (Some (WhileWrapper str)) None), cont0,  Normal n_s)\<rangle> \<longrightarrow>
         ((BigBlock bb_name [] 
-                (Some (ParsedWhile bb_guard bb_invariants (bb_hd # body_bbs))) None), (KEndBlock cont0),  Normal n_s)"
+                (Some str) None), (KEndBlock cont0),  Normal n_s)"
  
   | RedParsedWhile_InvFail: 
     "\<lbrakk>\<And> b. bb_guard = (Some b) \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>b, n_s\<rangle> \<Down> LitV (LBool True); 

From 91cded06bdcc0e5245c852d125c54c69ad619d81 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Wed, 21 Aug 2024 17:44:31 +0200
Subject: [PATCH 63/74] add helper lemma for proof generation of CFG
 optimizations

This helper lemma is used in cases when the loop head set representation
is different in a proof goal and in a lemma. Previously, the simplifier
was used on the proof goal, but the result does not always match the
representation of the lemma that is then applied. Now, the helper lemma
is applied instead.
---
 BoogieLang/CFGOptimizationsLoop.thy | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/BoogieLang/CFGOptimizationsLoop.thy b/BoogieLang/CFGOptimizationsLoop.thy
index a856e38..5f8c482 100644
--- a/BoogieLang/CFGOptimizationsLoop.thy
+++ b/BoogieLang/CFGOptimizationsLoop.thy
@@ -308,6 +308,12 @@ next
     by simp
 qed
 
+lemma hybrid_block_lemma_loop_eq_loop_heads:
+  assumes "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' succ tgt_block tgt_cmds_0 lsLoopHeads1 posts"
+      and "lsLoopHeads1 = lsLoopHeads2"
+    shows "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' succ tgt_block tgt_cmds_0 lsLoopHeads2 posts"
+  using assms
+  by simp
 
 subsection \<open>Main Lemmas for Loops\<close>
 

From 63cb964f8d9442e552c45f098f2f618684b0cf47 Mon Sep 17 00:00:00 2001
From: Thibault Dardinier <thibault.dardinier@inf.ethz.ch>
Date: Wed, 24 Apr 2024 11:48:14 +0200
Subject: [PATCH 64/74] Updated files to work with Isabelle 2023

---
 BoogieLang/Semantics.thy | 4 ++--
 BoogieLang/Util.thy      | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index 5e40520..7bdfa9a 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -111,8 +111,8 @@ should not happen).\<close>
 definition update_var :: "var_context \<Rightarrow> 'a nstate \<Rightarrow> vname \<Rightarrow> 'a val \<Rightarrow>  'a nstate"
   where 
    "update_var \<Lambda> n_s x v =
-            (case (map_of (snd \<Lambda>) x) of Some res \<Rightarrow> n_s\<lparr>local_state := local_state(n_s)(x \<mapsto> v)\<rparr>  |
-                                 None \<Rightarrow> n_s\<lparr>global_state := global_state(n_s)(x \<mapsto> v) \<rparr>)"
+            (case (map_of (snd \<Lambda>) x) of Some res \<Rightarrow> n_s\<lparr>local_state := (local_state(n_s))(x \<mapsto> v) \<rparr>  |
+                                 None \<Rightarrow> n_s\<lparr>global_state := (global_state(n_s))(x \<mapsto> v) \<rparr>)"
 
 definition update_var_opt :: "var_context \<Rightarrow> 'a nstate \<Rightarrow> vname \<Rightarrow> 'a val option \<Rightarrow>  'a nstate"
   where 
diff --git a/BoogieLang/Util.thy b/BoogieLang/Util.thy
index bb4f75d..6d89342 100644
--- a/BoogieLang/Util.thy
+++ b/BoogieLang/Util.thy
@@ -393,13 +393,13 @@ lemma update_var_same_state:
   using assms update_var_def lookup_var_def
 proof (cases "map_of (snd \<Lambda>) x")
   case None
-  hence update_global:"?ns' = ns\<lparr>global_state := global_state(ns)(x \<mapsto> v)\<rparr>"
+  hence update_global:"?ns' = ns\<lparr>global_state := (global_state(ns))(x \<mapsto> v)\<rparr>"
     by (simp add: update_var_def)
 
   from assms have global_ns:"global_state ns x = Some v"
     by (metis None lookup_var_global prod.collapse)
 
-  have "global_state(ns)(x \<mapsto> v) = global_state ns"
+  have "(global_state(ns))(x \<mapsto> v) = global_state ns"
     apply (rule HOL.ext)
     by (simp add: global_ns)
   then show ?thesis 
@@ -407,13 +407,13 @@ proof (cases "map_of (snd \<Lambda>) x")
     by simp
 next
   case (Some a)
-  hence update_local:"?ns' = ns\<lparr>local_state := local_state(ns)(x \<mapsto> v)\<rparr>"
+  hence update_local:"?ns' = ns\<lparr>local_state := (local_state(ns))(x \<mapsto> v)\<rparr>"
     by (simp add: update_var_def)
 
   from assms have local_ns:"local_state ns x = Some v"
     by (metis Some lookup_var_local prod.collapse)
 
-  have "local_state(ns)(x \<mapsto> v) = local_state ns"
+  have "(local_state(ns))(x \<mapsto> v) = local_state ns"
     apply (rule HOL.ext)
     by (simp add: local_ns)
   then show ?thesis 

From 90411340ac568c7870e85dd9ec627b84f01e79a3 Mon Sep 17 00:00:00 2001
From: gauravpartha <49554253+gauravpartha@users.noreply.github.com>
Date: Sun, 8 Dec 2024 16:28:23 +0100
Subject: [PATCH 65/74] Update README.md

---
 README.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index eae6916..e978d17 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Moreover, it contains helper theory files to support the [validation of the Boog
 verifier](https://github.com/gauravpartha/boogie_proofgen/), which is currently being
 developed.
 
-The theory files are compatible with Isabelle 2021 (but not backwards 
+The theory files are compatible with Isabelle 2022 (and not backwards 
 compatible with older versions).
 
 ## More details on the theory files
@@ -15,7 +15,8 @@ The theory files for the Boogie language itself are given by:
 * `Lang.thy`: Syntax of the Boogie language
 * `BoogieDeBruijn.thy`: Some formalization on DeBruijn binders
 * `Semantics.thy`: Semantics of the Boogie language and definition of procedure 
-correctness
+correctness (only describes control-flow graphs in terms of control flow)
+* `Ast.thy`: Semantics of Boogie AST (uses `Semantics.thy` for control flow independent elements)
 * `Util.thy`: Some helper lemmas
 * `Typing.thy`: Boogie's type system
 * `TypeSafety.thy`: Type safety proof for expressions
@@ -34,6 +35,8 @@ the passification source CFG is correct under the assumption of the VC.
 * `PassificationML.thy`: Some ML tactics used in the certification of the 
 passification phase.
 * `BackedgeElim.thy`: Main theory that helps deal with the certification of the CFG-to-DAG phase.
+* `CFGOptimizationsLoop.thy`: Main theory that helps deal with the certification of the CFG optimizations phase.
+* `Ast_to_Cfg_Validation.thy`: Main theory that helps deal with the certification of the AST-to-CFG phase.
 * `TypingHelper.thy`: Helper lemmas/definitions for proving that expressions are well-typed.
 * `TypingML.thy`: ML tactic to prove that an expression is well-typed.
 

From 7e24d2648036802abb51957f1ca0f3340aa37dbd Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 19 Dec 2024 08:33:50 +0100
Subject: [PATCH 66/74] move helper relations from Ast.thy (semantics) to
 Ast_Cfg_Transformation.thy (validation)

---
 BoogieLang/Ast.thy                    | 27 --------------------------
 BoogieLang/Ast_Cfg_Transformation.thy | 28 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 27 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 5ab40fc..ae753f4 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -208,32 +208,5 @@ fun proc_all_pres :: "ast procedure \<Rightarrow> expr list"
 fun proc_checked_posts :: "ast procedure \<Rightarrow> expr list"
   where "proc_checked_posts p = map fst (filter (\<lambda>x. \<not> snd(x)) (proc_posts p))"
 
-inductive syntactic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infixl "\<sim>" 40) 
-  where
-    neg_refl:   "UnOp Not e1 \<sim> UnOp Not e1"
-  | neg_equiv1: "UnOp Not (Lit (LBool True)) \<sim> (Lit (LBool False))"
-  | neg_equiv2: "UnOp Not (Lit (LBool False)) \<sim> (Lit (LBool True))"
-  | double_neg: "UnOp Not (UnOp Not e1) \<sim> e1"
-  | neg_eq:     "UnOp Not (a \<guillemotleft>Eq\<guillemotright> b) \<sim> (a \<guillemotleft>Neq\<guillemotright> b)"
-  | neg_neq:    "UnOp Not (a \<guillemotleft>Neq\<guillemotright> b) \<sim> (a \<guillemotleft>Eq\<guillemotright> b)"
-  | neg_lt:     "UnOp Not (a \<guillemotleft>Lt\<guillemotright> b) \<sim> (b \<guillemotleft>Le\<guillemotright> a)"
-  | neg_le:     "UnOp Not (a \<guillemotleft>Le\<guillemotright> b) \<sim> (b \<guillemotleft>Lt\<guillemotright> a)"
-  | neg_gt:     "UnOp Not (a \<guillemotleft>Gt\<guillemotright> b) \<sim> (b \<guillemotleft>Ge\<guillemotright> a)"
-  | neg_ge:     "UnOp Not (a \<guillemotleft>Ge\<guillemotright> b) \<sim> (b \<guillemotleft>Gt\<guillemotright> a)"
-
-
-inductive ast_cfg_rel :: "expr option \<Rightarrow> cmd list \<Rightarrow> bigblock \<Rightarrow> cmd list \<Rightarrow> bool"
-  where 
-     Rel_Guard_true:
-      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); ast_cfg_rel None [] bb cs2\<rbrakk> \<Longrightarrow>
-        ast_cfg_rel (Some block_guard) [] bb ((Assume block_guard) # cs2)"
-   | Rel_Guard_false:
-      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); ast_cfg_rel None [] bb cs2; (UnOp Not block_guard) \<sim> c \<rbrakk> \<Longrightarrow>
-        ast_cfg_rel (Some block_guard) [] bb ((Assume c) # cs2)"
-   | Rel_Invs:
-      "\<lbrakk>bb = (BigBlock name [] any_str any_tr)\<rbrakk> \<Longrightarrow> ast_cfg_rel None assertions bb assertions"
-   | Rel_Main_test:
-      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); cs1 = c#cs\<rbrakk> \<Longrightarrow> ast_cfg_rel None [] bb cs1"
-
 end
 
diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index fd5a574..54a3dff 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -10,6 +10,34 @@ begin
 type_synonym 'a satisfies_spec_func_type = 
   "'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool"
 
+subsection \<open>Syntactic helper relations\<close>
+
+inductive syntactic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infixl "\<sim>" 40) 
+  where
+    neg_refl:   "UnOp Not e1 \<sim> UnOp Not e1"
+  | neg_equiv1: "UnOp Not (Lit (LBool True)) \<sim> (Lit (LBool False))"
+  | neg_equiv2: "UnOp Not (Lit (LBool False)) \<sim> (Lit (LBool True))"
+  | double_neg: "UnOp Not (UnOp Not e1) \<sim> e1"
+  | neg_eq:     "UnOp Not (a \<guillemotleft>Eq\<guillemotright> b) \<sim> (a \<guillemotleft>Neq\<guillemotright> b)"
+  | neg_neq:    "UnOp Not (a \<guillemotleft>Neq\<guillemotright> b) \<sim> (a \<guillemotleft>Eq\<guillemotright> b)"
+  | neg_lt:     "UnOp Not (a \<guillemotleft>Lt\<guillemotright> b) \<sim> (b \<guillemotleft>Le\<guillemotright> a)"
+  | neg_le:     "UnOp Not (a \<guillemotleft>Le\<guillemotright> b) \<sim> (b \<guillemotleft>Lt\<guillemotright> a)"
+  | neg_gt:     "UnOp Not (a \<guillemotleft>Gt\<guillemotright> b) \<sim> (b \<guillemotleft>Ge\<guillemotright> a)"
+  | neg_ge:     "UnOp Not (a \<guillemotleft>Ge\<guillemotright> b) \<sim> (b \<guillemotleft>Gt\<guillemotright> a)"
+
+inductive ast_cfg_rel :: "expr option \<Rightarrow> cmd list \<Rightarrow> bigblock \<Rightarrow> cmd list \<Rightarrow> bool"
+  where 
+     Rel_Guard_true:
+      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); ast_cfg_rel None [] bb cs2\<rbrakk> \<Longrightarrow>
+        ast_cfg_rel (Some block_guard) [] bb ((Assume block_guard) # cs2)"
+   | Rel_Guard_false:
+      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); ast_cfg_rel None [] bb cs2; (UnOp Not block_guard) \<sim> c \<rbrakk> \<Longrightarrow>
+        ast_cfg_rel (Some block_guard) [] bb ((Assume c) # cs2)"
+   | Rel_Invs:
+      "\<lbrakk>bb = (BigBlock name [] any_str any_tr)\<rbrakk> \<Longrightarrow> ast_cfg_rel None assertions bb assertions"
+   | Rel_Main_test:
+      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); cs1 = c#cs\<rbrakk> \<Longrightarrow> ast_cfg_rel None [] bb cs1"
+
 subsection \<open>Miscellaneous helper lemmas\<close>
 
 lemma not_true_equals_false:

From 0bca52ff8d30610bb5260ce7c753db3f2f3158d1 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 19 Dec 2024 08:35:33 +0100
Subject: [PATCH 67/74] clean up

---
 BoogieLang/Ast.thy | 1 -
 BoogieLang/ROOT    | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index ae753f4..47d301d 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -92,7 +92,6 @@ inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Righ
       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name cs str_cmd tr_cmd), cont0, Normal n_s)\<rangle> \<longrightarrow> 
                               ((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1)"  
 
-  (* TODO: think about this again! *)
   | RedFailure_or_Magic: 
     "\<lbrakk> (s1 = Magic) \<or> (s1 = Failure); \<not> (is_final ((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1))  \<rbrakk> 
       \<Longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock bb_name [] str_cmd tr_cmd), cont0, s1)\<rangle> \<longrightarrow> 
diff --git a/BoogieLang/ROOT b/BoogieLang/ROOT
index 9cf8665..ca9a50c 100644
--- a/BoogieLang/ROOT
+++ b/BoogieLang/ROOT
@@ -18,4 +18,4 @@ session Boogie_Lang = "HOL" +
     BackedgeElim
     Ast
     Ast_Cfg_Transformation
-	CFGOptimizationsLoop
+    CFGOptimizationsLoop

From 7f8f209b7862c7ce419aa13c459cf5e4e5fc4581 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 19 Dec 2024 08:37:11 +0100
Subject: [PATCH 68/74] remove unused file

---
 BoogieLang/Ast_to_Cfg_Validation.thy | 208 ---------------------------
 1 file changed, 208 deletions(-)
 delete mode 100644 BoogieLang/Ast_to_Cfg_Validation.thy

diff --git a/BoogieLang/Ast_to_Cfg_Validation.thy b/BoogieLang/Ast_to_Cfg_Validation.thy
deleted file mode 100644
index c775903..0000000
--- a/BoogieLang/Ast_to_Cfg_Validation.thy
+++ /dev/null
@@ -1,208 +0,0 @@
-theory Ast_to_Cfg_Validation
-   imports Main
-          "Ast"
-          "Semantics"
-          "BackedgeElim"
-          "Ast_Cfg_Transformation"
-          "Lang"
-begin 
-
-fun local_validation :: "bigblock \<Rightarrow> block \<Rightarrow> expr option \<Rightarrow> expr option \<Rightarrow> 'a absval_ty_fun \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> 'a nstate \<Rightarrow> bool" where
-  "local_validation ast_block cfg_block guard_option transformed_guard_option A \<Lambda> \<Gamma> \<Omega> ns = 
-     (case guard_option of 
-        Some guard \<Rightarrow> 
-          (case transformed_guard_option of
-              Some transformed_guard \<Rightarrow>        
-                    (\<exists> cmd cmds. (cfg_block = cmd#cmds) \<and> 
-                    (ast_cfg_rel None [] ast_block cmds) \<and> 
-                    ((UnOp Not guard) \<sim> transformed_guard) \<and> 
-                    (cmd = Assume transformed_guard))
-          |   None \<Rightarrow> 
-                    (\<exists> cmd cmds. (cfg_block = cmd#cmds) \<and> 
-                    (ast_cfg_rel None [] ast_block cmds) \<and> 
-                    (cmd = Assume guard))) 
-     |  None \<Rightarrow>        
-              (\<exists> cmd cmds. (cfg_block = cmd#cmds) \<and> 
-              (ast_cfg_rel None [] ast_block cmds)))"
-
-(*
-lemma block_global_rel_if_false:
-  assumes block_rel: "ast_cfg_rel None [] bb cs2"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and "bb = (BigBlock name cs1 any_str any_tr)"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
-  and "node_to_block(G) ! n = cs3"
-  and "cs3 = (c#cs2)"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
-  and "c = Assume some_cmd"
-  and "(UnOp Not block_guard) \<sim> some_cmd"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(UnOp Not block_guard), ns1\<rangle> \<Down> LitV (LBool True)"
-  and block_local_rel: 
-        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  and succ_correct: 
-       "\<And>  ns1'' k.
-        k < j \<Longrightarrow> 
-        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
-        A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
-        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-     shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-*)
-
-(*
-lemma block_global_rel_if_true:
-  assumes block_rel: "ast_cfg_rel None [] bb cs2"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and "bb = (BigBlock name cs1 any_str any_tr)"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
-  and "node_to_block(G) ! n = cs3"
-  and "cs3 = c#cs2"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
-  and "c = Assume block_guard"
-  and trace_is_possible: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>block_guard, ns1\<rangle> \<Down> LitV (LBool True)"
-  and block_local_rel: 
-        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs3 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs3, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  and succ_correct: 
-       "\<And>  ns1'' k.
-        k < j \<Longrightarrow> 
-        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
-        A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
-        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-     shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-*)
-
-(*
-lemma block_global_rel_generic:
-  assumes block_rel: "ast_cfg_rel None [] bb cs2"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and "bb = (BigBlock name cs1 any_str any_tr)"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
-  and "node_to_block(G) ! n = cs2"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
-  and block_local_rel: 
-        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  and succ_correct: 
-       "\<And>  ns1'' k.
-        k < j \<Longrightarrow> 
-        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
-        A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
-        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-*)
-
-(*
-lemma block_global_rel_while_successor:
-  assumes j_step_ast_trace: 
-      "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont1, Normal ns1) -n\<longrightarrow>^j 
-                      (reached_bb, reached_cont, reached_state)"
-  and syn_rel: "ast_cfg_rel None [] bb cmds"
-  and "bb = (BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None)"
-  and "cmds \<noteq> []"
-  and "node_to_block G ! n = cmds"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and block_local_rel:
-    "\<And> reached_bb_inter reached_cont_inter reached_state_inter. 
-    (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cmds (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  and global_rel_succ:
-        "\<And> ns2 k.
-         k < j \<Longrightarrow>
-         (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, Normal ns2) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
-         A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] (Some (ParsedWhile guard invs (body_bb0#body_bbs))) None), KEndBlock cont1, Normal ns2) -n\<longrightarrow>^k 
-                      (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
-         (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-      shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-*)
-
-(*
-lemma block_global_rel_loop_head:
-  assumes block_rel: "ast_cfg_rel None assertions bb assertions"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, KEndBlock cont1, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and "bb = (BigBlock name [] any_str any_tr)"
-  (* TODO: You're requiring that the loop isn't empty! What if it is? *)
-  and bb_successor_while: "any_str = Some (ParsedWhile cont_guard invs (bb0#body_bbs))"
-  and block_local_rel:
-    "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, KEndBlock cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  and "node_to_block(G) ! n = assertions"
-  and succ_correct: 
-   "\<And> ns1'' loop_guard j'. 
-    j = Suc j' \<Longrightarrow>
-    (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
-    ((cont_guard = Some loop_guard) \<and> 
-      (red_expr A \<Lambda> \<Gamma> \<Omega> loop_guard ns1'' (BoolV True)) \<and> 
-      A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (bb#(rev body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or> 
-    ((cont_guard = Some loop_guard) \<and> 
-      (red_expr A \<Lambda> \<Gamma> \<Omega> loop_guard ns1'' (BoolV False)) \<and> 
-      A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or>
-    ((cont_guard = None) \<and> 
-     ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or>
-      (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (bb#(rev body_bbs)) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state))))  \<Longrightarrow>  
-    (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
-*)
-
-(*
-lemma block_global_rel_if_successor:
-  assumes block_rel: "ast_cfg_rel None [] bb cs2"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and "bb = (BigBlock name cs1 any_str any_tr)"
-  and "node_to_block(G) ! n = cs2"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and bb_successor_if: "any_str = Some (ParsedIf cont_guard (then0#then_bbs) (else0#else_bbs))"
-  and block_local_rel:
-        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> 
-        cs1 \<noteq> [] \<Longrightarrow> cs2 \<noteq> [] \<Longrightarrow>  
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  and succ_correct: 
-       "\<And> ns1'' block_guard k.
-         k < j \<Longrightarrow> 
-        (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
-        ((cont_guard = Some block_guard) \<and> 
-          (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV True)) \<and> 
-          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or> 
-        ((cont_guard = Some block_guard) \<and> 
-          (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1'' (BoolV False)) \<and> 
-          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or>
-        ( (cont_guard = None) \<and> 
-          ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont (rev then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or>
-          (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont (rev else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state))) ) \<Longrightarrow>  
-        (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
-*)
-
-(*
-fun global_validation :: "ast_procedure \<Rightarrow> procedure \<Rightarrow> expr option \<Rightarrow> expr option \<Rightarrow> 'a absval_ty_fun \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> 'a nstate \<Rightarrow> bool" where
-  "global_validation ast_proc cfg_proc guard_option transformed_guard_option A \<Lambda> \<Gamma> \<Omega> ns = 
-    (case proc_body(ast_proc) of
-      None \<Rightarrow> 
-             (case Lang.proc_body(cfg_proc) of
-               None \<Rightarrow> True 
-             | Some (locals, mCFG) \<Rightarrow> False)
-    | Some (locals, (bb#bbs)) \<Rightarrow>
-             (case Lang.proc_body(cfg_proc) of
-               None \<Rightarrow> False
-             | Some (locals, mCFG) \<Rightarrow> 
-                                     (local_validation bb (node_to_block(mCFG) ! (entry(mCFG))) guard_option transformed_guard_option A \<Lambda> \<Gamma> \<Omega> ns) \<and> 
-                                      False)
-    | Some (locals, []) \<Rightarrow> False )"
-*)            
-
-
-
-end
\ No newline at end of file

From 69e83f818d0c1ff2254cc8381c00e4b372dabe8d Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 19 Dec 2024 18:55:30 +0100
Subject: [PATCH 69/74] clean up

---
 BoogieLang/Ast.thy                    |   14 +-
 BoogieLang/Ast_Cfg_Transformation.thy | 1415 +++++++++++++------------
 BoogieLang/CFGOptimizationsLoop.thy   |  487 +++++----
 BoogieLang/Semantics.thy              |    9 +-
 4 files changed, 970 insertions(+), 955 deletions(-)

diff --git a/BoogieLang/Ast.thy b/BoogieLang/Ast.thy
index 47d301d..559482e 100644
--- a/BoogieLang/Ast.thy
+++ b/BoogieLang/Ast.thy
@@ -5,7 +5,7 @@ theory Ast
 
 begin
 
-subsection \<open>Defining the AST and how to step through it. An AST is list of \<^term>\<open>bigblock\<close> .\<close>
+subsection \<open>AST definition\<close>
 
 type_synonym name = string
 type_synonym label = string
@@ -25,9 +25,15 @@ datatype parsed_structured_cmd
 and bigblock 
  = BigBlock "name option" "cmd list" "parsed_structured_cmd option" "transfer_cmd option"
 
+
+text \<open>A Boogie statement represented as an AST is a list of \<^typ>\<open>bigblock\<close>\<close>
+
 type_synonym ast = "bigblock list"
 
-text \<open>continuations; used for formalizing Gotos and numbered Breaks\<close>
+subsection \<open>AST semantics\<close>
+
+text \<open>We define a continuation-based small-step semantics.\<close>
+
 datatype cont 
  = KStop 
  | KSeq "bigblock" cont
@@ -81,8 +87,8 @@ fun is_final :: "'a ast_config \<Rightarrow> bool"
     "is_final ((BigBlock bb_name [] None None), KStop, s1) = True"
   | "is_final other = False"
 
-text\<open>function defining the semantics of bigblocks; small-step semantics 
-      Note: arrow symbols in the 'syntactic sugar' clash if the exact same syntax is used as in red_cmd\<close>
+text \<open>Small-step semantics\<close>
+
 inductive red_bigblock :: "'a absval_ty_fun \<Rightarrow> 'm proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env  \<Rightarrow> ast \<Rightarrow> 'a ast_config \<Rightarrow> 'a ast_config \<Rightarrow> bool" 
   ("_,_,_,_,_,_ \<turnstile> (\<langle>_\<rangle> \<longrightarrow>/ _)" [51,0,0,0] 81)
   for A :: "'a absval_ty_fun" and M :: "'m proc_context" and \<Lambda> :: var_context and \<Gamma> :: "'a fun_interp" and \<Omega> :: rtype_env and T :: ast
diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index 54a3dff..e0d5a3f 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -1,10 +1,7 @@
 section \<open>Generic lemmas used to validate AST-to-CFG phase\<close>
 
 theory Ast_Cfg_Transformation
-   imports Main
-           Ast
-           Semantics
-           BackedgeElim
+  imports Main Ast Semantics BackedgeElim
 begin
 
 type_synonym 'a satisfies_spec_func_type = 
@@ -27,16 +24,16 @@ inductive syntactic_equiv :: "expr \<Rightarrow> expr \<Rightarrow> bool" (infix
 
 inductive ast_cfg_rel :: "expr option \<Rightarrow> cmd list \<Rightarrow> bigblock \<Rightarrow> cmd list \<Rightarrow> bool"
   where 
-     Rel_Guard_true:
-      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); ast_cfg_rel None [] bb cs2\<rbrakk> \<Longrightarrow>
+    Rel_Guard_true:
+    "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); ast_cfg_rel None [] bb cs2\<rbrakk> \<Longrightarrow>
         ast_cfg_rel (Some block_guard) [] bb ((Assume block_guard) # cs2)"
-   | Rel_Guard_false:
-      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); ast_cfg_rel None [] bb cs2; (UnOp Not block_guard) \<sim> c \<rbrakk> \<Longrightarrow>
+  | Rel_Guard_false:
+    "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); ast_cfg_rel None [] bb cs2; (UnOp Not block_guard) \<sim> c \<rbrakk> \<Longrightarrow>
         ast_cfg_rel (Some block_guard) [] bb ((Assume c) # cs2)"
-   | Rel_Invs:
-      "\<lbrakk>bb = (BigBlock name [] any_str any_tr)\<rbrakk> \<Longrightarrow> ast_cfg_rel None assertions bb assertions"
-   | Rel_Main_test:
-      "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); cs1 = c#cs\<rbrakk> \<Longrightarrow> ast_cfg_rel None [] bb cs1"
+  | Rel_Invs:
+    "\<lbrakk>bb = (BigBlock name [] any_str any_tr)\<rbrakk> \<Longrightarrow> ast_cfg_rel None assertions bb assertions"
+  | Rel_Main_test:
+    "\<lbrakk>bb = (BigBlock name cs1 any_str any_tr); cs1 = c#cs\<rbrakk> \<Longrightarrow> ast_cfg_rel None [] bb cs1"
 
 subsection \<open>Miscellaneous helper lemmas\<close>
 
@@ -44,31 +41,31 @@ lemma not_true_equals_false:
   assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV True"
   shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV (False)"  
   using assms
-  proof cases
-    case (RedUnOp v)
-    from this obtain b1 where "v = LitV (LBool b1)"
-      by (metis (no_types) map_option_eq_Some option.simps(3) unop_eval.simps(1) unop_eval_val.elims unop_not.elims)   
-    from this RedUnOp have 
-      expand1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr,ns1\<rangle> \<Down> (LitV (LBool b1))" and 
-      expand2: "unop_eval_val unop.Not (LitV (LBool b1)) = Some (BoolV True)"
-      by auto
-    then show ?thesis by fastforce
-  qed
+proof cases
+  case (RedUnOp v)
+  from this obtain b1 where "v = LitV (LBool b1)"
+    by (metis (no_types) map_option_eq_Some option.simps(3) unop_eval.simps(1) unop_eval_val.elims unop_not.elims)   
+  from this RedUnOp have 
+    expand1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr,ns1\<rangle> \<Down> (LitV (LBool b1))" and 
+    expand2: "unop_eval_val unop.Not (LitV (LBool b1)) = Some (BoolV True)"
+    by auto
+  then show ?thesis by fastforce
+qed
 
 lemma not_false_equals_true:
   assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not expr, ns1\<rangle> \<Down> BoolV False"
   shows "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV (True)"  
   using assms
-  proof cases
-    case (RedUnOp v)
-    from this obtain b1 where "v = LitV (LBool b1)"
-      by (auto elim: lit_val_elim[where v=v])      
-    with RedUnOp have 
-      expand1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr,ns1\<rangle> \<Down> (LitV (LBool b1))" and 
-      expand2: "unop_eval_val unop.Not (LitV (LBool b1)) = Some (BoolV False)"
-      by auto
-    then show ?thesis by fastforce
-  qed
+proof cases
+  case (RedUnOp v)
+  from this obtain b1 where "v = LitV (LBool b1)"
+    by (auto elim: lit_val_elim[where v=v])      
+  with RedUnOp have 
+    expand1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr,ns1\<rangle> \<Down> (LitV (LBool b1))" and 
+    expand2: "unop_eval_val unop.Not (LitV (LBool b1)) = Some (BoolV False)"
+    by auto
+  then show ?thesis by fastforce
+qed
 
 lemma true_equals_not_false:
   assumes "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>expr, ns1\<rangle> \<Down> BoolV True"
@@ -82,7 +79,7 @@ lemma false_equals_not_true:
 
 lemma equiv_preserves_value:
   assumes "a \<sim> b"
-  and "red_expr A \<Lambda> \<Gamma> \<Omega> a ns (BoolV boolean)"
+    and "red_expr A \<Lambda> \<Gamma> \<Omega> a ns (BoolV boolean)"
   shows "red_expr A \<Lambda> \<Gamma> \<Omega> b ns (BoolV boolean)"
   using assms
 proof cases
@@ -100,12 +97,12 @@ next
 next
   case (neg_eq e1 e2)
   from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Eq\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
-     from this obtain v1 v2 bopRes where
-      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" and
-      binopEval: "binop_eval_val Eq v1 v2 = Some bopRes" and
-      unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
-       by auto
+  from this obtain v1 v2 bopRes where
+    redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+    redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" and
+    binopEval: "binop_eval_val Eq v1 v2 = Some bopRes" and
+    unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
+    by auto
 
   have bopResEq:"bopRes = BoolV (\<not>boolean)" 
     by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
@@ -115,8 +112,8 @@ next
     apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
     by auto
 
-    thus ?thesis
-      by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
+  thus ?thesis
+    by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
 next
   case (neg_neq e1 e2)
   from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Neq\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
@@ -125,7 +122,7 @@ next
     redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" and
     binopEval: "binop_eval_val Neq v1 v2 = Some bopRes" and
     unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
-     by auto
+    by auto
 
   have bopResEq:"bopRes = BoolV (\<not>boolean)" 
     by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
@@ -135,28 +132,28 @@ next
     apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
     by auto
 
-    thus ?thesis
-      by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
+  thus ?thesis
+    by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
 next
   case (neg_lt e1 e2)
   from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Lt\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
-    from this obtain v1 v2 bopRes where
-      redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
-      redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" and
-      binopEval: "binop_eval_val Lt v1 v2 = Some bopRes" and
-      unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
-      by auto
+  from this obtain v1 v2 bopRes where
+    redE1: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e1, ns\<rangle> \<Down> v1" and
+    redE2: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e2, ns\<rangle> \<Down> v2" and
+    binopEval: "binop_eval_val Lt v1 v2 = Some bopRes" and
+    unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
+    by auto
 
-    have bopResEq:"bopRes = BoolV (\<not>boolean)"      
-      by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
+  have bopResEq:"bopRes = BoolV (\<not>boolean)"     
+    by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
 
-    have "binop_eval_val Le v2 v1 = Some (BoolV boolean)"
-      apply (insert binopEval bopResEq)
-      apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
-      by auto
+  have "binop_eval_val Le v2 v1 = Some (BoolV boolean)"
+    apply (insert binopEval bopResEq)
+    apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
+    by auto
 
-    thus ?thesis
-      by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
+  thus ?thesis
+    by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
 next
   case (neg_le e1 e2)
   from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Le\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
@@ -167,16 +164,16 @@ next
     unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
     by auto
 
-    have bopResEq:"bopRes = BoolV (\<not>boolean)" 
-      by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
+  have bopResEq:"bopRes = BoolV (\<not>boolean)" 
+    by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
 
-    have "binop_eval_val Lt v2 v1 = Some (BoolV boolean)"
-      apply (insert binopEval bopResEq)
-      apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
-      by auto
+  have "binop_eval_val Lt v2 v1 = Some (BoolV boolean)"
+    apply (insert binopEval bopResEq)
+    apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
+    by auto
 
-    thus ?thesis
-      by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
+  thus ?thesis
+    by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
 next
   case (neg_gt e1 e2)
   from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Gt\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
@@ -187,16 +184,16 @@ next
     unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
     by auto
 
-    have bopResEq:"bopRes = BoolV (\<not>boolean)" 
-      by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
+  have bopResEq:"bopRes = BoolV (\<not>boolean)" 
+    by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
 
-    have "binop_eval_val Ge v2 v1 = Some (BoolV boolean)"
-      apply (insert binopEval bopResEq)
-      apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
-      by auto
+  have "binop_eval_val Ge v2 v1 = Some (BoolV boolean)"
+    apply (insert binopEval bopResEq)
+    apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
+    by auto
 
-    thus ?thesis
-      by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
+  thus ?thesis
+    by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
 next
   case (neg_ge e1 e2)
   from this assms have unop_red: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>UnOp unop.Not (e1 \<guillemotleft>Ge\<guillemotright> e2), ns\<rangle> \<Down> BoolV boolean" by simp
@@ -207,23 +204,23 @@ next
     unopEval: "unop_eval_val unop.Not bopRes = Some (BoolV boolean)"
     by auto
 
-    have bopResEq:"bopRes = BoolV (\<not>boolean)" 
-      by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
+  have bopResEq:"bopRes = BoolV (\<not>boolean)" 
+    by (insert unopEval, rule lit_val_elim[where v=bopRes]) auto
 
-    have "binop_eval_val Gt v2 v1 = Some (BoolV boolean)"
-      apply (insert binopEval bopResEq)
-      apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
-      by auto
+  have "binop_eval_val Gt v2 v1 = Some (BoolV boolean)"
+    apply (insert binopEval bopResEq)
+    apply (rule lit_val_elim[where v=v2]; rule lit_val_elim[where v=v1])
+    by auto
 
-    thus ?thesis
-      by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
+  thus ?thesis
+    by (auto intro: RedBinOp redE1 redE2 simp: \<open>b = _\<close>)
 qed
 
 text \<open>If all invariants hold, then the block containing the assertions corresponding to the invariants doesn't fail\<close>
 lemma asserts_hold_if_invs_hold: 
   assumes "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs"
-  and "assertions = map Assert invs"
-  shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1"
+      and "assertions = map Assert invs"
+    shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1"
   using assms
 proof (induction invs arbitrary: assertions)
   case Nil
@@ -232,11 +229,13 @@ next
   case (Cons e_inv invs_tail)
   from Cons(2) have prem1: "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs_tail" by (simp add: expr_all_sat_def)
   from Cons(3) have prem2: "List.tl assertions = map Assert invs_tail" by simp
-  from prem1 prem2 have end2: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>List.tl assertions,Normal ns1\<rangle> [\<rightarrow>] Normal ns1" using Cons(1) by blast
+  from prem1 prem2 have end2: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>List.tl assertions,Normal ns1\<rangle> [\<rightarrow>] Normal ns1" 
+    using Cons(1) by blast
 
   from Cons(2) have act1: "expr_sat A \<Lambda> \<Gamma> \<Omega> ns1 e_inv" by (simp add: expr_all_sat_def)
   from Cons(3) have act2: "List.hd assertions = (Assert e_inv)" by simp
-  from act1 act2 have end1: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>List.hd assertions,Normal ns1\<rangle> \<rightarrow> Normal ns1" by (simp add: expr_sat_def red_cmd.intros(1))
+  from act1 act2 have end1: "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>List.hd assertions,Normal ns1\<rangle> \<rightarrow> Normal ns1" 
+    by (simp add: expr_sat_def red_cmd.intros(1))
 
   then show ?case using end1 end2 by (simp add: Cons.prems(2) RedCmdListCons)
 qed
@@ -244,10 +243,10 @@ qed
 text \<open>If the block containing the assertions corresponding to the invariants doesn't fail, then all invariants hold\<close>
 lemma invs_hold_if_asserts_reduce: 
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, s0\<rangle> [\<rightarrow>] s1"
-  and "s0 = Normal ns1"
-  and "s1 \<noteq> Failure"
-  and "assertions = map Assert invs"
-  shows "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs"
+      and "s0 = Normal ns1"
+      and "s1 \<noteq> Failure"
+      and "assertions = map Assert invs"
+    shows "expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1 invs"
   using assms
 proof (induction arbitrary: invs rule: red_cmd_list.induct)
   case (RedCmdListNil s)
@@ -334,9 +333,9 @@ qed
 
 lemma final_is_static_propagate:
   assumes "rtranclp (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T) start_config end_config" 
-  and "is_final start_config"
-  and "start_config = ((BigBlock name [] None None), start_cont, start_state)"
-  shows "end_config = ((BigBlock name [] None None), start_cont, start_state)"
+      and "is_final start_config"
+      and "start_config = ((BigBlock name [] None None), start_cont, start_state)"
+    shows "end_config = ((BigBlock name [] None None), start_cont, start_state)"
   using assms
 proof (induction rule: rtranclp.induct)
   case (rtrancl_refl a)
@@ -348,13 +347,16 @@ next
   from rtrancl_into_rtrancl(2) show ?case
     using inter_is_same inter_is_final \<open>start_cont = KStop\<close>
   proof cases
-    case RedFailure_or_Magic thus ?thesis using inter_is_same inter_is_final \<open>start_cont = KStop\<close> by (auto simp add: RedFailure_or_Magic)
+    case RedFailure_or_Magic 
+    thus ?thesis
+      using inter_is_same inter_is_final \<open>start_cont = KStop\<close> 
+      by (auto simp add: RedFailure_or_Magic)
   qed auto
 qed
 
 lemma magic_propagates: 
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont, Magic) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-    shows "reached_state = Magic"
+  shows "reached_state = Magic"
   using assms
 proof (cases j)
   case 0 
@@ -363,11 +365,13 @@ proof (cases j)
 next
   case (Suc j')
   from this obtain first_inter where 
-    red1: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(bb, cont, Magic)\<rangle> \<longrightarrow> first_inter" and red_rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> first_inter -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+    red1: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>(bb, cont, Magic)\<rangle> \<longrightarrow> first_inter" and 
+    red_rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> first_inter -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
     by (metis assms relpowp_Suc_E2)
   hence reached_conj: "((get_state first_inter) = Magic) \<and> ((is_final first_inter) = True)" 
   proof cases
-    case RedFailure_or_Magic thus ?thesis by simp
+    case RedFailure_or_Magic 
+    thus ?thesis by simp
   qed
   hence magic_reached: "(get_state first_inter) = Magic" by simp
   have final_config: "is_final first_inter" using reached_conj by simp
@@ -380,6 +384,7 @@ next
 qed 
 
 text \<open>The following are simple helper lemmas used in the proofs that involve applying induction hypotheses to prove global correctness of loop-heads.\<close>
+
 lemma smaller_helper: "k < j \<Longrightarrow> k < (Suc j)"
   by simp
 
@@ -401,63 +406,66 @@ lemma smaller_helper5: "j = Suc j1 \<Longrightarrow> j1 = Suc (Suc j2) \<Longrig
   by simp
 
 text \<open>The following are helper lemmas related to taking steps through assume cmds in a given ast- or cfg-trace.\<close>
+
 lemma push_through_assumption_test1: 
   assumes ExtendedCorrect: "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)"
-  and  assume_cmd: "c = Assume guard"
-  and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
-shows "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)"  
-  using RedAssumeOk RedCmdListCons ExtendedCorrect assume_cmd guard_holds by blast
+      and  assume_cmd: "c = Assume guard"
+      and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
+    shows "(\<And> s2'.(red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> s2' \<noteq> Failure)"  
+  using RedAssumeOk RedCmdListCons ExtendedCorrect assume_cmd guard_holds 
+  by blast
 
 lemma push_through_assumption0: 
   assumes assume_cmd: "c = Assume guard"
-  and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
-  shows "\<And> s. (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s) \<Longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s)" 
-  using RedAssumeOk RedCmdListCons assume_cmd guard_holds by blast
+      and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
+    shows "\<And> s. (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s) \<Longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s)" 
+  using RedAssumeOk RedCmdListCons assume_cmd guard_holds 
+  by blast
 
 lemma push_through_assumption1: 
   assumes assume_cmd: "c = Assume not_guard"
-  and NotGuardEquiv: "UnOp Not guard \<sim> not_guard"
-  and guard_fails: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool False)"
-shows "\<And> s. (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s) \<Longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s)"
+      and NotGuardEquiv: "UnOp Not guard \<sim> not_guard"
+      and guard_fails: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool False)"
+    shows "\<And> s. (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s) \<Longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) s)"
   by (metis NotGuardEquiv assume_cmd equiv_preserves_value false_equals_not_true guard_fails push_through_assumption0)
 
 lemma guard_holds_push_through_assumption: 
   assumes block_correctness:  
-       "reached_state \<noteq> Failure \<and> 
+    "reached_state \<noteq> Failure \<and> 
         (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))"
-  and assume_cmd: "c = Assume guard"
-  and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
-shows "reached_state \<noteq> Failure \<and> 
-       (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))" 
-  by (simp add: assume_cmd block_correctness guard_holds push_through_assumption0)
+      and assume_cmd: "c = Assume guard"
+      and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
+    shows "reached_state \<noteq> Failure \<and> 
+           (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))" 
+    by (simp add: assume_cmd block_correctness guard_holds push_through_assumption0)
 
 lemma guard_holds_push_through_assumption2: 
   assumes block_correctness: 
-   "reached_state \<noteq> Failure \<and> 
+    "reached_state \<noteq> Failure \<and> 
     (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))"
-  and assume_cmd: "c = Assume guard"
-  and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
-shows "reached_state \<noteq> Failure \<and> 
+      and assume_cmd: "c = Assume guard"
+      and guard_holds: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool True)"
+    shows "reached_state \<noteq> Failure \<and> 
        (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))" 
-  using assume_cmd assume_true_cmds block_correctness by blast
+    using assume_cmd assume_true_cmds block_correctness by blast
 
 lemma guard_fails_push_through_assumption: 
   assumes block_correctness: 
     "reached_state \<noteq> Failure \<and> 
      (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))"
-  and assume_cmd: "c = Assume not_guard"
-  and NotGuardEquiv: "UnOp Not guard \<sim> not_guard"
-  and guard_fails: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool False)"
-shows "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))" 
-  using NotGuardEquiv assume_cmd block_correctness guard_fails push_through_assumption1 by blast
+      and assume_cmd: "c = Assume not_guard"
+      and NotGuardEquiv: "UnOp Not guard \<sim> not_guard"
+      and guard_fails: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool False)"
+    shows "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))" 
+    using NotGuardEquiv assume_cmd block_correctness guard_fails push_through_assumption1 by blast
 
 lemma guard_fails_push_through_assumption2: 
   assumes block_correctness: "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))"
-  and assume_cmd: "c = Assume not_guard"
-  and "UnOp Not guard \<sim> not_guard"
-  and guard_fails: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool False)"
-shows "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))" 
-  using assume_cmd assume_true_cmds block_correctness by blast
+      and assume_cmd: "c = Assume not_guard"
+      and "UnOp Not guard \<sim> not_guard"
+      and guard_fails: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool False)"
+     shows "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))" 
+     using assume_cmd assume_true_cmds block_correctness by blast
 
 lemma correctness_propagates_through_assumption:
   assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> s \<noteq> Failure"
@@ -485,7 +493,8 @@ lemma correctness_propagates_through_assumption2:
     shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> s \<noteq> Failure"
 proof -
   fix m1 s1
-  have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume guard], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk assms(3) red_cmd_list.simps)
+  have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume guard], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" 
+    by (meson RedAssumeOk assms(3) red_cmd_list.simps)
   show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> s1 \<noteq> Failure" 
   proof -
     assume "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1))"
@@ -519,14 +528,18 @@ proof -
 qed
 
 lemma correctness_propagates_through_assumption4:
-  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> (is_final_config (m, s) \<longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+  assumes "\<forall>m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n0, Normal ns1) -n\<rightarrow>* (m, s)) \<longrightarrow> 
+                 (is_final_config (m, s) \<longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> 
+                 (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
       and "node_to_block G ! n0 = [Assume guard]"
       and "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> BoolV True"
       and "List.member (out_edges G ! n0) n1"
-    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> (is_final_config (m, s) \<Longrightarrow> (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
+    shows "\<And> m s. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m, s)) \<Longrightarrow> (is_final_config (m, s) \<Longrightarrow> 
+                   (\<forall>ns_end. s = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))"
 proof -
   fix m1 s1
-  have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume guard], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" by (meson RedAssumeOk assms(3) red_cmd_list.simps)
+  have a1: "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>[Assume guard], Normal ns1\<rangle> [\<rightarrow>] (Normal ns1))" 
+    by (meson RedAssumeOk assms(3) red_cmd_list.simps)
   show "(A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n1, Normal ns1) -n\<rightarrow>* (m1, s1)) \<Longrightarrow> 
           (is_final_config (m1, s1) \<Longrightarrow> 
             (\<forall>ns_end. s1 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda>1_local \<Gamma> \<Omega> ns_end) posts))" 
@@ -577,21 +590,22 @@ qed
 subsection \<open>Pairs of helper lemma + global lemma for certain special cases.\<close>
 
 text \<open>The following are pairs of lemmas. Each pair consists of a helper lemma and a global block lemma. 
-      The helper lemma ensures that 
-          if a valid ast configuration is a starting point of a trace and 
-          the configuration is such that only certain rules, which don't change the state of the configuration, can be applied for the trace to continue,
-          then either the trace will finish in a valid configuration after applying them or 
-               a different valid configuration will be reached from which the trace will continue.
-      The global block lemma proves the correctness of that ast trace, given the correctness of all cfg traces starting in a cfg block 
-        related to the big block in the starting ast configuration.
+      The helper lemma ensures that if a valid AST configuration is a starting point of a trace and 
+      the configuration is such that only certain rules, which don't change the state of the configuration, 
+      can be applied for the trace to continue, then either the trace will finish in a valid configuration 
+      after applying them or a different valid configuration will be reached from which the trace will continue.
+      The global block lemma proves the correctness of that AST trace, given the correctness of all cfg traces 
+      starting in a cfg block related to the big block in the starting AST configuration.
       Note that a syntactic relation between the big block and the cfg block does not need to be shown here, as these global block lemmas are only ever applied in conjuction with
-        other more generic global block lemmas, which will have already shown the syntactic relation.\<close>
+      other more generic global block lemmas, which will have already shown the syntactic relation.\<close>
+
+text \<open>Pair 1: The starting configuration represents a point in the program after a loop, and 
+              therefore the continuation needs to be adjusted.\<close>
 
-text \<open>Pair 1: The starting configuration represents a point in the program after a loop, and therefore the continuation needs to be adjusted.\<close>
 lemma endblock_skip:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, KEndBlock cont0, Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
       and "bb0 = BigBlock name [] None None" 
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
+    shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
             (\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns3) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc l1) )"
 proof (cases l)
   case 0
@@ -641,16 +655,16 @@ proof -
     thus ?thesis
     proof -
       obtain l2_conc where conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^l2_conc (reached_bb, reached_cont, reached_state))" and 
-                           succ_rel: "(j' = Suc l2_conc)"
+        succ_rel: "(j' = Suc l2_conc)"
         using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j' = Suc l2\<close> by blast
       show ?thesis
         apply (rule assms(7))
-           apply (rule succ_rel)
-          apply (rule conc_trace)
-         apply (rule assms(4))
-          apply (simp)
-         apply (rule assms(5))
-          apply assumption+
+        apply (rule succ_rel)
+        apply (rule conc_trace)
+        apply (rule assms(4))
+        apply (simp)
+        apply (rule assms(5))
+        apply assumption+
         using assms(6) false_equals_not_true 
         by blast
     qed
@@ -662,7 +676,7 @@ text \<open>Pair 2: The starting configuration represents a point in the program
               (This could be replaced by a simpler lemma.)\<close>
 lemma endblock_skip2:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, KEndBlock (KSeq bb_next cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
-      and "bb0 = BigBlock None [] None None" 
+    and "bb0 = BigBlock None [] None None" 
   shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
             (\<exists> l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb_next, cont0, Normal ns3) -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc (Suc l2)) )"
   using assms
@@ -741,16 +755,16 @@ proof -
     thus ?thesis
     proof -
       obtain l2_conc where conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2_conc (reached_bb, reached_cont, reached_state))" and 
-                           succ_rel: "(j' = Suc (Suc l2_conc))"
+        succ_rel: "(j' = Suc (Suc l2_conc))"
         using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bigblock_next, cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j' = Suc (Suc l2)\<close>
         by blast
       show ?thesis
         apply (rule assms(7))
-           apply (rule succ_rel)
-          apply (rule conc_trace)
-         apply (rule assms(4))
-          apply (simp)
-         apply (rule assms(5))
+        apply (rule succ_rel)
+        apply (rule conc_trace)
+        apply (rule assms(4))
+        apply (simp)
+        apply (rule assms(5))
         apply simp+
         using assms(6) false_equals_not_true 
         by blast
@@ -758,13 +772,17 @@ proof -
   qed
 qed
 
-text \<open>Pair 3: The starting configuration represents a point in the program before a loop and, more specifically, before the loop has been 'unwrapped'.
-              The 'wrapper' construct exists to accomodate the handling of breaks, which this theory doesn't currently cover.\<close>
+text \<open>Pair 3: The starting configuration represents a point in the program before a loop and, more 
+              specifically, before the loop has been 'unwrapped'.
+              The 'wrapper' construct exists to accomodate the handling of breaks, which this theory 
+              doesn't currently cover.\<close>
+
 lemma wrapper_to_endblock:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
       and "bb0 = BigBlock name [] (Some (WhileWrapper loop)) None"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
-         (\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock name [] (Some loop) None), KEndBlock cont0, Normal ns) -n\<longrightarrow>^l1 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc l1))"
+    shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
+              (\<exists> l1. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock name [] (Some loop) None), KEndBlock cont0, Normal ns) -n\<longrightarrow>^l1 
+                     (reached_bb, reached_cont, reached_state)) \<and> (l = Suc l1))"
   using assms
 proof (cases l)
   case 0
@@ -817,14 +835,14 @@ proof -
     thus ?thesis
     proof -
       obtain l2_conc where conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^l2_conc (reached_bb, reached_cont, reached_state))" and 
-                           succ_rel: "(j = Suc l2_conc)"
+        succ_rel: "(j = Suc l2_conc)"
         using \<open>\<exists>l2. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(BigBlock name [] (Some loop) None, KEndBlock cont0, Normal ns1'') -n\<longrightarrow>^l2 (reached_bb, reached_cont, reached_state)) \<and> j = Suc l2\<close> by blast
       show ?thesis
         apply (rule assms(5))
-          apply (rule succ_rel)
-         apply (rule conc_trace)
+        apply (rule succ_rel)
+        apply (rule conc_trace)
         apply (rule assms(3))
-         apply (simp)
+        apply (simp)
         apply (rule assms(4))
         apply simp+
         done
@@ -835,11 +853,12 @@ qed
 text \<open>Pair 4: The starting configuration represents a point in the program after a loop and before a consecutive 'unwrapped' loop.
               (This is potentially redundant but I couldn't conclude one example proof without it)\<close>
 lemma endblock_skip_wrapper:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) -n\<longrightarrow>^l (reached_bb, reached_cont, reached_state)"
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) -n\<longrightarrow>^l 
+                          (reached_bb, reached_cont, reached_state)"
       and "bb0 = BigBlock None [] None None"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
-         (\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock name [] (Some str) tr), KEndBlock cont0, Normal ns3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and>
-                (l = Suc (Suc (Suc l3))) )"
+    shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state) \<or> 
+           (\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock name [] (Some str) tr), KEndBlock cont0, Normal ns3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and>
+                  l = Suc (Suc (Suc l3)) )"
   using assms
 proof (cases l)
   case 0
@@ -847,61 +866,61 @@ proof (cases l)
 next
   case 1: (Suc l1)
   then show ?thesis 
-    proof (cases l1)
-      case 0
-      from 1 assms this have 
-        "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) (reached_bb, reached_cont, reached_state))"
-        by fastforce
-      then show ?thesis
+  proof (cases l1)
+    case 0
+    from 1 assms this have 
+      "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) (reached_bb, reached_cont, reached_state))"
+      by fastforce
+    then show ?thesis
+    proof cases
+      case RedSkipEndBlock thus ?thesis by (simp add: Ast.valid_configuration_def)
+    qed auto
+  next
+    case 2: (Suc l2)
+    then show ?thesis
+    proof (cases l2)
+      case 0 
+      from 2 1 have "l = Suc (Suc l2)" by auto
+      from 2 1 assms obtain inter_bb inter_cont inter_state  where
+        step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) (inter_bb, inter_cont, inter_state))" and 
+        step2: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb, inter_cont, inter_state) (reached_bb, reached_cont, reached_state))" 
+        using "0" by auto
+      from this step1 have "(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)"
       proof cases
-        case RedSkipEndBlock thus ?thesis by (simp add: Ast.valid_configuration_def)
+        case RedSkipEndBlock thus ?thesis 
+          by blast
+      qed auto
+      from step2 this have "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] (Some (WhileWrapper str)) tr), cont0, Normal ns3)" 
+      proof cases 
+        case RedSkip thus ?thesis  using \<open>(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)\<close> by fastforce
       qed auto
+      then show ?thesis by (simp add: Ast.valid_configuration_def)
     next
-      case 2: (Suc l2)
-      then show ?thesis
-      proof (cases l2)
-        case 0 
-        from 2 1 have "l = Suc (Suc l2)" by auto
-        from 2 1 assms obtain inter_bb inter_cont inter_state  where
-          step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) (inter_bb, inter_cont, inter_state))" and 
-          step2: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb, inter_cont, inter_state) (reached_bb, reached_cont, reached_state))" 
-          using "0" by auto
-        from this step1 have "(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)"
-        proof cases
-          case RedSkipEndBlock thus ?thesis 
-            by blast
-        qed auto
-        from step2 this have "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] (Some (WhileWrapper str)) tr), cont0, Normal ns3)" 
-        proof cases 
-          case RedSkip thus ?thesis  using \<open>(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)\<close> by fastforce
-        qed auto
-        then show ?thesis by (simp add: Ast.valid_configuration_def)
-      next
-        case 3: (Suc l3)
-        from 3 2 1 have "l = Suc (Suc (Suc l3))" by auto
-        from 3 2 1 assms obtain inter_bb inter_cont inter_state inter_bb2 inter_cont2 inter_state2 inter_bb3 inter_cont3 inter_state3 where
-          step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) (inter_bb, inter_cont, inter_state))" and 
-          step2: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb, inter_cont, inter_state) (inter_bb2, inter_cont2, inter_state2))" and 
-          step3: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb2, inter_cont2, inter_state2) (inter_bb3, inter_cont3, inter_state3))" and
-          rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb3, inter_cont3, inter_state3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)" 
-          by (metis (no_types) get_state.cases relpowp_Suc_D2)
-  
-        from this step1 have "(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)"
-        proof cases
-          case RedSkipEndBlock thus ?thesis 
-            by blast
-        qed auto
-        from step2 this have "(inter_bb2, inter_cont2, inter_state2) = ((BigBlock name [] (Some (WhileWrapper str)) tr), cont0, Normal ns3)" 
-        proof cases 
-          case RedSkip thus ?thesis  using \<open>(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)\<close> by fastforce
-        qed auto
-        from step3 this have "(inter_bb3, inter_cont3, inter_state3) = ((BigBlock name [] (Some str) tr), KEndBlock cont0, Normal ns3)"
-        proof cases
-          case RedParsedWhileWrapper thus ?thesis using \<open>(inter_bb2, inter_cont2, inter_state2) = (BigBlock name [] (Some (WhileWrapper str)) tr, cont0, Normal ns3)\<close> by fastforce 
-        qed auto
-        hence "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock name [] (Some str) tr), KEndBlock cont0, Normal ns3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc (Suc (Suc l3)))" 
-          using \<open>l = Suc (Suc (Suc l3))\<close> rest by blast
-        thus ?thesis by blast
+      case 3: (Suc l3)
+      from 3 2 1 have "l = Suc (Suc (Suc l3))" by auto
+      from 3 2 1 assms obtain inter_bb inter_cont inter_state inter_bb2 inter_cont2 inter_state2 inter_bb3 inter_cont3 inter_state3 where
+        step1: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (BigBlock None [] None None, KEndBlock (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3) (inter_bb, inter_cont, inter_state))" and 
+        step2: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb, inter_cont, inter_state) (inter_bb2, inter_cont2, inter_state2))" and 
+        step3: "(red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (inter_bb2, inter_cont2, inter_state2) (inter_bb3, inter_cont3, inter_state3))" and
+        rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb3, inter_cont3, inter_state3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)" 
+        by (metis (no_types) get_state.cases relpowp_Suc_D2)
+
+      from this step1 have "(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)"
+      proof cases
+        case RedSkipEndBlock thus ?thesis 
+          by blast
+      qed auto
+      from step2 this have "(inter_bb2, inter_cont2, inter_state2) = ((BigBlock name [] (Some (WhileWrapper str)) tr), cont0, Normal ns3)" 
+      proof cases 
+        case RedSkip thus ?thesis  using \<open>(inter_bb, inter_cont, inter_state) = (BigBlock None [] None None, (KSeq (BigBlock name [] (Some (WhileWrapper str)) tr) cont0), Normal ns3)\<close> by fastforce
+      qed auto
+      from step3 this have "(inter_bb3, inter_cont3, inter_state3) = ((BigBlock name [] (Some str) tr), KEndBlock cont0, Normal ns3)"
+      proof cases
+        case RedParsedWhileWrapper thus ?thesis using \<open>(inter_bb2, inter_cont2, inter_state2) = (BigBlock name [] (Some (WhileWrapper str)) tr, cont0, Normal ns3)\<close> by fastforce 
+      qed auto
+      hence "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock name [] (Some str) tr), KEndBlock cont0, Normal ns3) -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (l = Suc (Suc (Suc l3)))" 
+        using \<open>l = Suc (Suc (Suc l3))\<close> rest by blast
+      thus ?thesis by blast
     qed
   qed
 qed
@@ -945,24 +964,24 @@ proof -
   next 
     assume "\<not> ((valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state))"
     hence skipped_endblock: 
-                  "(\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
+      "(\<exists> l3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
                    -n\<longrightarrow>^l3 (reached_bb, reached_cont, reached_state)) \<and> (j' = Suc (Suc (Suc l3))) )" 
       using disj_a by blast
     thus ?thesis
     proof -
       obtain l3_conc where 
-           conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
+        conc_trace: "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>((BigBlock None [] (Some (ParsedWhile next_guard next_invs (next_body_bb#body_bbs))) None), KEndBlock cont1, Normal ns1'') 
                         -n\<longrightarrow>^l3_conc (reached_bb, reached_cont, reached_state))" and 
-           succ_rel: "(j' = Suc (Suc (Suc l3_conc))) " 
+        succ_rel: "(j' = Suc (Suc (Suc l3_conc))) " 
         using skipped_endblock by blast
       show ?thesis
         apply (rule assms(10))
-             apply (rule succ_rel)
-            apply (simp add: assms)
-           apply (rule assms(8))
-          apply (rule assms(9))
-          apply (rule conc_trace)
-         apply (simp add: corr)
+        apply (rule succ_rel)
+        apply (simp add: assms)
+        apply (rule assms(8))
+        apply (rule assms(9))
+        apply (rule conc_trace)
+        apply (simp add: corr)
         apply (rule assms(5))
         apply blast+
         done
@@ -976,15 +995,15 @@ text \<open>The following are lemmas proving local relations between various kin
 text \<open>Local relation between an ast-bigblock starting with a non-empty set of simple commands and a cfg-block containing the same simple commands\<close>
 lemma block_local_rel_generic:
   assumes block_rel: "ast_cfg_rel guard invs bb cs2"
-  and "guard = None"
-  and "invs = []"
-  and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-  and "bb = (BigBlock name cs1 any_str any_tr)"
-  and "cs1 \<noteq> Nil"
-  and "cs2 \<noteq> Nil"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+      and "guard = None"
+      and "invs = []"
+      and Red_bb_to: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+      and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+      and "bb = (BigBlock name cs1 any_str any_tr)"
+      and "cs1 \<noteq> Nil"
+      and "cs2 \<noteq> Nil"
+    shows "reached_state \<noteq> Failure  \<and>
+           (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs2, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
   using assms
 proof (induction arbitrary: ns1)
   case (Rel_Main_test bb name cs1 any_str any_tr)
@@ -1001,7 +1020,7 @@ proof (induction arbitrary: ns1)
       case RedSimpleCmds thus ?thesis by blast
     qed
     then have "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs1, Normal ns1\<rangle> [\<rightarrow>] reached_state" using Cons by simp
-    
+
     then show ?thesis using Rel_Main_test by auto
   qed 
 qed (auto)
@@ -1009,12 +1028,12 @@ qed (auto)
 text \<open>Local relation between a loop-only(no simple commands) ast-bigblock and a corresponding cfg-block containing assertions of the loop invariants\<close>
 lemma block_local_rel_loop_head:
   assumes block_rel: "ast_cfg_rel None assert_invs bb assertions"
-  and "bb =  (BigBlock name [] (Some (ParsedWhile loop_guard invs (bb0#body_bbs))) any_tr)"
-  and "assert_invs = map Assert invs"
-  and Red_bb: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
-  and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-  shows "reached_state \<noteq> Failure  \<and>
-         (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
+      and "bb =  (BigBlock name [] (Some (ParsedWhile loop_guard invs (bb0#body_bbs))) any_tr)"
+      and "assert_invs = map Assert invs"
+      and Red_bb: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb, reached_cont, reached_state)" 
+      and Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+    shows "reached_state \<noteq> Failure  \<and>
+           (\<forall>ns1'. reached_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))" 
   using assms
 proof cases
   case Rel_Invs
@@ -1055,104 +1074,105 @@ next
 qed
 
 subsection \<open>Global block lemmas\<close>
+
 text \<open>The following are lemmas proving global relations between various kinds of ast-bigblocks and cfg-blocks\<close>
 
 text \<open>Global lemma for a big block, which concludes the program.\<close>
 lemma generic_ending_block_global_rel:
   assumes syn_rel: "ast_cfg_rel None [] bb cs2"
-  and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and "bb = (BigBlock name cs1 None any_tr)"
-  and "((any_tr = None)) \<or> (any_tr = (Some Return))"
-  and ending: "any_tr = None \<Longrightarrow> cont0 = KStop"
-  and node_to_block_assm: "node_to_block(G) ! n = related_block"
-  and block_id:
-      "(related_block = cs2) \<or> 
-       (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
-       (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
-  and "out_edges G ! n = []"
-  and cfg_reaches_not_failure: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
+      and j_step_ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+      and "bb = (BigBlock name cs1 None any_tr)"
+      and "((any_tr = None)) \<or> (any_tr = (Some Return))"
+      and ending: "any_tr = None \<Longrightarrow> cont0 = KStop"
+      and node_to_block_assm: "node_to_block(G) ! n = related_block"
+      and block_id:
+          "(related_block = cs2) \<or> 
+           (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
+           (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
+      and "out_edges G ! n = []"
+      and cfg_reaches_not_failure: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+      and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
                                       is_final_config (m',s') \<Longrightarrow> (\<forall> ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) post_invs)"
-  and local_rel: "\<And> step_bb step_cont step_state. 
+      and local_rel: "\<And> step_bb step_cont step_state. 
                     red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, KStop, (Normal ns1)) (step_bb, step_cont, step_state) \<Longrightarrow> 
                     (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>
                     step_state \<noteq> Failure  \<and>
                     (\<forall>ns1'. step_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs reached_bb reached_cont reached_state)"
+    shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs reached_bb reached_cont reached_state)"
   using assms
 proof (cases cs2)
   case Nil 
   hence "cs1 = []" using ast_cfg_rel.cases syn_rel assms(3) by blast 
   thus ?thesis
-    proof (cases any_tr)
-      case None thus ?thesis
-      proof -
-        have complete: "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" 
-          using block_id \<open>out_edges G ! n = []\<close> Nil node_to_block_assm
-          by (metis RedCmdListNil RedNormalReturn push_through_assumption0 push_through_assumption1 r_into_rtranclp)
-        hence "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" using cfg_satisfies_posts 
-          using is_final_config.simps(2) by blast
-        thus ?thesis using complete Ast.valid_configuration_def
-          by (metis None Pair_inject \<open>cs1 = []\<close> assms(3) cfg_satisfies_posts ending final_is_static_propagate is_final.simps(1) is_final_config.simps(2) j_step_ast_trace relpowp_imp_rtranclp state.distinct(1))
-      qed
+  proof (cases any_tr)
+    case None thus ?thesis
+    proof -
+      have complete: "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" 
+        using block_id \<open>out_edges G ! n = []\<close> Nil node_to_block_assm
+        by (metis RedCmdListNil RedNormalReturn push_through_assumption0 push_through_assumption1 r_into_rtranclp)
+      hence "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" using cfg_satisfies_posts 
+        using is_final_config.simps(2) by blast
+      thus ?thesis using complete Ast.valid_configuration_def
+        by (metis None Pair_inject \<open>cs1 = []\<close> assms(3) cfg_satisfies_posts ending final_is_static_propagate is_final.simps(1) is_final_config.simps(2) j_step_ast_trace relpowp_imp_rtranclp state.distinct(1))
+    qed
+  next
+    case (Some a)
+    then show ?thesis
+    proof (cases j)
+      case 0
+      from this j_step_ast_trace assms(3) 
+      have "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] None (Some Return)), cont0, (Normal ns1))" 
+        using \<open>cs1 = []\<close> Some assms(4) by simp
+      then show ?thesis by (simp add: valid_configuration_def)
     next
-      case (Some a)
-      then show ?thesis
-      proof (cases j)
-        case 0
-        from this j_step_ast_trace assms(3) 
-        have "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] None (Some Return)), cont0, (Normal ns1))" 
-          using \<open>cs1 = []\<close> Some assms(4) by simp
-        then show ?thesis by (simp add: valid_configuration_def)
-      next
-        case (Suc j')
-        thus ?thesis 
-        proof (cases a)
-          case (Return) 
-          from Suc j_step_ast_trace assms(3) obtain inter_bb inter_cont inter_state where
-            step0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), cont0, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
-            rest0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-            by (metis prod_cases3 relpowp_Suc_D2) 
-          from cfg_reaches_not_failure have 
-            cfg_local: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
-            using assms(5) dag_verifies_propagate_2 by blast
-
-          from step0 Return assms(3) Some Nil syn_rel have
-            inter_state_resolution: "inter_state = Normal ns1"
-          proof cases
-            case RedReturn 
-            thus ?thesis by (simp add: RedReturn)
-          qed (auto simp add: \<open>cs1 = []\<close>)            
+      case (Suc j')
+      thus ?thesis 
+      proof (cases a)
+        case (Return) 
+        from Suc j_step_ast_trace assms(3) obtain inter_bb inter_cont inter_state where
+          step0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name cs1 None any_tr), cont0, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+          rest0: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+          by (metis prod_cases3 relpowp_Suc_D2) 
+        from cfg_reaches_not_failure have 
+          cfg_local: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
+          using assms(5) dag_verifies_propagate_2 by blast
+
+        from step0 Return assms(3) Some Nil syn_rel have
+          inter_state_resolution: "inter_state = Normal ns1"
+        proof cases
+          case RedReturn 
+          thus ?thesis by (simp add: RedReturn)
+        qed (auto simp add: \<open>cs1 = []\<close>)            
 
-          from this cfg_local step0 have 
-            "inter_state \<noteq> Failure  \<and>
+        from this cfg_local step0 have 
+          "inter_state \<noteq> Failure  \<and>
             (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
-            using assms by (metis RedReturn \<open>cs1 = []\<close>)
-
-          from step0 have inter_conc: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KStop, Normal ns1)" 
-            using \<open>cs1 = []\<close> Return Some
-            by (cases) auto
-
-          hence "(red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))"
-            by (simp add: RedNormalReturn 
-                          \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block G ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
-                          assms(8))
-
-          hence "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" by simp
-          hence "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" 
-            using cfg_satisfies_posts is_final_config.simps(2) by blast
-          then have "is_final (inter_bb, inter_cont, inter_state)"
-            using inter_conc is_final.simps(1) by blast
-          then have "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs inter_bb inter_cont inter_state)" 
-            unfolding valid_configuration_def
-            apply (simp only: get_state.simps)
-            apply (simp add: inter_conc)
-            using \<open>(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs\<close> expr_all_sat_def inter_conc by blast
-          then show ?thesis
-            by (metis \<open>is_final (inter_bb, inter_cont, inter_state)\<close> final_is_static_propagate inter_conc prod.sel(1) prod.sel(2) relpowp_imp_rtranclp rest0)
-        next
-          case (Goto x3)
-          thus ?thesis using assms(4) Some by blast
+          using assms by (metis RedReturn \<open>cs1 = []\<close>)
+
+        from step0 have inter_conc: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), KStop, Normal ns1)" 
+          using \<open>cs1 = []\<close> Return Some
+          by (cases) auto
+
+        hence "(red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))"
+          by (simp add: RedNormalReturn 
+              \<open>inter_state \<noteq> Failure \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block G ! n,Normal ns1\<rangle> [\<rightarrow>] Normal ns1')\<close> 
+              assms(8))
+
+        hence "(red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1))" by simp
+        hence "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs" 
+          using cfg_satisfies_posts is_final_config.simps(2) by blast
+        then have "is_final (inter_bb, inter_cont, inter_state)"
+          using inter_conc is_final.simps(1) by blast
+        then have "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs inter_bb inter_cont inter_state)" 
+          unfolding valid_configuration_def
+          apply (simp only: get_state.simps)
+          apply (simp add: inter_conc)
+          using \<open>(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1) post_invs\<close> expr_all_sat_def inter_conc by blast
+        then show ?thesis
+          by (metis \<open>is_final (inter_bb, inter_cont, inter_state)\<close> final_is_static_propagate inter_conc prod.sel(1) prod.sel(2) relpowp_imp_rtranclp rest0)
+      next
+        case (Goto x3)
+        thus ?thesis using assms(4) Some by blast
       qed
     qed
   qed
@@ -1190,15 +1210,15 @@ next
     proof (cases any_tr)
       case None
       from step this have concrete_inter: "(inter_bb, inter_cont, inter_state) = (BigBlock name [] None None, cont0, inter_state)"
-      by (cases) (auto simp add: RedSimpleCmds ending)
- 
+        by (cases) (auto simp add: RedSimpleCmds ending)
+
       have Red_impl: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
         using assms(5) cfg_reaches_not_failure dag_verifies_propagate_2 by blast
 
       have "cont0 = KStop" using None by (simp add: ending)
-  
+
       from step \<open>cont0 = KStop\<close> have local_corr:
-            "inter_state \<noteq> Failure  \<and>
+        "inter_state \<noteq> Failure  \<and>
             (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
         using Red_impl block_local_rel_generic local.Cons local.step syn_rel assms by (cases) blast+
 
@@ -1215,7 +1235,7 @@ next
       hence valid_inter: "(valid_configuration A \<Lambda> \<Gamma> \<Omega> post_invs inter_bb inter_cont inter_state)" 
         unfolding valid_configuration_def
         using posts_sat local_corr by auto
- 
+
       then show ?thesis 
         by (metis Pair_inject \<open>is_final (inter_bb, inter_cont, inter_state)\<close> concrete_inter final_is_static_propagate relpowp_imp_rtranclp rest)
     next
@@ -1235,22 +1255,22 @@ next
           using dag_verifies_propagate_2  assms(5) cfg_reaches_not_failure by blast
 
         from step have local_corr:
-              "inter_state \<noteq> Failure  \<and>
+          "inter_state \<noteq> Failure  \<and>
               (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>node_to_block(G) ! n, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
           using Red_impl \<open>cs1 \<noteq> []\<close> assms(3) block_id block_local_rel_generic list.distinct(1) 
-                          local.Cons node_to_block_assm push_through_assumption0 push_through_assumption1 syn_rel
+            local.Cons node_to_block_assm push_through_assumption0 push_through_assumption1 syn_rel
           by metis
-  
+
         hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))"
           by (simp add: RedCmdListNil RedNormalReturn assms(7-8) local.Cons)
-  
+
         hence "(\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (Inr (), Normal ns1'))" by blast
         hence posts_sat: "\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns1') post_invs" 
           using cfg_satisfies_posts is_final_config.simps(2) by blast
-    
+
         from step have "inter_state \<noteq> Failure" using Red_impl block_local_rel_generic local.Cons assms
-        using local_corr by fastforce
-  
+          using local_corr by fastforce
+
         then show ?thesis
         proof (cases inter_state)
           case (Normal x1)
@@ -1289,26 +1309,25 @@ qed
 text \<open>Global lemma for a big block with a non-empty set of simple commands that enters a loop after it executes its simple cmds.\<close>
 lemma block_global_rel_while_successor:
   assumes j_step_ast_trace: 
-      "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont1, Normal ns1) -n\<longrightarrow>^j 
-                      (reached_bb, reached_cont, reached_state)"
-  and syn_rel: "ast_cfg_rel None [] bb cmds"
-  and "bb = (BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None)"
-  and "cmds \<noteq> []"
-  and "node_to_block(G) ! n = related_block"
-  and block_id:
-      "(related_block = cmds) \<or> 
+           "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont1, Normal ns1) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+      and syn_rel: "ast_cfg_rel None [] bb cmds"
+      and "bb = (BigBlock name cmds (Some (WhileWrapper (ParsedWhile guard invs (body_bb0#body_bbs)))) None)"
+      and "cmds \<noteq> []"
+      and "node_to_block(G) ! n = related_block"
+      and block_id:
+    "(related_block = cmds) \<or> 
        (related_block = c#cmds) \<and> c = Assume entry_guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> entry_guard ns1 (BoolV True)) \<or> 
        (related_block = c#cmds) \<and> c = Assume not_guard \<and> (UnOp Not entry_guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> entry_guard ns1 (BoolV False))"
-  and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
-  and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
+      and cfg_is_correct: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> (s' \<noteq> Failure)"
+      and cfg_satisfies_posts: "\<And> m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl n),(Normal ns1)) (m',s')) \<Longrightarrow> 
                                       is_final_config (m',s') \<Longrightarrow> (\<forall> ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
-  and block_local_rel:
+      and block_local_rel:
     "\<And> reached_bb_inter reached_cont_inter reached_state_inter. 
     (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont1, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
     (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block G ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
     (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  and global_rel_succ:
-        "\<And> ns2 k.
+      and global_rel_succ:
+       "\<And> ns2 k.
          k < j \<Longrightarrow>
          (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, Normal ns2) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
          (\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns2) -n\<rightarrow>* (m', s')) \<longrightarrow>
@@ -1317,7 +1336,7 @@ lemma block_global_rel_while_successor:
          A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] (Some (ParsedWhile guard invs (body_bb0#body_bbs))) None), KEndBlock cont1, Normal ns2) -n\<longrightarrow>^k 
                       (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
          (valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+    shows "(valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   using assms
 proof cases
   assume "j = 0"
@@ -1350,10 +1369,10 @@ next
         by (metis Normal a1 nat.discI rest wrapper_to_endblock)
     next
       case 2: (Suc j'')
-
       hence Red_cfg_conc: 
         "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl msuc2, inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))" 
-        using dag_verifies_propagate Normal \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n),Normal ns1\<rangle> [\<rightarrow>] inter_state\<close> assms(5) cfg_is_correct by blast
+        using dag_verifies_propagate Normal \<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n),Normal ns1\<rangle> [\<rightarrow>] inter_state\<close> assms(5) cfg_is_correct 
+        by blast
 
       hence Red_cfg_sat_conc: 
         "(\<forall>msuc2. List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
@@ -1374,7 +1393,8 @@ next
       qed auto 
 
       have "j'' < j" by (simp add: "2" \<open>j = Suc j'\<close>)
-      then show ?thesis using a3 rest_2 Normal Red_cfg_conc assms(9) cfg_satisfies_posts Red_cfg_sat_conc global_rel_succ by fastforce
+      then show ?thesis using a3 rest_2 Normal Red_cfg_conc assms(9) cfg_satisfies_posts Red_cfg_sat_conc global_rel_succ 
+        by fastforce
     qed
   next
     case Failure
@@ -1390,20 +1410,23 @@ text \<open>Global lemma for a big block that's the head of a loop.
       The body of the loop is required to be non-empty.\<close>
 lemma block_global_rel_loop_head:
   assumes block_rel: "ast_cfg_rel None assertions bb assertions"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
+      and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+      and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+      and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
                                         is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
-  and "bb = (BigBlock name [] any_str any_tr)"
-  and bb_successor_while: "any_str = Some (ParsedWhile cont_guard invs (bb0#body_bbs))"
-  and block_local_rel:
-    "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-    (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-    (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  and "node_to_block(G) ! n = assertions"
-  and "cont0 = KEndBlock cont1"
-  and succ_correct: 
-   "\<And> ns1'' loop_guard j'. 
+      and "bb = (BigBlock name [] any_str any_tr)"
+      and bb_successor_while: "any_str = Some (ParsedWhile cont_guard invs (bb0#body_bbs))"
+      and block_local_rel:
+      "\<And> reached_bb_inter reached_cont_inter reached_state_inter.
+       (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+       (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> assertions (Normal ns1) s2') \<Longrightarrow> 
+       (s2' \<noteq> Failure))) \<Longrightarrow>   
+       reached_state_inter \<noteq> Failure \<and> 
+       (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>assertions, Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+      and "node_to_block(G) ! n = assertions"
+      and "cont0 = KEndBlock cont1"
+      and succ_correct: 
+    "\<And> ns1'' loop_guard j'. 
     j = Suc j' \<Longrightarrow>
     (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
     (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
@@ -1419,121 +1442,121 @@ lemma block_global_rel_loop_head:
      ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> ((BigBlock name [] None None), KEndBlock cont1, (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)) \<or>
       (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb0, convert_list_to_cont (( body_bbs)@[bb]) (KEndBlock cont1), (Normal ns1'')) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state))))  \<Longrightarrow>  
     (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
+    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
   using assms cases
 proof -
-    show ?thesis 
-    proof cases
-      assume "j = 0"
-      hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(5) by simp 
-      thus ?thesis by (simp add: Ast.valid_configuration_def \<open>cont0 = KEndBlock cont1\<close>)
-    next
-      assume "j \<noteq> 0" 
-      from this obtain j' where "j = Suc j'" using not0_implies_Suc by blast
-  
-      from ast_trace this assms(5) obtain inter_bb inter_cont inter_state where
-        first_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name [] any_str any_tr), cont0, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
-        rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-        by (metis prod_cases3 relpowp_Suc_D2)
-  
-      show ?thesis
-      proof (cases cont_guard)
-        case None
-        from first_step show ?thesis using bb_successor_while
-        proof cases
-          case RedParsedWhileTrue
-          hence concrete_inter1: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont (( body_bbs)@[(BigBlock name [] any_str any_tr)]) cont0, (Normal ns1))"
-            using bb_successor_while None by blast
-  
-          from first_step
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            by (metis Pair_inject assms(5) assms(8) block_local_rel cfg_correct concrete_inter1 dag_verifies_propagate dag_verifies_propagate_2)
+  show ?thesis 
+  proof cases
+    assume "j = 0"
+    hence "(reached_bb, reached_cont, reached_state) = ((BigBlock name [] any_str any_tr), cont0, (Normal ns1))" using ast_trace assms(5) by simp 
+    thus ?thesis by (simp add: Ast.valid_configuration_def \<open>cont0 = KEndBlock cont1\<close>)
+  next
+    assume "j \<noteq> 0" 
+    from this obtain j' where "j = Suc j'" using not0_implies_Suc by blast
 
-          from first_step
-          have succ_cfg_satisfies_post: 
-              "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
+    from ast_trace this assms(5) obtain inter_bb inter_cont inter_state where
+      first_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> \<langle>((BigBlock name [] any_str any_tr), cont0, (Normal ns1))\<rangle> \<longrightarrow> (inter_bb, inter_cont, inter_state)" and
+      rest: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+      by (metis prod_cases3 relpowp_Suc_D2)
+
+    show ?thesis
+    proof (cases cont_guard)
+      case None
+      from first_step show ?thesis using bb_successor_while
+      proof cases
+        case RedParsedWhileTrue
+        hence concrete_inter1: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont (( body_bbs)@[(BigBlock name [] any_str any_tr)]) cont0, (Normal ns1))"
+          using bb_successor_while None by blast
+
+        from first_step
+        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+          by (metis Pair_inject assms(5) assms(8) block_local_rel cfg_correct concrete_inter1 dag_verifies_propagate dag_verifies_propagate_2)
+
+        from first_step
+        have succ_cfg_satisfies_post: 
+          "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
                                                         (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
-            using cfg_satisfies_post 
-            by (metis (no_types) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileTrue(4))
-  
-          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post None rest concrete_inter1 succ_correct assms(5) \<open>cont0 = KEndBlock cont1\<close> by blast 
-        next 
-          case RedParsedWhileFalse
-          hence concrete_inter2: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), cont0, (Normal ns1))" by simp
-  
-          from first_step
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            by (metis assms(5) assms(8) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+          using cfg_satisfies_post 
+          by (metis (no_types) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileTrue(4))
 
-          from first_step
-          have succ_cfg_satisfies_post: 
-              "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
+        show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post None rest concrete_inter1 succ_correct assms(5) \<open>cont0 = KEndBlock cont1\<close> by blast 
+      next 
+        case RedParsedWhileFalse
+        hence concrete_inter2: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), cont0, (Normal ns1))" by simp
+
+        from first_step
+        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+          by (metis assms(5) assms(8) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+
+        from first_step
+        have succ_cfg_satisfies_post: 
+          "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
                                                         (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
-            using cfg_satisfies_post 
-            by (metis (no_types) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
-  
-          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post None rest concrete_inter2 succ_correct \<open>cont0 = KEndBlock cont1\<close>  by blast
-        next 
-          case RedParsedWhile_InvFail thus ?thesis using assms(8) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(5) by blast
-        qed auto
-      next
-        case (Some concrete_loop_guard)
-        then show ?thesis 
+          using cfg_satisfies_post 
+          by (metis (no_types) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+
+        show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post None rest concrete_inter2 succ_correct \<open>cont0 = KEndBlock cont1\<close>  by blast
+      next 
+        case RedParsedWhile_InvFail thus ?thesis using assms(8) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(5) by blast
+      qed auto
+    next
+      case (Some concrete_loop_guard)
+      then show ?thesis 
+      proof cases
+        assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV True))"
+        hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV False))" using expr_eval_determ by blast
+
+        from first_step show ?thesis 
         proof cases
-          assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV True))"
-          hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV False))" using expr_eval_determ by blast
-  
-          from first_step show ?thesis 
-          proof cases
-            case RedParsedWhileTrue
-            hence concrete_inter3: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont (( body_bbs)@[(BigBlock name [] any_str any_tr)]) (cont0), (Normal ns1))"
-              using bb_successor_while Some by blast
-  
-            from first_step
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              by (metis Pair_inject assms(5) assms(8) block_local_rel cfg_correct concrete_inter3 dag_verifies_propagate dag_verifies_propagate_2)
+          case RedParsedWhileTrue
+          hence concrete_inter3: "(inter_bb, inter_cont, inter_state) = (bb0, convert_list_to_cont (( body_bbs)@[(BigBlock name [] any_str any_tr)]) (cont0), (Normal ns1))"
+            using bb_successor_while Some by blast
 
-            from first_step
-            have succ_cfg_satisfies_post: 
-                "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
+          from first_step
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            by (metis Pair_inject assms(5) assms(8) block_local_rel cfg_correct concrete_inter3 dag_verifies_propagate dag_verifies_propagate_2)
+
+          from first_step
+          have succ_cfg_satisfies_post: 
+            "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
                                                           (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                           is_final_config (m', s') \<longrightarrow> 
                                                           (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
-              using cfg_satisfies_post 
+            using cfg_satisfies_post 
             by (metis (no_types) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileTrue(4))
-  
-            show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post Some guard_true rest concrete_inter3 succ_correct assms(5) \<open>cont0 = KEndBlock cont1\<close>  by blast 
+
+          show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post Some guard_true rest concrete_inter3 succ_correct assms(5) \<open>cont0 = KEndBlock cont1\<close>  by blast 
         next 
-            case RedParsedWhile_InvFail thus ?thesis using assms(8) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(5) by blast
+          case RedParsedWhile_InvFail thus ?thesis using assms(8) block_local_rel cfg_correct dag_verifies_propagate_2 first_step assms(5) by blast
         qed (auto simp add: bb_successor_while Some guard_not_false)
       next
         assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV True))"
         thus ?thesis 
         proof cases
           assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> concrete_loop_guard ns1 (BoolV False))"
-  
+
           from first_step show ?thesis 
           proof cases
             case RedParsedWhileFalse
             hence concrete_inter4: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] None None), cont0, (Normal ns1))" by simp
 
-          from first_step
-          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-            by (metis assms(5) assms(8) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+            from first_step
+            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+              by (metis assms(5) assms(8) block_local_rel cfg_correct dag_verifies_propagate dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
 
-          from first_step
-          have succ_cfg_satisfies_post: 
+            from first_step
+            have succ_cfg_satisfies_post: 
               "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> 
                                                         (\<forall>m' s'. (((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), inter_state) -n\<rightarrow>* (m', s'))) \<longrightarrow>
                                                         is_final_config (m', s') \<longrightarrow> 
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))) )"
-            using cfg_satisfies_post 
-            by (metis (no_types) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
-  
+              using cfg_satisfies_post 
+              by (metis (no_types) RedNormalSucc assms(5) assms(8) block_local_rel cfg_correct converse_rtranclp_into_rtranclp dag_verifies_propagate_2 local.RedParsedWhileFalse(5))
+
             show ?thesis using \<open>j = Suc j'\<close> succ_cfg_correct succ_cfg_satisfies_post Some guard_false rest concrete_inter4 succ_correct \<open>cont0 = KEndBlock cont1\<close> by blast
           next
             case RedParsedWhile_InvFail thus ?thesis using Some bb_successor_while guard_not_true by blast
@@ -1553,24 +1576,24 @@ qed
 text \<open>Global lemma for a big block, which enters an if-statement after executing its simple cmds (if there are any).\<close>
 lemma block_global_rel_if_successor:
   assumes block_rel: "ast_cfg_rel None [] bb cs2"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and "bb = (BigBlock name cs1 any_str any_tr)"
-  and "node_to_block(G) ! n  = related_block"
-  and block_id:
-      "(related_block = cs2) \<or> 
+      and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+      and "bb = (BigBlock name cs1 any_str any_tr)"
+      and "node_to_block(G) ! n  = related_block"
+      and block_id:
+       "(related_block = cs2) \<or> 
        (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
        (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
+      and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+      and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
                                         is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts)"
-  and bb_successor_if: "any_str = Some (ParsedIf cont_guard (then0#then_bbs) (else0#else_bbs))"
-  and block_local_rel:
+      and bb_successor_if: "any_str = Some (ParsedIf cont_guard (then0#then_bbs) (else0#else_bbs))"
+      and block_local_rel:
         "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
         (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow> 
         cs1 \<noteq> [] \<Longrightarrow> cs2 \<noteq> [] \<Longrightarrow>  
         (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  and succ_correct: 
-       "\<And> ns1'' block_guard k.
+      and succ_correct: 
+        "\<And> ns1'' block_guard k.
          k < j \<Longrightarrow> 
         (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure))) \<Longrightarrow>
         (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
@@ -1586,8 +1609,8 @@ lemma block_global_rel_if_successor:
           ((A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (then0, convert_list_to_cont ( then_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) \<or>
            (A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (else0, convert_list_to_cont ( else_bbs) cont0, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state)) ) ) \<Longrightarrow>  
         (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
-  using assms cases
+    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
+    using assms cases
 proof cases
   case Rel_Main_test
   have not_end: "(cont0 \<noteq> KStop) \<or> any_str \<noteq> None \<or> any_tr \<noteq> None" using bb_successor_if by simp
@@ -1609,23 +1632,23 @@ proof cases
         first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
         rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
         by (metis ast_trace get_state.cases relpowp_Suc_E2)
-  
+
       from cfg_correct Cons block_id
       have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
         using dag_verifies_propagate_2 
         by (metis push_through_assumption0 push_through_assumption1 \<open>node_to_block(G) ! n = related_block\<close>)
-  
+
       from local_rel_corr first_step Cons
       have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
         using block_local_rel local.Rel_Main_test assms(3) 
         by (metis \<open>cs1 \<noteq> []\<close> assume_ml bigblock.inject block_id state.simps(7) \<open>node_to_block(G) ! n = related_block\<close>)
-  
+
       from first_step Cons \<open>cs1 \<noteq> []\<close>
       have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
       proof cases
         case RedSimpleCmds then show ?thesis by (auto simp add: RedSimpleCmds)
       qed auto
-  
+
       show ?thesis 
       proof (cases inter_state)
         case 2: (Normal x1)
@@ -1640,7 +1663,7 @@ proof cases
             snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, inter_state)  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
             snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
             by (metis a1 get_state.cases relpowp_Suc_D2)
-  
+
           thus ?thesis 
           proof (cases cont_guard)
             case None
@@ -1660,14 +1683,14 @@ proof cases
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct local.Cons
                 by (metis (no_types) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
-  
+
               have "j'' < j" using 1 3 using Suc_lessD by blast
-              
+
               thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct succ_cfg_sat by blast
             next
               case (RedParsedIfFalse)
               hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont ( else_bbs) cont0, inter_state)" using None bb_successor_if 1 by auto
-  
+
               from first_step 
               have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               proof cases
@@ -1679,9 +1702,9 @@ proof cases
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct local.Cons
                 by (metis (no_types) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
-  
+
               have "j'' < j" using 1 3 using Suc_lessD by blast
-  
+
               thus ?thesis using eq snd_rest_of_steps succ_correct None 2 succ_cfg_correct succ_cfg_sat by blast
             qed (auto simp add: bb_successor_if 2)
           next
@@ -1694,7 +1717,7 @@ proof cases
               proof cases
                 case RedParsedIfTrue thus ?thesis using guard_true bb_successor_if by (simp add: RedParsedIfTrue)
               qed (auto simp add: guard_not_false bb_successor_if 2 Some)
-  
+
               from first_step 
               have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               proof cases
@@ -1706,9 +1729,9 @@ proof cases
                                                         (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                 using cfg_satisfies_post cfg_correct local.Cons
                 by (metis (no_types) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
-  
+
               have "j'' < j" using 1 3 using Suc_lessD by blast
-              
+
               thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct 2 succ_cfg_sat by blast
             next
               assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True))"
@@ -1719,7 +1742,7 @@ proof cases
                 proof cases
                   case RedParsedIfFalse thus ?thesis using guard_false bb_successor_if by (simp add: RedParsedIfFalse)
                 qed (auto simp add: guard_not_true bb_successor_if 2 Some)
-  
+
                 from first_step 
                 have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
                 proof cases
@@ -1731,13 +1754,13 @@ proof cases
                                                           (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts))))"
                   using cfg_satisfies_post cfg_correct local.Cons
                   by (metis (no_types) "2" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
-  
+
                 have "j'' < j" using 1 3 using Suc_lessD by blast
-          
+
                 thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some 2 succ_cfg_correct succ_cfg_sat by blast
               next
                 assume guard_not_false2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV False)))" and  
-                       guard_not_true2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True)))"
+                  guard_not_true2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard x1 (BoolV True)))"
                 thus ?thesis
                 proof -
                   from snd_step have False using guard_not_false2 guard_not_true2 bb_successor_if Some 2 
@@ -1773,87 +1796,122 @@ next
       then show ?thesis by (simp add: Ast.valid_configuration_def bb_successor_if) 
     next
       case 1: (Suc j')
-        from this assms(3) obtain snd_inter_bb snd_inter_cont snd_inter_state where
-          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, (Normal ns1))  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
-          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
-          using Rel_Invs
-          by (metis ast_trace bigblock.inject local.Rel_Invs(1) relpowp_Suc_E2 surj_pair)
-  
-        thus ?thesis 
-        proof (cases cont_guard)
-          case None
-          from snd_step this show ?thesis
-          proof cases
-            case RedParsedIfTrue
-            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont ( then_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
+      from this assms(3) obtain snd_inter_bb snd_inter_cont snd_inter_state where
+        snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, (Normal ns1))  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
+        snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)" 
+        using Rel_Invs
+        by (metis ast_trace bigblock.inject local.Rel_Invs(1) relpowp_Suc_E2 surj_pair)
 
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
-              by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
+      thus ?thesis 
+      proof (cases cont_guard)
+        case None
+        from snd_step this show ?thesis
+        proof cases
+          case RedParsedIfTrue
+          hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont ( then_bbs) cont0, (Normal ns1))" using None bb_successor_if 1 by auto
 
-            have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
+            by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
+
+          have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
                                                       is_final_config (m', s') \<Longrightarrow> 
                                                       (s' = Normal ns_end) \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts"
-            proof
-              fix msuc2 m' s' ns_end
-              assume a: "List.member (out_edges G ! n) msuc2" and
-                     b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
-                     c: "is_final_config (m', s')" and 
-                     d: "(s' = Normal ns_end)"
-              have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
-                using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
-                      a b c
-                by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
-              show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
-                by (meson converse_rtranclp_into_rtranclp d) 
-            qed  
-            have "j' < j" using 1 using Suc_lessD by blast
-            thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct succ_cfg_sat by blast
-          next
-            case (RedParsedIfFalse)
-            hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont ( else_bbs) cont0, Normal ns1)" using None bb_successor_if 1 by auto
+          proof
+            fix msuc2 m' s' ns_end
+            assume a: "List.member (out_edges G ! n) msuc2" and
+              b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
+              c: "is_final_config (m', s')" and 
+              d: "(s' = Normal ns_end)"
+            have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
+              using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
+                a b c
+              by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
+            show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
+              by (meson converse_rtranclp_into_rtranclp d) 
+          qed  
+          have "j' < j" using 1 using Suc_lessD by blast
+          thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct succ_cfg_sat by blast
+        next
+          case (RedParsedIfFalse)
+          hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont ( else_bbs) cont0, Normal ns1)" using None bb_successor_if 1 by auto
 
-            from snd_step 
-            have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-              using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
-              by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
+          from snd_step 
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
+            by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-            have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+          have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
                                                       is_final_config (m', s') \<Longrightarrow> 
                                                       (s' = Normal ns_end) \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts"
-            proof
-              fix msuc2 m' s' ns_end
-              assume a: "List.member (out_edges G ! n) msuc2" and
-                     b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
-                     c: "is_final_config (m', s')" and 
-                     d: "(s' = Normal ns_end)"
-              have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
-                using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
-                      a b c
-                by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
-              show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
-                by (meson converse_rtranclp_into_rtranclp d) 
-            qed
-  
-            have "j' < j" using 1 using Suc_lessD by blast
-  
-            thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct succ_cfg_sat by blast
-          qed (auto simp add: bb_successor_if)
+          proof
+            fix msuc2 m' s' ns_end
+            assume a: "List.member (out_edges G ! n) msuc2" and
+              b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
+              c: "is_final_config (m', s')" and 
+              d: "(s' = Normal ns_end)"
+            have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
+              using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
+                a b c
+              by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
+            show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
+              by (meson converse_rtranclp_into_rtranclp d) 
+          qed
+
+          have "j' < j" using 1 using Suc_lessD by blast
+
+          thus ?thesis using eq snd_rest_of_steps succ_correct None succ_cfg_correct succ_cfg_sat by blast
+        qed (auto simp add: bb_successor_if)
+      next
+        case (Some block_guard)
+        then show ?thesis 
+        proof cases
+          assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True))"
+          hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))" using expr_eval_determ by blast
+          from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont ( then_bbs) cont0, Normal ns1)" 
+          proof cases
+            case RedParsedIfTrue thus ?thesis using guard_true bb_successor_if by (simp add: RedParsedIfTrue)
+          qed (auto simp add: guard_not_false bb_successor_if Some)
+
+          from snd_step 
+          have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+            using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
+            by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
+
+          have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+                                                      is_final_config (m', s') \<Longrightarrow> 
+                                                      (s' = Normal ns_end) \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts"
+          proof
+            fix msuc2 m' s' ns_end
+            assume a: "List.member (out_edges G ! n) msuc2" and
+              b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
+              c: "is_final_config (m', s')" and 
+              d: "(s' = Normal ns_end)"
+            have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
+              using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
+                a b c
+              by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
+            show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
+              by (meson converse_rtranclp_into_rtranclp d) 
+          qed
+
+          have "j' < j" using 1 using Suc_lessD by blast
+
+          thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct succ_cfg_sat by blast
         next
-          case (Some block_guard)
-          then show ?thesis 
+          assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True))"
+          thus ?thesis 
           proof cases
-            assume guard_true: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True))"
-            hence guard_not_false: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))" using expr_eval_determ by blast
-            from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (then0, convert_list_to_cont ( then_bbs) cont0, Normal ns1)" 
+            assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))"
+            from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont ( else_bbs) cont0, Normal ns1)"
             proof cases
-              case RedParsedIfTrue thus ?thesis using guard_true bb_successor_if by (simp add: RedParsedIfTrue)
-            qed (auto simp add: guard_not_false bb_successor_if Some)
-  
+              case RedParsedIfFalse thus ?thesis using guard_false bb_successor_if by (simp add: RedParsedIfFalse)
+            qed (auto simp add: guard_not_true bb_successor_if Some)
+
             from snd_step 
             have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
               using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
-              by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
+              by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2) 
 
             have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
                                                       is_final_config (m', s') \<Longrightarrow> 
@@ -1861,102 +1919,71 @@ next
             proof
               fix msuc2 m' s' ns_end
               assume a: "List.member (out_edges G ! n) msuc2" and
-                     b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
-                     c: "is_final_config (m', s')" and 
-                     d: "(s' = Normal ns_end)"
+                b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
+                c: "is_final_config (m', s')" and 
+                d: "(s' = Normal ns_end)"
               have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
                 using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
-                      a b c
+                  a b c
                 by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
               show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
                 by (meson converse_rtranclp_into_rtranclp d) 
             qed
-  
+
             have "j' < j" using 1 using Suc_lessD by blast
-            
-            thus ?thesis using eq guard_true snd_rest_of_steps succ_correct Some succ_cfg_correct succ_cfg_sat by blast
-          next
-            assume guard_not_true: "\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True))"
-            thus ?thesis 
-            proof cases
-              assume guard_false: "(red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False))"
-              from snd_step have eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (else0, convert_list_to_cont ( else_bbs) cont0, Normal ns1)"
-              proof cases
-                case RedParsedIfFalse thus ?thesis using guard_false bb_successor_if by (simp add: RedParsedIfFalse)
-              qed (auto simp add: guard_not_true bb_successor_if Some)
-  
-              from snd_step 
-              have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-                using assms(5) cfg_correct correctness_propagates_through_empty local.Nil \<open>node_to_block(G) ! n = related_block\<close>
-                by (metis (full_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2) 
 
-            have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
-                                                      is_final_config (m', s') \<Longrightarrow> 
-                                                      (s' = Normal ns_end) \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts"
-            proof
-              fix msuc2 m' s' ns_end
-              assume a: "List.member (out_edges G ! n) msuc2" and
-                     b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
-                     c: "is_final_config (m', s')" and 
-                     d: "(s' = Normal ns_end)"
-              have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
-                using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
-                      a b c
-                by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
-              show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
-                by (meson converse_rtranclp_into_rtranclp d) 
+            thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some succ_cfg_correct succ_cfg_sat by blast
+          next
+            assume guard_not_false2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False)))" and  
+              guard_not_true2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True)))"
+            thus ?thesis
+            proof -
+              from snd_step have False using guard_not_false2 guard_not_true2 bb_successor_if Some 
+                by (cases) auto
+              thus ?thesis by simp
             qed
-  
-              have "j' < j" using 1 using Suc_lessD by blast
-        
-              thus ?thesis using eq guard_false snd_rest_of_steps succ_correct Some succ_cfg_correct succ_cfg_sat by blast
-            next
-              assume guard_not_false2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV False)))" and  
-                     guard_not_true2: "(\<not> (red_expr A \<Lambda> \<Gamma> \<Omega> block_guard ns1 (BoolV True)))"
-              thus ?thesis
-              proof -
-                from snd_step have False using guard_not_false2 guard_not_true2 bb_successor_if Some 
-                  by (cases) auto
-                thus ?thesis by simp
-              qed
-            qed  
-          qed 
-        qed
+          qed  
+        qed 
       qed
+    qed
   next
-    case (Cons) thus ?thesis using \<open>cs2 = []\<close> by simp
+    case Cons
+    thus ?thesis using \<open>cs2 = []\<close> by simp
   qed
 qed
 
 text \<open>Global lemma for a generic big block. This means that neither a loop, nor an if-statement is entered after its simple commands are executed.\<close>
 lemma block_global_rel_generic:
   assumes block_rel: "ast_cfg_rel None [] bb cs2"
-  and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
-  and "bb = (BigBlock name cs1 any_str any_tr)"
-  and node_to_block_assm: "node_to_block(G) ! n = related_block"
-  and block_id:
-      "(related_block = cs2) \<or> 
+      and ast_trace: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb, cont0, (Normal ns1)) -n\<longrightarrow>^j (reached_bb, reached_cont, reached_state)"
+      and "bb = (BigBlock name cs1 any_str any_tr)"
+      and node_to_block_assm: "node_to_block(G) ! n = related_block"
+      and block_id:
+    "(related_block = cs2) \<or> 
        (related_block = c#cs2) \<and> c = Assume guard \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV True)) \<or> 
        (related_block = c#cs2) \<and> c = Assume not_guard \<and> (UnOp Not guard \<sim> not_guard) \<and> (red_expr A \<Lambda> \<Gamma> \<Omega> guard ns1 (BoolV False))"
-  and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
-  and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
+      and cfg_correct: "(\<And> m2 s2. ((red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow> (s2 \<noteq> Failure)))"
+      and cfg_satisfies_post: "(\<And> m2 s2. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G (Inl n, Normal ns1) (m2, s2)) \<Longrightarrow>
                                         is_final_config (m2, s2) \<Longrightarrow> \<forall>ns_end. s2 = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)"
-  and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
-  and block_local_rel: 
-        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
-        (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
-        cs1 \<noteq> [] \<Longrightarrow> cs2 \<noteq> [] \<Longrightarrow>
-        (reached_state_inter \<noteq> Failure  \<and> (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))"
-  and succ_correct: 
-       "\<And>  ns1'' k.
+      and trivial_bb_successor: "(cont0 = KSeq bb1 cont1) \<and> any_str = None \<and> any_tr = None"
+      and block_local_rel: 
+        "\<And> reached_bb_inter reached_cont_inter reached_state_inter. 
+          (red_bigblock A M \<Lambda> \<Gamma> \<Omega> T (bb, cont0, (Normal ns1)) (reached_bb_inter, reached_cont_inter, reached_state_inter)) \<Longrightarrow> 
+          (\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (node_to_block(G) ! n) (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure))) \<Longrightarrow>   
+           cs1 \<noteq> [] \<Longrightarrow> 
+           cs2 \<noteq> [] \<Longrightarrow>
+          reached_state_inter \<noteq> Failure \<and> 
+          (\<forall>ns1'. reached_state_inter = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block(G) ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1'))"
+      and succ_correct: 
+    "\<And>  ns1'' k.
         k < j \<Longrightarrow> 
         \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), Normal ns1'') -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)) \<Longrightarrow>
-       (\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
+        \<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m' s'. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1'') -n\<rightarrow>* (m', s')) \<longrightarrow>
                                                             is_final_config (m', s') \<longrightarrow> 
-                                                            (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)))) \<Longrightarrow>
+                                                            (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts))) \<Longrightarrow>
         A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (bb1, cont1, (Normal ns1'')) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state) \<Longrightarrow> 
         (Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
-  shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
+    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)" 
   using assms cases
 proof cases
   case Rel_Main_test
@@ -1979,33 +2006,33 @@ proof cases
         first_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name cs1 any_str any_tr), cont0, (Normal ns1)) (inter_bb, inter_cont, inter_state)" and
         rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (inter_bb, inter_cont, inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
         by (metis ast_trace get_state.cases relpowp_Suc_D2)
-  
+
       from cfg_correct Cons block_id node_to_block_assm
       have local_rel_corr: "(\<And> s2'.((red_cmd_list A M \<Lambda> \<Gamma> \<Omega> cs2 (Normal ns1) s2') \<Longrightarrow> (s2' \<noteq> Failure)))"
         apply (simp)
         apply (rule disjE)
-          apply simp
-         apply (rule dag_verifies_propagate_2)
-           apply blast
-          apply assumption
-         apply simp
+        apply simp
+        apply (rule dag_verifies_propagate_2)
+        apply blast
+        apply assumption
+        apply simp
         apply (rule disjE)
-          apply simp
+        apply simp
         apply (metis dag_verifies_propagate_2 push_through_assumption0)
         apply (metis dag_verifies_propagate_2 push_through_assumption1)
         done
-  
+
       from local_rel_corr first_step 
       have a2: "(inter_state \<noteq> Failure  \<and> (\<forall>ns1'. inter_state = Normal ns1' \<longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>(node_to_block G ! n), Normal ns1\<rangle> [\<rightarrow>] Normal ns1')))" 
         using block_local_rel assms(3) \<open>cs1 \<noteq> []\<close> Cons 
         by (metis bigblock.inject cfg_correct dag_verifies_propagate_2 local.Rel_Main_test(1))
-  
+
       from first_step \<open>cs1 \<noteq> Nil\<close> 
       have a1: "(inter_bb, inter_cont, inter_state) = ((BigBlock name [] any_str any_tr), cont0, inter_state)"
       proof cases
         case RedSimpleCmds then show ?thesis by (auto simp add: RedSimpleCmds)
       qed auto
-  
+
       show ?thesis 
       proof (cases inter_state)
         case 1: (Normal x1)
@@ -2020,12 +2047,12 @@ proof cases
             snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, inter_state)  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
             snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j'' (reached_bb, reached_cont, reached_state)"
             by (metis a1 get_state.cases relpowp_Suc_D2)
-  
+
           from snd_step have snd_step_equiv: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1, cont1, inter_state)"
           proof cases
             case RedSkip thus ?thesis using trivial_bb_successor by (simp add: RedSkip)
           qed (auto simp add: trivial_bb_successor "1")
-  
+
           from first_step 
           have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), inter_state) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
           proof cases
@@ -2039,9 +2066,9 @@ proof cases
                                                     (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts))))"
             using cfg_satisfies_post cfg_correct local.Cons
             by (metis (no_types) "1" RedNormalSucc a2 converse_rtranclp_into_rtranclp)
-  
+
           have "j'' < j" using succ_0 2 by simp
-  
+
           then show ?thesis using expr_all_sat_def snd_step_equiv succ_correct snd_rest_of_steps "1" succ_cfg_correct succ_cfg_sat by auto
         qed
       next
@@ -2068,38 +2095,38 @@ next
       then show ?thesis by (simp add: Ast.valid_configuration_def trivial_bb_successor) 
     next
       case 1: (Suc j')
-        from this assms(3) obtain snd_inter_bb snd_inter_cont snd_inter_state where
-          snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, (Normal ns1))  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
-          snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
-          by (metis ast_trace bigblock.inject local.Nil local.Rel_Invs relpowp_Suc_E2 surj_pair)
+      from this assms(3) obtain snd_inter_bb snd_inter_cont snd_inter_state where
+        snd_step: "red_bigblock A M \<Lambda> \<Gamma> \<Omega> T ((BigBlock name [] any_str any_tr), cont0, (Normal ns1))  (snd_inter_bb, snd_inter_cont, snd_inter_state)" and
+        snd_rest_of_steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile> (snd_inter_bb, snd_inter_cont, snd_inter_state) -n\<longrightarrow>^j' (reached_bb, reached_cont, reached_state)"
+        by (metis ast_trace bigblock.inject local.Nil local.Rel_Invs relpowp_Suc_E2 surj_pair)
 
-        hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1,  cont1, (Normal ns1))" using trivial_bb_successor 1 
-          by (cases) auto 
+      hence eq: "(snd_inter_bb, snd_inter_cont, snd_inter_state) = (bb1,  cont1, (Normal ns1))" using trivial_bb_successor 1 
+        by (cases) auto 
 
-        have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
-          using assms(4-5) cfg_correct correctness_propagates_through_empty local.Nil
-          by (metis (no_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
+      have succ_cfg_correct: "(\<forall>msuc2.  List.member (out_edges(G) ! n) msuc2 \<longrightarrow> (\<forall>m3 s3. ((A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl(msuc2), (Normal ns1)) -n\<rightarrow>* (m3, s3)) \<longrightarrow> s3 \<noteq> Failure)))"
+        using assms(4-5) cfg_correct correctness_propagates_through_empty local.Nil
+        by (metis (no_types) correctness_propagates_through_assumption correctness_propagates_through_assumption2)
 
-        have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
+      have succ_cfg_sat: "\<And>msuc2 m' s' ns_end.  List.member (out_edges(G) ! n) msuc2 \<Longrightarrow> (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl (msuc2), Normal ns1) -n\<rightarrow>* (m', s')) \<Longrightarrow>
                                                   is_final_config (m', s') \<Longrightarrow> 
                                                   (s' = Normal ns_end) \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts"
-        proof
-          fix msuc2 m' s' ns_end
-          assume a: "List.member (out_edges G ! n) msuc2" and
-                 b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
-                 c: "is_final_config (m', s')" and 
-                 d: "(s' = Normal ns_end)"
-          have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
-            using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
-                  a b c
-            by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
-          show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
-            by (meson converse_rtranclp_into_rtranclp d) 
-        qed
+      proof
+        fix msuc2 m' s' ns_end
+        assume a: "List.member (out_edges G ! n) msuc2" and
+          b: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl msuc2, Normal ns1) -n\<rightarrow>* (m', s')" and
+          c: "is_final_config (m', s')" and 
+          d: "(s' = Normal ns_end)"
+        have one_block_advance: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl n, Normal ns1) -n\<rightarrow> (Inl msuc2, Normal ns1)" 
+          using local.Nil \<open>node_to_block(G) ! n = related_block\<close> assms(5) 
+            a b c
+          by (metis RedCmdListNil RedNormalSucc push_through_assumption0 push_through_assumption1)  
+        show "(expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end) posts" using cfg_satisfies_post b c a succ_cfg_correct one_block_advance 
+          by (meson converse_rtranclp_into_rtranclp d) 
+      qed
 
-        have "j' < j" using 1 using Suc_lessD by blast
-        
-        thus ?thesis using eq snd_rest_of_steps succ_correct succ_cfg_correct succ_cfg_sat by blast
+      have "j' < j" using 1 using Suc_lessD by blast
+
+      thus ?thesis using eq snd_rest_of_steps succ_correct succ_cfg_correct succ_cfg_sat by blast
     qed
   next
     case (Cons)
@@ -2131,13 +2158,13 @@ lemma loop_IH_prove:
   by blast
 
 lemma loop_IH_apply:
-  assumes "loop_IH j A M \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state" and
-          "k < j" and
-          "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state))" and
-          "(\<forall>m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure))" and
-          "(\<forall>m' s'.  (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
+  assumes "loop_IH j A M \<Lambda> \<Gamma> \<Omega> T bb0 cont0 G block_index posts reached_bb reached_cont reached_state"
+      and "k < j"
+      and "(A,M,\<Lambda>,\<Gamma>,\<Omega>,T \<turnstile>(bb0, cont0, Normal ns1) -n\<longrightarrow>^k (reached_bb, reached_cont, reached_state))"
+      and "(\<forall>m' s'. (red_cfg_multi A M \<Lambda> \<Gamma> \<Omega> G ((Inl block_index),(Normal ns1)) (m',s')) \<longrightarrow> (s' \<noteq> Failure))"
+      and "(\<forall>m' s'.  (A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block_index, Normal ns1) -n\<rightarrow>* (m', s')) \<longrightarrow>
                                is_final_config (m', s') \<longrightarrow> (\<forall>ns_end. s' = Normal ns_end \<longrightarrow> (expr_all_sat A \<Lambda> \<Gamma> \<Omega> ns_end posts)))"
-        shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
+    shows "(Ast.valid_configuration A \<Lambda> \<Gamma> \<Omega> posts reached_bb reached_cont reached_state)"
   using assms
   unfolding loop_IH_def 
   by blast
@@ -2158,34 +2185,32 @@ lemma end_to_end_util2:
            (unique_constants_distinct (global_state ns) unique_consts) \<Longrightarrow>
            ((global_state ns) = (old_global_state ns)) \<Longrightarrow>
            ((binder_state ns) = Map.empty) \<Longrightarrow> 
-           (Ast.valid_configuration B \<Lambda> \<Gamma> [] checked_posts end_bb end_cont end_state)" and
-          "all_pres = proc_all_pres proc_ast" and
-          "checked_posts = proc_checked_posts proc_ast" and
-          ABody: "procedure.proc_body proc_ast = Some (locals, ast)" and
-          AVarContext:"\<Lambda> = (constants@global_vars, (proc_args proc_ast)@locals)" and
-          ARets:"proc_rets proc_ast = []" and
-         (* "fun_decls = prog_funcs prog" and
-          "axs = prog_axioms prog" and*)
-          "proc_ty_args proc_ast = 0" 
-          (*"const_decls = prog_consts prog"*)
-        shows "proc_is_correct B fun_decls constants unique_consts global_vars axioms proc_ast (Ast.proc_body_satisfies_spec :: 'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool)"
+           (Ast.valid_configuration B \<Lambda> \<Gamma> [] checked_posts end_bb end_cont end_state)"
+      and "all_pres = proc_all_pres proc_ast"
+      and "checked_posts = proc_checked_posts proc_ast"
+      and ABody: "procedure.proc_body proc_ast = Some (locals, ast)"
+      and AVarContext:"\<Lambda> = (constants@global_vars, (proc_args proc_ast)@locals)"
+      and ARets:"proc_rets proc_ast = []"
+      and "proc_ty_args proc_ast = 0"   
+    shows "proc_is_correct B fun_decls constants unique_consts global_vars axioms proc_ast 
+             (Ast.proc_body_satisfies_spec :: 'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool)"
 proof -
   show "proc_is_correct B fun_decls constants unique_consts global_vars axioms proc_ast (Ast.proc_body_satisfies_spec :: 'a absval_ty_fun \<Rightarrow> mbodyCFG proc_context \<Rightarrow> var_context \<Rightarrow> 'a fun_interp \<Rightarrow> rtype_env \<Rightarrow> expr list \<Rightarrow> expr list \<Rightarrow> ast \<Rightarrow> 'a nstate \<Rightarrow> bool)"
   proof( (simp only: proc_is_correct.simps), subst ABody, simp split: option.split, (rule allI | rule impI)+,
-         unfold proc_body_satisfies_spec_def,(rule allI | rule impI)+)  
+      unfold proc_body_satisfies_spec_def,(rule allI | rule impI)+)  
     fix \<Gamma> \<Omega> gs ls end_bb end_cont end_state
     assume Atyp:"(\<forall>t. closed t \<longrightarrow> (\<exists>v. type_of_val B v = t)) \<and> (\<forall>v. closed (type_of_val B v))" and
-           FunWf:"fun_interp_wf B fun_decls \<Gamma>" and
-           ARenv: "list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc_ast" and
-           WfGlobal: "state_typ_wf B \<Omega> gs (constants @ global_vars)" and
-           WfLocal: "state_typ_wf B \<Omega> ls (proc_args proc_ast @ locals @ proc_rets proc_ast)" and
-           UniqueConsts: "unique_constants_distinct gs unique_consts" and
-           AxSat: "axioms_sat B (constants, []) \<Gamma>
+      FunWf:"fun_interp_wf B fun_decls \<Gamma>" and
+      ARenv: "list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc_ast" and
+      WfGlobal: "state_typ_wf B \<Omega> gs (constants @ global_vars)" and
+      WfLocal: "state_typ_wf B \<Omega> ls (proc_args proc_ast @ locals @ proc_rets proc_ast)" and
+      UniqueConsts: "unique_constants_distinct gs unique_consts" and
+      AxSat: "axioms_sat B (constants, []) \<Gamma>
         \<lparr>old_global_state = Map.empty, global_state = state_restriction gs constants, local_state = Map.empty, binder_state = Map.empty\<rparr>
         axioms" and
-        APres:  "expr_all_sat B (constants @ global_vars, proc_args proc_ast @ locals @ proc_rets proc_ast) \<Gamma> \<Omega>
+      APres:  "expr_all_sat B (constants @ global_vars, proc_args proc_ast @ locals @ proc_rets proc_ast) \<Gamma> \<Omega>
         \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (map fst (proc_pres proc_ast))" and
-        Ared: "rtranclp 
+      Ared: "rtranclp 
                (red_bigblock 
                 B ([]::mbodyCFG proc_context) (constants @ global_vars,
                 proc_args proc_ast @
@@ -2198,24 +2223,24 @@ proof -
     from ARenv \<open>proc_ty_args proc_ast = 0\<close> have "\<Omega> = []" by simp
     have "Ast.valid_configuration B \<Lambda> \<Gamma> [] checked_posts end_bb end_cont end_state"
       apply (rule AExpanded)
-                apply (subst Contexteq)
+      apply (subst Contexteq)
       using Ared \<open>\<Omega> = []\<close> 
-                apply fastforce
-              apply (simp add: Atyp)
-             apply (simp add: Atyp)
-            apply (simp add: FunWf)
+      apply fastforce
+      apply (simp add: Atyp)
+      apply (simp add: Atyp)
+      apply (simp add: FunWf)
       unfolding nstate_global_restriction_def 
       using AxSat
-           apply simp
+      apply simp
       using APres \<open>\<Omega> = []\<close> \<open>all_pres = _\<close> Contexteq
-          apply simp
+      apply simp
       using Contexteq WfLocal \<open>\<Omega> = []\<close>
-         apply simp
+      apply simp
       using Contexteq WfGlobal \<open>\<Omega> = []\<close>      
-         apply simp
+      apply simp
       using UniqueConsts
-        apply simp
-       apply simp
+      apply simp
+      apply simp
       apply simp
       done
     thus "Ast.valid_configuration B (constants @ global_vars, proc_args proc_ast @ locals @ proc_rets proc_ast) \<Gamma> \<Omega>
@@ -2225,6 +2250,4 @@ proof -
   qed
 qed
 
-
-
 end
\ No newline at end of file
diff --git a/BoogieLang/CFGOptimizationsLoop.thy b/BoogieLang/CFGOptimizationsLoop.thy
index 5f8c482..aa01846 100644
--- a/BoogieLang/CFGOptimizationsLoop.thy
+++ b/BoogieLang/CFGOptimizationsLoop.thy
@@ -19,8 +19,6 @@ definition hybrid_block_lemma_target_verifies
                    hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts
               )"
 
-
-
 subsection \<open>Definition loop induction hypothesis and global block Lemma for blocks in a loop\<close>
 
 definition loop_ih_optimizations
@@ -30,7 +28,6 @@ definition loop_ih_optimizations
          (\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl LoopHeader', Normal ns1') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1') \<longrightarrow>
                      valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s')"
 
-
 definition global_block_lemma_loop
   where "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts \<equiv> 
           \<forall>m' ns s' j.  
@@ -51,11 +48,11 @@ definition hybrid_block_lemma_loop
 subsection \<open>Helper Lemmas\<close>
 
 lemma target_verifies: 
-  assumes oneStep: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl a, Normal ns) -n\<rightarrow> (Inl b, Normal ns')" and
-          cmd: "node_to_block(G) ! a = node_to_block(G') ! c" and
-          targetVerifies: "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl c, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1')" and
-          member: "List.member (out_edges(G') ! c) d"
-        shows "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G'\<turnstile>(Inl d, Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
+  assumes oneStep: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl a, Normal ns) -n\<rightarrow> (Inl b, Normal ns')"
+      and cmd: "node_to_block(G) ! a = node_to_block(G') ! c"
+      and targetVerifies: "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl c, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1')"
+      and member: "List.member (out_edges(G') ! c) d"
+    shows "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G'\<turnstile>(Inl d, Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
 proof -
   have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G'  \<turnstile> (Inl c, Normal ns) -n\<rightarrow> (Inl d, Normal ns')"
     using oneStep cmd
@@ -67,10 +64,10 @@ proof -
 qed
 
 lemma one_step_not_failure:
-  assumes "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl a, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1')" and
-          "node_to_block G ! b = node_to_block G' ! a" and
-          "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl b, Normal ns) -n\<rightarrow> (c, d)"
-        shows "d \<noteq> Failure"
+  assumes "(\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl a, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1')"
+      and "node_to_block G ! b = node_to_block G' ! a"
+      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl b, Normal ns) -n\<rightarrow> (c, d)"
+    shows "d \<noteq> Failure"
   using assms(3)
 proof cases
   case (RedNormalSucc cs ns' n')
@@ -88,11 +85,11 @@ next
 qed
 
 lemma hybrid_block_lemma_loop_elim:
-  assumes "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead posts" and
-          "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>^j (m', s')" and
-          "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts" and 
-          "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts"
-  shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
+  assumes "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead posts"
+      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, (Normal ns)) -n\<rightarrow>^j (m', s')"
+      and "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts"
+      and "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts"
+    shows "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
   using assms
   unfolding hybrid_block_lemma_loop_def
   by blast
@@ -114,17 +111,17 @@ lemma loop_ih_optimizations_more_less:
 
 
 lemma loop_global_block_subset: 
-  assumes "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsSubset posts" and
-          "(lsSubset) \<subseteq> (lsLoopHead)"
-     shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"
+  assumes "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsSubset posts"
+      and    "(lsSubset) \<subseteq> (lsLoopHead)"
+    shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"
   using assms
   unfolding global_block_lemma_loop_def
   by blast
 
 lemma normal_target_verfies_show_hybrid_verifies:
-  assumes TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'" and
-          TgtCmds: "node_to_block G' ! tgt_block = tgt_cmds"
-        shows "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts"
+  assumes TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
+      and TgtCmds: "node_to_block G' ! tgt_block = tgt_cmds"
+    shows "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts"
   unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
 proof (rule allI | rule impI)+
   fix s1'
@@ -152,38 +149,29 @@ proof (rule allI | rule impI)+
   qed
 qed
 
-
 lemma hybrid_block_lemma_target_succ_verifies_intro:
   assumes 
    "\<And>ns1' target_succ m2' s2'. s1' = Normal ns1' \<Longrightarrow>
            List.member (out_edges(G') ! tgt_block) target_succ \<Longrightarrow>
            (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<Longrightarrow>
             valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m2' s2'"
- shows "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts"
+  shows "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts"
   using assms
   unfolding hybrid_block_lemma_target_succ_verifies_def
   by blast
 
-
-
-
-text \<open>We discussed the following useful lemma (that is used below in the main proofs)\<close>
-
 lemma red_cmd_append_failure_preserved:
-  assumes "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] s)" and 
-          "s = Failure" 
-     \<comment>\<open>Theoretically, it would be fine to directly write
-       \<^term>\<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Failure\<close>, but then the standard induction tactic
-       does not carry over that the resulting state is a failure state\<close>
-  shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs@cs',Normal ns\<rangle> [\<rightarrow>] Failure"
+  assumes "(A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] s)" 
+      and "s = Failure" 
+         \<comment>\<open>Theoretically, it would be fine to directly write
+            \<^prop>\<open>A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Failure\<close>, but then the standard induction tactic
+           does not carry over that the resulting state is a failure state\<close>
+    shows "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs@cs',Normal ns\<rangle> [\<rightarrow>] Failure"
   using assms
   apply induction
    apply (simp add: failure_red_cmd_list)
   by (simp add: RedCmdListCons)
 
-
-
-
 lemma red_cfg_magic_preserved:
   assumes "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(b, s0) -n\<rightarrow>* (m', s')" and "s0 = Magic"
   shows "s' = Magic"
@@ -197,14 +185,12 @@ next
     using red_cfg.cases by blast
 qed
 
-
-
 lemma magic_lemma_assume_false:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, s\<rangle> [\<rightarrow>] s'" and
-          "s'\<noteq>Failure" and
-          "s = Normal ns"
-          "(Assume (Lit (LBool False))) \<in> set (cs)"
-        shows "s' = Magic"
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, s\<rangle> [\<rightarrow>] s'" 
+      and "s'\<noteq>Failure"
+      and "s = Normal ns"
+      and "(Assume (Lit (LBool False))) \<in> set (cs)"
+    shows "s' = Magic"
   using assms
 proof (induction arbitrary: ns)
   case (RedCmdListNil s)
@@ -244,12 +230,11 @@ lemma assert_false_failure:
   using assms
   by (cases) auto
 
-
 lemma magic_lemma_assert_false:
-  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, s\<rangle> [\<rightarrow>] s'" and
-          "s = Normal ns"
-          "(Assert (Lit (LBool False))) \<in> set (cs)"
-        shows "s' = Magic \<or> s' = Failure"
+  assumes "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs, s\<rangle> [\<rightarrow>] s'"
+      and "s = Normal ns"
+      and "(Assert (Lit (LBool False))) \<in> set (cs)"
+    shows "s' = Magic \<or> s' = Failure"
   using assms
 proof (induction arbitrary: ns)
   case (RedCmdListNil s)
@@ -260,7 +245,6 @@ next
   then show ?case
 proof (cases "c = (Assert (Lit (LBool False)))")
   case True
-
   hence "s'' = Failure" using RedCmdListCons
     by (metis True assert_false_failure)
   
@@ -286,10 +270,10 @@ qed
 qed
 
 lemma BlockID_no_succ:
-  assumes "node_to_block G ! block = cs" and
-          "out_edges G ! block = []" and
-          "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block, Normal ns) -n\<rightarrow> (m', s')"
-        shows "m' = Inr()"
+  assumes "node_to_block G ! block = cs"
+      and "out_edges G ! block = []"
+      and "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl block, Normal ns) -n\<rightarrow> (m', s')"
+    shows "m' = Inr()"
   using assms(3)
 proof cases
   case (RedNormalSucc cs ns' n')
@@ -322,14 +306,14 @@ subsubsection \<open>Main Lemma 1: Shows that the Loop Global Block Lemma holds
               lemma holds or the successor is equal to one of the Loop Heads\<close>
 
 lemma loopBlock_global_block:
-  assumes   SuccBlocks: "out_edges G ! src_block = ls" and
-          GlobalBlockSucc: "\<forall>x\<in>set(ls).(\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts) \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))" and
-          FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
-          TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
-          SourceBlock: "node_to_block G ! src_block = src_cmds" and
-          NotCoalesced: "tgt_cmds = src_cmds" and
-          NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
-        shows     "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"
+  assumes SuccBlocks: "out_edges G ! src_block = ls"
+      and GlobalBlockSucc: "\<forall>x\<in>set(ls).(\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts) \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))"
+      and FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)"
+      and TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds"
+      and SourceBlock: "node_to_block G ! src_block = src_cmds"
+      and NotCoalesced: "tgt_cmds = src_cmds"
+      and NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
+    shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"
   unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
   fix m' ns s' j
@@ -444,14 +428,17 @@ subsubsection \<open>Main Lemma 2: Shows that the Loop Global Block Lemma holds
 
 
 lemma loopHead_global_block:
-  assumes SuccBlocks: "out_edges G ! src_block = ls" and
-          GlobalBlockSucc: "\<forall>x\<in>set(ls). (\<exists>lsSubsetList. lsSubsetList\<subseteq>(lsLoopHead \<union> {(src_block,tgt_block)}) \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts) \<or> (\<exists>(LoopHead, LoopHead')\<in>(lsLoopHead\<union>{(src_block,tgt_block)}). (x = LoopHead \<and> f(x) = LoopHead'))"  and
-          FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
-          TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
-          SourceBlock: "node_to_block G ! src_block = src_cmds" and
-          NotCoalesced: "tgt_cmds = src_cmds" and
-          NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
-        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts" 
+  assumes SuccBlocks: "out_edges G ! src_block = ls" 
+      and GlobalBlockSucc: 
+           "\<forall>x\<in>set(ls). ( \<exists>lsSubsetList. lsSubsetList\<subseteq>(lsLoopHead \<union> {(src_block,tgt_block)}) \<and> 
+                          global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts ) 
+                      \<or> (\<exists>(LoopHead, LoopHead')\<in>(lsLoopHead\<union>{(src_block,tgt_block)}). (x = LoopHead \<and> f(x) = LoopHead'))"
+      and FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)"
+      and TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds"
+      and SourceBlock: "node_to_block G ! src_block = src_cmds"
+      and NotCoalesced: "tgt_cmds = src_cmds"
+      and NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
+    shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"
 unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
   fix m' ns s' j
@@ -615,15 +602,13 @@ subsubsection \<open>Main Lemma 3: Reduce the set of loop heads when we know tha
 
 text \<open>The use case for this lemma is when a loop head gets coalesced\<close>
 
-
-
 lemma loopHead_global_block_hybrid:
-  assumes OneSucc:"out_edges G ! src_block = [succ]" and 
-          HybridHoldsSucc: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' succ tgt_block tgt_cmds_0 (lsLoopHead\<union>{(src_block, tgt_block)}) posts" and  
-          SrcCmds: "node_to_block G ! src_block = src_cmds" and
-          TgtCmds: "node_to_block G' ! tgt_block = tgt_cmds" and
-          CoalescedBlock: "tgt_cmds = src_cmds@tgt_cmds_0"
-        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' src_block tgt_block lsLoopHead posts"
+  assumes OneSucc:"out_edges G ! src_block = [succ]"
+      and HybridHoldsSucc: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' succ tgt_block tgt_cmds_0 (lsLoopHead \<union> {(src_block, tgt_block)}) posts" 
+      and SrcCmds: "node_to_block G ! src_block = src_cmds"
+      and TgtCmds: "node_to_block G' ! tgt_block = tgt_cmds"
+      and CoalescedBlock: "tgt_cmds = src_cmds@tgt_cmds_0"
+    shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G  G' src_block tgt_block lsLoopHead posts"
   unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
   fix m' ns s' j
@@ -735,166 +720,170 @@ proof (rule allI | rule impI)+
 qed
 
 
-
-
 subsubsection \<open>Main Lemma 4: Shows that the Loop Hybrid Block Lemma holds if a block in a loop was coalesced\<close>
 
 lemma loopBlock_global_block_hybrid:
-assumes   SuccBlocks: "out_edges G ! src_block = ls" and
-          GlobalBlockSucc: "\<forall>x\<in>set(ls).(\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts) \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))"  and
-          FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)" and
-          SourceBlock: "node_to_block G ! src_block = src_cmds"  and
-          NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
-shows     "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds lsLoopHead posts"
-unfolding hybrid_block_lemma_loop_def
+  assumes SuccBlocks: "out_edges G ! src_block = ls" 
+      and GlobalBlockSucc: 
+            "\<forall>x\<in>set(ls).
+               (\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts) 
+             \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))"
+      and FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)"
+      and SourceBlock: "node_to_block G ! src_block = src_cmds"
+      and NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
+    shows "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds lsLoopHead posts"
+  unfolding hybrid_block_lemma_loop_def
 proof (rule allI | rule impI)+
-fix m' ns s' j
-assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
-IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts" and
-TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block src_cmds ns posts"
-show   "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
-proof (cases rule: relpowp_E2_2[OF k_step])
-  case 1
-  then show ?thesis
-    unfolding valid_configuration_def
-    using is_final_config.simps(1) by blast
-next
-  case (2 a b m)
-  from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> have OneStepResult: "b \<noteq> Failure"
-  proof cases
-    case (RedNormalSucc cs ns' n')
-    then show ?thesis by blast
-  next
-    case (RedNormalReturn cs ns')
-    then show ?thesis by blast
-  next
-    case (RedFailure cs)
-    then show ?thesis
-      by (metis SourceBlock TargetVerifies hybrid_block_lemma_target_verifies_def valid_configuration_def)
-  next
-    case (RedMagic cs)
-    then show ?thesis by blast
-  qed
-  then show ?thesis 
-  proof (cases "b = Magic")
-    case True
-    have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(a, b) -n\<rightarrow>* (m', s')"
-      by (meson "2"(3) rtranclp_power)
+  fix m' ns s' j
+
+  assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
+  IH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' j posts" and
+  TargetVerifies: "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block src_cmds ns posts"
+
+  show "valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m' s'"
+  proof (cases rule: relpowp_E2_2[OF k_step])
+    case 1
     then show ?thesis
       unfolding valid_configuration_def
-      using True red_cfg_magic_preserved 
-      by blast
+      using is_final_config.simps(1) by blast
   next
-    case False
-    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
+    case (2 a b m)
+    from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> have OneStepResult: "b \<noteq> Failure"
     proof cases
-      case (RedNormalSucc cs ns' succ)
-      have succInList: "succ \<in> set(ls)"
-        using SuccBlocks in_set_member local.RedNormalSucc(5) by force
-      have oneStepG: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns')"
-        using "2"(2) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
-      then show ?thesis 
-      proof (cases "\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList posts")
-        case True
-        from this obtain lsSubset where subset: "lsSubset\<subseteq>lsLoopHead" and globalBlockLoop: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubset posts"
-          by auto
-
-        have mSteps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^m (m', s')"
-          using "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
-        have "m\<le>j"
-          by (simp add: "2"(1))
-        then have "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m posts"
-          using loop_ih_optimizations_more_less IH
-          by blast
-        then have IH_holds: "\<forall>(LoopHead, LoopHead')\<in>lsSubset. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m posts"
-          using subset by blast
-
-        have transCl: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>* (m', s')"
-          by (metis "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) relpowp_imp_rtranclp)
-
-        have "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
-          using GlobalBlockSucc TargetVerifies
-          unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
-          by (metis (mono_tags, lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
-
-        then show ?thesis
-          using True IH_holds mSteps subset globalBlockLoop
-          unfolding global_block_lemma_loop_def
-          by presburger
-      next
-        case False
-        from this obtain LoopHeadG LoopHeadG' where cond: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsLoopHead posts \<or> (succ = LoopHeadG \<and> f(succ) = LoopHeadG')" and inList: "(LoopHeadG, LoopHeadG')\<in>lsLoopHead"
-          using GlobalBlockSucc case_prodE succInList by fastforce
-        then show ?thesis
-        proof (cases "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsLoopHead posts")
+      case (RedNormalSucc cs ns' n')
+      then show ?thesis by blast
+    next
+      case (RedNormalReturn cs ns')
+      then show ?thesis by blast
+    next
+      case (RedFailure cs)
+      then show ?thesis
+        by (metis SourceBlock TargetVerifies hybrid_block_lemma_target_verifies_def valid_configuration_def)
+    next
+      case (RedMagic cs)
+      then show ?thesis by blast
+    qed
+    then show ?thesis 
+    proof (cases "b = Magic")
+      case True
+      have "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(a, b) -n\<rightarrow>* (m', s')"
+        by (meson "2"(3) rtranclp_power)
+      then show ?thesis
+        unfolding valid_configuration_def
+        using True red_cfg_magic_preserved 
+        by blast
+    next
+      case False
+      from \<open>A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (a, b)\<close> show ?thesis
+      proof cases
+        case (RedNormalSucc cs ns' succ)
+        have succInList: "succ \<in> set(ls)"
+          using SuccBlocks in_set_member local.RedNormalSucc(5) by force
+        have oneStepG: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile> (Inl src_block, Normal ns) -n\<rightarrow> (Inl succ, Normal ns')"
+          using "2"(2) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
+        then show ?thesis 
+        proof (cases "\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubsetList posts")
           case True
-          have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j posts"
-            using IH inList
-            by blast 
-          hence "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' (j - 1) posts"
-            using IH
-            unfolding loop_ih_optimizations_def
-            by (meson less_imp_diff_less linorder_not_less)
-
-          have loopIH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j - 1) posts"
-            using IH loop_ih_optimizations_one_less
+          from this obtain lsSubset where subset: "lsSubset\<subseteq>lsLoopHead" and globalBlockLoop: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsSubset posts"
+            by auto
+  
+          have mSteps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^m (m', s')"
+            using "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
+          have "m\<le>j"
+            by (simp add: "2"(1))
+          then have "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m posts"
+            using loop_ih_optimizations_more_less IH
             by blast
-
-          have steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^(j - 1) (m', s')"
-            using "2"(1) "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
-
+          then have IH_holds: "\<forall>(LoopHead, LoopHead')\<in>lsSubset. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' m posts"
+            using subset by blast
+  
+          have transCl: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>* (m', s')"
+            by (metis "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) relpowp_imp_rtranclp)
+  
           have "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
             using GlobalBlockSucc TargetVerifies
             unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
-            by (metis (no_types, opaque_lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
+            by (metis (mono_tags, lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
+  
           then show ?thesis
-            using True loopIH steps
+            using True IH_holds mSteps subset globalBlockLoop
             unfolding global_block_lemma_loop_def
             by presburger
         next
           case False
-          hence SuccEqLoopHead: "succ = LoopHeadG \<and> f(succ) = LoopHeadG'"
-            using GlobalBlockSucc succInList cond 
-            by force
-
-          have verifies: "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
-            using GlobalBlockSucc TargetVerifies
-            unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
-            by (metis (mono_tags, lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
-
-         have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j posts"
-            using IH inList
-            by fastforce
-
+          from this obtain LoopHeadG LoopHeadG' where 
+                  cond: "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsLoopHead posts \<or> (succ = LoopHeadG \<and> f(succ) = LoopHeadG')" 
+            and inList: "(LoopHeadG, LoopHeadG')\<in>lsLoopHead"
+            using GlobalBlockSucc case_prodE succInList by fastforce
           then show ?thesis
-            using SuccEqLoopHead verifies
-            unfolding loop_ih_optimizations_def
-            by (metis "2"(1) "2"(3) diff_Suc_1 diff_le_self local.RedNormalSucc(1) local.RedNormalSucc(2))
+          proof (cases "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' succ (f(succ)) lsLoopHead posts")
+            case True
+            have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j posts"
+              using IH inList
+              by blast 
+            hence "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' (j - 1) posts"
+              using IH
+              unfolding loop_ih_optimizations_def
+              by (meson less_imp_diff_less linorder_not_less)
+  
+            have loopIH: "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j - 1) posts"
+              using IH loop_ih_optimizations_one_less
+              by blast
+  
+            have steps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^(j - 1) (m', s')"
+              using "2"(1) "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by auto
+  
+            have "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
+              using GlobalBlockSucc TargetVerifies
+              unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
+              by (metis (no_types, opaque_lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
+            then show ?thesis
+              using True loopIH steps
+              unfolding global_block_lemma_loop_def
+              by presburger
+          next
+            case False
+            hence SuccEqLoopHead: "succ = LoopHeadG \<and> f(succ) = LoopHeadG'"
+              using GlobalBlockSucc succInList cond 
+              by force
+  
+            have verifies: "\<forall>m1' s1'.( A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl (f(succ)), Normal ns') -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
+              using GlobalBlockSucc TargetVerifies
+              unfolding hybrid_block_lemma_target_verifies_def hybrid_block_lemma_target_succ_verifies_def
+              by (metis (mono_tags, lifting) FunctionCorr SourceBlock in_set_member local.RedNormalSucc(3) local.RedNormalSucc(4) succInList)
+  
+            have "loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHeadG LoopHeadG' m' s' j posts"
+              using IH inList
+              by fastforce
+  
+            then show ?thesis
+              using SuccEqLoopHead verifies
+              unfolding loop_ih_optimizations_def
+              by (metis "2"(1) "2"(3) diff_Suc_1 diff_le_self local.RedNormalSucc(1) local.RedNormalSucc(2))
+          qed
         qed
+      next
+        case (RedNormalReturn cs ns')
+        have "out_edges G' ! tgt_block = []"
+          using NoSuccEq SuccBlocks local.RedNormalReturn(5) by auto
+        have "m' = Inr()"
+          by (metis "2"(3) Pair_inject finished_remains local.RedNormalReturn(1) relpowp_imp_rtranclp)
+        then show ?thesis
+          using TargetVerifies
+          unfolding hybrid_block_lemma_target_verifies_def valid_configuration_def
+          by (metis "2"(3) Pair_inject SourceBlock \<open>out_edges G' ! tgt_block = []\<close> finished_remains local.RedNormalReturn(1) local.RedNormalReturn(2) local.RedNormalReturn(3) local.RedNormalReturn(4) relpowp_imp_rtranclp)
+      next
+        case (RedFailure cs)
+        then show ?thesis 
+          by (simp add: OneStepResult)
+      next
+        case (RedMagic cs)
+        then show ?thesis
+          by (simp add: False)
       qed
-    next
-      case (RedNormalReturn cs ns')
-      have "out_edges G' ! tgt_block = []"
-        using NoSuccEq SuccBlocks local.RedNormalReturn(5) by auto
-      have "m' = Inr()"
-        by (metis "2"(3) Pair_inject finished_remains local.RedNormalReturn(1) relpowp_imp_rtranclp)
-      then show ?thesis
-        using TargetVerifies
-        unfolding hybrid_block_lemma_target_verifies_def valid_configuration_def
-        by (metis "2"(3) Pair_inject SourceBlock \<open>out_edges G' ! tgt_block = []\<close> finished_remains local.RedNormalReturn(1) local.RedNormalReturn(2) local.RedNormalReturn(3) local.RedNormalReturn(4) relpowp_imp_rtranclp)
-    next
-      case (RedFailure cs)
-      then show ?thesis 
-        by (simp add: OneStepResult)
-    next
-      case (RedMagic cs)
-      then show ?thesis
-        by (simp add: False)
     qed
   qed
 qed
-qed
-
 
 
 subsubsection \<open>Main lemma 5 (extending hybrid global block lemmas for loops)\<close>
@@ -903,11 +892,10 @@ text \<open>The following lemma shows that given the loop hybrid global block le
 the loop hybrid block lemma for block i-1. Below the suffix 1 is used for i and 0 is used for i-1.\<close>
 
 lemma extend_hybrid_global_block_lemma_loop:
- assumes 
-      NextGlobal: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block_1 tgt_block tgt_cmds_1 lsLoopHead posts" and      
-      SourceBlock: "node_to_block G ! src_block_0 = cs" and
-      SourceSucc: "out_edges G ! src_block_0 = [src_block_1]" and
-                  "tgt_cmds_0 = cs@tgt_cmds_1"
+ assumes NextGlobal: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block_1 tgt_block tgt_cmds_1 lsLoopHead posts"    
+     and SourceBlock: "node_to_block G ! src_block_0 = cs"
+     and SourceSucc: "out_edges G ! src_block_0 = [src_block_1]"
+                     "tgt_cmds_0 = cs@tgt_cmds_1"
  shows                    
       "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block_0 tgt_block tgt_cmds_0 lsLoopHead posts"
   unfolding hybrid_block_lemma_loop_def
@@ -952,7 +940,6 @@ proof (rule allI | rule impI)+ \<comment>\<open>Here, we are applying initial pr
       case (RedMagic cs)
       then show ?thesis by auto
     qed
-
     
     show ?thesis
     proof (cases "s0 = Magic")
@@ -968,9 +955,11 @@ proof (rule allI | rule impI)+ \<comment>\<open>Here, we are applying initial pr
       from this obtain ns0 where "s0 = Normal ns0" 
         using OneStepResult state.exhaust by auto
 
-      hence RedBlock0:  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns0" and RedSuccBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block_1, Normal ns0) -n\<rightarrow>^(j-1) (m', s')"
+      hence RedBlock0:  "A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns0" 
+        and RedSuccBlock: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block_1, Normal ns0) -n\<rightarrow>^(j-1) (m', s')"
         using OneStepResult apply auto[1]
         using "2"(1) "2"(3) OneStepResult \<open>s0 = Normal ns0\<close> by auto
+
       show ?thesis
       proof (rule hybrid_block_lemma_loop_elim[OF NextGlobal RedSuccBlock]) 
         show "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds_1 ns0 posts"
@@ -1001,21 +990,17 @@ proof (rule allI | rule impI)+ \<comment>\<open>Here, we are applying initial pr
         show "\<forall>(LoopHead, LoopHead')\<in>lsLoopHead. loop_ih_optimizations A M \<Lambda> \<Gamma> \<Omega> G G' LoopHead LoopHead' m' s' (j-1) posts"
           using IH  loop_ih_optimizations_one_less 
           by blast
-
-      qed    
+      qed
     qed
   qed
 qed
 
-
 subsubsection \<open>Main lemma 6 (converting loop hybrid global block lemma to normal loop global block lemma)\<close>  
 
 lemma convert_hybrid_global_block_lemma_loop:
- assumes 
-      HybridGlobal: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead posts" and
-      TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds"
- shows 
-      "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"  
+  assumes HybridGlobal: "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block tgt_cmds lsLoopHead posts"
+      and TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds"
+    shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"
   unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
   fix m' ns s' j
@@ -1038,7 +1023,7 @@ proof (rule allI | rule impI)+
           apply (rule converse_rtranclp_into_rtranclp)
            apply (rule RedFailure)
             apply (rule TargetBlock)
-          using  RedTgtCmds \<open>s1' = Failure\<close>
+          using RedTgtCmds \<open>s1' = Failure\<close>
            apply blast
           by simp
         thus False
@@ -1082,13 +1067,13 @@ qed
 subsubsection \<open>Main Lemma 7: Following Lemma shows correctness of pruning of unreachable blocks if the block was not coalesced\<close>
 
 lemma pruning_not_coalesced_loop:
-  assumes SuccBlocks: "out_edges G ! src_block = ls" and
-          TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
-          SourceBlock: "node_to_block G ! src_block = src_cmds" and
-          Pruning: "(Assume (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assert (Lit (LBool False))) \<in> set (src_cmds)" and
-          NotCoalesced: "tgt_cmds = src_cmds" and
-          NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
-        shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"
+  assumes SuccBlocks: "out_edges G ! src_block = ls"
+      and TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds"
+      and SourceBlock: "node_to_block G ! src_block = src_cmds"
+      and Pruning: "(Assume (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assert (Lit (LBool False))) \<in> set (src_cmds)"
+      and NotCoalesced: "tgt_cmds = src_cmds"
+      and NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
+    shows "global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block lsLoopHead posts"
   unfolding global_block_lemma_loop_def
 proof (rule allI | rule impI)+
   fix m' ns s' j
@@ -1121,7 +1106,8 @@ proof (rule allI | rule impI)+
         next
           case False
           hence "b = Magic \<or> b = Failure"
-            using \<open>Assume (Lit (LBool False)) \<in> set cs \<or> Assert (Lit (LBool False)) \<in> set cs\<close> local.RedNormalSucc(4) magic_lemma_assert_false by blast
+            using \<open>Assume (Lit (LBool False)) \<in> set cs \<or> Assert (Lit (LBool False)) \<in> set cs\<close> local.RedNormalSucc(4) magic_lemma_assert_false 
+            by blast
           then show ?thesis
             by (simp add: local.RedNormalSucc(2))
         qed
@@ -1131,8 +1117,8 @@ proof (rule allI | rule impI)+
           by (metis "2"(2) NotCoalesced Pair_inject SourceBlock finished_remains local.RedNormalReturn(1) local.RedNormalReturn(2) local.RedNormalReturn(3) local.RedNormalReturn(4))
         hence "A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow> (m', s')"
           using NotCoalesced TargetBlock RedNormalReturn NoSuccEq
-          using "2"(2) SuccBlocks finished_remains red_cfg.RedNormalReturn by blast
-        
+                "2"(2) SuccBlocks finished_remains red_cfg.RedNormalReturn 
+          by blast        
         then show ?thesis
           unfolding valid_configuration_def
           using TargetVerifies valid_configuration_def by blast
@@ -1154,14 +1140,13 @@ qed
 subsubsection \<open>Main Lemma 8: Following Lemma shows correctness of pruning of unreachable blocks if the block was coalesced\<close>
 
 lemma pruning_coalesced_loop:
-  assumes TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds" and
-          SourceBlock: "node_to_block G ! src_block = src_cmds" and
-          Pruning: "(Assert (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assume (Lit (LBool False))) \<in> set (src_cmds)" and
-          Coalesced: "tgt_cmds = cs@src_cmds" and
-          NoSuccEq: "out_edges G ! src_block = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
-        shows "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds lsLoopHead posts"
+  assumes TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds"
+      and SourceBlock: "node_to_block G ! src_block = src_cmds"
+      and Pruning: "(Assert (Lit (LBool False))) \<in> set (src_cmds) \<or> (Assume (Lit (LBool False))) \<in> set (src_cmds)"
+      and Coalesced: "tgt_cmds = cs@src_cmds"
+      and NoSuccEq: "out_edges G ! src_block = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
+    shows "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds lsLoopHead posts"
   unfolding hybrid_block_lemma_loop_def
-
 proof (rule allI | rule impI)+
   fix m' ns s' j
   assume k_step: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl src_block, Normal ns) -n\<rightarrow>^j (m', s')" and
@@ -1193,7 +1178,8 @@ proof (rule allI | rule impI)+
         next
           case False
           hence "b = Magic \<or> b = Failure"
-            using \<open>Assume (Lit (LBool False)) \<in> set cs \<or> Assert (Lit (LBool False)) \<in> set cs\<close> local.RedNormalSucc(4) magic_lemma_assert_false by blast
+            using \<open>Assume (Lit (LBool False)) \<in> set cs \<or> Assert (Lit (LBool False)) \<in> set cs\<close> local.RedNormalSucc(4) magic_lemma_assert_false 
+            by blast
           then show ?thesis
             by (simp add: local.RedNormalSucc(2))
         qed
@@ -1223,5 +1209,4 @@ proof (rule allI | rule impI)+
   qed
 qed
 
-
 end
\ No newline at end of file
diff --git a/BoogieLang/Semantics.thy b/BoogieLang/Semantics.thy
index 7bdfa9a..8645ace 100644
--- a/BoogieLang/Semantics.thy
+++ b/BoogieLang/Semantics.thy
@@ -714,7 +714,7 @@ text \<open>The following condition specifies what must hold for the list of con
       Note that the verification condition only forces distinctness between values of unique constants of 
       the \<^emph>\<open>same\<close> type. Here, we force distinctness between values of all unique constants. These two
       definitions are equivalent, since values of different types are distinct in Boogie by default
-      (every value can have only one type as reflected by the function \<^term>\<open>type_of_val\<close>).\<close>
+      (every value can have only one type as reflected by the function \<^const>\<open>type_of_val\<close>).\<close>
 
 definition unique_constants_distinct :: "'a named_state \<Rightarrow> vname list \<Rightarrow> bool"
   where "unique_constants_distinct ns xs \<longleftrightarrow> distinct (map (\<lambda>x. the (ns x)) xs)"
@@ -771,10 +771,11 @@ constants \<^term>\<open>constants\<close>, global variables \<^term>\<open>glob
 Since the current proof generation does not support procedure calls yet, we just instantiate the
 procedure context to the empty list here. 
 
-In our certificates, we prove (\<^term>\<open>\<And>A. proc_is_correct A fun_decls constants unique_consts global_vars axioms proc proc_body_satisfies_spec_general\<close>),
-i.e., we prove procedure correctness for every type interpretation (\<And> is a universal quantifier at 
+In our certificates, we prove 
+\<^prop>\<open>\<And>A. proc_is_correct A fun_decls constants unique_consts global_vars axioms proc proc_body_satisfies_spec_general\<close>.
+That is, we prove procedure correctness for every type interpretation (\<And> is a universal quantifier at 
 the meta level). Note that for certain type interpretations procedure correctness is trivial (see
-the definition of \<^term>\<open>proc_is_correct\<close>).
+the definition of \<^const>\<open>proc_is_correct\<close>).
 \<close>
 
 subsection \<open>Properties of the semantics\<close>

From e59cb6c5ebea83ca51d292602e41d1b3200c7696 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 19 Dec 2024 18:56:40 +0100
Subject: [PATCH 70/74] remove unfinished dead variable elimination metatheory
 file

---
 BoogieLang/DeadVarElimination.thy | 941 ------------------------------
 1 file changed, 941 deletions(-)
 delete mode 100644 BoogieLang/DeadVarElimination.thy

diff --git a/BoogieLang/DeadVarElimination.thy b/BoogieLang/DeadVarElimination.thy
deleted file mode 100644
index ff4403d..0000000
--- a/BoogieLang/DeadVarElimination.thy
+++ /dev/null
@@ -1,941 +0,0 @@
-theory DeadVarElimination
-  imports Semantics Util
-begin
-
-subsection \<open>Definition of free variables\<close>
-
-fun free_var_expr :: "expr \<Rightarrow> vname set"
-where 
-  "free_var_expr (Var n) = {n}"
-| "free_var_expr (BVar n) = {}"
-| "free_var_expr (Lit n) = {}"
-| "free_var_expr (UnOp unop ex) = free_var_expr (ex)"
-| "free_var_expr (BinOp ex1 binop ex2) = free_var_expr (ex1) \<union> free_var_expr (ex2)"
-| "free_var_expr (FunExp fname ty_list ex_ls)  = \<Union> (Set.image free_var_expr (set ex_ls))" 
-| "free_var_expr (CondExp cond thn els) = free_var_expr cond \<union> free_var_expr thn \<union> free_var_expr els"
-| "free_var_expr (Old ex) = free_var_expr (ex)"
-| "free_var_expr (Forall ty ex) = free_var_expr (ex)"
-| "free_var_expr (Exists ty ex) = free_var_expr (ex)"
-| "free_var_expr (ForallT ex) = free_var_expr (ex)"
-| "free_var_expr (ExistsT ex) = free_var_expr (ex)"
-
-fun free_var_exprlist :: "expr list \<Rightarrow> vname set"
-where
-  "free_var_exprlist cs = \<Union> (Set.image free_var_expr (set cs))"
-
-
-fun free_var_cmd :: "cmd \<Rightarrow> vname set"
-where
-  "free_var_cmd (Assert ex) = free_var_expr ex"
-| "free_var_cmd (Assume ex) = free_var_expr ex"
-| "free_var_cmd (Assign vname expr) = {vname} \<union> free_var_expr expr"
-| "free_var_cmd (Havoc vname) = {vname}"
-| "free_var_cmd (ProcCall pname ex_ls vname_ls) = set vname_ls \<union> (\<Union> (Set.image free_var_expr (set ex_ls)))" (* is this correct?" *)
-
-fun free_var_cmdlist :: "cmd list \<Rightarrow> vname set"
-where
-  "free_var_cmdlist cs = \<Union> (Set.image free_var_cmd (set cs))"
-
-subsection \<open>Helper Lemmas for the final dead variables elimination lemma\<close>
-
-lemma validConf:
-  assumes proc_cor: "proc_is_correct A fun_decls constants global_vars axioms proc Semantics.proc_body_satisfies_spec" and
-                    "proc_body proc = Some (locals, mbody)" and
-                    "(((\<forall>t. closed t \<longrightarrow> (\<exists>v. type_of_val A (v :: 'a val) = t)) \<and> (\<forall>v. closed ((type_of_val A) v))))" and
-                    "fun_interp_wf A fun_decls \<Gamma>" and
-                    "list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc" and        
-                    "state_typ_wf A \<Omega> gs (constants @ global_vars)" and
-                    "state_typ_wf A \<Omega> ls ((proc_args proc)@ (locals @ proc_rets proc))" and
-                    "axioms_sat A (constants, []) \<Gamma> (global_to_nstate (state_restriction gs constants)) axioms" and            
-                    "expr_all_sat A (constants@global_vars, (proc_args proc)@(locals@(proc_rets proc))) \<Gamma> \<Omega> \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (proc_all_pres proc)" and 
-                    "A, [], (constants@global_vars, (proc_args proc)@(locals@(proc_rets proc))), \<Gamma>, \<Omega>, mbody \<turnstile> (Inl (entry(mbody)), Normal \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr>) -n\<rightarrow>* (m',s')"
-
-  shows             "valid_configuration A (constants@global_vars, (proc_args proc)@(locals@(proc_rets proc))) \<Gamma> \<Omega> (proc_checked_posts proc) m' s'"
-  using assms
-  unfolding proc_body_satisfies_spec_def
-  by fastforce
-
-lemma map_le_append_pre:
-  assumes "map_of xs \<subseteq>\<^sub>m map_of xs'"
-  shows "map_of (ys@xs) \<subseteq>\<^sub>m map_of (ys@xs')" 
-  using assms
-  by (metis Map.map_of_append append_assoc map_add_subsumed2 map_le_map_add)
-  
-lemma map_le_append_post:
-  assumes "map_of xs \<subseteq>\<^sub>m map_of xs'" and 
-          \<comment>\<open>This second assumption is necessary, because otherwise \<^term>\<open>map_of (xs@ys) y\<close> may lookup
-             a value in \<^term>\<open>ys\<close>, while \<^term>\<open>map_of (xs'@ys) y\<close> looks up the value in \<^term>\<open>xs'\<close>\<close>
-          "dom (map_of xs') \<inter> dom (map_of ys) = {}"
-  shows "map_of (xs@ys) \<subseteq>\<^sub>m map_of (xs'@ys)"
-  using assms
-  by (metis Map.map_of_append map_add_comm map_add_le_mapI map_le_map_add map_le_trans)
-
-lemma map_le_append_pre_post:
-  assumes "map_of xs \<subseteq>\<^sub>m map_of xs'" and 
-          \<comment>\<open>This second assumption is necessary, because otherwise \<^term>\<open>map_of (xs@ys) y\<close> may lookup
-             a value in \<^term>\<open>ys\<close>, while \<^term>\<open>map_of (xs'@ys) y\<close> looks up the value in \<^term>\<open>xs'\<close>\<close>
-          "dom (map_of xs') \<inter> dom (map_of ys) = {}"
-  shows "map_of (ws@xs@ys) \<subseteq>\<^sub>m map_of (ws@xs'@ys)"
-  using assms map_le_append_pre map_le_append_post
-  by blast 
-
-lemma lookup_var_decl_map_le:
-  assumes "map_of vs \<subseteq>\<^sub>m map_of vs'"          
-  shows "lookup_vdecls_ty vs \<subseteq>\<^sub>m lookup_vdecls_ty vs'"
-  unfolding lookup_vdecls_ty_def map_le_def
-proof 
-  fix a
-  assume "a \<in> dom (\<lambda>x. map_option fst (map_of vs x))"
-
-  thus "map_option fst (map_of vs a) = map_option fst (map_of vs' a)"
-    using assms
-    by (metis (full_types) domIff map_le_def option.map_disc_iff)
-qed
-
-text \<open>The following lemma should be helpful to prove that variables reduce to the same values in 
-      in the program with and without dead variables.\<close>
-lemma lookup_var_map_le_local:
-  assumes MapLeLocal: "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>') \<and> x \<notin> (dom (map_of (snd \<Lambda>')) - (dom (map_of (snd \<Lambda>))))) 
-                       \<or> (map_of (snd \<Lambda>') \<subseteq>\<^sub>m map_of (snd \<Lambda>) \<and> x \<notin> (dom (map_of (snd \<Lambda>)) - (dom (map_of (snd \<Lambda>'))))) "
-  shows "lookup_var \<Lambda> ns x = lookup_var \<Lambda>' ns x"
-proof (cases "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>') \<and> x \<notin> (dom (map_of (snd \<Lambda>')) - (dom (map_of (snd \<Lambda>)))))")
-  case True
-  then show ?thesis
-  proof (cases "map_of (snd \<Lambda>) x = None")
-    case True
-    hence "map_of (snd \<Lambda>') x = None"
-      by (metis (mono_tags, lifting) DiffI assms domIff map_le_def)
-    with True show ?thesis 
-      unfolding lookup_var_def
-      by simp
-  next
-    case False
-    then show ?thesis
-      using MapLeLocal
-      unfolding lookup_var_def
-      by (metis (mono_tags, lifting) True domIff map_le_def)
-  qed
-next
-  case False
-  then show ?thesis
-  proof (cases "map_of (snd \<Lambda>') x = None")
-    case True
-    hence "map_of (snd \<Lambda>) x = None"
-      using False assms by blast
-    with True show ?thesis 
-      unfolding lookup_var_def
-      by simp
-  next
-    case False
-    then show ?thesis 
-      using MapLeLocal
-      unfolding lookup_var_def
-      by (metis (mono_tags, lifting) DiffI domIff map_le_def)
-  qed
-qed
-
-
-lemma binder_map_le_local:
-  assumes MapLeLocal: "map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>')" and
-          "x \<notin> (dom (map_of (snd \<Lambda>')) - (dom (map_of (snd \<Lambda>))))"
-        shows "binder_state ns i = binder_state ns i"
-  by simp
-
-
-
-lemma state_typ_wf_map_le:
-  assumes StateTypWf: "state_typ_wf A \<Omega> ls (proc_args proc @ locals' @ proc_rets proc)" (is "state_typ_wf A \<Omega> ls ?V'") and
-         MapLe: "map_of locals \<subseteq>\<^sub>m map_of locals'" and
-         DomLocalInterRetsEmpty:   "dom (map_of locals') \<inter> dom (map_of (proc_rets proc)) = {}"
-        shows "state_typ_wf A \<Omega> ls (proc_args proc @ locals @ proc_rets proc)" (is "state_typ_wf A \<Omega> ls ?V")
-  unfolding state_typ_wf_def
-proof (rule allI | rule impI)+
-  fix v t
-  assume LookupV: "lookup_vdecls_ty (proc_args proc @ locals @ proc_rets proc) v = Some t"
-
-  from MapLe have "map_of ?V \<subseteq>\<^sub>m map_of ?V'"
-    using map_le_append_pre_post[OF MapLe DomLocalInterRetsEmpty]
-    by blast        
-
-  with LookupV
-  have "lookup_vdecls_ty (proc_args proc @ locals' @ proc_rets proc) v = Some t"
-    using lookup_var_decl_map_le
-    by (metis (full_types) domI map_le_def)
-
-  thus "map_option (type_of_val A) (ls v) = Some (instantiate \<Omega> t)"
-    using StateTypWf
-    unfolding state_typ_wf_def
-    by blast
-qed
-
-
-
-
-lemma expr_eval_different_locals_same_value:
-  assumes  "fst \<Lambda> = fst \<Lambda>'" and
-           "map_of (snd \<Lambda>') \<subseteq>\<^sub>m map_of (snd \<Lambda>)  \<or> map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>')" 
-  shows    "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, s\<rangle> \<Down> v \<Longrightarrow> 
-              free_var_expr e \<inter> ((dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) \<union> (dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>')))) = {} 
-              \<Longrightarrow> A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>e, s\<rangle> \<Down> v" and
-           "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>es, s\<rangle> [\<Down>] vs \<Longrightarrow>
-              \<Union> {free_var_expr e' | e'. e' \<in> set es} \<inter> ((dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) \<union> (dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>')))) = {} 
-              \<Longrightarrow> A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>es, s\<rangle> [\<Down>] vs"
-  using assms
-proof (induction rule: red_expr_red_exprs.inducts)
-  case (RedVar n_s x v \<Omega>)
-  then show ?case
-  proof (cases "map_of (snd \<Lambda>') \<subseteq>\<^sub>m map_of (snd \<Lambda>)")
-    case True
-    have "free_var_expr (Var x) \<inter> (dom (map_of (snd \<Lambda>)) - (dom (map_of (snd \<Lambda>')))) = {}"
-      using RedVar.prems(1)
-      by blast
-
-    hence notin: "x \<notin> (dom (map_of (snd \<Lambda>)) - (dom (map_of (snd \<Lambda>'))))"
-      using Int_Un_eq(2) RedVar.prems(1) by auto
-
-    have "lookup_var \<Lambda>' n_s x = lookup_var \<Lambda> n_s x"
-      apply (rule lookup_var_map_le_local)
-      using True notin by auto
-
-    then show ?thesis
-      by (simp add: RedVar.IH red_expr_red_exprs.RedVar)
-  next
-    case False
-
-    have "free_var_expr (Var x) \<inter> (dom (map_of (snd \<Lambda>')) - (dom (map_of (snd \<Lambda>)))) = {}"
-      using RedVar.prems(1)
-      by blast
-
-    hence notin: "x \<notin> (dom (map_of (snd \<Lambda>')) - (dom (map_of (snd \<Lambda>))))"
-      by simp
-
-    have "lookup_var \<Lambda>' n_s x = lookup_var \<Lambda> n_s x"
-      apply (rule lookup_var_map_le_local)
-      using False notin assms(2) by blast
-
-    then show ?thesis
-      by (simp add: RedVar.IH red_expr_red_exprs.RedVar)
-  qed
-next
-  case (RedBVar n_s i v \<Omega>)
-  then show ?case
-    by (simp add: red_expr_red_exprs.RedBVar)
-next
-  case (RedLit \<Omega> v n_s)
-  then show ?case
-    by (simp add: red_expr_red_exprs.RedLit)
-next
-  case (RedBinOp \<Omega> e1 n_s v1 e2 v2 bop v)
-
-
-  have v1: "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>e1,n_s\<rangle> \<Down> v1"
-    by (metis (no_types, lifting) Diff_Compl Int_Diff Int_empty_right RedBinOp.IH(2) RedBinOp.prems(1) RedBinOp.prems(3) Un_Int_eq(3) assms(1) free_var_expr.simps(5))
-
-  have v2: "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>e2,n_s\<rangle> \<Down> v2"
-    using RedBinOp.IH(4) RedBinOp.prems(1) RedBinOp.prems(3) assms(1) free_var_expr.simps(5) by blast
-  show ?case
-    using v1 v2
-    using RedBinOp.hyps red_expr_red_exprs.RedBinOp by blast
-next
-  case (RedUnOp \<Omega> e n_s v uop v')
-  then show ?case
-    by (simp add: red_expr_red_exprs.RedUnOp)
-next
-  case (RedFunOp f f_interp \<Omega> args n_s v_args ty_args v)
-
-
-  have "\<Union> {free_var_expr e' |e'. e' \<in> set args} \<inter> ((dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) \<union> (dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>')))) = {}"
-    using RedFunOp.prems(1) free_var_expr.simps(6)
-    by blast
-
-  hence "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>args, n_s\<rangle> [\<Down>] v_args"
-    by (simp add: RedFunOp.IH(3) RedFunOp.prems(3) assms(1))
-
-  then show ?case
-    using RedFunOp
-    by (simp add: red_expr_red_exprs.RedFunOp)
-next
-  case (RedCondExpTrue \<Omega> cond n_s thn v els)
-  hence condTrue: "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>cond,n_s\<rangle> \<Down> BoolV True"
-    by (simp add: disjoint_iff_not_equal)
-  have "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>thn,n_s\<rangle> \<Down> v"
-    using RedCondExpTrue
-    by (simp add: Int_Un_distrib2)
-  then show ?case 
-    using condTrue
-    by (simp add: red_expr_red_exprs.RedCondExpTrue)
-next
-  case (RedCondExpFalse \<Omega> cond n_s els v thn)
-  hence condTrue: "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>cond,n_s\<rangle> \<Down> BoolV False"
-    by (simp add: disjoint_iff_not_equal)
-  have "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>els,n_s\<rangle> \<Down> v"
-    using RedCondExpFalse
-    by (simp add: disjoint_eq_subset_Compl)
-  then show ?case 
-    using condTrue
-    by (simp add: red_expr_red_exprs.RedCondExpFalse)
-next
-  case (RedOld \<Omega> e n_s v)
-  then show ?case
-    by (simp add: red_expr_red_exprs.RedOld)
-next
-  case (RedExpListNil \<Omega> n_s)
-  then show ?case
-    by (meson red_expr_red_exprs.RedExpListNil)
-next
-  case (RedExpListCons \<Omega> e n_s v es vs)
-
-  have free_var_e: "free_var_expr e \<inter> ((dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) \<union> (dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>')))) = {}"
-    using RedExpListCons.prems(1) by auto
-
-  then have expr: "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>e,n_s\<rangle> \<Down> v"
-    by (simp add: RedExpListCons.IH(2) RedExpListCons.prems(3) assms(1))
-
-  have "\<Union> {free_var_expr e' |e'. e' \<in> set es} \<subseteq> \<Union> {free_var_expr e' |e'. e' \<in> set (e # es)}"
-    by auto
-
-  then have "\<Union> {free_var_expr e' |e'. e' \<in> set es} \<inter> ((dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) \<union> (dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>')))) = {}"
-    using RedExpListCons.prems(1) boolean_algebra_cancel.inf1 inf.absorb_iff1 inf_bot_right by blast
-
-  then have expr: "A,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>es,n_s\<rangle> [\<Down>] vs"
-    by (simp add: RedExpListCons.IH(4) RedExpListCons.prems(3) assms(1))
-  then show ?case
-    using expr
-    by (simp add: RedExpListCons.IH(2) RedExpListCons.prems(3) assms(1) free_var_e red_expr_red_exprs.RedExpListCons)
-next
-  case (RedForAllTrue \<Omega> ty e n_s)
-  then show ?case
-    by (simp add: red_expr_red_exprs.RedForAllTrue)
-next
-  case (RedForAllFalse v \<Omega> ty e n_s)
-  then show ?case
-    using free_var_expr.simps(9) red_expr_red_exprs.RedForAllFalse  by blast
-next
-  case (RedExistsTrue v \<Omega> ty e n_s)
-  then show ?case
-    using free_var_expr.simps(10) red_expr_red_exprs.RedExistsTrue by blast
-next
-  case (RedExistsFalse \<Omega> ty e n_s)
-  then show ?case
-    by (simp add: red_expr_red_exprs.RedExistsFalse)
-next
-  case (RedForallT_True \<Omega> e n_s)
-  then show ?case
-    by (simp add: inf_set_def red_expr_red_exprs.RedForallT_True)
-next
-  case (RedForallT_False \<tau> \<Omega> e n_s)
-  then show ?case
-    by (simp add: red_expr_red_exprs.RedForallT_False)
-next
-  case (RedExistsT_True \<tau> \<Omega> e n_s)
-  then show ?case
-    by (simp add: red_expr_red_exprs.RedExistsT_True)
-next
-  case (RedExistsT_False \<Omega> e n_s)
-  then show ?case
-    by (simp add: red_expr_red_exprs.RedExistsT_False)
-qed
-
-
-
-lemma expr_sat_locals_same_value:
-  assumes ExprSat: "fst \<Lambda> = fst \<Lambda>'" and
-                   "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>') \<and> free_var_expr e \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {}) 
-                    \<or> (map_of (snd \<Lambda>') \<subseteq>\<^sub>m map_of (snd \<Lambda>) \<and> free_var_expr e \<inter> ((dom (map_of (snd \<Lambda>))) - (dom (map_of (snd \<Lambda>')))) = {})" 
-                   "expr_sat A \<Lambda> \<Gamma> \<Omega> s e"
-                 shows "expr_sat A \<Lambda>' \<Gamma> \<Omega> s e"
-  unfolding expr_sat_def
-  apply (rule expr_eval_different_locals_same_value[where ?\<Lambda> = "\<Lambda>"])
-     apply (simp add: ExprSat)
-  using assms(2) apply auto[1]
-  using assms(3) expr_sat_def apply blast
-  by (metis Diff_eq_empty_iff Int_Un_distrib Int_empty_right Un_empty_right assms(2) map_le_implies_dom_le)
-  
-
-
-
-
-
-
-
-
-lemma expr_sat_dead_variables:
-  assumes ExprSat: "expr_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> 
-                   ns expr" and
-          NoDeadVariables: "(map_of (proc_args proc @ locals @ proc_rets proc) \<subseteq>\<^sub>m map_of (proc_args proc @ locals' @ proc_rets proc) \<and> free_var_expr expr \<inter> (dom (map_of (proc_args proc @ locals' @ proc_rets proc))) - (dom (map_of (proc_args proc @ locals @ proc_rets proc))) = {}) 
-                           \<or> (map_of (proc_args proc @ locals' @ proc_rets proc) \<subseteq>\<^sub>m map_of (proc_args proc @ locals @ proc_rets proc) \<and> free_var_expr expr \<inter> (dom (map_of (proc_args proc @ locals @ proc_rets proc))) - (dom (map_of (proc_args proc @ locals' @ proc_rets proc))) = {})"
-
-shows "expr_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega> ns expr"
-  apply (rule expr_sat_locals_same_value[where ?\<Lambda> = "(constants @ global_vars, proc_args proc @ locals @ proc_rets proc)"])
-    apply simp
-  using NoDeadVariables
-   apply simp
-  using ExprSat by auto
-
-
-
-
-  
-
-
-lemma expr_list_sat_dead_variables:
-  assumes ExprSat: "expr_all_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> ns expr_list" and
-          MapLocal: "(map_of locals \<subseteq>\<^sub>m map_of locals' \<and> dom (map_of locals') \<inter> dom (map_of (proc_rets proc)) = {} \<and> free_var_exprlist expr_list \<inter> (dom (map_of (locals'))) - (dom (map_of (locals))) = {}) 
-                     \<or> (map_of locals' \<subseteq>\<^sub>m map_of locals \<and> dom (map_of locals) \<inter> dom (map_of (proc_rets proc)) = {} \<and> free_var_exprlist expr_list \<inter> (dom (map_of (locals))) - (dom (map_of (locals'))) = {})"
-
-shows "expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega> ns expr_list"
-  unfolding expr_all_sat_def list_all_def Ball_def
-proof (rule allI | rule impI)+
-  fix x
-  assume "x \<in> set (expr_list)"
-  show "expr_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega>
-          ns x"
-  proof (cases "map_of locals \<subseteq>\<^sub>m map_of locals'")
-    case True
-    have "dom (map_of locals') \<inter> dom (map_of (proc_rets proc)) = {}"
-      by (metis MapLocal True map_le_antisym)
-
-    have freeVarList: "free_var_exprlist expr_list \<inter> (dom (map_of (locals'))) - (dom (map_of (locals))) = {}"
-      by (metis MapLocal True map_le_antisym)
-
-    hence "free_var_exprlist expr_list \<inter> (dom (map_of (proc_args proc @ locals' @ proc_rets proc))) - (dom (map_of (proc_args proc @ locals @ proc_rets proc))) = {}"
-      by auto
-
-    hence freeVar: "free_var_expr x \<inter> (dom (map_of (proc_args proc @ locals' @ proc_rets proc))) - (dom (map_of (proc_args proc @ locals @ proc_rets proc))) = {}"
-      using \<open>x \<in> set expr_list\<close> free_var_exprlist.simps
-      by (simp add: Int_Diff Sup_inf_eq_bot_iff) 
-
-
-    have exprSat: "expr_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> ns x"
-      using ExprSat
-      unfolding expr_all_sat_def list_all_def Ball_def
-      by (simp add: \<open>x \<in> set expr_list\<close>)
-
-    have MapLe: "map_of (proc_args proc @ locals @ proc_rets proc) \<subseteq>\<^sub>m map_of (proc_args proc @ locals' @ proc_rets proc)"
-      by (metis MapLocal True map_le_antisym map_le_append_pre_post)
-    
-    
-    show ?thesis
-      apply (rule expr_sat_dead_variables)
-       apply (rule exprSat)
-      using MapLe freeVar by blast
-  next
-    case False
-
-    have exprSat: "expr_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> ns x"
-       using ExprSat
-       unfolding expr_all_sat_def list_all_def Ball_def
-       by (simp add: \<open>x \<in> set expr_list\<close>)
-    have map_of: "map_of (proc_args proc @ locals' @ proc_rets proc) \<subseteq>\<^sub>m map_of (proc_args proc @ locals @ proc_rets proc)"
-      using False MapLocal map_le_append_pre_post by blast
-
-    have domain: "dom (map_of locals) \<inter> dom (map_of (proc_rets proc)) = {}"
-      using False MapLocal by auto
-
-    have freeVarList: "free_var_exprlist expr_list \<inter> (dom (map_of (locals))) - (dom (map_of (locals'))) = {}"
-      by (metis MapLocal False)
-
-    hence "free_var_exprlist expr_list \<inter> (dom (map_of (proc_args proc @ locals @ proc_rets proc))) - (dom (map_of (proc_args proc @ locals' @ proc_rets proc))) = {}"
-      by auto
-
-    hence freeVar: "free_var_expr x \<inter> (dom (map_of (proc_args proc @ locals @ proc_rets proc))) - (dom (map_of (proc_args proc @ locals' @ proc_rets proc))) = {}"
-      using \<open>x \<in> set expr_list\<close> free_var_exprlist.simps
-      by (simp add: Int_Diff Union_disjoint)
-
-
-    show ?thesis 
-      apply (rule expr_sat_dead_variables[where ?locals = "locals"])
-       apply (rule exprSat)
-      using map_of freeVar by blast
-  qed
-qed
-
-lemma dom_diff_empty: 
-  assumes "A \<subseteq> B"
-  shows "A - B = {}"
-  by (simp add: assms)
-
-
-
-lemma red_cfg_dead_variables_cmd:
-  assumes "A,[],\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s'" and
-          "fst \<Lambda> = fst \<Lambda>'" and
-          MapLocal: "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>'))" and
-          "free_var_cmd c \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {}" and
-          WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl \<Lambda>' x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {} "
-        shows "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s'"
-  using assms
-proof (induction rule: red_cmd.inducts)
-  case (RedAssertOk e n_s)
-  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e,n_s\<rangle> \<Down> BoolV True"
-    apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
-    apply (simp add: assms(2))
-    apply (simp add: RedAssertOk.prems(2))
-    apply (simp add: RedAssertOk.hyps)
-    by (metis Diff_mono RedAssertOk.prems(2) RedAssertOk.prems(3) Un_absorb1 free_var_cmd.simps(1) map_le_implies_dom_le)
-  then show ?case
-    by (meson red_cmd.RedAssertOk)
-next
-  case (RedAssertFail e n_s)
-  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e,n_s\<rangle> \<Down> BoolV False"
-    apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
-    apply (simp add: assms(2))
-    apply (simp add: RedAssertFail.prems(2))
-    apply (simp add: RedAssertFail.hyps)
-    by (metis Diff_mono RedAssertFail.prems(2) RedAssertFail.prems(3) Un_absorb1 free_var_cmd.simps(1) map_le_implies_dom_le)
-  then show ?case
-    by (meson red_cmd.RedAssertFail)
-next
-  case (RedAssumeOk e n_s)
-  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e,n_s\<rangle> \<Down> BoolV True"
-    apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
-    apply (simp add: assms(2))
-    apply (simp add: RedAssumeOk.prems(2))
-    apply (simp add: RedAssumeOk.hyps)
-    by (metis Diff_eq_empty_iff RedAssumeOk.prems(2) RedAssumeOk.prems(3) boolean_algebra.disj_zero_right free_var_cmd.simps(2) map_le_implies_dom_le sup_commute)
-  then show ?case
-    by (meson red_cmd.RedAssumeOk)
-next
-  case (RedAssumeMagic e n_s)
-  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e,n_s\<rangle> \<Down> BoolV False"
-    apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
-    apply (simp add: assms(2))
-    apply (simp add: RedAssumeMagic.prems(2))
-    apply (simp add: RedAssumeMagic.hyps)
-    by (metis Diff_eq_empty_iff RedAssumeMagic.prems(2) RedAssumeMagic.prems(3) boolean_algebra.disj_zero_right free_var_cmd.simps(2) map_le_implies_dom_le sup_commute)
-  then show ?case
-    by (meson red_cmd.RedAssumeMagic)
-next
-  case (RedAssign x ty v e n_s)
-  hence "x \<notin> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>)))"
-    by simp
-
-  hence "lookup_var_ty \<Lambda> x  = lookup_var_ty \<Lambda>' x"
-    unfolding lookup_var_ty_def lookup_var_decl_def
-    using assms
-    by (metis (no_types, lifting) DiffI domIff map_le_def)
-
-    
-  then have lookupEq: "lookup_var_ty \<Lambda> x = Some ty"
-    by (simp add: RedAssign.hyps(1))
-
-  have otherDirEmpty: "(dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>'))) = {}"
-    apply (rule dom_diff_empty)
-    using assms
-    by (simp add: map_le_implies_dom_le)
-
-  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>e, n_s\<rangle> \<Down> v"
-    apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
-    apply (simp add: assms(2))
-    apply (simp add: RedAssign.prems(2))
-    apply (simp add: RedAssign.hyps)
-    using RedAssign(6) MapLocal
-    unfolding free_var_cmd.simps
-    by (metis Int_Un_eq(2) Int_commute otherDirEmpty disjoint_insert(2) insert_is_Un)
-
-
-  then have step: "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>Assign x e,Normal n_s\<rangle> \<rightarrow> Normal (update_var \<Lambda> n_s x v)"
-    using lookupEq RedAssign.hyps(2) RedAssign
-    by (meson red_cmd.RedAssign)
-
-  have "(update_var \<Lambda> n_s x v) = (update_var \<Lambda>' n_s x v)"
-    unfolding update_var_def
-    using assms RedAssign.prems(3) free_var_cmd.simps(3)
-    by (metis (no_types, lifting) Diff_iff \<open>x \<notin> dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))\<close> domIff map_le_def)
-  then show ?case
-    using step by auto
-next
-  case (RedHavocNormal x ty w v n_s)
-
-  hence "x \<notin> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>)))"
-    by simp
-
-  hence lookupVarEq: "lookup_var_decl \<Lambda> x = lookup_var_decl \<Lambda>' x"
-    unfolding lookup_var_ty_def lookup_var_decl_def
-    using assms
-    by (metis (no_types, lifting) Diff_iff domIff map_le_def)
-
-  have otherDirEmpty: "(dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>'))) = {}"
-    apply (rule dom_diff_empty)
-    using assms
-    by (simp add: map_le_implies_dom_le)
-
-  have updVarEq:"(update_var \<Lambda> n_s x v) = (update_var \<Lambda>' n_s x v)"
-    unfolding update_var_def
-    using assms RedHavocNormal.prems(3) free_var_cmd.simps(3)
-    by (metis (no_types, lifting) Diff_iff \<open>x \<notin> dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))\<close> domIff map_le_def)
-
-  have step: "\<And>cond. w = Some cond \<Longrightarrow> A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond, (update_var \<Lambda> n_s x v)\<rangle> \<Down> BoolV True"
-  proof -
-    fix cond
-    assume "w = Some cond"
-    hence "free_var_expr cond \<inter> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) = {}"
-      using RedHavocNormal.hyps(1) WhereClausesFreeVars by auto
-    show "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond, (update_var \<Lambda> n_s x v)\<rangle> \<Down> BoolV True"
-      apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
-      apply (simp add: assms(2))
-      apply (simp add: RedHavocNormal.prems(2))
-      using RedHavocNormal.hyps(3)[OF \<open>w = Some cond\<close>]
-      apply (simp add: updVarEq)
-      by (simp add: \<open>free_var_expr cond \<inter> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) = {}\<close> otherDirEmpty)
-  qed
-
-
-  then show ?case
-    using updVarEq RedHavocNormal
-    by (metis local.step lookupVarEq red_cmd.RedHavocNormal)
-next
-  case (RedHavocMagic x ty cond v n_s)
-  hence "x \<notin> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>)))"
-    by simp
-  have lokupVarDecl: "lookup_var_decl \<Lambda> x = Some (ty,Some(cond))"
-    unfolding lookup_var_ty_def lookup_var_decl_def
-    using assms
-    by (metis (no_types, lifting) Int_Diff Int_insert_left_if1 RedHavocMagic.hyps(1) RedHavocMagic.prems(3) domIff free_var_cmd.simps(4) insert_Diff_if insert_not_empty lookup_var_decl_def map_le_def)
-
-  have updateEqual: "(update_var \<Lambda> n_s x v) = (update_var \<Lambda>' n_s x v)"
-    unfolding update_var_def
-    using assms RedHavocMagic.prems(3) free_var_cmd.simps(3)
-    by (metis (no_types, lifting) Diff_iff \<open>x \<notin> dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))\<close> domIff map_le_def)
-
-  have otherDirEmpty: "(dom (map_of (snd \<Lambda>)) - dom (map_of (snd \<Lambda>'))) = {}"
-    apply (rule dom_diff_empty)
-    using assms
-    by (simp add: map_le_implies_dom_le)
-  
-  have "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cond, (update_var \<Lambda> n_s x v)\<rangle> \<Down> BoolV False"
-    apply (rule expr_eval_different_locals_same_value[where ?\<Lambda>=\<Lambda>'])
-    apply (simp add: assms(2))
-    apply (simp add: RedHavocMagic.prems(2))
-    using updateEqual RedHavocMagic.hyps(3) apply simp
-    using assms RedHavocMagic otherDirEmpty
-    by (metis Int_Un_eq(2) snd_eqD)
-
-    
-  then show ?case 
-    using RedHavocMagic.hyps(2) red_cmd.RedHavocMagic lokupVarDecl by blast
-next
-  case (RedProcCallOkAndMagic m msig args n_s v_args pre_ls new_ls ty_modifs vs_modifs vs_ret post_ls post_gs post_state post_success post_fail n_s' rets)
-  then show ?case 
-    by simp
-next
-  case (RedProcCallFail m msig args n_s v_args pre_ls new_ls rets)
-  then show ?case 
-    by simp
-next
-  case (RedPropagateMagic s)
-  then show ?case
-    by (simp add: red_cmd.RedPropagateMagic)
-next
-  case (RedPropagateFailure s)
-  then show ?case
-    by (simp add: red_cmd.RedPropagateFailure)
-qed
-
-lemma red_cfg_dead_variables_cmdlist:
-assumes oneStep: "A,[] :: 'p proc_context,\<Lambda>',\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s\<rangle> [\<rightarrow>] s'" and
-        "fst \<Lambda> = fst \<Lambda>'" and
-        MapLocal: "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>'))" and 
-        freeVarCmdList: "free_var_cmdlist cs \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {}" and 
-        WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl \<Lambda>' x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {} "
-      shows "A,[] :: 'p proc_context,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,s\<rangle> [\<rightarrow>] s'"
-  using oneStep freeVarCmdList
-proof (induction rule: red_cmd_list.inducts)
-  case (RedCmdListNil s)
-  then show ?case
-    by (meson red_cmd_list.RedCmdListNil)
-next
-  case (RedCmdListCons c s s'' cs' s')
-  have freeVarSingleCmd: "free_var_cmd c \<inter> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) = {}"
-    using RedCmdListCons(4)
-    unfolding free_var_cmdlist.simps
-    by auto
-
-  have oneStep: "A,[],\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>c,s\<rangle> \<rightarrow> s''"
-    apply (rule red_cfg_dead_variables_cmd[OF RedCmdListCons(1) assms(2) MapLocal freeVarSingleCmd])
-    using WhereClausesFreeVars
-    by simp
-
-  have "free_var_cmdlist cs' \<inter> (dom (map_of (snd \<Lambda>')) - dom (map_of (snd \<Lambda>))) = {}"
-    using RedCmdListCons(4)
-    unfolding free_var_cmdlist.simps
-    by auto
-
-  hence "A,[] :: 'p proc_context,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs',s''\<rangle> [\<rightarrow>] s'"
-    using RedCmdListCons.IH 
-    by blast
-    
-  then show ?case
-    using oneStep red_cmd_list.RedCmdListCons by blast
-qed
-
-lemma red_cfg_dead_variables_cmdlist_onestep:
-  assumes oneStep: "A,[],\<Lambda>',\<Gamma>,\<Omega>,body \<turnstile>(Inl m, Normal ns) -n\<rightarrow> (m', s')" and
-          fstEq: "fst \<Lambda> = fst \<Lambda>'" and
-          MapLocal: "(map_of (snd \<Lambda>) \<subseteq>\<^sub>m map_of (snd \<Lambda>'))" and
-          NoDeadVariables: "free_var_cmdlist (node_to_block body ! m) \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {}" and
-          WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl \<Lambda>' x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd \<Lambda>'))) - (dom (map_of (snd \<Lambda>)))) = {} "
-        shows   "A,[],\<Lambda>,\<Gamma>,\<Omega>,body \<turnstile>(Inl m, Normal ns) -n\<rightarrow> (m', s')"
-  using assms
-proof cases
-  case (RedNormalSucc cs ns' n')
-  have "A,[] :: mbodyCFG proc_context,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns'"
-    apply (rule red_cfg_dead_variables_cmdlist[OF RedNormalSucc(4) fstEq MapLocal _ WhereClausesFreeVars])
-    using NoDeadVariables local.RedNormalSucc(3) by auto
-
-  then show ?thesis
-    using local.RedNormalSucc(1) local.RedNormalSucc(2) local.RedNormalSucc(3) local.RedNormalSucc(5) red_cfg.RedNormalSucc by blast
-next
-  case (RedNormalReturn cs ns')
-  have "A,[] :: mbodyCFG proc_context,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Normal ns'"
-    apply (rule red_cfg_dead_variables_cmdlist[OF RedNormalReturn(4) fstEq MapLocal _ WhereClausesFreeVars])
-    using NoDeadVariables local.RedNormalReturn(3) by auto
-
-  then show ?thesis
-    using local.RedNormalReturn(1) local.RedNormalReturn(2) local.RedNormalReturn(3) local.RedNormalReturn(5) red_cfg.RedNormalReturn by blast
-next
-  case (RedFailure cs)
-  have "A,[] :: mbodyCFG proc_context,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Failure"
-    apply (rule red_cfg_dead_variables_cmdlist[OF RedFailure(4) fstEq MapLocal _ WhereClausesFreeVars])
-    using NoDeadVariables local.RedFailure(3) by auto
-  then show ?thesis
-    using local.RedFailure(1) local.RedFailure(2) local.RedFailure(3) red_cfg.RedFailure by blast
-next
-  case (RedMagic cs)
-  have "A,[] :: mbodyCFG proc_context,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>cs,Normal ns\<rangle> [\<rightarrow>] Magic"
-    apply (rule red_cfg_dead_variables_cmdlist[OF RedMagic(4) fstEq MapLocal _ WhereClausesFreeVars])
-    using NoDeadVariables local.RedMagic(3) by auto
-  then show ?thesis
-    using local.RedMagic(1) local.RedMagic(2) local.RedMagic(3) red_cfg.RedMagic by blast
-qed
-
-
-lemma list_member_proof: 
-  assumes "ls ! i = ele" and
-          "i < length ls"
-  shows "List.member (ls) ele "
-  using assms
-proof -
-  have "ele \<in> set ls"
-    using assms(2) assms(1) nth_mem by blast
-  then show "List.member ls ele"
-    by (simp add: in_set_member)
-qed
-
-lemma red_cfg_multi_dead_variables:
-  assumes RedCfg: "A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(Inl m, Normal ns) -n\<rightarrow>* (m', s')" and
-          MapLocal: "map_of locals \<subseteq>\<^sub>m map_of locals'" and
-          DomLocalInterRetsEmpty:   "dom (map_of locals') \<inter> dom (map_of (proc_rets proc)) = {}" and
-          NoDeadVariables: "\<forall>b\<in>set(node_to_block body). free_var_cmdlist b \<inter> (dom (map_of locals') - (dom (map_of locals))) = {}" and
-          WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc)))) - (dom (map_of (snd (constants @ global_vars, proc_args proc @ locals @ proc_rets proc))))) = {} "
-        shows   "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(Inl m, Normal ns) -n\<rightarrow>* (m', s')"
-  using RedCfg 
-proof (induction rule: converse_rtranclp_induct2)
-  case refl
-  then show ?case 
-    by simp
-next
-  case (step a b c d)
-  have restSteps: "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(c, d) -n\<rightarrow>* (m', s')"
-    using step.IH  by simp
-  from step show ?case
-  proof cases
-    case (RedNormalSucc n cs ns ns' n')
-    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      using local.RedNormalSucc(1) local.RedNormalSucc(2) step.hyps(1) by auto
-
-    have "n < length (node_to_block body)"
-      sorry
-    hence nInBody: "cs \<in> set(node_to_block body)"
-      using RedNormalSucc(5)
-      by auto
-
-
-    have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
-      apply (simp)
-      using MapLocal map_le_append_pre_post DomLocalInterRetsEmpty apply auto[1]
-      using NoDeadVariables local.RedNormalSucc(5) nInBody apply auto[1]
-      using WhereClausesFreeVars by simp
-
-    then show ?thesis 
-      by (simp add: converse_rtranclp_into_rtranclp local.RedNormalSucc(1) local.RedNormalSucc(2) restSteps)
-  next
-    case (RedNormalReturn n cs ns ns')
-    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      using local.RedNormalReturn(1) local.RedNormalReturn(2) step.hyps(1) by auto
-
-    have "n < length (node_to_block body)"
-      sorry
-    hence nInBody: "cs \<in> set(node_to_block body)"
-      using RedNormalReturn(5)
-      by auto
-
-
-    have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
-      apply (simp)
-      using MapLocal map_le_append_pre_post DomLocalInterRetsEmpty apply auto[1]
-      using NoDeadVariables local.RedNormalReturn(5) nInBody apply auto[1]
-      using WhereClausesFreeVars by simp
-
-    then show ?thesis 
-      by (simp add: converse_rtranclp_into_rtranclp local.RedNormalReturn(1) local.RedNormalReturn(2) restSteps)
-  next
-    case (RedFailure n cs ns)
-    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      using local.RedFailure(1) local.RedFailure(2) step.hyps(1) by auto
-
-    have "n < length (node_to_block body)"
-      sorry
-    hence nInBody: "cs \<in> set(node_to_block body)"
-      using RedFailure(5)
-      by auto
-
-
-    have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
-      apply (simp)
-      using MapLocal map_le_append_pre_post DomLocalInterRetsEmpty apply auto[1]
-      using NoDeadVariables local.RedFailure(5) nInBody apply auto[1]
-      using WhereClausesFreeVars by simp
-
-    then show ?thesis 
-      by (simp add: converse_rtranclp_into_rtranclp local.RedFailure(1) local.RedFailure(2) restSteps)
-  next
-    case (RedMagic n cs ns)
-    have oneStepLocals':"A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      using local.RedMagic(1) local.RedMagic(2) step.hyps(1) by auto
-
-    have "n < length (node_to_block body)"
-      sorry
-    hence nInBody: "cs \<in> set(node_to_block body)"
-      using RedMagic(5)
-      by auto
-
-
-    have "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile> (Inl n, Normal ns) -n\<rightarrow> (c, d)"
-      apply (rule red_cfg_dead_variables_cmdlist_onestep[OF oneStepLocals'])
-      apply (simp)
-      using MapLocal map_le_append_pre_post DomLocalInterRetsEmpty apply auto[1]
-      using NoDeadVariables local.RedMagic(5) nInBody apply auto[1]
-      using WhereClausesFreeVars by simp
-
-    then show ?thesis 
-      by (simp add: converse_rtranclp_into_rtranclp local.RedMagic(1) local.RedMagic(2) restSteps)
-  qed
-qed
-
-
-subsection \<open>Dead variables elimination lemma\<close>
-
-lemma elimination:
-  assumes proc_cor: "proc_is_correct A fun_decls constants global_vars axioms proc Semantics.proc_body_satisfies_spec" and
-          Body1: "proc_body proc = Some (locals, body)" and
-          Body2: "proc' = proc \<lparr>proc_body := Some (locals', body)\<rparr>" and
-          LocalVariables: "map_of locals \<subseteq>\<^sub>m map_of locals'" and 
-          FreeVarPres: "free_var_exprlist (proc_all_pres proc) \<inter> dom (map_of locals') - dom (map_of locals) = {}" and
-          FreeVarPosts: "free_var_exprlist (proc_checked_posts proc) \<inter> dom (map_of locals') - dom (map_of locals) = {}" and
-          DeadVariables: "\<forall>b\<in>set(node_to_block body). free_var_cmdlist b \<inter> (dom (map_of locals') - (dom (map_of locals))) = {}" and
-                 \<comment>\<open>The following assumption is needed to lift \<^term>\<open>map_of locals \<subseteq>\<^sub>m map_of locals'\<close>
-                    to the concatenation of all variables in the local state (arguments, locals, return variables)\<close>
-          DomLocalInterRetsEmpty: "dom (map_of locals') \<inter> dom (map_of (proc_rets proc)) = {}" and
-          WhereClausesFreeVars: "\<And>x d cond. lookup_var_decl (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) x = Some d \<Longrightarrow> snd d = Some cond \<Longrightarrow> free_var_expr cond \<inter> ((dom (map_of (snd (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc)))) - (dom (map_of (snd (constants @ global_vars, proc_args proc @ locals @ proc_rets proc))))) = {} "
-        shows "proc_is_correct A fun_decls constants global_vars axioms proc' Semantics.proc_body_satisfies_spec"
-proof (simp add: Body2 del: proc_checked_posts.simps, (rule impI | rule allI)+)
-  fix \<Gamma> \<Omega> gs ls
-  assume  Atyp: "(\<forall>t. closed t \<longrightarrow> (\<exists>v. type_of_val A v = t)) \<and> (\<forall>v. closed (type_of_val A v))" and
-          FunWf:"fun_interp_wf A fun_decls \<Gamma>" and
-          ARenv: "list_all closed \<Omega> \<and> length \<Omega> = proc_ty_args proc" and
-          WfGlobal: "state_typ_wf A \<Omega> gs (constants @ global_vars)" and
-          WfLocal: "state_typ_wf A \<Omega> ls (proc_args proc @ locals' @ proc_rets proc)" and 
-          AxSat: "axioms_sat A (constants, []) \<Gamma>
-                      \<lparr>old_global_state = Map.empty, global_state = state_restriction gs constants, local_state = Map.empty,
-                      binder_state = Map.empty\<rparr> axioms"
-  show  "proc_body_satisfies_spec A [] (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega>
-        (map fst (proc_pres proc)) (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>)) body
-        \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr>"
-    unfolding proc_body_satisfies_spec_def
-  proof ((rule impI | rule allI)+)
-    fix m' s'
-    assume ExprAllSat: "expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega>
-        \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (map fst (proc_pres proc))" and
-           GoesTo: "A,[],(constants @ global_vars, proc_args proc @ locals' @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(Inl (entry body),
-                                Normal \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr>) -n\<rightarrow>* (m', s')"
-    show "valid_configuration A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega>
-        (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>)) m' s'"
-      unfolding valid_configuration_def
-    proof -
-
-      have valid_proc: "valid_configuration A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> ((proc_checked_posts proc)) m' s'"
-      proof (rule validConf [OF proc_cor Body1 Atyp FunWf ARenv WfGlobal])
-        show "state_typ_wf A \<Omega> ls (proc_args proc @ locals @ proc_rets proc)"
-          using state_typ_wf_map_le[OF WfLocal LocalVariables] DomLocalInterRetsEmpty
-          by blast
-      next
-        show "axioms_sat A (constants, []) \<Gamma> (global_to_nstate (state_restriction gs constants)) axioms"
-          using AxSat
-          by simp
-      next
-        show "expr_all_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega>
-             \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (proc_all_pres proc)"
-        proof -
-          have "expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega>
-               \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (proc_all_pres proc)"
-            using ExprAllSat
-            by simp
-
-          thus "expr_all_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega>
-             \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr> (proc_all_pres proc)"
-            apply (rule expr_list_sat_dead_variables)
-            using LocalVariables FreeVarPres DomLocalInterRetsEmpty by blast
-        qed
-
-      next
-        show "A,[],(constants @ global_vars, proc_args proc @ locals @ proc_rets proc),\<Gamma>,\<Omega>,body \<turnstile>(Inl (entry body), Normal
-              \<lparr>old_global_state = gs, global_state = gs, local_state = ls, binder_state = Map.empty\<rparr>) -n\<rightarrow>* (m', s')"
-          by (rule red_cfg_multi_dead_variables[OF GoesTo LocalVariables DomLocalInterRetsEmpty DeadVariables WhereClausesFreeVars])
-      qed
-       
-       
-      hence notFailure: "s' \<noteq> Failure"
-        using valid_configuration_def by blast
-
-      have FinalConfig: "(is_final_config (m', s') \<longrightarrow> (\<forall>ns'. s' = Normal ns' \<longrightarrow> 
-                        expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega> ns' (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>))))" 
-            (is "?isFinal \<longrightarrow> (\<forall>ns'. ?isNormal ns' \<longrightarrow> ?Goal ns')")
-      proof ((rule impI | rule allI)+)
-        fix ns'
-        assume "?isFinal" and "?isNormal ns'" 
-        show "?Goal ns'"
-        proof -
-          
-          have EqPosts: "(proc_checked_posts proc) = (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>))"
-            by simp
-
-          have "expr_all_sat A (constants @ global_vars, proc_args proc @ locals @ proc_rets proc) \<Gamma> \<Omega> ns' (proc_checked_posts proc)"
-            using valid_proc 
-            unfolding valid_configuration_def
-            using \<open>is_final_config (m', s')\<close> \<open>s' = Normal ns'\<close> by blast
-
-
-          hence "expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega> ns' (proc_checked_posts proc)"
-            apply (rule expr_list_sat_dead_variables)
-            using LocalVariables FreeVarPosts DomLocalInterRetsEmpty by blast
-
-            
-
-          thus "expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega> ns' (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>))"
-            using EqPosts
-            by argo
-        qed
-      qed
-      thus "s' \<noteq> Failure \<and> (is_final_config (m', s') \<longrightarrow> (\<forall>ns'. s' = Normal ns' \<longrightarrow>
-            expr_all_sat A (constants @ global_vars, proc_args proc @ locals' @ proc_rets proc) \<Gamma> \<Omega> ns' (proc_checked_posts (proc\<lparr>proc_body := Some (locals', body)\<rparr>))))"
-        using notFailure by blast
-    qed
-  qed
-qed
-
-
-end
\ No newline at end of file

From c4aafb61aa21d18ac3ae7fd0204c1ec09d1ec3b6 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 19 Dec 2024 19:08:54 +0100
Subject: [PATCH 71/74] add comment

---
 BoogieLang/Ast_Cfg_Transformation.thy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/BoogieLang/Ast_Cfg_Transformation.thy b/BoogieLang/Ast_Cfg_Transformation.thy
index e0d5a3f..dfdbab3 100644
--- a/BoogieLang/Ast_Cfg_Transformation.thy
+++ b/BoogieLang/Ast_Cfg_Transformation.thy
@@ -462,7 +462,7 @@ lemma guard_fails_push_through_assumption:
 lemma guard_fails_push_through_assumption2: 
   assumes block_correctness: "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (c#cs2) (Normal ns1) (Normal ns1')))"
       and assume_cmd: "c = Assume not_guard"
-      and "UnOp Not guard \<sim> not_guard"
+      and "UnOp Not guard \<sim> not_guard" \<comment>\<open>not required for lemma, but makes lemma in sync with analogous lemma above\<close>
       and guard_fails: "A,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>guard, ns1\<rangle> \<Down> LitV (LBool False)"
      shows "reached_state \<noteq> Failure \<and> (\<forall> ns1'. reached_state = Normal ns1' \<longrightarrow> (red_cmd_list A M \<Lambda> \<Gamma> \<Omega> (cs2) (Normal ns1) (Normal ns1')))" 
      using assume_cmd assume_true_cmds block_correctness by blast

From b4058cedd106665f0399f8183784b96c0ef2eb74 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 19 Dec 2024 19:15:26 +0100
Subject: [PATCH 72/74] clean up

---
 BoogieLang/CFGOptimizationsLoop.thy | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/BoogieLang/CFGOptimizationsLoop.thy b/BoogieLang/CFGOptimizationsLoop.thy
index aa01846..19a26c6 100644
--- a/BoogieLang/CFGOptimizationsLoop.thy
+++ b/BoogieLang/CFGOptimizationsLoop.thy
@@ -3,7 +3,7 @@ theory CFGOptimizationsLoop
 begin
 
 definition hybrid_block_lemma_target_succ_verifies
-  where "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts\<equiv>
+  where "hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts \<equiv>
          (\<forall>ns1'. s1' = Normal ns1' \<longrightarrow>
                      (\<forall>target_succ. List.member (out_edges(G') ! tgt_block) target_succ \<longrightarrow>
                           (\<forall>m2' s2'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile> (Inl target_succ, (Normal  ns1')) -n\<rightarrow>* (m2', s2')) \<longrightarrow>
@@ -12,10 +12,10 @@ definition hybrid_block_lemma_target_succ_verifies
                    )"
 
 definition hybrid_block_lemma_target_verifies
-  where "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts\<equiv>              
+  where "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts \<equiv>              
             (\<forall>s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega> \<turnstile> \<langle>tgt_cmds, Normal ns\<rangle> [\<rightarrow>] s1') \<longrightarrow>  \<comment>\<open>First reduce the coalesced commands\<close>
                    (if (out_edges(G') ! tgt_block = []) then valid_configuration A \<Lambda> \<Gamma> \<Omega> posts (Inr()) s1' else s1' \<noteq> Failure) \<and> 
-                   \<comment>\<open>All successors blocks of \<^term>\<open>tgt_block\<close> must verify\<close>
+                   \<comment>\<open>All successor blocks of \<^term>\<open>tgt_block\<close> must verify\<close>
                    hybrid_block_lemma_target_succ_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block s1' posts
               )"
 
@@ -307,8 +307,8 @@ subsubsection \<open>Main Lemma 1: Shows that the Loop Global Block Lemma holds
 
 lemma loopBlock_global_block:
   assumes SuccBlocks: "out_edges G ! src_block = ls"
-      and GlobalBlockSucc: "\<forall>x\<in>set(ls).(\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts) \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))"
-      and FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)"
+      and GlobalBlockSucc: "\<forall>x\<in>set(ls).(\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f x) lsSubsetList posts) \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f x = LoopHead'))"
+      and FunctionCorr: "\<forall>x\<in>set(ls). f x \<in> set(out_edges G' ! tgt_block)"
       and TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds"
       and SourceBlock: "node_to_block G ! src_block = src_cmds"
       and NotCoalesced: "tgt_cmds = src_cmds"
@@ -431,9 +431,9 @@ lemma loopHead_global_block:
   assumes SuccBlocks: "out_edges G ! src_block = ls" 
       and GlobalBlockSucc: 
            "\<forall>x\<in>set(ls). ( \<exists>lsSubsetList. lsSubsetList\<subseteq>(lsLoopHead \<union> {(src_block,tgt_block)}) \<and> 
-                          global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts ) 
-                      \<or> (\<exists>(LoopHead, LoopHead')\<in>(lsLoopHead\<union>{(src_block,tgt_block)}). (x = LoopHead \<and> f(x) = LoopHead'))"
-      and FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)"
+                          global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f x) lsSubsetList posts ) 
+                      \<or> (\<exists>(LoopHead, LoopHead')\<in>(lsLoopHead\<union>{(src_block,tgt_block)}). (x = LoopHead \<and> f x = LoopHead'))"
+      and FunctionCorr: "\<forall>x\<in>set(ls). f x \<in> set(out_edges G' ! tgt_block)"
       and TargetBlock: "node_to_block G' ! tgt_block = tgt_cmds"
       and SourceBlock: "node_to_block G ! src_block = src_cmds"
       and NotCoalesced: "tgt_cmds = src_cmds"
@@ -726,9 +726,9 @@ lemma loopBlock_global_block_hybrid:
   assumes SuccBlocks: "out_edges G ! src_block = ls" 
       and GlobalBlockSucc: 
             "\<forall>x\<in>set(ls).
-               (\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f(x)) lsSubsetList posts) 
-             \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f(x) = LoopHead'))"
-      and FunctionCorr: "\<forall>x\<in>set(ls). f(x)\<in>set(out_edges G' ! tgt_block)"
+               (\<exists>lsSubsetList. lsSubsetList\<subseteq>lsLoopHead \<and> global_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' x (f x) lsSubsetList posts) 
+             \<or> (\<exists>(LoopHead, LoopHead')\<in>lsLoopHead. (x = LoopHead \<and> f x = LoopHead'))"
+      and FunctionCorr: "\<forall>x\<in>set(ls). f x \<in> set (out_edges G' ! tgt_block)"
       and SourceBlock: "node_to_block G ! src_block = src_cmds"
       and NoSuccEq: "ls = [] \<Longrightarrow> out_edges G' ! tgt_block = []"
     shows "hybrid_block_lemma_loop A M \<Lambda> \<Gamma> \<Omega> G G' src_block tgt_block src_cmds lsLoopHead posts"

From a35a8c9006d79a1debd8e00cb9975eddddd3ac90 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 19 Dec 2024 19:17:03 +0100
Subject: [PATCH 73/74] consistent order in ROOT (earlier transformations
 listed first)

---
 BoogieLang/ROOT | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/BoogieLang/ROOT b/BoogieLang/ROOT
index ca9a50c..c803af1 100644
--- a/BoogieLang/ROOT
+++ b/BoogieLang/ROOT
@@ -16,6 +16,6 @@ session Boogie_Lang = "HOL" +
     PassificationEndToEnd
     PassificationML
     BackedgeElim
+    CFGOptimizationsLoop	
     Ast
-    Ast_Cfg_Transformation
-    CFGOptimizationsLoop
+    Ast_Cfg_Transformation
\ No newline at end of file

From 7ee0531c708824477323719ce620d7d68b8ddf15 Mon Sep 17 00:00:00 2001
From: gauravpartha <gaurav.parthasarathy@inf.ethz.ch>
Date: Thu, 19 Dec 2024 19:21:31 +0100
Subject: [PATCH 74/74] typo

---
 BoogieLang/CFGOptimizationsLoop.thy | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/BoogieLang/CFGOptimizationsLoop.thy b/BoogieLang/CFGOptimizationsLoop.thy
index 19a26c6..31430aa 100644
--- a/BoogieLang/CFGOptimizationsLoop.thy
+++ b/BoogieLang/CFGOptimizationsLoop.thy
@@ -118,7 +118,7 @@ lemma loop_global_block_subset:
   unfolding global_block_lemma_loop_def
   by blast
 
-lemma normal_target_verfies_show_hybrid_verifies:
+lemma normal_target_verifies_show_hybrid_verifies:
   assumes TargetVerifies: "\<forall>m1' s1'. (A,M,\<Lambda>,\<Gamma>,\<Omega>,G' \<turnstile>(Inl tgt_block, Normal ns) -n\<rightarrow>* (m1', s1')) \<longrightarrow> valid_configuration A \<Lambda> \<Gamma> \<Omega> posts m1' s1'"
       and TgtCmds: "node_to_block G' ! tgt_block = tgt_cmds"
     shows "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts"
@@ -664,7 +664,7 @@ proof (rule allI | rule impI)+
           hence mSteps: "A,M,\<Lambda>,\<Gamma>,\<Omega>,G \<turnstile>(Inl succ, Normal ns') -n\<rightarrow>^m (m', s')"
             using "2"(3) local.RedNormalSucc(1) local.RedNormalSucc(2) by blast
           have "hybrid_block_lemma_target_verifies A M \<Lambda> \<Gamma> \<Omega> G' tgt_block tgt_cmds ns posts"
-            apply (rule normal_target_verfies_show_hybrid_verifies)
+            apply (rule normal_target_verifies_show_hybrid_verifies)
             using less.prems(1) apply blast
             by (simp add: TgtCmds)